How long will it take to provision users via Directory Integration?
Azure AD has different sync times for provisioning depending on the sync configuration,
number of users and groups, and sync type (initial or incremental). Refer to this Microsoft Support article for details.
How are users provisioned in Smartsheet through Azure AD?
- In Legacy Collaborator Model plans, unlicensed users added through Azure AD don't appear in the Admin Center immediately; they're only visible after signing in or being added to a group.
- For User Subscription Model plans, all new Azure AD users are automatically added as Provisional Members unless they're System Admins. System Admins can be set up as non-Members (Viewers) upon provisioning.
If you're unsure about your model type, learn how to determine the model your plan is on.
What will happen to our existing groups in Azure AD or Smartsheet if I enable auto-provisioning?
The Azure AD provisioning service only updates users who are “assigned” to the Smartsheet app. Users are assigned by being included in specified role-mapped Azure AD groups.
- If users aren’t added to any Smartsheet role groups in Azure AD, they won’t be updated or affected within the Smartsheet app.
- If users are assigned to a Smartsheet role group in Azure AD, provisioned into Smartsheet as a result, and later removed from that group, they’ll be deactivated during the next provisioning cycle.
- If a Smartsheet user has an account in Azure AD but isn’t assigned to any Azure AD groups mapped to Smartsheet roles, Azure AD will essentially ignore the user during provisioning.
What happens to deprovisioned users? Do their Smartsheet accounts get automatically deleted?
Deprovisioned users will be deactivated. Deactivated users can't sign in to Smartsheet and are no longer assigned a license (Legacy Collaborator Model) or Member designation, and that license or Member designation is available for you to reassign.
If you wish to delete their Smartsheet account instead:
- Deactivate the Azure AD integration with Smartsheet.
- Manually remove the user in Admin Center.
What happens if someone without a license or Member designation tries to access Smartsheet but hasn’t been provisioned through Azure AD?
Unlicensed users or non-Members (Viewers) will be able to request a license or Member designation in-app. System Admins can then grant users a license or Member designation via AD.
How do I troubleshoot provisioning errors in Azure AD?
See this Microsoft Support article for information on troubleshooting errors in Azure AD.
Can I integrate with Smartsheet from a self-hosted (on premises) AD server?
You can use Azure AD Connect to sync your self-hosted AD instance with your Azure AD instance. You can then use your Azure AD instance for directory integration with Smartsheet.
What happens when someone in Active Directory has their email changed?
The email change request is sent to Smartsheet and their primary email address is updated with the new email address. Similar to in-app primary email address changes, this does not impact any shared Smartsheet items and items they own, or other existing references to them in Smartsheet.
The old email address will be completely removed from the account. If you want to set up your original email address as a secondary alias, you can manually add it to your user profile. For more information, see Change the email address used with your Smartsheet account.
How do we ensure users are added (similar to User Auto Provisioning) when they sign into Smartsheet for the first time?
Once you have your groups configured and everything running, we suggest treating your SMARTSHEET_USER user group as an “all users” group. By adding all of your users to this user group, you're ensuring that they'll be automatically added to your company plan upon sign-in.
We have a number of Smartsheet tiles in our Enterprise Applications section in Azure. How do I know which one controls Azure Directory Provisioning?
When viewing All applications in your Azure environment, look for the Smartsheet Enterprise Tile with application ID 3290e3f7-d3ac-4165-bcef-cf4874fc4270.
Is User Auto Provisioning (UAP) required for Directory Integration?
Yes. You must enable User Auto Provisioning to make sure you add new users to your organization. If you don't enable User Auto Provisioning, new users aren't added. This leads to provisioning errors.