-
Changes to Smartsheet login experience: What admins should know
Smartsheet will be rolling out changes to our web login experience in early February 2026. These changes pertain only to the user login flow and do not affect authentication behaviour, provisioning, or SSO settings. This refresh improves clarity and reduces friction during sign-in. No action is required – users will simply…
-
Authenticator app MFA for non-SSO login - now generally available!
October 30, 2025 Smartsheet users can now secure their accounts with authenticator-app multi-factor authentication (MFA), available at no additional cost for all plan types. With this update, users who sign in without SSO can verify their identity using trusted authenticator apps such as Microsoft or Google Authenticator —…
-
Session timeout controls for system admins - now generally available!
October 30, 2025 System Administrators in Business and Enterprise plans can now configure how long users stay signed in before being logged out for inactivity — anywhere from 15 minutes to 30 hours. This update makes it easy to align Smartsheet session policies with your organization’s security and compliance standards,…
-
Preparing for a Password-Free Future in Smartsheet: Share Your Feedback!
As part of our ongoing commitment to security and authentication best practices, we are preparing to deprecate password-based login for Smartsheet accounts. Our goal is to transition to more secure authentication methods, such as email-based Time-Based One-Time Passwords (TOTP) and eventually full two-factor authentication…
-
Enforcing MFA for all users (not only Members) and for all login methods?
We use Smartsheet for several of our clients. One of our clients has requested that we enforce multi-factor authentication (MFA) using an authenticator app such as Google Authenticator or Microsoft Authenticator. My colleague (our Smartsheet admin) enabled MFA in the admin settings, but we are running into two issues: Only…
-
Unauthorized User Invitation on My Smartsheet Account
Hi Smartsheet Team, I would like to bring to your attention that an unknown person has invited a user to my Smartsheet account without my consent a few hours ago. I did not perform this action. I have attached the screenshots for your review. Request you to kindly look into this issue at the earliest and help me understand…
-
External collaborator MFA: Replace Email-based one-time passcodes with Authenticator app - now GA!
October 30, 2025 Enterprise customers can now strengthen security for external collaboration with authenticator-app-based multi-factor authentication (MFA). With this update, collaborators accessing shared Smartsheet assets will be prompted to verify their identity using trusted authenticator apps such as Microsoft or…
-
Keeping the API token secure on a shared hosting website. Using PHP
I have a website on shared hosting. I know that I should keep api tokens out of public_html folders on said website. I would like to use a <domain>/config/config.php file to hold those api tokens for Smartsheets. This approach is working for another application that I integrate with from this website. However, when I put…
-
Sheet Activity Logs - Export for Longer than 90 Days
Today the Activity Log is limited to 90 days activity. However, for the security team at my company, they require me to log sheet activity and store that information for 1 year / 365 days. Therefore, I have to export 90 days at a time and store it manually vs allowing SmartSheet to store it, thereby, not needing me to do…
-
Smartsheet Backup and Recovery
We would like Smartsheet to provide a mechanism to do a full backup and restore of related files. While a step in the right direction is the ability to restore to a previous version of a sheet, we find that in an integrated environment, this would not be sufficient: We have a single worksheet that drives multiple reports…