Domain-level SAML setup, now generally available!

Hi Community, 

At Smartsheet, we recognize that many organizations have long struggled with the complexity of managing multiple SAML-based Single Sign-On (SSO) configurations across their various departments and plans. And like any application with an email-password based login method, there is the security risk of users accessing the application even after departing from their employer. 

That’s why we’re employing a multi-phased approach to move the current plan-level login policies to the domain level, starting with the SAML-based SSO policy. This move centralizes control of security protocols and streamlines the SAML setup process for Smartsheet SysAdmins, all while enhancing end-user security.

In this phase, we are enabling Enterprise SysAdmins to enforce a consistent SAML-based SSO experience across various plans within their verified and activated domains. This also ensures a secure and uniform authentication process for all users belonging to that domain, regardless of their department or the specific Smartsheet plan they use.

Please note: In order for a SysAdmin on an Enterprise plan to enforce the SAML login policy across a particular domain, they must also validate and activate that domain. Any existing plan-level SAML configurations will remain functional for users belonging to a domain until a SysAdmin configures SAML at the domain level for that domain, or until the Smartsheet SAML certificate expires. For existing plan-level SAML configurations, you retain the ability to create, update, delete, or read plan-level SAML setups. Those without a plan-level SAML setup or new to Smartsheet only have the option to configure SAML at the domain-level. 

In future phases, we will similarly allow the configuration of Google SSO and Microsoft SSO login options at the domain level, introduce a new Email-based TOTP (time-based one-time passcode) login option, and eventually move users away from the less secure password-based login method. We will provide ample advanced notice before these changes are made.

This feature is available for SysAdmins on Enterprise plans in the Commercial US instance of Smartsheet (it will be released in Commercial EU in the coming months). To get started, visit the Authentication section in the Smartsheet Admin Center. Learn more about how to set up a domain-level SAML configuration.

You can also stay informed by subscribing to receive product release updates for curated news of recently released product capabilities and enhancements for the platform of your choosing, delivered to your inbox. As new releases occur, you will receive a weekly email with news of what's released every Tuesday. 


Lekshmi Unnithan

Senior Product Marketing Manager

Product screenshot: