Allow whitelisting specific domains to which we can publish resources publicly/anonymously

Currently in the Admin Center's Security & Controls section, we can set one of two options for each type of Smartsheet resource:

Published <resource> is available to everyone
Published <resource> is available to users on the same plan/owner's account

I am proposing a third, intermediate option:

Published <resource> is available to everyone in whitelisted domains and users on the same plan/owner's account

Specifically, what I mean is adding a plan-wide list that admins can modify (ideally it would be one list per type of resource, but that's reaching…) to include domains (in subdomain.domain.tld format) where authentication is allowed/same-site-origin restrictions are relaxed.

The scenario I am thinking of is SharePoint and embedding resources in a SharePoint site in an environment where the Smartsheet settings are restricted for all resource types to "users on the same plan/owner's account" to prevent data exfiltration.

Currently we can sort of do this for forms and dashboards, although we have to authentication to Smartsheet first in the same browsing session, and then load the page with the embedded resource on it), via their publish feature. Other Smartsheet resources like Sheets, Reports, or Calendars don't seem to have even this option.

It would be very useful if all resource types had this Publish option (note: just read-only is really needed/doable for something like this, obviously), but moreso it would be great if we could selectively publish any resource type to a list of whitelisted domains so that, for those domains, we don't have to require logins to view content.

The end result being I could add a domain to my plan's whitelist (e.g. contoso.sharepoint.com, then publish a sheet or other resource, selecting the option to share with users in my plan or on whitelisted domains, and then throw that sheet's Publish URL into an iframe on a SharePoint site, and anyone with access to that SharePoint page could load a view-only version of that resource, without having to login, and without that resource being fully public on the internet to anyone with the URL.

Sign in to vote!

Find more posts tagged with

Publish

Idea Submitted

Security Controls

Comments

There are no comments yet

Quick Links

Trending ideas

Automations Tracker
I have a workflow with nearly 40 automations, half of which are email-based requests for updates with various sets of triggers. While I know the automations work, due to months of testing, when our system went live to the institution, I became very worried that the automations wouldn't run and I'd have no idea whether or…
Preserve Original Filenames for Multi-Photo Uploads in Smartsheet Mobile App
Description: When users upload multiple photos in one action via the Smartsheet iOS mobile app, all files are assigned the same generic name and timestamp. This makes it difficult to identify individual photos and creates confusion in workflows that rely on accurate, unique file naming. Why This Matters: Industry Standard:…
Data Shuttle Notifications for any type of Error
We are recently starting to use the Smartsheet API and Data Shuttle for maintaining Dashboards. We have discovered that the Data Shuttle workflow will notify the owner when the process completely fails, however it will not send notifications wuth a partial failure indicated by the Yellow Caution sign. Since many of our…