Dashlane can be configured to automatically sync Active Directory (AD) users and groups for automated provisioning and deprovisioning of Dashlane accounts.
Content
Video walk-through
Configuring the Admin Console
To configure your Dashlane Business account for AD synchronization, follow the steps below:
- Log in to your Dashlane Business Admin Console by going to http://console.dashlane.com
- Click Settings > Active Directory
- Select the option to enable "Automatic user provisioning and group syncing"
- Consider turning on "Automatic User Deprovisioning" once you have verified the sync, and verified that all current Dashlane users are in scope of the sync
- Click Copy to copy Dashlane AD script displayed in the gray window to copy it to your clipboard
Configuring Active Directory and Sync script
- Log in to a Windows Server or workstation that has Windows Powershell 3.0 or later with a Domain User account
- Create or identify an Active Directory Security Group that you would like to sync to Dashlane.
- We recommend creating a new group called AllDashlaneUsers to start with
- Add users to the group you would like to have Dashlane accounts
- Open Powershell ISE > File > New
- Paste the script saved on your clipboard from Step 4 in the instructions above ("Configuring the Admin Console")
- Edit line 21 of the script, enter the group names you wish to sync to Dashlane
- Save the Powershell Script to the local machine
- Run the Script by clicking the green arrow in Powershell ISE
- Ensure the script returns "code":200,"message":"OK"
- Copy the text string between the dashes to your clipboard
- Navigate back to http://console.dashlane.com and Refresh the page
- In the "Verify the security key..." pop-up, click Continue
- Enter the text string from your clipboard you copied from step 10 into the text field and click Verify now
Verifying the Sync
- In the Admin Console view the Users tab and validate that any new users have an invite pending status
- On the Groups tab view the groups that have synced
- You can view your AD sync status in the Admin Console in Settings > Active Directory
- It is recommended to turn on Automatic Deprovisioning once you have confirmed that all synced users are included in the Active Directory sync groups.
Scheduling Regular Sync with Task Scheduler
With the script saved to your domain, you can schedule it to run automatically at an interval you define.
Note that the user account set to run this task must be able to read Organizational Units (OU's) and user accounts in your Active Directory environment.
- Open Task Scheduler on a Windows Server that will run the script
- Select Task Scheduler Library
- Click the Action tab in the top left menu
- Then click “Create Task”
- Next click the General tab
- Type Dashlane AD Sync in the "Name:" text box
- Next select Security Options
- Within Security Options: Check the boxes for "Run whether user is logged in or not" and "Run with highest privileges"
Please set a schedule for the script to run by creating a new trigger. In the example shown below, it will run daily at 1:00 AM.
Then, click the Actions tab.
- Click New Action
- Under "Program/script," type in powershell
- Under "Add arguments (optional)", paste -file C:\FilePathtoPowershellScript\dashlane-ad-sync.ps1
Some considerations
- Once sync is configured, we recommend managing your Dashlane groups and users exclusively via your Active Directory.
- All users considered by the script must have a specified email address in Active Directory
- Dashlane Business admins cannot deprovision all admin users, as there must be at least one active admin for every Business plan.
- Admins also cannot deprovision billing admins, as there must be at least one active billing admin for every Business plan
- The number of users in the synced groups must not be higher than the available seats in your Dashlane Business account.