Applies to

Smartsheet
  • Enterprise

Capabilities

Who can use this capability

  • System Admin

Use Okta SCIM with Smartsheet

Achieve consistent enforcement of your organization’s security and compliance policies with the Smartsheet - Okta SCIM integration.

 

Who can use this?

Plans:

  • Enterprise

Permissions:

  • System Admin

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

With the Smartsheet - Okta SCIM Integration, you can manage your user roles and access based on updates made in your Okta active directory environment 

Systems Administrators can provision, deactivate, and manage the profile data of Smartsheet users through Okta’s active directory service. The integration allows you to provision and deactivate users through a central user directory and ensure that once someone leaves the business, they can no longer access company data within Smartsheet. 

You must be a System Admin in Smartsheet and Okta to configure the integration. 


Prepare Smartsheet for the Okta/SCIM integration

Before you configure the integration, you must complete a few tasks in Smartsheet. View the setup process as a tutorial.

  1. Enable SCIM Support: Your plan needs SCIM provisioning. Contact support to activate the feature.
  2. Validate your domain(s): Validate each domain used with Smartsheet-Okta. You must have at least one validated domain in Smartsheet. Only plans with the primary email address on a validated domain are supported.   
  3. Generate the API token: This is required to configure automatic user provisioning with Okta. Copy and save the API Access token. You aren't able to retrieve it, and you need the key to configure Okta.

    If you don't want your users to sign up for Smartsheet through UAP, turn off the UAP setting.


Configure Okta for the Smartsheet integration

  1. Log into the Okta Admin page.
  2. Navigate to Applications > All integrations and search for Smartsheet SCIM in the application catalog. Select Smartsheet SCIM.
  3. Enter an application label, such as Smartsheet US. 
  4. Set your Sign-On Options.  If you're setting up SAML SSO, select View Setup Instructions towards the bottom of the page and complete the SAML SSO configuration.
  5. On the Advanced Sign-on Settings screen, under Credential Details, select Email for the Application username format and then select Done. This email is the user’s Smartsheet account.  
  6. Go to the Provisioning tab and select Configure API Integration
  7. Select Enable API Integration and provide the Base URL:
    • For Smartsheet US, use https://scim.smartsheet.com/v2
    • For Smartsheet EU, use https://scim.smartsheet.eu/v2
  8. Enter your saved API Token into the API Token field. Select Test API Credentials to verify the token. If everything works as expected, you'll see the following message: "Smartsheet SCIM was verified successfully"
  9. Select Save. On the Provisioning tab under Settings, select To App
  10. Select Edit > Enable the features you want, then save your changes. 

Additional resources

Follow each link below to learn how to continue configuring the integration. It's important to follow these steps in the sequence listed here.

  1. Set up Smartsheet roles.
  2. Set up additional premium Connector roles (optional).

You can also view these articles as a step-by-step tutorial