This guide provides the steps required to configure Provisioning for Smartsheet and includes the following topics:
The following provisioning features are supported:
Push new users
New users created through OKTA will also be created in the third party application.
Push user deactivation
Deactivating users or disabling users' access to the application through OKTA will delete them in SmartSheet.
Push profile updates
Updates made to the user's profile through OKTA will be pushed to the third party application.
Import new users
New users created in the third party application will be downloaded and turned in to new AppUser objects, for matching against existing OKTA users.
Import profile updates
Updates made to a user's profile in the third party application will be downloaded and applies to the profile fields stored locally in OKTA. If the app is the system of record for the user, changes made to core profile fields (email, first name, last name, etc) will be applied to the Okta user profile. If the app is NOT the system of record for the user, only changes made to app-specific fields will be applied to the local user profile.
Group Push
Groups and their members can be pushed to remote systems. You can find more information about using group push operations (including Group Push enhancements) here: Using Group Push.
Reactivate Users
Reactivating the user through Okta will reactivate the user in the 3rd party application.
If you do not already have one, obtain an API access token as follows:
Go to http://app.smartsheet.com/b/home and login to your Smartsheet account.
Click Account at the top left, then select Personal Settings from the drop down menu.
In the Personal Setting window, select API Access.
Select Generat new access token, then name your token and click OK.
An API access token will be generated for you.
Before you click OK, make sure you make a copy of the generated access token. You will not be able to copy the access token once you click OK.
Configure your Provisioning settings for Smartsheet as follows:
Check the Enable API Integration box.
Enter your API access token into the API Token field.
Optionally you can select the Import active users only checkbox to ensure that no pending or inactive accounts are imported during user import.
Click Test API Credentials to verify the token. You should get a message that says Smartsheet was verified successfully.
Select To App in the left panel, then select the Provisioning Features you want to enable:
Click Save.
You can now assign people to the app (if needed) and finish the application setup.
You must have a Smartsheet account that is authorized as a licensed sheet creator, a resource viewer, a group administrator, and a system administrator – otherwise, your API token will not be valid.
If you receive an error message stating that the operation you are attempting to perform is not supported by your plan, verify that the plan corresponding to your authenticated user is either a Team or Enterprise plan. A basic plan does not support user management.
If you see a User account is inactive message on the Dashboard after attempting to re-provision or reactivate, try re-saving the provisioning settings. This error may be because the User Reactivation feature was not available at the time of the last change to Provisioning settings.
Smartsheet doesn't allow empty groups to be pushed from Okta. Usually when a new group is created manually in Smartsheet, the admin is automatically added as a group member. Pushing an empty group will cause an error.
