Secure external access with the new Require Corporate Account & Require Multi-Factor Authentication

Hi Community, 

Many of you may be using Smartsheet to collaborate not only with users belonging to your organization but also those outside it. However, if your trusted external partners leave their companies or mismanage their login credentials, you risk the unauthorized access of your shared Smartsheet assets. That’s why we released two powerful new security features to secure external access: the Require Corporate Accounts and Require Multi-Factor Authentication (MFA) policies.

When enabled, the Require Corporate Accounts policy will force external collaborators to log into Smartsheet using their corporate credentials / single sign-on (SSO) when attempting to access any shared asset belonging to your account. SysAdmins who enable this policy also have the option to further strengthen the security of shared assets by enabling the Require MFA policy which forces external collaborators to also undergo MFA to access the asset. In scenarios where standard MFA isn’t feasible by external collaborators, we also provide the option for external collaborators to authenticate via an email time-based one-time password (TOTP). SysAdmins will have the flexibility to exclude certain trusted domains and email addresses from these policies via an exemption list, similar to the new Safe Sharing policy experience.

Please note: 

1. The Require Corporate Account policy is enforced on all assets in a plan, however, SysAdmins have the ability to enforce the Require MFA policy at the workspace level (at the discretion of workspace admins) or at the plan-level. 

2. In the meantime, the Smartsheet mobile app user experience will be as follows:

  • Currently, the mobile app will automatically restrict external collaborators' access to assets via the mobile app when one or both of the policies are enforced on the asset.
  • In early February, we will allow external collaborators who meet the SSO policy to access secured assets via the mobile app. 
  • In early March, we will allow external collaborators to initiate the email based TOTP MFA for accessing shared assets via the mobile app.

This feature is available for SysAdmins in Enterprise plans in the Commercial US and Commercial EU instances of Smartsheet, and is accessible via the Admin Center. Learn more about how to secure external access with these new governance policies.

You can also stay informed by subscribing to receive product release updates for curated news of recently released product capabilities and enhancements for the platform of your choosing, delivered to your inbox. As new releases occur, you will receive a weekly email with news of what's released every Tuesday. 


Lekshmi Unnithan

Senior Product Marketing Manager

Product screenshot: