Dashlane's Active Directory (AD) Integration works with your AD to automatically provision, and optionally de-provision, users and groups to your Dashlane Business plan.
Content
Active Directory Integration configuration
To use AD Integration, please make sure you are running Windows PowerShell 3.0 or greater.
To configure the synchronization of your Active Directory, please follow these steps:
- Navigate to the Admin Console > Settings > Active Directory
- Copy the Dashlane AD script displayed in the gray window
- Save it as 'dashlane-ad-sync.ps1' on a server or workstation in your domain
- Edit the script to list the AD groups you want to target in your organization's setup. You can also customize where the sync will save temporary files if desired.
Note that users must have an email address, and we strongly recommend only including business email addresses. These email addresses will receive a provisioning email, to which recipients must respond by accepting the invitation to join the Business plan for your company. Automated de-provisioning is dependent on an exact match to this address.
Please ensure that the number of users in groups you target with this script is not higher than the number of available seats in your Dashlane Business account.
- Run the script via Command Prompt or PowerShell to ensure it correctly syncs your Active Directory users with Dashlane. Upon first sync, a prompt will appear in the Admin Console asking to verify the security key for the sync request. If you decide to verify later, a notification banner will be shown as a reminder.
- The security key can be found in the PowerShell logs on your Active Directory server or workstation.
- If the security key provided matches ours, the synchronization is activated. Any targeted AD groups will be created as Dashlane groups, and all users within those groups will be invited to your business plan. Removing any targeted users in your AD will automatically remove them from your Dashlane Business account.
Importantly, there is currently no distinction made in the Admin Console between AD-synced groups and manually-created groups. Though users can be manually added to an AD-synced group, they will be removed on next sync (unless they are also added to your AD in the appropriate location). For simplicity, we recommend managing your Dashlane groups exclusively via your Active Directory.
You can also confirm the sync is running by checking the last sync date under "Status" in the Admin Console > Settings > Active Directory.
Note that the script should be able to run as a domain user (i.e. admin rights are not needed) and should be allowed to read the directory (by default, any user).
Setting up the Active Directory script to run via Task Scheduler
With the script saved to your domain, you can schedule it to run automatically at an interval you define.
It’s important that the user account set to run this task is able to read Organizational Units (OU's) and user accounts in your Active Directory environment.
- Open Task Scheduler on your Windows device
- Select Task Scheduler Library
- Click the Action tab in the top left menu
- Then click “Create Task”
- Next click the General tab
- Type 'Dashlane AD Sync' in the "Name:" text box
- Next select Security Options
- Within Security Options: Check the box for 'Run whether user is logged in or not' and 'Run with highest privileges'
Please set a schedule for the script to run by creating a new trigger. In the example shown below, it will run daily at 1:00 AM.
Limitations
- Dashlane Business admins cannot de-provision all admin users, as there must be at least one active admin for every Business
- Admins also cannot de-provision billing admins, as there must be at least one active billing admin for every Business plan
- All users considered by the script must have a specified email address in Active Directory