-
Session timeout controls for system admins - now generally available!
October 30, 2025 System Administrators in Business and Enterprise plans can now configure how long users stay signed in before being logged out for inactivity — anywhere from 15 minutes to 30 hours. This update makes it easy to align Smartsheet session policies with your organization’s security and compliance standards,…
-
User Level Admin
Proposal: Creation of a Dedicated User Administration Role in Smartsheet Objective: Introduce a new Administration Role within Smartsheet designed to assist with user management tasks while maintaining strict security boundaries. Scope of Responsibilities: Manage provisional users and oversee user licensing. Perform…
-
Allow whitelisting specific domains to which we can publish resources publicly/anonymously
Currently in the Admin Center's Security & Controls section, we can set one of two options for each type of Smartsheet resource: Published <resource> is available to everyone Published <resource> is available to users on the same plan/owner's account I am proposing a third, intermediate option: Published <resource> is…
-
External collaborator MFA: Replace Email-based one-time passcodes with Authenticator app - now GA!
October 30, 2025 Enterprise customers can now strengthen security for external collaboration with authenticator-app-based multi-factor authentication (MFA). With this update, collaborators accessing shared Smartsheet assets will be prompted to verify their identity using trusted authenticator apps such as Microsoft or…
-
Authenticator app MFA for non-SSO login - now generally available!
October 30, 2025 Smartsheet users can now secure their accounts with authenticator-app multi-factor authentication (MFA), available at no additional cost for all plan types. With this update, users who sign in without SSO can verify their identity using trusted authenticator apps such as Microsoft or Google Authenticator —…
-
Can External Users be added to Groups under USM if the security control is on?
We converted to USM. Since external users can be added to our plan (in the true-up user management console) and we have the group control that restrict groups to people who are part of the organization, can external users be added to groups?
-
PIN and Touch ID for Smartsheet App
Hi It should be a standard expectation that all apps holding significant IP data and financial information have minimal protection in place. Imagine a bank app that didn't ask for your PIN or Touch ID? It should be self-evident that the Smartsheet app MUST have a security feature. Please make this an obvious high priority.…
-
Does Gov Smartsheet contain FIPS Moderate or higher rating for data and information stored?
My question is surrounding the FIPS for security rating of this application/software for government users. I would like to know if it is rated atleast FIPS Moderate?
-
How to control user access by record level
Can I control user access by record level? for example I have 3 rows with different names in "action owner" column. I want user A can only view those rows with "action owner" name as "A". Is that possible? I hope smartsheet can enhance user access management module, my current pain points are: If I grant user a workspace…
-
Desktop App to use system default browser for Authentication
The Smartsheet desktop app currently uses an embedded browser (WebView/WebView2) for authentication and does not support using the system browser for OIDC sign-in. This is why it fails Conditional Access policies that require device compliance or trusted client conditions. Please add support for launching authentication in…
-
Locking Form Access to Internal Company Users
It would be super helpful if you could restrict form access to users with a specific email address (e.g., @companyname.com). The current options for restricting form access are not providing the lockdown that we need, and we are receiving form submissions from outside of our company for an "internal use only" form.
-
User Subscription Model (USM) Users Who Have Had a Provisional Period
I am trying to create communication and training resources as we prepare our transition to USM. Do I understand the USM articles correctly - if a user who has already had a provisional period is later shared at a higher permission level, it will automatically put them into a provisional status again? Does the system…
-
Deactivate and Reactivate API enhancements now generally available!
April 1st, 2025 SysAdmins using the Deactivate and Reactivate API can now leverage enhanced API functionality to align with the updated Smartsheet governance framework. These updates ensure that deactivation and reactivation of users adhere to plan-level security controls, reducing administrative complexity and improving…
-
Guest Accounts for External Users Under New USM
Hi - There's has to be companies out there that in order to better ensure security controls, require external users to utilize a Guest account when using applications such as Smartsheet. My questions under the new User Subscription Model are: With a guest account using the same domain (company.com), but a sub domain…