SmartSheet Logins

HI All,

How is everyone managing their users? We are finding it very frustrating that anyone in the company can create their own user login. yes it auto-added to our plan but unless we actually run a vlookup against our IT AD security list we have no idea who has created a new login.

Surely there is a way to prevent anyone with a specific domain from creating a user login

I even asked if we could be alerted every time a user is added to our plan - but that doesn't seem to be an option

We have close to 600 users, and this lack of process and control is driving our IT department around the bend, Reddust900!

We are trying to switch over to SSO logins, but we have around 6 Solutions using Control Centre and blueprints that are built with these generic emails as owners. Switching SSO will not allow these generic email to login and I am concerned that if we change owners, the workflows in various apps and control center won't transfer with

Any advice?

Thanks Sue

Answers

  • Stefan
    Stefan ✭✭✭✭✭✭

    Hi @Susan van Niekerk,

    looks like you have "User Auto-Provisioning (UAP)" enabled. If you turn that off in Admin Center people will need to be invited, or they get shared to content. The invitation must be approved by a Smartsheet Sysadmin.

    It may also help for now to turn off Account Discovery, but may result in people creating test accounts.

    In the end, SSO should be the way to go and your IT Admins might be able to provide fully functional accounts so you can keep your generic email addresses.

    Hope this helps a little

    Stefan

    Smartsheet Consulting, Solution Building, Training and Support.

    Projects for Processes and for People.

  • @Stefan

    We had UAP switched as we found employees creating logins outside of our plan and that in itself caused havoc

    And the auto-discovery was to stop try to stop the trail Versions - but we still get some of those and again that cause headaches

    We are aiming for SSO - but for some reason, IT says they cant create company Credentials for the generic emails - leaves us in a predicament due to our solutions/builds

    We ideally want to stop any user from creating a login with our domian. they need to submit an IT support ticket

    Not sure if this is even an option :-O

  • Stefan
    Stefan ✭✭✭✭✭✭

    Hi @Susan van Niekerk,

    sounds like you have a real Governance-Communication headache ;-)

    Trial Smartsheet accounts will likely reduce over time, but might still happen. As you certainly already moved those people to your corporate account for some time you know the way and don't want to have too many.

    Coming back to:
    "We are finding it very frustrating that anyone in the company can create their own user login. yes it auto-added to our plan but unless we actually run a vlookup against our IT AD security list we have no idea who has created a new login.".

    Why is it so important that you know who is a new user to Smartsheet?
    If for security reasons, you can see in Admin center, what assets people have, you can see published items…
    As every account can only see what they have been shared to, they don't see any confidential stuff; unless they are meant to.
    If you are fearing publication of inside data to the outside, you may configure what is allowed in the admin center. Another option would be to have multiple Smartsheet accounts. One for the confidential stuff with strictly controlled members and another for everyone.

    Greetings and most curious, what is driving your need

    Stefan

    Smartsheet Consulting, Solution Building, Training and Support.

    Projects for Processes and for People.

  • Our IT department are really freaked out by the lack of control - with all other soft ware you have to create a support ticket to request access - Smart sheet you don't - We have people creating logins and then having their manager complain that they don't want his team having access

    The whole issue I think is the lack of control - the only thing they can control is who gets a full license

    Switching to SSO will be a good step but those generic emails and the work flows owned by them is something we have to be very careful with