Description:
As a Smartsheet System Admin for our enterprise account, we need the ability to view, audit, and manage all active API tokens created by users in our organization. Currently, admins have no visibility into which users have created tokens, when they were created, what they’re used for, or whether they’ve expired. This presents a significant security and governance gap, especially in large organizations with many integrations and automation workflows.
Why This Matters:
- We cannot audit token usage or ownership.
- We cannot enforce governance policies around token creation or scope.
- We rely on manual communication and service accounts to mitigate risk.
Suggested Features:
- Admin dashboard listing all active tokens, their owners, creation dates, and expiration.
- Ability for System Admins to revoke tokens centrally.
- Exception list for API users to be manually added upon approval by System Admins.
- Audit logs for token usage and access.
- Customized expiry thresholds.
Impact:
This would greatly improve security, compliance, and operational continuity for enterprise teams using Smartsheet for automation and integrations.
