Risk Notifications are available to organizations with Omnix Credential Protection that don't use self-hosted SSO or SSO connector.
Learn more about the Dashlane Omnix™ platform
More about the difference between Confidential and self-hosted SSO
Risk Notifications help admins automate risk response to secure compromised, weak, or reused plan member credentials. If a plan member has one or more compromised, weak, or reused passwords, Dashlane automatically sends them a message in Slack encouraging them to create more secure, unique passwords.
More about the Password Health score
What plan members should do when they receive a risk notification in Slack?
Currently, risk notifications are sent only in Slack, and credential risk alerts are sent through the Dashlane browser extension when it autofills a compromised, weak, or reused login.
Set up and turn on Risk Notifications
To use Risk Notifications, add the Dashlane app to your organization's Slack workspace, and then turn on Risk Notifications in the Dashlane Admin Console.
You can set up Risk Notifications in Chrome, Firefox, Microsoft Edge, or another Chromium browser. We'll add support for Safari later.
To receive Risk Notifications, each member's account email for Dashlane and Slack must be the same.
- Select the Dashlane D icon in your browser's toolbar and enter your admin Master Password if prompted.
- In the extension pop-up, select More and then Open the Admin Console.
- In the Security Tools section of the sidebar menu, select Risk Notifications.
-
Select Set up Slack and follow the steps to add the Dashlane app to your organization's Slack workspace. Everyone in your organization's Slack workspace will be connected to the Dashlane app in Slack so they can receive notifications.
-
After setup is complete, go to the Dashlane app in Slack and select Set up your first notification, which will reopen Risk Notifications in Dashlane.
-
Turn on Risk Notifications. You can Send a test notification to preview the message that members will receive.
You can choose the Frequency, Day of the week, and Time of the day for your plan members to receive each type of Risk Notification. An infobox shows the number of members to receive the next risk notification.
The Time of day refers to the time in your time zone, not the time zone of the members receiving the notification.
Watch Risk Notifications in action
Video: Risk Notifications for Omnix Credential Protection
Common questions
Why can't I set up Risk Notifications?
Risk Notifications are available to organizations with Credential Protection.
Risk Notifications are available for organizations with Dashlane accounts protected by a Master Password or Confidential SSO. If you have self-hosted SSO, this feature will be supported in a future release. If you have Credential Protection, please contact support to migrate to Confidential SSO.
Contact an agent through the Admin Console
More about the difference between Confidential and self-hosted SSO
Do members need to do anything to receive Risk Notifications?
No, members don't need to do anything to receive Risk Notifications. After you follow the steps in this article to add the Dashlane app to your organization's Slack workspace, all your plan members can receive notifications in Slack if they are a part of the workspace. Members won't need to install the Dashlane app for Slack.
Members must have a Slack account in your organization's workspace using the same email address as their Dashlane account to receive Risk Notifications.
What plan members should do when they receive a risk notification in Slack?
Why did I not receive a test notification?
Dashlane sends test notifications to the Slack account using the same email address as your Dashlane admin account. You won't receive a test notification if you're logged in to a Slack account with a different email address.
How should I schedule Risk Notifications?
You can send notifications weekly or daily for each type of at-risk password—compromised, weak, or reused. We recommend beginning with weekly notifications on different days to encourage your plan members to steadily improve their Password Health.
Once your organization has zero compromised passwords, we recommend you change the frequency of compromised password notifications to daily so your members can respond promptly to any new breaches.
What do my members see when they get a notification?
When a member of your Dashlane plan has compromised, weak, or reused passwords for a business credential, Dashlane sends them a Slack message. The message tells them how many compromised, weak, or reused passwords they have and urges them to promptly update to more secure passwords.
The notification invites plan members to Take action in Dashlane, which leads them to their Password Health page. On that page, they can see which logins need updated passwords and how to do it.
What plan members should do when they receive a risk notification in Slack?
More about the Password Health page
How do I monitor progress?
You can check progress in the Insights tab of the Risk Notifications page, where you'll see a record of the total number of compromised, weak, and reused passwords your plan members have. You'll see the changes in the number of notifications sent according to how consistently your plan members change their passwords after a notification.
You can also track your organization's security with the Password Health score. Your organization's Password Health score will improve as members update their compromised, weak, and reused passwords to more secure ones.
You can see your organization's Password Health score in the Insights Dashboard and in the Users tab, where you'll also see how many compromised, weak, and reused passwords each member has.
More about the Password Health score
Will my members receive multiple notifications?
Admins can turn on and separately schedule Risk Notifications for compromised, weak, and reused passwords. Members will receive one notification for each type of at-risk password—for example, one notification for weak passwords, one notification for reused passwords, and one notification for compromised passwords—according to the schedule set in the Risk Notifications page of the Admin Console.
What plan members should do when they receive a security alert in Slack?
Why would a member receive Risk Notifications despite not having any compromised, weak, or reused passwords?
If a plan member sees zero compromised, weak, or reused passwords in their Password Health dashboard but still receives notifications, they may need to sync their Dashlane account to update this information. To do so, they can select the Vault menu in the top left of the app and then Settings, and then select Sync now.
If a plan member still receives incorrect notifications after performing a sync, please contact support through the Admin Console.
Sync your Dashlane data
Contact an agent through the Admin Console
Do I have access to Risk Notifications activity logs?
From the moment you set up and turn on Risk Notifications, you'll see activities related to notifications in the Activity Log. Risk Notifications will log these activities:
- An admin installed or uninstalled a messaging-platform integration
- An admin enabled or disabled a notification
- A batch of notifications was sent to team members
- A member received a notification
These logs help you trace and prevent security vulnerabilities in your organization. You can search and filter your Activity Logs or download them as a CSV file.
Are Risk Notifications secure?
The Dashlane Slack integration is secured with confidential computing technology, bringing these security benefits:
- Not even Dashlane can view or access your Slack access token or any requests or responses made to your Slack workspace
- It's not possible for malicious actors, or even Dashlane, to send any unauthorized messages from the Dashlane Slack app
Security at Dashlane
Dashlane's Security Principles & Architecture