Learn more about security controls on an Enterprise plan.
Enterprise accounts have all of the functionality of a business plan, plus additional enterprise-specific tools for enhanced security, control, and visibility.
Configure Security Controls for an Enterprise Plan
A System Admin for an Enterprise plan can configure security controls to manage how their users work in Smartsheet. To get started, selectAccount>Admin Centerand then selectSecurity/Safe Sharing Liston the left panel of the Account Administration window.
System Admins can:
- Set up anApproved Domain Sharing Listto prevent sheets from being shared or sent to unauthorized email addresses
- LimitGroup Membership Optionsto only include users on the account
- Choose whichAuthentication Optionsare allowed for users
- EnableUser Auto Provisioningto automatically add new users to the account if they sign up for Smartsheet using an email address owned by the organization
If you have multiple plans and one plan is the main plan under企业计划Manager, you can set safe sharing controls in the main plan, and all managed plans will inherit those controls. You can change these settings on the managed plan if you are an administrator on the main plan.
Set up an approved domain-sharing list
Use this capability to restrict sharing by domain or by specific email addresses—for example, to ensure that sheets are shared only to people with a company email address. You'll do this by setting up an Allowlist.
When Approved Domain Sharing is enabled, all workflows with recipients outside the Approved Domain Sharing list will become disabled with an "Invalid Recipients" message. To ensure that workflows don't get disabled, make sure that all recipients of workflow automation are added to Approved Domain Sharing. Alternatively, ensure at least one recipient in every workflow within the Approved Domain Sharing list.
NOTES:
- Users will also be prevented from sending emails from Smartsheet to restricted domains and email addresses.
- Subdomains will need to be added to the Allowlist individually, as they aren't allowed when you add a domain to the Allowlist. For instance, adding "company.com" to the Allowlist will not add "portal.company.com" to the Allowlist. (You'll need to add both domains to the Allowlist.)
- When enabled, Approved Domains and Address Sharing capabilities will restrict who can receive notification emails.
- Selectaccount>Admin Center>Security/Safe Sharing List.
- In theApproved Domain Sharingsection, selectEdit.
The Approved Domain Sharing List window appears: - Select theEnable sharing in Smartsheet only to the domains and email addresses listed belowcheckbox.
- In theApproved domainsbox, type in each email domain (for examplecompanydomain.com) that users will be allowed to share to.
NOTE: Each domain must appear on a separate line.
If there are any specific email addresses that users should be able to share to outside the allowed domains, enter them in the通过电子邮件地址box.
TIP: Provide a link to a form for members of your organization's plan to make a request for System Admins to add additional domains or email addresses to the Allowlist. Your link will be presented in a Smartsheet window whenever users in your plan attempt to share or email an item from Smartsheet to someone whose email address falls outside the Allowlist. Your link can be:- A URL for an existing system your organization uses (such as an IT ticketing site)
- A Smartsheet form (check out our article on形式for more information)
- SelectOK.
Once you enable theApproved Domain & Address Sharingcapability, people in your account must use email addresses with approved domains when they do the following:
- Share sheets and workspaces
- Send rows
- Use the Send Link to Form option within the form link
- Manually or automatically send OR RECEIVE any alerts or requests (alerts, reminders, update requests, approval requests)
Smartsheet items that were sharedbeforedomain restrictions were enabled will remain shared to anyone outside of the approved domains. You can generate a Sheet Access Report to see what items have been shared with whom, details on this are availablehere.
Modify an approved domain-sharing list
To change the list:
- Selectaccount>Admin Center>Security/Safe Sharing List.
- In theApproved Domain Sharingsection, selectEdit.
- Select theEditbutton on the Security Controls form.
- Add, edit, remove domains/addresses from the list, and selectOK.
To disable the capability, select theEditbutton, uncheck theEnabledcheckbox, and selectOK.
Change group options
Restrict the type of user who can be added to a group by Group Admins. For example, you can limit this to only users on the account or allow all users and external contacts in groups.
- Selectaccount>Admin Center>Security/Safe Sharing List.
- ClickEditin theGroup Membership Optionssection.
The Group Management Options window appears: - Select whether to have group membership Limited to Account Users Only. When this option is selected, only users shown in the User Management screen can be added to groups by Group Admins.
To learn more about creating and managing groups, see theManaging Groupshelp article.
Manage authentication options
All Smartsheet customers can log in using their email address and Smartsheet password, or they can choose from a number of single-sign-on options. System Admins can disable any of these login options as desired.
Learn more about this in the articleManage Authentication Options for an Enterprise Plan (System Admin).
Enable user auto-provisioning
User Auto Provisioning automates adding users to an Enterprise account in Smartsheet. Rather than manually inviting users through theUser Management屏幕上,启用此功能自动广告d users to your account if they sign up for Smartsheet with an email address owned by your organization. You can choose to automatically add users to the account as licensed or non-licensed, depending on the access you'd like to provide.
Review our help article onUser Auto Provisioningfor detailed instructions. Completing the process will require you to add record(s) to your Domain Name System (DNS), so you may need to loop in an internal technical resource for assistance.
Apply security settings to forms
By default, all forms are anonymous and available to anyone with a link to the form. You can limit form access to people with a Smartsheet login or people on your Smartsheet account via the safe sharing list.
When these settings are selected in the Admin Center, they apply as the minimum permissions for all forms on your account and cannot be changed in the form builder.