Email-based TOTP login method, now generally available!

I am following all of these discussiosn and I am thankful for all the questions and answers in this post.

Following on some of the discussions I would like to ask the following:

So far internally we force our users to login with "Microsoft" button and SSO, however there is no possibilty to technically only allow this option.

Reason is that we also have many external users, which we do not have in our AD/Azure and therefore we need also the User / Password option.

Four questions:

1. Is there any chance to seperate internal (e.g. with domains) and external users, so that ONLY external users get the information regarding OTP. All of our internal users will be confused as they are not allowed to user user/password any longer when they would get a centrally sent mail.
2. If I understand correctly as having Enterprise plan there will be the option to NOT use OTP. Is there a link to the user / password topic and if yes: How?
3. Regarding OTP: Would it not make sense / is it technically possible to change the OTP that it is not necessary with every login (after 19hours) but for example not to ask for a login with user / password for e.g. 60 days as it is done by Microsoft M365. One request for every loging and then wait for an email login will really cause big discussions in our company.
4. When will there be a finalized timeline regarding this topic including future possible improvements.

Thanks for your help.

Alex

My organization does not want TOTP enabled at all. Is there a way to disable TOTP prior to Smartsheet's May 30, 2024 release? If not, will we be able to disable it once it does launch?

For OTP- how are you planning for your group accounts and interfaces that may have users ids and passwords embedded in them

Would this affect the desktop app or just the web browser login?

Hi @BigAl

1. Question: When you mention external users, do you mean users in your Smartsheet plan but not in your AD/Azure? Is that correct?
2. If you have an Enterprise plan, you can disable the OTP login method. Can you clarify which user/password topic you are referring to?
3. The OTP login will function similarly to current login methods, i.e., it will be required upon user session expiry or logout. We are treating it as another login method rather than a two-factor authentication mechanism.
4. We aim to implement the new OTP login method by the end of May 2024. The timeline for password deprecation is not yet finalized, but we will inform our customers and provide advance notice once it is determined.