Integrating Dashlane with SAML 2.0
Dashlane Business supports the SAML 2.0 protocol to help account admins adding team members to their account. In this article, you'll learn how to leverage this feature to automate provisioning in a simple, scalable way. Compatible with most SSO Identity Providers (IdP) such as Okta, ADFS 3.0, Microsoft Azure Active Directory, Centrify and more, Dashlane ensures admins have a secure way to invite their colleagues to their Dashlane Business account using SAML 2.0.
Integration process with your IdP
In order to add Dashlane as an application to your Identity provider please follow these steps;
- Specify your Consumer Application URL: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp.
- If the IdP supports encryption, please choose No encryption for SAML messages because we are already using secure channel over HTTPS.
- Assertions must be signed.
- Set up NameID, which MUST be a user email address under which we will create the Dashlane account.
- (optional) Provide groups with this exact attribute name 'http://schemas.xmlsoap.org/claims/Group'
Setup Dashlane to communicate with your IdP
Dashlane Business settings require IdP URL and certificate as part of SAML configuration.
The IdP URL and Application certificate can both be found under the settings of the Consumer Application you set up on your IdP.
In order to deploy your team to your Dashlane Business account, you need to have the following:
- IdP URL - your app's URL provided by your IdP.
- Certificate - your IdP certificate provided by your IdP.
- Security groups - (optional) define groups of users who will be provisioned Dashlane Business.
Please know that if a user is in the wrong group, and security groups are enabled, s/he will not be able to be added to the account.
These can all be found on the Admin Console, under the Settings tab > SAML Provisioning;
Once configured, propagate the IdP link specific to the Dashlane Business app. When your colleagues receive this, they'll be directed to your IdP to authenticate, then directed to a Dashlane account creation using their corporate alias. Once provisioned, all users in the defined user security group will appear in the Admin Console's Manage Users tab.
In order to set up a SAML SSO invitation, account admins need to do the following:
- Configure the IdP to connect to the Dashlane servers.
- Configure SAML Authentication in the Admin Console settings.
If users who are being added to a Business account deployed with SAML did not complete one or none of the steps above, they will receive these error messages:
- Admin failed to complete step 1;
- Admin failed to complete either step 1 or 2;
- If users receive the following error message, the account admin must make sure he added them to the appropriate security group in step 1;
- Users will receive this error message when they were invited to an account that has no seats left. In this case, the admin must purchase more seats through the Admin Console;
- Users will see this error message when they click on the invitation to join the Business account but are already members of another one. They must first be revoked by the other account's admin before joining the new one;
- Users will receive this error message when they click on an invitation to join a Dashlane Business account, but have auto-renewal enabled from PayPal or Apple on their preexisting personal Premium account. They can refer to this article to learn more about the steps to stop auto-renewal on their account;