-
Unauthorized User Invitation on My Smartsheet Account
Hi Smartsheet Team, I would like to bring to your attention that an unknown person has invited a user to my Smartsheet account without my consent a few hours ago. I did not perform this action. I have attached the screenshots for your review. Request you to kindly look into this issue at the earliest and help me understand…
-
External collaborator MFA: Replace Email-based one-time passcodes with Authenticator app - now GA!
October 30, 2025 Enterprise customers can now strengthen security for external collaboration with authenticator-app-based multi-factor authentication (MFA). With this update, collaborators accessing shared Smartsheet assets will be prompted to verify their identity using trusted authenticator apps such as Microsoft or…
-
Keeping the API token secure on a shared hosting website. Using PHP
I have a website on shared hosting. I know that I should keep api tokens out of public_html folders on said website. I would like to use a <domain>/config/config.php file to hold those api tokens for Smartsheets. This approach is working for another application that I integrate with from this website. However, when I put…
-
Sheet Activity Logs - Export for Longer than 90 Days
Today the Activity Log is limited to 90 days activity. However, for the security team at my company, they require me to log sheet activity and store that information for 1 year / 365 days. Therefore, I have to export 90 days at a time and store it manually vs allowing SmartSheet to store it, thereby, not needing me to do…
-
Advise on Workgroups and access for Groups
I have Workspaces that have sheets containing sensitive information. The Workspaces have Individual access to a few people. With in the Workspace, I created Dashboards, with Dynamic Views. Each is set with specific Groups to access specific information. The users in the groups can not see or access the Dashboards, unless I…
-
PIN and Touch ID for Smartsheet App
Hi It should be a standard expectation that all apps holding significant IP data and financial information have minimal protection in place. Imagine a bank app that didn't ask for your PIN or Touch ID? It should be self-evident that the Smartsheet app MUST have a security feature. Please make this an obvious high priority.…
-
Does Gov Smartsheet contain FIPS Moderate or higher rating for data and information stored?
My question is surrounding the FIPS for security rating of this application/software for government users. I would like to know if it is rated atleast FIPS Moderate?
-
Desktop App to use system default browser for Authentication
The Smartsheet desktop app currently uses an embedded browser (WebView/WebView2) for authentication and does not support using the system browser for OIDC sign-in. This is why it fails Conditional Access policies that require device compliance or trusted client conditions. Please add support for launching authentication in…
-
Merged: Folder sharing while limiting workplace sharing
This discussion has been merged.
-
Security Question
Hi, I'm relatively new to SmartSheet so I was hoping I could get some input from the experts. I have a consulting business and use SmartSheet for various things from project plan mgmt to status reporting. I am trying to understand the security model better. I have reviewed different articles from the knowledge base but I'm…