By implementing Single Sign-On (SSO) for Smartsheet, you can streamline the authentication process, enhance security, and provide a seamless user experience for your team. In this comprehensive guide, we’ll walk you through the steps to set up SSO between Smartsheet and Google Workspace.
Prerequisites
Before you begin, ensure that you have administrative access to both Smartsheet and Google Workspace accounts.
Step 1: Navigate to Smartsheet Admin Center
- Log in to your Smartsheet account with administrative privileges.
- Within your dashboard, click on your profile and then select “Admin Center.”
Step 2: Configure SAML Authentication in Smartsheet
- Once in the Admin Center, navigate to the “Authentication” window and click the “SAML” option.
- You’ll notice that SAML is not activated yet. Click on the “Not Configured” option to open the SAML administration panel.
- In the SAML administration panel, you’ll need to add a new Identity Provider (IDP) for Google Workspace. Name this IDP “Google” and leave this window open for now.
Step 3: Set Up Google Workspace
- Open the Google Admin console and search for “Web and Mobile Apps” in the search bar at the top of the screen.
- Click on “Web and Mobile Apps,” which will allow you to create a new application for Smartsheet.
- Click “Add an App,” then select “Add Custom SAML App.”
Step 4: Configure the SAML Application
- In the SAML application configuration window, you’ll be required to name your SAML app. A description and icon are optional, but naming the app is mandatory.
- After naming your SAML app, click “Continue.”
Step 5: Download IDP Metadata
- You’ll be presented with a screen where you need to download the IDP’s metadata. Click the “Download Metadata” button to retrieve the configuration information Smartsheet will rely on to establish the connection.
- Open the downloaded file and copy the metadata.
Step 6: Connect Smartsheet and Google Workspace
- Switch back to the Smartsheet IDP window you left open earlier and paste the copied metadata into the IDP metadata field.
- Click “Save.”
- You’ll now see the information entered in the IDP file, as well as an SSO URL that you can use to access Smartsheet with this IDP.
- Smartsheet also provides the option to add a custom CNAME, which you’ll need to configure with your DNS to point the new CNAME to sso.smartsheet.com (or sso.smartsheetgov.com for Smartsheet Gov users).
- For this guide, we’ll focus on setting up the IDP without configuring a custom CNAME.
- Click “Activate” and wait for the activation to complete (around 10 minutes).
Step 7: Activate SAML Authentication in Smartsheet
- Navigate back to the “Authentication” window in Smartsheet.
- Check the “SAML” box to activate SAML authentication and click “Save.”
- Confirm the change when prompted.
Step 8: Configure the Service Provider Page in Google Workspace
- Return to the Google Workspace Admin console and your newly created SAML app.
- Click “Continue” to proceed to the service provider page.
- Paste the provided ACS URL and Entity ID in the designated fields.
- If you’re a Smartsheet Gov user, update the URLs to use “smartsheetgov.com” instead of “smartsheet.com.”
- Select “Continue.”
Step 9: Configure Attribute Mapping
- Now, you need to configure the attribute mapping between Google Workspace and Smartsheet.
- Under “Google Directory Attributes,” select “Primary Email” for basic information and type “Email Address” as the corresponding attribute in Smartsheet.
- Add another mapping for “First Name” with the related attribute “Given Name” in Smartsheet.
- Finally, map “Last Name” to the “Surname” attribute in Smartsheet.
- Once completed, select “Finish,” and you’ll be brought back to the application dashboard.
Step 10: Grant User Access
- Within the application dashboard, you’ll see the newly created Smartsheet application and its configurations displayed.
- Notice that the user access for this application is currently off. Click on “User Access” to grant access.
- In this guide, we’ll grant organization-wide access by selecting “On for Everyone” and clicking “Save.”
- Once you’re back in the application dashboard, you can see that everything is now configured.
Step 11: Test the SSO Setup
- To test the SSO setup, first log out of Smartsheet.
- Then, in the Google Workspace Admin console, navigate to the Smartsheet application you created and click “Test SAML Login.”
- If the setup was successful, you should now be able to access Smartsheet using your Google Workspace credentials.
Congratulations! You have successfully set up Single Sign-On between Smartsheet and Google Workspace, providing a secure and convenient authentication experience for your users.
By implementing SSO for Smartsheet, you’ve taken a significant step towards enhancing productivity, security, and user experience within your organization. With a streamlined authentication process, your team can access Smartsheet seamlessly using their existing Google Workspace credentials, eliminating the need to manage multiple passwords.
This integration not only simplifies the login process but also strengthens security by reducing the risk of password-related breaches. Additionally, centralized user management and compliance with security and privacy regulations become more manageable.
If you encounter any issues or have additional questions during the setup process, don’t hesitate to reach out to the Cronos Team for assistance. Happy collaborating!