This is for provisioning only at this time. Directory sync with SAML providers is not yet available. For our available provisioning and directory sync options, see our User Management articles.
Alternatively, you may consider our Directory Sync feature, which would simply sync users and groups from your directory to your business plan periodically (hourly, daily, weekly) and automatically send email invitations to new users. This feature also supports automated de-provisioning.
How to set up SAML provisioning
Step 1: Configure the IdP to connect to the Dashlane servers
For steps to integrate Dashlane with your Identity Provider (IdP), review the information for your IdP.
- Active Directory Federation Services (AD FS) integration
- G Suite
- IdP-agnostic general configuration settings:
- Assertion Consumer Service (ACS) URL: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- Relying Party Identifier: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- Endpoint Trusted URL: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- NameID: Email
- Encryption: Do not encrypt SAML messages
- Signing: Sign Assertions (only sign assertions)
New users will be instructed to set their account’s Master Password (using the email address value as their username) and then provisioned to your business plan.
Existing users are identified using their email address and provisioned to your business plan if they are not already members.
Step 2: Configure SAML Authentication in the Admin Console settings
To deploy your team to your Dashlane account, you may need to provide the following:
- IdP Entity ID (optional): Your SAML application URL provided by your IdP
- Public certificate (required): Your IdP certificate provided by your IdP
- Security groups (optional): Define groups of users who will be allowed to join the plan using the SAML link.
Please note that if a user is in the wrong group and security groups are enabled, he or she will not be added to the account.
You can find the IdP URL and Application certificate in the settings of the Consumer Application you set up on your IdP.
To provide this information, complete the following steps:
- Go to the Dashlane Admin Console.
- On the Settings tab, click Directory Sync and then select SAML Provisioning.
- For each item, select Edit.
Step 3: Share the SAML link with your users
Once configured, share the IdP link with your users.
When your users receive the link, they'll be directed to your IdP to authenticate and then directed to create their Dashlane account using their corporate alias.
Troubleshoot Error messages
If any of the steps in the previous section are not completed for users who are being added to a Dashlane plan deployed with SAML, they will receive one of the following error messages when they click the provisioning link.
- If users receive the following error message, the account admin failed to complete Step 1: Configure the IdP to connect to the Dashlane servers.
- If users receive the following error message, the account admin failed to complete either Step 1: Configure the IdP to connect to the Dashlane servers or Step 2: Configure SAML Authentication in the Admin Console settings.
- If users receive the following error message, the account admin must make sure the users were added to the appropriate security group in Step 2: Configure SAML Authentication in the Admin Console settings.
- If users receive the following error message, they were invited to an account that has no seats left. In this case, the account admin must purchase more seats through the Dashlane Admin Console.
- If users receive the following error message, they are already members of another business account. They must first be revoked by the other account's admin before joining the new one.
- If users receive the following error message, they have auto-renewal enabled from PayPal or Apple on their preexisting personal Premium account. They can review Managing your billing and subscription for steps to stop auto-renewal on their account.