-
Jira Connector support for OAuth 2.0 now generally available
February 24, 2026 The Smartsheet Jira Connector now supports OAuth 2.0 authentication, aligning with Atlassian's latest security standards. This update brings enhanced security, a streamlined consent flow, and better compatibility with future Jira updates — so you can keep your integrations running smoothly and…
-
MFA rollout bug - tool to bulk exempt users
While doing an internal collaborator MFA rollout, I encountered a bug that was forcing non-internal domain collaborators to enroll in MFA. We have an Enterprise plan and one of the reasons we are on Enterprise is that it allows domain-level MFA selection. For whatever reason, it is now not possible to undo the MFA…
-
Admin Access
I'm one of two Admins for Smartsheet for the city government. We're very guarded when handing out licenses and have guidelines for Workspace creation. One of those guidelines is that they have to add both Admins to their workspaces (w/admin permissions) so that when they run into problems, we can easily help. We still get…
-
Changes to Smartsheet login experience: What admins should know
(Updated March 17th, 2026) Smartsheet is relaunching updates to our web login experience. These changes pertain only to the user login flow and do not affect authentication behavior, provisioning, or SSO settings. No action is needed – this refresh simply improves clarity and reduces friction during sign-in. What's…
-
Unauthorized User Invitation on My Smartsheet Account
Hi Smartsheet Team, I would like to bring to your attention that an unknown person has invited a user to my Smartsheet account without my consent a few hours ago. I did not perform this action. I have attached the screenshots for your review. Request you to kindly look into this issue at the earliest and help me understand…
-
Session timeout controls for system admins - now generally available!
October 30, 2025 System Administrators in Business and Enterprise plans can now configure how long users stay signed in before being logged out for inactivity — anywhere from 15 minutes to 30 hours. This update makes it easy to align Smartsheet session policies with your organization’s security and compliance standards,…
-
Enforcing MFA for all users (not only Members) and for all login methods?
We use Smartsheet for several of our clients. One of our clients has requested that we enforce multi-factor authentication (MFA) using an authenticator app such as Google Authenticator or Microsoft Authenticator. My colleague (our Smartsheet admin) enabled MFA in the admin settings, but we are running into two issues: Only…
-
External collaborator MFA: Replace Email-based one-time passcodes with Authenticator app - now GA!
October 30, 2025 Enterprise customers can now strengthen security for external collaboration with authenticator-app-based multi-factor authentication (MFA). With this update, collaborators accessing shared Smartsheet assets will be prompted to verify their identity using trusted authenticator apps such as Microsoft or…
-
Authenticator app MFA for non-SSO login - now generally available!
October 30, 2025 Smartsheet users can now secure their accounts with authenticator-app multi-factor authentication (MFA), available at no additional cost for all plan types. With this update, users who sign in without SSO can verify their identity using trusted authenticator apps such as Microsoft or Google Authenticator —…
-
Keeping the API token secure on a shared hosting website. Using PHP
I have a website on shared hosting. I know that I should keep api tokens out of public_html folders on said website. I would like to use a <domain>/config/config.php file to hold those api tokens for Smartsheets. This approach is working for another application that I integrate with from this website. However, when I put…
-
Advise on Workgroups and access for Groups
I have Workspaces that have sheets containing sensitive information. The Workspaces have Individual access to a few people. With in the Workspace, I created Dashboards, with Dynamic Views. Each is set with specific Groups to access specific information. The users in the groups can not see or access the Dashboards, unless I…
-
PIN and Touch ID for Smartsheet App
Hi It should be a standard expectation that all apps holding significant IP data and financial information have minimal protection in place. Imagine a bank app that didn't ask for your PIN or Touch ID? It should be self-evident that the Smartsheet app MUST have a security feature. Please make this an obvious high priority.…
-
Does Gov Smartsheet contain FIPS Moderate or higher rating for data and information stored?
My question is surrounding the FIPS for security rating of this application/software for government users. I would like to know if it is rated atleast FIPS Moderate?
-
Desktop App to use system default browser for Authentication
The Smartsheet desktop app currently uses an embedded browser (WebView/WebView2) for authentication and does not support using the system browser for OIDC sign-in. This is why it fails Conditional Access policies that require device compliance or trusted client conditions. Please add support for launching authentication in…
-
Security Question
Hi, I'm relatively new to SmartSheet so I was hoping I could get some input from the experts. I have a consulting business and use SmartSheet for various things from project plan mgmt to status reporting. I am trying to understand the security model better. I have reviewed different articles from the knowledge base but I'm…
-
Merged: Folder sharing while limiting workplace sharing
This discussion has been merged.
-
Deactivate and Reactivate API enhancements now generally available!
April 1st, 2025 SysAdmins using the Deactivate and Reactivate API can now leverage enhanced API functionality to align with the updated Smartsheet governance framework. These updates ensure that deactivation and reactivation of users adhere to plan-level security controls, reducing administrative complexity and improving…
-
Security Score, now generally available!
March 26th, 2025 The Security Score helps SysAdmins assess and strengthen their Smartsheet security posture by providing a data-driven score based on implemented security capabilities. Rooted in industry best practices, the score includes a categorized policy breakdown and an intuitive metric to track security strength and…
-
Setting Up Azure SSO
Hi, my company is on the Business subscription, and we are looking at setting up SSO through Azure. We've tried contacting the Smartsheets helpdesk, but aren't really getting anywhere. Is this something we are able to set up, and is anybody able to tell us how?
-
Preparing for a Password-Free Future in Smartsheet: Share Your Feedback!
As part of our ongoing commitment to security and authentication best practices, we are preparing to deprecate password-based login for Smartsheet accounts. Our goal is to transition to more secure authentication methods, such as email-based Time-Based One-Time Passwords (TOTP) and eventually full two-factor authentication…