Caz is a Sr. Director of Product Management responsible for Smartsheet’s Enterprise Administration teams. Caz joined Smartsheet in 2022, prior to which she led product, engineering and design teams at the BBC and a global software development agency.
At Smartsheet, we know that effective work management isn’t just about getting work done— organizations must have confidence that work will scale and that both enterprise data and users are protected with the highest security standards. Over the past year, we’ve made significant advancements to enhance security, streamline administration, and give you more control over your enterprise data and users. Whether you're a system administrator managing thousands of users, an IT professional overseeing access control, or a security leader enforcing compliance, our latest improvements are designed to make your job easier while safeguarding your data and people.
Let’s explore how we’re strengthening security, simplifying governance, and enabling seamless enterprise-scale administration.
Stronger security, without the hassle
Security should be both robust and user-friendly. That’s why we’re focused on making Smartsheet more inherently secure while ensuring a smooth experience for both system administrators (sysadmins) and users.
Moving beyond passwords
Traditional password-based login methods have long been a weak link in security—it’s common for users to reuse passwords across sites, choose easily guessable ones, or fall victim to phishing attacks. To mitigate these risks, we introduced email-based TOTP (time-based one-time passcode) authentication. With this method, users attempting to log in will receive dynamic, time-sensitive authentication codes via email, providing a more secure alternative to static passwords. This reduces password fatigue, minimizes unauthorized access, and lowers the risk of breaches.
Looking ahead, we plan to eliminate passwords entirely as a login method in favor of more secure options like single sign-on (SSO) and email TOTP. This important shift will reduce security vulnerabilities tied to storing credentials and passwords.Additionally, we’re revamping the web login experience to make sign-in faster, more intuitive, and personalized for every user.
Consistent, enterprise-grade authentication
Managing authentication across multiple domains and globally distributed teams can be complex—and security gaps can emerge when login methods vary. That’s why we introduced strict domain-level login enforcement for Enterprise plans, allowing sysadmins to ensure that all users within specified domains follow the same login policies. Additionally, a domain-level fallback option ensures that sysadmins can always securely access their accounts even if third-party authentication methods (like Microsoft/Google SSO or SAML-based SSO) experience downtime.
Real-time security insights
Soon, we’ll be launching an in-app Security Score, providing a real-time assessment of your organization's security configuration. Higher scores indicate stronger security settings, while lower scores highlight areas for improvement—helping your team proactively enhance its security posture. This is an important first step in building a comprehensive Security Hub, where you’ll receive actionable insights and recommendations to further strengthen security across your Smartsheet environment.
Seamless, scalable administration
Administration and governance should enhance productivity, not create bottlenecks. That’s why we’re rolling out improvements that simplify user management and give sysadmins greater visibility and control.
Automated role-based access management
With Identity Provider (IdP) managed access, IT teams on Enterprise plans can now automate role-based access management using external identity providers like Okta and Entra ID. That means when an employee moves to a new role, their Smartsheet access updates automatically to reflect the new, IT-dictated permission set—ensuring they have the right level of access without requiring manual adjustments.
Enterprise-wide governance
Looking ahead, we’re preparing to launch the next iteration of Enterprise Plan Manager (EPM) for User Subscription Model plans. This update will make it even easier for large organizations to centrally manage security, governance, and compliance across multiple Smartsheet plans.
Key improvements include:
A self-service EPM creation flow that only takes seconds to spin up
Improved plan discovery and navigation
Additional policy support and overrides
A more intuitive experience for managing global governance needs
A more holistic admin experience
We’ve also simplified the system administrator experience by eliminating redundancies and migrating several security policies from the legacy experience to the modern Admin Center—so you can manage Smartsheet more efficiently from a single, streamlined location.
Enterprise-grade security & governance—today and beyond
Our mission is to empower organizations like yours with a platform that is secure, scalable, and easy to manage. Whether it’s stronger authentication, smarter admin tools, or enhanced governance features, we’re committed to building enterprise-grade solutions that help you work securely and efficiently.
Smartsheet is committed to ongoing improvements and evolution. With even more enhancements on the horizon, we’re excited to continue this journey with you.
In the meantime, explore these new features or check out our Trust Center for more documentation on our security, privacy, compliance, and reliability. Want real-time updates on these enhancements? Subscribe to the product announcements channel in Smartsheet Community or our product release news.