Single sign on (SSO) for Resource Management (2024)

Table of Contents
Before you begin Set up SSO for your account Required attributes After setup

Resource Management provides SSO using the SAML 2.0 protocol, which works with all major providers, including but not limited to ADFS, Azure AD, OKTA, and Google. Resource Management supports the Web Browser SSO profile.

Only SP (Service Provider) Initiated login is supported. IdP initiated sign on is not supported.

Before you begin

First, create or designate an account that will use a username and password (not SSO) to log in.

This account provides you with a backup strategy in the event that changes are made to your SSO configuration and SSO-enabled users are no longer able to log in. The backup account allows you to log in if SSO fails. If you don't have a backup account, you may be unable to log in.

See Also
Resource Management by SmartsheetSet up your Resource Management accountFAQ: Using Smartsheet for Resource Management authenticationResource Management: Panel Integration

Set up SSO for your account

Migrate your SSO identity provider to https://rm.smartsheet.com.

Make sure an Administrator confirms these changes on the Account Settings > SSO configuration page immediately after you update the identity provider.

  1. In your SSO identity provider (IdP) set up Resource Management as an app (relying party) using the relevant SSO configuration values from https://rm.smartsheet.com/saml/metadata.

    ACS URL: https://rm.smartsheet.com/saml/acs
    EntityID (audience): https://rm.smartsheet.com/saml/metadata
    NameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

  2. Log in to https://rm.smartsheet.com as an administrator. Navigate to https://rm.smartsheet.com/settings and select the SSO section. If SSO has not yet been enabled, select Setup SSO, otherwise, choose Edit.
  3. Add the URL to your IdP Metadata. Thenchoose one of the two available configuration modes: automatic or manual.

    • Automatic Configuration: Enter your IdP supplied metadata URL. IdP supplied metadata provides the Single Sign On URL, the Entity ID and the x.509 certificate file required by Resource Management.Automatic configuration is easier to configure than manual and does not require extracting and uploading a certificate.

      The Automatic Configuration SSO mode in Resource Management will dynamically fetch the latest certificates and Sign On URLs when users log in to Resource Management. This mode also supports scenarios where you have multiple certificates associated with your SSO application (i.e. rotating certificates gracefully). Your identity provider must supply a publicly available metadata URL as XML.

    • Manual Configuration: Enter your SAML 2.0 signing certificate and URLs.
      Use this option if your IdP does not supply a publicly available metadata URL, metadata XML is incomplete/malformed, and/or the organization is not in favor of mutable settings.

      Obtain the x.509 certificate, SSO Sign in target URL, and Logout target URL from your IdP. If you're unsure what URLs are needed, reach out to your IT department or IdP admin for assistance.

      See Also
      Resource Management: Analytics and Reports

      Your SAML 2.0 signing certificatemust be PEM encoded. DER encoding is not supported.

      Brandfolder Image

      Single sign on (SSO) for Resource Management (1)

4. Select the Auto-provision authenticated users not in account option to allow users to bypass the invitation process.
When you select this check box, new users do not need to accept an invitation to join the application. They can visit the sign-in page, enter their email address, and they will be recognized as a user in the system with the option to sign into your company account.

This auto-provision check box does not automatically provision new user accounts. New user accounts must be created through the application.

5. Select Save.

Required attributes

For successful sign-in authentication, a NameID claim with the format of an email address must be passed to Resource Management. The required name identifier format supplied by the identity provider is:

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

After setup

Once a user logs in with SSO, they can not log in with a username and password, and their profile email address will be locked in the application. To update their login email, please contact us for assistance.

If your SSO in Resource Management is set to Manual Configuration mode, and you need to make changes to your SSO settings in the application, first enable Automatic Configuration using the steps above. Once SSO is set to Automatic, Resource Management will detect changes to your IdP SSO configuration.

If you use Manual Configuration mode and make changes to your SSO configuration, do so with caution. Before making changes to your active SSO configuration, ensure that you have at least one administrative user who does not log in with SSO and still has a username/password login. This will allow you to log in with that profile should you need to revert any changes.

Once SSO is enabled for your organization, in order to log in with username and password, select the link labeled Sign in using your Resource Management password.

If you are encountering issues, contact support.

Single sign on (SSO) for Resource Management (2024)
Top Articles
Camper Kopen? Grootste Aanbod Tweedehands en Nieuwe Campers
Winy Accident
Ffxiv Act Plugin
Caesars Rewards Loyalty Program Review [Previously Total Rewards]
Craftsman M230 Lawn Mower Oil Change
12 Rue Gotlib 21St Arrondissem*nt
Booknet.com Contract Marriage 2
Federal Fusion 308 165 Grain Ballistics Chart
Craigslist Portales
Coindraw App
Hk Jockey Club Result
Craigslist Vermillion South Dakota
What is IXL and How Does it Work?
What is a basic financial statement?
Pro Groom Prices – The Pet Centre
What is the difference between a T-bill and a T note?
Nitti Sanitation Holiday Schedule
Calmspirits Clapper
Elbasha Ganash Corporation · 2521 31st Ave, Apt B21, Astoria, NY 11106
Clarksburg Wv Craigslist Personals
2021 Lexus IS for sale - Richardson, TX - craigslist
Playgirl Magazine Cover Template Free
Nene25 Sports
Panorama Charter Portal
Wilmot Science Training Program for Deaf High School Students Expands Across the U.S.
Craigslist Free Stuff Santa Cruz
Tvtv.us Duluth Mn
Vanessawest.tripod.com Bundy
Inter-Tech IM-2 Expander/SAMA IM01 Pro
Loves Employee Pay Stub
Fort Mccoy Fire Map
Kringloopwinkel Second Sale Roosendaal - Leemstraat 4e
Construction Management Jumpstart 3Rd Edition Pdf Free Download
Jcp Meevo Com
Jailfunds Send Message
Courtney Roberson Rob Dyrdek
Frequently Asked Questions - Hy-Vee PERKS
Bismarck Mandan Mugshots
Hebrew Bible: Torah, Prophets and Writings | My Jewish Learning
Mvnt Merchant Services
Wlds Obits
Oxford House Peoria Il
Sukihana Backshots
Hazel Moore Boobpedia
Divinity: Original Sin II - How to Use the Conjurer Class
25 Hotels TRULY CLOSEST to Woollett Aquatics Center, Irvine, CA
Workday Latech Edu
House For Sale On Trulia
Greg Steube Height
O'reilly's Eastman Georgia
Overstock Comenity Login
Booked On The Bayou Houma 2023
Latest Posts
Ticket To Paradise Showtimes Near Marcus Village Pointe Cinema
Tweedehands camper te koop - camper occasion kopen
Article information

Author: Ouida Strosin DO

Last Updated:

Views: 5937

Rating: 4.6 / 5 (76 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Ouida Strosin DO

Birthday: 1995-04-27

Address: Suite 927 930 Kilback Radial, Candidaville, TN 87795

Phone: +8561498978366

Job: Legacy Manufacturing Specialist

Hobby: Singing, Mountain biking, Water sports, Water sports, Taxidermy, Polo, Pet

Introduction: My name is Ouida Strosin DO, I am a precious, combative, spotless, modern, spotless, beautiful, precious person who loves writing and wants to share my knowledge and understanding with you.