In order to mitigate password vulnerabilities and attacks, please add multi-factor authentication to Smartsheet. It's a security best practice and most SaaS applications (such as Smartsheet) already has this integration available.
Sign in to see the current vote count, add your own vote, or leave a comment.
Please enable MFA for Business plans.
Most products nowadays offer MFA as standard - even to small businesses…. and its expected for general security compliance. (in Australia, it's mandatory for basic Essential 8 compliance….)
Smartsheet is trying to force us to upgrade and incur significantly higher costs for a feature that should be standard. This increased cost is not feasible for small businesses.
It would be helpful if more detail (especially a target timeline) could be provided for the MFA component of the passwordless login. Additionally, a support agent recently told me this is not planned for the desktop app. I would like for the MFA to be part of the desktop app authentication flow as well.
Please offer the option of using an authenticator app (or text message) base MFA
Email-base (TOTP) authentication is horrible for productivity. When someone is trying to get work done, and is FORCED to switch their attention to their email to go get a password… it's bad. I personally have been 'derailed' multiple times by going to get my password in email, and getting distracted by OTHER emails. Argh. Please don't get rid of password sign-in and force people to use TOTP, with no other options.
It is really annoying to have to first go to the site, then open my email account, copy the code, and return to the site EVERY SINGLE TIME. If this is not changed, I will not be using this service any further. NO OTHER PROGRAM THAT I USE REQUIRES ME TO BOTH LOG IN AND GET AN EMAIL CODE EVERY TIME I USE IT.
Looks like we got it in the end - I have received an email from SS product team: "Smartsheet is releasing free login security enhancements you can implement to help protect your account. According to our records, your users are logging in with email/password, or via email-based one-time passcode."
"By the end of October, we'll be introducing a stronger option: authenticator app MFA, free for all plans. With this capability, you can require users to verify their identity with a code from Google or Microsoft Authenticator, and instantly increase your resilience to cyber attacks and phishing."
What's been released for Business Plans is very limited - to the point where I can't see what the benefit is. If you are on a Business Plan and enable MFA, only your internal users will be prompted to register with MFA. Any external users that you collaborate with will not be prompted to register with MFA. When I raised this with Smartsheet support, I was told that we would either need to upgrade to the Enterprise Plan, or convert all our external users to plan members.
There's a feature called 'Secure External Access' to control access to content by External users to solve this, but that's only available with Enterprise Plans.
I can't see the benefit with what's been released for Business Plans, as enabling a security feature that only applies to some users and not others isn’t an effective security control and wouldn’t pass an Information Security audit as a control.
I have raised these concerns on the MFA release announcement:
Problem Smartsheet environments quickly become cluttered with inactive Sheets, Reports, and Dashboards that are no longer viewed or updated. This creates confusion for users and significant overhead for admins, especially in large or regulated environments. There is currently no native way to automatically identify, notify…
It would be beneficial to be able to leverage Smartsheet Automations to make REST API calls. This has many potential use cases, but one I could see is adding users to Smartsheet groups when the are added to a 'roster sheet' in Smartsheet. It would allow us to use the full power of Smartsheet's API within easy to use…
Hi Smartsheet Team and Community, I would like to raise an urgent enhancement request regarding Data Mesh source sheet configuration. This limitation is causing significant operational issues for teams relying on automated updates through APIs and database integrations. 📌 The Problem When the source sheet connected to a…
