Welcome to the Smartsheet Forum Archives


The posts in this forum are no longer monitored for accuracy and their content may no longer be current. If there's a discussion here that interests you and you'd like to find (or create) a more current version, please Visit the Current Forums.

2fa or similar options

Allan Avigdor1
edited 12/09/19 in Archived 2016 Posts

Is there anyway to secure our accounts with 2fa or the like? 

Comments

  • Hi Allan--

     

    We don't currently off the ability in-app to require Two Factor Authentication when users log in to Smartsheet but I've added your vote for this to our enhancement request list and our developers will consider it for a future update. We appreciate your input!

     

    In the meantime, SysAdmin on Enterprise plans, or on Team Plans who purchase our Security Add-On package, have the ability to set up SSO/SAML authentication with Smartsheet. More information on this can be found here. Let me know if you have any questions on this!

  • I've recently encountered a situation where an Enterprise would benefit from in-app 2FA.

    We have SSO/SAML implemented and we auto-provision non-licensed users in our domain. We use OneLogin for SSO and it's integrated with Duo for 2FA, thereby enforcing 2FA for all 3rd party tools for all users. In keeping with this secure framework, the only authentication method allowed for Smartsheet is SAML.  

    We also work with external consultants on project, and they are not part of our domain. The alternatives we have are to: (1) provide an LDAP account on our domain, or (2) allow email+pw authentication, which would poke a hole through our implementation of mandatory 2FA for smartsheet users. 

    +1 for Smartsheet to add 2FA inside the app. Perhaps the Google Authenticator system is a consideration.  

  • Hi Smartsheet,

    2FA with Yubico would be our preferred solution. Would be interested where this security measure fits into your roadmap. 

    Thanks

    James

  • D Domine
    D Domine ✭✭✭✭

    Hello Mark - 

    Our team is working to get OneLogin going.  Would you or someone else in your company be available to help share some best practices or pitfalls to avoid?  Thanks in advance,   _David w/Christian Brothers Automotive

This discussion has been closed.