I also vote for multi-factor authentication. This is a requirement for other software we use, and it's concerning that we don't have this option with Smartsheet. I encourage the development team to move this to a high level of priority.
1st party MFA please! This really is a basic security feature in today's market.
@Smartsheet, I see a response that indicates that you "love the idea" of MFA and it's the type of thing that you're "thinking about every day." Can you provide a reason for why this hasn't been made a priority? Smartsheet devs ought to drop everything they're doing to implement MFA ASAP. It's far more important than any other product enhancements being worked on, and will ultimately be good for Smartsheet's sales.
The bottom line is that not having MFA means these accounts are inherently insecure. Smartsheet is not a mom and pop shop lacking the resources to make this happen; not offering MFA across ALL account types is either grossly negligent or grossly incompetent, and neither one is a good look. This is completely unacceptable in 2023.
Barring an announcement that MFA will be implemented, our organization is going to search for a different product and I would encourage all non-Enterprise customers to do the same.
It's truly disappointing that a "business" package doesn't offer MFA support as we approach 2024! I can't help but think that this is an explicit strategy to drive customers to the "enterprise" plan. As a CISSP responsible for data security, I can't sign off on storing anything of importance without MFA these days... Hopefully smartsheet decision-makers are listening!
I agree, thanks
Provide businesses the ability to enforce MFA/2fa on all accounts, regardless of subscription level.
It's insane that Smartsheet hides stronger security (SSO) behind an exhorbitant paywall, and even more insane that basic smartsheet-provided 2fa/mfa is not a even an option. Having 2fa/mfa is an industry-standard (and almost always free) security feature.
You offer this product to small and medium businesses, which are historically the most likely to suffer financial ruin from a security breach. Don't be greedy. Be on the side of your customers and please modernize your platform's security.
I can't believe this doesn't have MFA already
Great we got MFA (alongside other security features) in January :-)
Now please let also Business plans have MFA!
Smartsheet Consulting, Solution Building, Training and Support.
Projects for Processes and for People.
When will Smartsheet stop the ridiculous practice of preventing SSO to business tier accounts?
Smartsheet lacks MFA and it seems to be to be pure greed that prevents them from enabling this "table stakes" feature. SSO costs them nothing and reduces their risk!!!
I know my organization is currently debating whether to keep Smartsheet at all because of this practice and the apparent lack of focus on overall security. My org does not need Enterprise, the business plan is more than adequate for our needs, yet Smartsheet remains unwavering in their stance.
Perhaps when they're notified that we are not renewing, they'll knock it off and do the right thing for their customers. I don't hold out much hope though.
Shame on Smartsheet..... I'm so done with them
I got an email last Monday 3/15 that by the end of April they will have instituted email-based TOTP authentication. I have their business plan, but my hope is that this is for all versions. And that sometime after June 1, they will be retiring the traditional password-based login method.
Any further news on TOTP authentication for Business Users. We are another SME that doesn't need "Enterprise" but as we work into Government Organisations, are required to have Cyber Essentials Plus security accreditation and therefore must use MFA. Ridiculous that MFA isn't standard on a Business Plan! :(
I would like to add my two cents. Absolutely ridiculous that in 2024, smartsheet does not give admins the ability to force MFA on all users regardless of which plan we use. This is an example of smartsheet putting its own financial interests above those of its clients. Love smartsheet but this policy is a very bad look for you guys - do the right thing.
As a part of the new OTP solution, and the gradual shift towards greater authentication security, I would love for the ability to generate one-off App Passwords. App passwords are advantageous in allowing lesser-secure external applications an easier method of authenticating with Smartsheet, which can be segmented by solution, and utilizing complex, and large randomly-generated passcodes. My hope for a solution would be something similar to Google's implementation (
) - which does require 2FA prior to utilizing app passwords. My use case for a solution like this is in UI and data automation - with the goal of utilizing a service account within Smartsheet that can run automated tasks without requiring a real human to work on them. An app password gives ease of authentication for some solutions and could bypass the requirements of either establishing an SSO login for the service account, or utilizing OTP (both which are more challenging to implement in automation).Ok what is going on with this? Is it time to look for alternative solutions? I think it may be…