使用企业计划管理器(EPM)设置安全and governance policies for all plans across your organization’s validated domains.
EPM creates a plan hierarchy with two levels:
- Main plan: This plan sets the policies and adds plans to the family.
- Managed plan:These plans inherit security and governance policies from the main plan.
联系your Smartsheet Customer Success Manager or Technical Account Manager to designate your main plan for EPM.
Once the main plan is set, follow the steps below.
Validate your domains
- SelectAdd Domainand follow the instructions on the right panel. You’ll need to set up a DNS record to verify your domains. Not sure how to do this? You can copy the instructions in the wizard to notify your DNS admin and have them do it for you.
- After you’ve entered all your information, selectVerify.
Learn more aboutdomain validation.
Once your domains are verified, any plans opened under that domain appear on the Manage Plans screen.
Configure your authentication settings
This process ensures everyone in your organization uses the same sign-on method. Follow the instructions in the wizard; you may need to contact your Identity Provider to obtain the information you need.
It’s best practice to use single-sign on (SSO) for authentication and to disable email/password. Before you apply this best practice, confirm your team’s SSO readiness. Give your team a heads up that you’re implementing centralized plan management. Let everyone know they will be added to the EPM family. Ask each plan admin to confirm people in their plan use SSO email addresses as their primary email addresses. The main plan admin must leave email/password on at the main plan level until all managed plan admins have confirmed their SSO readiness.
If the managed plan admins don’t respond, the main plan admin may need to contact them to discuss that individual managed plan admins MAY have to run a User Merge to update primary email addresses to match SSO email addresses of any remaining users.
- In Admin Center, selectConfigure authentication settingsand follow the instructions on your screen.
Need more on configuring your authentication settings? ReadManage authentication options for an Enterprise plan.
Add managed plans to your family
- On theManage Plansscreen, select the plans you want to work with and then clickadd. This will convert any independent plans to managed plans. They’ll automatically inherit the authentication and domain validation settings you created in the main plan.
消息标识任何资格计划。联系the owner of the plan to find out if they’d like to merge their plan into an existing managed plan or upgrade to an Enterprise plan. Set a timeframe for enforcement (for example, activation of UAP) and communicate that to your team. After that, they will still be able to use their plan but they will not be able to add new users.
Set User Auto Provisioning (UAP) behavior.
By default, this setting will apply to all users on your validated domains. You can toggle UAP on and off for specific domains once you’ve added them.
Non-Enterprise plans must upgrade or merge before you activate UAP. After you activate UAP, non-compliant plans will not be able to add new users.
Learn more aboutuserauto-provisioning.
From theAdmin Centermenu, inOrganization View, selectDomains and UAP.
- From theUAP dropdownselect one of the options:
Off: The user will not be provisioned automatically.
On: Add as free user: The user will automatically be added as an unlicensed user.
On: Add as licensed user: The user will automatically be assigned a license.
Learn more aboutuser types.
Once UAP is set up, managed plans can add unlicensed users from the main plan or invite people who don’t have Smartsheet accounts to join their plans. If you use SAML for authentication, you can also set a User Movement Policy.Learn more.