Dashlane Business supports SAML 2.0 for provisioning only at this time. At the completion of a SAML integration users will have a link they can use to join your Dashlane business plan instead of being invited via e-mail.
We do not support SAML directory sync or single sign-on (SSO) at this time.
Integration process with your IdP
- Active Directory Federation Services (AD FS) integration
- G Suite
- IdP-agnostic general configuration settings:
- Assertion Consumer Service (ACS) URL: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- Relying Party Identifer: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- Endpoint Trusted URL: https://ws1.dashlane.com/1/teamPlans/verifyAndAddMemberFromIdp
- NameID: Email
- Encryption: Do not encrypt SAML messages
- Signing: Sign Assertions (only sign assertions)
New users will be instructed to set their account’s Master Password (using the email address value as their username), and provisioned to your Dashlane Business plan.
Existing users are identified using the email address and provisioned to your Dashlane Business plan if they are not already members.
Setup Dashlane to communicate with your IdP
Dashlane Business settings require a certificate (and optional IdP URL) as part of SAML configuration.
The IdP URL and Application certificate can both be found under the settings of the Consumer Application you set up on your IdP.
In order to deploy your team to your Dashlane Business account, you need to have the following:
- IdP Entity ID – your app's URL provided by your IdP
- Public certificate – your IdP certificate provided by your IdP
- Security groups – (optional) define groups of users who will be provisioned Dashlane Business
Please know that if a user is in the wrong group, and security groups are enabled, he or she will not be able to be added to the account.
These can all be found on the Admin Console, under the Settings tab > SAML Provisioning.
Once configured, propagate the IdP link specific to the Dashlane Business app. When your colleagues receive this, they'll be directed to your IdP to authenticate, then directed to a Dashlane account creation using their corporate alias. Once provisioned, all users in the defined user security group will appear in the Admin Console's Users tab.
In order to set up a SAML SSO invitation, Dashlane Business admins need to do the following:
- Configure the IdP to connect to the Dashlane servers
- Configure SAML Authentication in the Admin Console settings
Alternatively, you may consider our Directory Sync feature, which would simply sync users and groups from your directory to your Dashlane Business plan periodically (hourly, daily, weekly, etc.), and send invitations via email to new users automatically. This feature also supports (optional) automated deprovisioning.
If users who are being added to a Business plan deployed with SAML didn't complete any of the steps above, they will receive the following error messages:
- Admin failed to complete step 1.
- Admin failed to complete either step 1 or 2.
- If users receive the following error message, the account admin must make sure he added them to the appropriate security group in step 1.
- Users will receive this error message when they were invited to an account that has no seats left. In this case, the admin must purchase more seats through the Admin Console.
- Users will see this error message when they click on the invitation to join the Business account but are already members of another one. They must first be revoked by the other account's admin before joining the new one.
- Users will receive this error message when they click on an invitation to join a Dashlane Business account, but have auto-renewal enabled from PayPal or Apple on their preexisting personal Premium account. They can refer to this article to learn more about the steps to stop auto-renewal on their account.