Applies to

Smartsheet
  • Enterprise

For more information about plan types and included capabilities, see theSmartsheet Planspage.

Configure Smartsheet roles for Okta groups

PLANS

  • Enterprise

For more information about plan types and included capabilities, see theSmartsheet Planspage.

Smartsheet supports Unlicensed users so you can provision Smartsheet users without any roles as well (more details below.)

Any new unlicensed user provisioned through Okta will not appear in Smartsheet's Admin Center until they log in for the first time or are added to a Smartsheet group.

Smartsheet Roles

Mapping Values

Variable Names (Preferred)

Smartsheet Licensed User

LICENSED_USER

smartsheetLicensedUser

Smartsheet Group Admin

GROUP_ADMIN

smartsheetGroupAdmin

Smartsheet Resource Viewer

RESOURCE_VIEWER

smartsheetResourceViewer

Smartsheet System Admin

SYSTEM_ADMIN

smartsheetSystemAdmin

Use Okta groups to assign Smartsheet roles to users. You can create brand new Okta groups which map to each Smartsheet role, or you can use existing Okta groups and assign roles based on existing Okta group membership.

Assign users to Okta groups

Set up an Okta group for each Smartsheet role and assign users to these role-based groups.

  1. 去to theOkta Directory Groupstab.
  2. Create a group for each role. Refresh the page if your Okta groups do not appear.

Update Smartsheet role mappings in Okta

Update the mappings of Okta group memberships to Smartsheet roles.

  1. 去toProfile Editorand select theSmartsheet User profilecreated for this integration. The Smartsheet User profile will likely have a name that contains the application label you defined when adding the Smartsheet integration. Four Smartsheet role attributes will be prepopulated:
    • Smartsheet Licensed User
    • Smartsheet Group Admin
    • Smartsheet Resource ViewerSmartsheet System Admin
  2. At the top of theAttributespane, selectMappingsand then select theOkta User to Smartsheetmappings.
  3. For each Smartsheet role mapping, add an expression, as shown below. Make sure that spelling and case are correct.
  • isMemberOfGroupName('Smartsheet US Licensed User') ? 'LICENSED_USER' : ''
  • isMemberOfGroupName('Smartsheet US Resource Viewer') ? 'RESOURCE_VIEWER' : ''
  • isMemberOfGroupName('Smartsheet US Group Admin') ? 'GROUP_ADMIN' : ''
  • isMemberOfGroupName('Smartsheet US System Admin') ? 'SYSTEM_ADMIN' : ''

Understanding the expression:

  • isMemberOfGroupName('Smartsheet US Licensed User')
    • This part of the expression checks if the user is a member of a group with the name ”Smartsheet US Licensed User”. This will result in true or false for the next part of the expression.
  • ? 'LICENSED_USER' : ''
    • If the previous part is true (the user is a member of the “Smartsheet US Licensed User” group), then we want to give the user the “LICENSED_USER” role.
    • 如果前面一部分是假的(用户是NOT a member of the “Smartsheet US Licensed User” group), then we do NOT want to give the user the “LICENSED_USER” role (hence the empty quotations ‘’).
  1. At the bottom left of the screen, selectPreviewto validate your mappings against existing users.

    For example, John Doe is a member of only theSmartsheet US Licensed Userand theSmartsheet US Resource ViewerOkta groups. The preview shows John Doe will only be provisioned the Licensed User and Resource Viewer roles.
  2. If everything looks good, selectExit Previewand then selectSave Mappings.
  3. 去back to the Okta groups you created for the Smartsheet roles and assign users to the groups they need Smartsheet roles for.
  4. Provision the Smartsheet US application to the overall set of users that needs access to Smartsheet, regardless of roles. Determine if you want to use either an existing group or create a new group.

    假设你想给一个现有的组织——它Admins – access to Smartsheet. Select the group, select the Applications tab, Assign Application, and assign the Smartsheet application to that group.

    If there are users in this group that are not a part of any Smartsheet role groups, they will be provisioned to Smartsheet as Unlicensed users.
  5. Leave all the Smartsheet fields blank, save, and go back to theGroupstab.
  6. If you have all users in the IT Admins group assigned to the correct Okta Smartsheet roles groups, your users will now be fully provisioned in Smartsheet with the appropriate Smartsheet roles. You can view the Okta logs from the left rail. SelectReports>System Logto see if there were any issues with provisioning to Smartsheet.

This Help Article Appears in the Following Learning Tracks

Learning Track

This Help Article appears in theUse Okta SCIM with Smartsheetlearning track. Get the most out of this learning track by starting at the beginning.
Was this article helpful?
Yes No