TRUST CENTER
Smartsheet Enterprise Customer Controls
Spend less time worrying about compliance and more time running your business
Customer Implemented Controls Matrix
The following matrix identifies available administrative controls in the Smartsheet service. Customers are responsible for configuring such controls in accordance with any internal security, compliance, privacy, or regulatory requirements. Smartsheet does not configure these controls on behalf of customers and the controls referenced are reflective of those available on an enterprise account without any additional premium features.
Feature |
Scope |
Feature Governance / Control |
Effect |
|---|---|---|---|
| Automated User Provisioning |
Account Level Control System Admin Configured |
|
Users with an email domain that matches a domain validated account will be added to that account during their first login or next login if previously on another account. |
Help article for configuring this control: Automatically Add Users to an Enterprise Account with User Auto Provisioning |
|||
| Manage Authentication Options |
Account Level Control System Admin Configured |
Governs users accessing Smartsheet for the first time or users accessing accounts outside of the primary or designated enterprise account. | Users with an email domain that matches a domain validated account will be added to that account during their first login or next login if previously on another account. |
Help article for configuring this control: Manage Authentication Options for an Enterprise Plan (System Admin) |
|||
| Global Publishing Control |
Account Level Control System Admin Configured |
Governs publishing functionality for sheets, reports, and dashboards across the account. |
Users will no longer be able to publish sheets, reports, or dashboards outside of the publishing configurations identified in the Admin Center, the console for System Admins. Note: The implementation of this control is permanent in its effect when publishing is disabled. |
Help article for configuring this control: Manage Global Account Settings |
|||
| Approved Domain Sharing - Domain Level |
Account Level Control System Admin Configured |
Governs who sheets can be shared to and to whom notifications can be sent to at the domain-level. | Users will no longer be able to collaborate with external parties not explicitly defined in the allow-list (domain-specific) in the approved domain sharing control. This extends from sharing to sending row-level information and update requests. |
Help article for configuring this control: Configure Security Controls for an Enterprise Plan |
|||
| Approved Domain Sharing - Email Level |
Account Level Control System Admin Configured |
Governs who sheets can be shared to and to whom notifications can be sent to at the email address level. This control is a sub-control within the Approved Domain Sharing feature. | Users will no longer be able to collaborate with external parties not explicitly defined in the allow-list (email address-specific) in the approved domain sharing control. This extends from sharing to sending row-level information and update requests. |
Help article for configuring this control: Configure Security Controls for an Enterprise Plan |
|||
| Group Membership Settings |
Account Level Control System Admin Configured |
Governs the type of user who can be added to a group by Group Admins. | Users not on the account (external collaborators) are not able to be added to the account when this setting is configured to Limited to Account Users Only. |
Help article for configuring this control: Configure Security Controls for an Enterprise Plan |
|||
| Enabled Attachment Sources |
Account Level Control System Admin Configured |
Governs the attachment sources that can be used to place attachments or links to an attachment within the sheet attachment column. | Users will only be able to attach files from approved sources. It does not extend to users placing hyperlinks directly within cells. |
Help article for configuring this control: Manage Global Account Settings |
|||
| Custom Welcome Screen |
Account Level Control System Admin Configured |
Governs the ability to provide users a welcome message or banner. |
Users are presented with a welcome message that could be used to display an acceptable use message or request consent/affirmation for the usage of the platform prior to login. |
Help article for configuring this control: Create a Custom Welcome Message, Help Page, or Upgrade Screen |
|||
| Sheet-Level Scheduled Backup |
User Level Control User or System Admin Configured |
Governs the ability to create periodic offline backups on specific sheets. |
Users will receive a backup of the sheets specified in CSV file format providing the raw data offline. Note: The formatting that is present in the platform is lost during the export process. |
Help article for configuring this control: Create a Backup Copy of Your Smartsheet Data |
|||
| Account Login History |
Account Level Control System Admin Configured |
Governs the review of user logins during the previous 6 months. |
The System Admin on the account is able to complete a periodic review of logins to ensure that they are appropriate and in accordance with an organization’s policy. Note: If an external authentication service is in use, such as Single Sign-On (SSO), this login history will only identify the successful logins by users in the SSO service;failed login attempts are not passed by the SSO service. |
Help article for configuring this control: View Login History |
|||
| Sheet Access Report |
Account Level Control System Admin Configured |
Governs the review of the sheet inventory of the account and provides access information for assets within an account. | The System Admin on the account is able to identify an inventory of assets and ensure that sharing is appropriate. |
Help article for configuring this control: Manage Users in a Multi-User Plan |
|||
| Transfer Sheet Ownership |
Account Level Control System Admin Configured |
Governs the ownership of an asset during the decommissioning process for users from a Smartsheet account. |
As part of an off-boarding or change of role, this control will transfer ownership of sheets, reports, or dashboards owned by the user helping to ensure proper asset lifecycle management. Note: This is an optional setting during account deletion. |
Help article for configuring this control: Change Ownership of a Sheet, Report, or Dashboard |
|||
| Remove All Shares for a Specific Email |
Account Level Control System Admin Configured |
Governs the sharing rights associated with a user during the decommissioning process from a Smartsheet account. Check the box to remove user sharing access, which will remove the user from sharing all sheets owned by other licensed users on the account. |
As part of an off-boarding process, this control removes all of the sharing rights granted to this user. Note: This is an optional setting during account deletion. |
Help article for configuring this control: Manage Users in a Multi-User Plan |
|||
| RESTful API |
User and Account Control User or System Admin Configured |
General users of the platform are able to generate API tokens that will grant them access to the API at the same level as their rights within the web-application. The System Admin is able to generate a higher-privileged token that allows for a number of specific API calls not accessible to general users. |
General users and System Admins are able to generate API tokens at will. API tokens generated by each user will obey that user’s permissions granted in the web application. |
Help article for configuring this control: Smartsheet API 2.0 – Official API and SDK Documentation |
|||
| Chat Integrations |
Account Level Control System Admin Configured |
Governs the available chat integration for users attempting to integrate with a chat platform. |
Users will be limited to the selected In-App chat provider. By default, the chat integration capabilities are not enabled. |
Help article for configuring this control: Chat Integration Options for Smartsheet |
|||