Sign in to submit new ideas and vote
Get Started

Multi-factor Authentication

2»

Comments

  • Kelly Ospina
    Kelly Ospina ✭✭✭✭✭

    I also vote for multi-factor authentication. This is a requirement for other software we use, and it's concerning that we don't have this option with Smartsheet. I encourage the development team to move this to a high level of priority.

  • 1st party MFA please! This really is a basic security feature in today's market.

  • It's truly disappointing that a "business" package doesn't offer MFA support as we approach 2024! I can't help but think that this is an explicit strategy to drive customers to the "enterprise" plan. As a CISSP responsible for data security, I can't sign off on storing anything of importance without MFA these days... Hopefully smartsheet decision-makers are listening!

  • NeilTRD
    NeilTRD ✭✭✭
    edited 01/24/24

    Provide businesses the ability to enforce MFA/2fa on all accounts, regardless of subscription level.

    It's insane that Smartsheet hides stronger security (SSO) behind an exhorbitant paywall, and even more insane that basic smartsheet-provided 2fa/mfa is not a even an option. Having 2fa/mfa is an industry-standard (and almost always free) security feature.

    You offer this product to small and medium businesses, which are historically the most likely to suffer financial ruin from a security breach. Don't be greedy. Be on the side of your customers and please modernize your platform's security.

  • I can't believe this doesn't have MFA already

  • Stefan
    Stefan ✭✭✭✭✭✭

    Great we got MFA (alongside other security features) in January :-)

    Now please let also Business plans have MFA!

    Smartsheet Consulting, Solution Building, Training and Support.

    Projects for Processes and for People.

  • Jeremy Ricci
    edited 03/15/24

    When will Smartsheet stop the ridiculous practice of preventing SSO to business tier accounts?

    Smartsheet lacks MFA and it seems to be to be pure greed that prevents them from enabling this "table stakes" feature. SSO costs them nothing and reduces their risk!!!

    I know my organization is currently debating whether to keep Smartsheet at all because of this practice and the apparent lack of focus on overall security. My org does not need Enterprise, the business plan is more than adequate for our needs, yet Smartsheet remains unwavering in their stance.

    Perhaps when they're notified that we are not renewing, they'll knock it off and do the right thing for their customers. I don't hold out much hope though.

    Shame on Smartsheet..... I'm so done with them

  • Paula D
    Paula D ✭✭✭

    I got an email last Monday 3/15 that by the end of April they will have instituted email-based TOTP authentication. I have their business plan, but my hope is that this is for all versions. And that sometime after June 1, they will be retiring the traditional password-based login method.

  • Any further news on TOTP authentication for Business Users. We are another SME that doesn't need "Enterprise" but as we work into Government Organisations, are required to have Cyber Essentials Plus security accreditation and therefore must use MFA. Ridiculous that MFA isn't standard on a Business Plan! :(

  • I would like to add my two cents. Absolutely ridiculous that in 2024, smartsheet does not give admins the ability to force MFA on all users regardless of which plan we use. This is an example of smartsheet putting its own financial interests above those of its clients. Love smartsheet but this policy is a very bad look for you guys - do the right thing.

  • eliweitz
    eliweitz ✭✭✭✭✭

    As a part of the new OTP solution, and the gradual shift towards greater authentication security, I would love for the ability to generate one-off App Passwords. App passwords are advantageous in allowing lesser-secure external applications an easier method of authenticating with Smartsheet, which can be segmented by solution, and utilizing complex, and large randomly-generated passcodes. My hope for a solution would be something similar to Google's implementation ( https://support.google.com/accounts/answer/185833?hl=en ) - which does require 2FA prior to utilizing app passwords. My use case for a solution like this is in UI and data automation - with the goal of utilizing a service account within Smartsheet that can run automated tasks without requiring a real human to work on them. An app password gives ease of authentication for some solutions and could bypass the requirements of either establishing an SSO login for the service account, or utilizing OTP (both which are more challenging to implement in automation).

  • Ok what is going on with this? Is it time to look for alternative solutions? I think it may be…