User Auto Provisioning

APPLIES TO

  • Smartsheet
  • Enterprise

For more information about plan types and included capabilities, see the Smartsheet Plans page.

RELATED CAPABILITIES

Who can use this capability?

  • System Admin

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

User Auto Provisioning (UAP) automatically adds users who match the configured domain to your plan.

With UAP enabled, when a user with a validated domain logs in, they are automatically added to the account user list. It may be helpful to think of this as “Just In Time” provisioning by domain.

Enabling UAP will ensure that users with company domains adhere to the same security and account settings. You can set up multiple domains if needed.

Automatically add users with User Auto-Provisioning (UAP)

APPLIES TO

  • Smartsheet
  • Enterprise

For more information about plan types and included capabilities, see the Smartsheet Plans page.

RELATED CAPABILITIES

Who can use this capability?

  • System Admin

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

Email-based TOTP doesn't support User Auto-Provisioning.

Rather than manually inviting users through the User Management screen, you can enable User Auto-Provisioning (UAP). This automatically adds users with an email address your organization owns to your plan.

Manage UAP

  1. Sign in to Admin Center and select the Menu icon in the upper left corner.
  2. Navigate to Settings > User Auto-Provisioning

  3. You'll see the list of activated and validated domains. Use the drop-down menu to turn off UAP or add users as licensed users (Legacy Collaborator Model) / Members (User Subscription Model).

    If your plan uses the Legacy Collaborator Model, you can add users as free users.

Not sure which model your plan uses? Check if there’s a Manage true-up page in Admin Center. If there is, your plan uses the User Subscription Model. For more information, check out the User Subscription Model overview article.

Keep the following in mind

  • The Domain Management page is where you will add, remove, validate, and activate your domains.
  • You can still manage users automatically added to the plan via User Auto-Provisioning from the User Management screen.
  • Users added to your organization through UAP during sign-in or via the User Management page in Admin Center won't receive an email invitation or notification.

  • Completing the UAP process will require adding records to your public Domain Name System (DNS). You may need to loop in an internal technical resource for assistance.

    To learn more about the records—Domain key (DKIM) record, CNAME record, and DMARC record—see Public DNS entries required for the setup.

Password prompts

In some cases, when UAP is enabled on a plan, new users may be prompted to create a Smartsheet password when they first sign in, even if the organization doesn't have the email+password-based login option enabled.

This can occur when a sheet share creates a user account, and the user still needs to follow the sheet share link to finalize the UAP process, or if the user is invited via User Management instead of being provisioned via UAP.

Have the user set a password to complete the signup process for their account. This will complete the enrollment process, allowing them to sign in as usual.