SAML provisioning can be configured in addition to the standard e-mail invite, which will allow your users to join your business plan via a published link. Dashlane supports SAML 2.0 for provisioning only at this time.
Dashlane's SAML integration can be provisioned using directory sync or single sign-on (SSO). SSO integration is available when you start a Dashlane Business plan, which offers a preview of the feature!
Integration process with your IdP
- Active Directory Federation Services (AD FS) integration
- G Suite
- IdP-agnostic general configuration settings:
- Assertion Consumer Service (ACS) URL: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- Relying Party Identifer: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- Endpoint Trusted URL: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- NameID: Email
- Encryption: Do not encrypt SAML messages
- Signing: Sign Assertions (only sign assertions)
New users will be instructed to set their account’s Master Password (using the email address value as their username), and provisioned to your business plan.
Existing users are identified using the email address and provisioned to your business plan if they are not already members.
Setup Dashlane to communicate with your IdP
The settings require a certificate (and optional IdP URL) as part of SAML configuration.
The IdP URL and Application certificate can both be found under the settings of the Consumer Application you set up on your IdP.
In order to deploy your team to your Dashlane account, you need to have the following:
- IdP Entity ID – your app's URL provided by your IdP
- Public certificate – your IdP certificate provided by your IdP
- Security groups – (optional) define groups of users who will be allowed to join the plan via the SAML link.
Please know that if a user is in the wrong group, and security groups are enabled, he or she will not be able to be added to the account.
These can all be found on the Admin Console, under the Settings tab > SAML Provisioning.
Once configured, share the IdP link with your users. When your users receive this, they'll be directed to your IdP to authenticate, then directed to a Dashlane account creation using their corporate alias.
In order to set up a SAML invitation, admins need to do the following:
- Configure the IdP to connect to the Dashlane servers
- Configure SAML Authentication in the Admin Console settings
- Share the SAML link with your users.
Alternatively, you may consider our Directory Sync feature, which would simply sync users and groups from your directory to your business plan periodically (hourly, daily, weekly, etc.), and send invitations via email to new users automatically. This feature also supports automated deprovisioning.
If you are an admin of Dashlane Business plan and want to integrate your company's SSO, please click here for more information.
If users who are being added to a Dashlane plan deployed with SAML didn't complete any of the steps above, they will receive the following error messages:
- Admin failed to complete step 1.
- Admin failed to complete either step 1 or 2.
- If users receive the following error message, the account admin must make sure he added them to the appropriate security group in step 1.
- Users will receive this error message when they were invited to an account that has no seats left. In this case, the admin must purchase more seats through the Admin Console.
- Users will see this error message when they click on the invitation to join the business account but are already members of another one. They must first be revoked by the other account's admin before joining the new one.
- Users will receive this error message when they click on an invitation to join a business account, but have auto-renewal enabled from PayPal or Apple on their preexisting personal Premium account. They can refer to this article to learn more about the steps to stop auto-renewal on their account.