-
Preparing for a Password-Free Future in Smartsheet: Share Your Feedback!
As part of our ongoing commitment to security and authentication best practices, we are preparing to deprecate password-based login for Smartsheet accounts. Our goal is to transition to more secure authentication methods, such as email-based Time-Based One-Time Passwords (TOTP) and eventually full two-factor authentication…
-
Authenticator app MFA for non-SSO login - now generally available!
October 30, 2025 Smartsheet users can now secure their accounts with authenticator-app multi-factor authentication (MFA), available at no additional cost for all plan types. With this update, users who sign in without SSO can verify their identity using trusted authenticator apps such as Microsoft or Google Authenticator —…
-
Enforcing MFA for all users (not only Members) and for all login methods?
We use Smartsheet for several of our clients. One of our clients has requested that we enforce multi-factor authentication (MFA) using an authenticator app such as Google Authenticator or Microsoft Authenticator. My colleague (our Smartsheet admin) enabled MFA in the admin settings, but we are running into two issues: Only…
-
Session timeout controls for system admins - now generally available!
October 30, 2025 System Administrators in Business and Enterprise plans can now configure how long users stay signed in before being logged out for inactivity — anywhere from 15 minutes to 30 hours. This update makes it easy to align Smartsheet session policies with your organization’s security and compliance standards,…
-
Unauthorized User Invitation on My Smartsheet Account
Hi Smartsheet Team, I would like to bring to your attention that an unknown person has invited a user to my Smartsheet account without my consent a few hours ago. I did not perform this action. I have attached the screenshots for your review. Request you to kindly look into this issue at the earliest and help me understand…
-
External collaborator MFA: Replace Email-based one-time passcodes with Authenticator app - now GA!
October 30, 2025 Enterprise customers can now strengthen security for external collaboration with authenticator-app-based multi-factor authentication (MFA). With this update, collaborators accessing shared Smartsheet assets will be prompted to verify their identity using trusted authenticator apps such as Microsoft or…
-
Keeping the API token secure on a shared hosting website. Using PHP
I have a website on shared hosting. I know that I should keep api tokens out of public_html folders on said website. I would like to use a <domain>/config/config.php file to hold those api tokens for Smartsheets. This approach is working for another application that I integrate with from this website. However, when I put…
-
Sheet Activity Logs - Export for Longer than 90 Days
Today the Activity Log is limited to 90 days activity. However, for the security team at my company, they require me to log sheet activity and store that information for 1 year / 365 days. Therefore, I have to export 90 days at a time and store it manually vs allowing SmartSheet to store it, thereby, not needing me to do…
-
Smartsheet Backup and Recovery
We would like Smartsheet to provide a mechanism to do a full backup and restore of related files. While a step in the right direction is the ability to restore to a previous version of a sheet, we find that in an integrated environment, this would not be sufficient: We have a single worksheet that drives multiple reports…
-
Advise on Workgroups and access for Groups
I have Workspaces that have sheets containing sensitive information. The Workspaces have Individual access to a few people. With in the Workspace, I created Dashboards, with Dynamic Views. Each is set with specific Groups to access specific information. The users in the groups can not see or access the Dashboards, unless I…