Under the Hood: Enterprise Single Sign-On

Published on 15 April 2013

It's easy to give lots of blog coverage to shiny and exciting new features, like our iOS app or enhancements to Web Forms (spoiler alert!).  Today we put the spotlight on the work we are doing to improve the experience for our enterprise customers.  A key tenet of the Smartsheet Product team is to continue to build enterprise functionality and ensure the product continues to be secure and scalable for these organizations. 

SAML Based Single Sign-On: 

One focus area in our latest release was overhauling our SAML-based Single Sign-On (SSO) onboarding and administration experience.  SAML is a leading industry standard that enables enterprise users to log in to various cloud services (e.g., Salesforce, Box, Smartsheet, and others) using their existing corporate credentials.  It simplifies the user experience because it eliminates the need to create and remember separate login credentials for each service, and improves enterprise security because it enables IT administrators to manage employee access to cloud services via a corporate directory like ADFS.  SAML-based SSO is being adopted by more and more Smartsheet enterprise customers  because of the benefits it provides.  Enterasys is using SSO to streamline employee access to Smartsheet, Google, Box, Salesforce, and Marketo.  (To learn more about how they are saving time and improving efficiencies with Smartsheet, check out the Enterasys case study.)

If you ever worked with SAML, you know that the implementations are not for the faint of heart, and the onboarding process can be both time and labor intensive.  Smartsheet’s new 100% self-service administration UI makes it easier for administrators to configure and enable SAML, and has the built-in flexibility to handle a range of customer scenarios.  Read on to learn about all the technical goodness we have rolled out in this release.

In addition to our continued commitment to industry standards (SAML 2), our integration with key SSO providers (ADFS, Okta, OneLogin, PingOne, etc.), and our enterprise support, our customers will now enjoy: 

  • Easier and faster onboarding via 100% self-service UI, accessible from anywhere, anytime
  • Support for multiple Identity Providers and multiple domains per Identity Provider
  • Support for a convenience CNAME that's easy for your employees to remember
  • Identity Provider security certificate expiration monitoring and notification
  • Self-service rollover from an expiring to a new Identity Provider certificate
  • Updated, step-by-step instructions

Smarter Login Experience for SSO Users:

The SAML self-service improvements come on the heels of another important change we recently introduced to improve the experience for our enterprise SSO customers.  It's pretty subtle so you may not have noticed it, but it will be definitely appreciated by the SAML-enabled customers who navigate to our login page.  

We redesigned our login to detect the authentication preferences set by your administrator, and present you with the appropriate authentication options.  So, if your Smartsheet account is set up for SAML, we will detect it based on your email address and get you to the right place. 

For users, this means no more "I am lost on your login page and can't figure out where to enter my company email and password" confusion.

Stay tuned for more details on our enterprise functionality. 

Alex Vorobiev, Product