Enhancements to the Secure External Access policy, now generally available!

Hi Community, 

We made some enhancements to the Secure External Access policy in the Smartsheet Admin Center. 

Previously, to enable the “Require MFA” setting in the Secure External Access policy, SysAdmins first had to allow the Require Corporate Account” setting. This lack of flexibility in policy enforcement hindered operational efficiency for some customers. Now, SysAdmins can independently activate and manage the “Require Corporate Account” and “Require MFA” settings in the Secure External Access policy without affecting each other, providing flexibility to meet various security and operational requirements.

Additionally, the “Require Corporate Account” policy allowed external collaborators with ISP domains (like gmail.com or hotmail.com), i.e., non-work accounts to access the plan’s Smartsheet asset when they sign in via Google SSO or Microsoft SSO, which was a security gap. Now, when the “Require Corporate Account” setting is enabled, we’ll restrict external collaborators’ access to a plan’s Smartsheet assets if they have non-corporate domains thereby enhancing security by ensuring that only verified users can access sensitive content.

The Secure External Access policy is available for Enterprise plans in the Commercial US and Commercial EU instances of Smartsheet.

Learn more about our governance policies for external collaborators.

You can also stay informed by Subscribe to receive product release updates for curated news of recently released product capabilities and enhancements for the platform of your choosing, delivered to your inbox. As new releases occur, you will receive a weekly email with news of what's released every Tuesday. 

Cheers,

The Smartsheet Product Team