-
Authenticator app MFA for non-SSO login - now generally available!
October 30, 2025 Smartsheet users can now secure their accounts with authenticator-app multi-factor authentication (MFA), available at no additional cost for all plan types. With this update, users who sign in without SSO can verify their identity using trusted authenticator apps such as Microsoft or Google Authenticator —…
-
Session timeout controls for system admins - now generally available!
October 30, 2025 System Administrators in Business and Enterprise plans can now configure how long users stay signed in before being logged out for inactivity — anywhere from 15 minutes to 30 hours. This update makes it easy to align Smartsheet session policies with your organization’s security and compliance standards,…
-
User Level Admin
Proposal: Creation of a Dedicated User Administration Role in Smartsheet Objective: Introduce a new Administration Role within Smartsheet designed to assist with user management tasks while maintaining strict security boundaries. Scope of Responsibilities: Manage provisional users and oversee user licensing. Perform…
-
Allow whitelisting specific domains to which we can publish resources publicly/anonymously
Currently in the Admin Center's Security & Controls section, we can set one of two options for each type of Smartsheet resource: Published <resource> is available to everyone Published <resource> is available to users on the same plan/owner's account I am proposing a third, intermediate option: Published <resource> is…
-
External collaborator MFA: Replace Email-based one-time passcodes with Authenticator app - now GA!
October 30, 2025 Enterprise customers can now strengthen security for external collaboration with authenticator-app-based multi-factor authentication (MFA). With this update, collaborators accessing shared Smartsheet assets will be prompted to verify their identity using trusted authenticator apps such as Microsoft or…
-
Can External Users be added to Groups under USM if the security control is on?
We converted to USM. Since external users can be added to our plan (in the true-up user management console) and we have the group control that restrict groups to people who are part of the organization, can external users be added to groups?
-
User Subscription Model (USM) Users Who Have Had a Provisional Period
I am trying to create communication and training resources as we prepare our transition to USM. Do I understand the USM articles correctly - if a user who has already had a provisional period is later shared at a higher permission level, it will automatically put them into a provisional status again? Does the system…
-
How to control user access by record level
Can I control user access by record level? for example I have 3 rows with different names in "action owner" column. I want user A can only view those rows with "action owner" name as "A". Is that possible? I hope smartsheet can enhance user access management module, my current pain points are: If I grant user a workspace…
-
PIN and Touch ID for Smartsheet App
Hi It should be a standard expectation that all apps holding significant IP data and financial information have minimal protection in place. Imagine a bank app that didn't ask for your PIN or Touch ID? It should be self-evident that the Smartsheet app MUST have a security feature. Please make this an obvious high priority.…
-
Does Gov Smartsheet contain FIPS Moderate or higher rating for data and information stored?
My question is surrounding the FIPS for security rating of this application/software for government users. I would like to know if it is rated atleast FIPS Moderate?