Please add admin ability to force password resets
Forcing the reset of a user's password is critical to the security and efficiency of any user management system. Every other web service I can think of that uses an admin/multi-user structure has such a feature. Here are some examples where a forced password reset would be not only useful but dramatically affect the effectiveness of responding to a security issue:
- A user has decided to act maliciously and is causing damage to company data hosted in Smartsheet. One of the best ways to mitigate further damage would be to reset the user's password and forcefully log them out of active sessions. Neither of these things are possible as far as I am aware.
- A user has forgotten their Smartsheet password and doesn't have access to their email account, or their associated email account is already compromised in addition to their Smartsheet account.
Deletion of the user in either of these instances is not really a practical or correct response. It's like using a sledgehammer to drive a thumbtack. Please add this feature as it is needed to begin establishing a baseline confidence in your platform's security. more security requests incoming.......I sincerely hope these types of features are not locked behind enterprise or higher licensing, just like the ONLY available MFA options......cough......absurd.......cough.........