Manage Smartsheet users through Azure Active Directory

Overview

This article discusses information relevant to both the Legacy Collaborator Model and the User Subscription Model. If you're unsure about your model type, learn how to determine the model your plan is on.

• In Legacy Collaborator Model plans, Smartsheet allows you to provision users as unlicensed without assigning them specific roles. Any new unlicensed user provisioned through Azure AD doesn't appear in Smartsheet's Admin Center until they sign in for the first time or are added to a Smartsheet group.
• In User Subscription Model plans, all new users provisioned through Azure AD are designated Provisional Members upon creation. The only exception to this rule is the System Admin role, which can be provisioned as a non-Member user. Additionally, upgrading or downgrading existing users is only supported through the Manage True-up page in Admin Center.

Provisional Members have the same access to features as regular Members, but only for a limited time. Learn more about the True-up process and capabilities of Provisional Members.

Prerequisites

System Admins and an IT Administrator can set up Active Directory with Smartsheet. As long as they're also Azure AD administrators, System Admins can manage users (provision, de-provision, change user profile information and roles) through Active Directory.

1. Contact your Smartsheet account representative or Smartsheet Support to enable this capability for your organization’s plan.
2. Take the Azure Active Directory and Smartsheet Integration online training.

Connect Azure AD with Smartsheet

Use this SCIM URL to configure Azure Active Directory integration: https://scim.smartsheet.com/v2/

1. Sign in to Smartsheet with System Admin credentials.
2. In Smartsheet, generate an API token under Account > Apps and Integrations > API Access > Generate new access token. The token generated runs with your credentials—this is a password to your account. Treat it as such.
3. In Azure AD, work with your IT administrator to enable the Smartsheet gallery tile with the application ID 3290e3f7-d3ac-4165-bcef-cf4874fc4270.

User list report

To download your current user list:

1. Navigate to Account > Admin Center.
2. Select User Management if you're on the Legacy Collaborator Model or User Roles and Reports if you're on the User Subscription Model.
3. Select More Actions > User List. See Admin Center: Add, edit, or deactivate users for more info. Use this list to assign users the correct roles in Azure AD. This ensures all users are provisioned to your account when logging in to Smartsheet for the first time.

Brandfolder Image

In this report, you can find the following fields:

• Name
• Email
• Status
• Division
• Department
• Cost Center

Division, Department, and Cost Center data populate through your Active Directory service. If data exists for these fields, it shows in the User List report. If data doesn't exist from the Directory Service, the fields are blank in the User List report.

The data in the report should automatically sync with the Directory Service, although the Directory Service determines the exact refresh rate.

Keep this in mind

After the setup, be careful when making significant changes, such as manual or scripted bulk modifications. Improperly prepared scripts may cause unintentional deprovisioning when used with the Azure Directory Integration. If you have questions or require further assistance with making significant changes, contact Support.