Estimated time to complete: 15 minutes
As an admin, you can set up Google Workspace single sign-on (SSO) for your plan members with SAML. Dashlane doesn't support syncing Google Workspace provisioning with SCIM. Instead, we recommend turning on Just in Time Provisioning. How to turn it on is covered in the setup process.
More about SSO and SCIM
More about SAML 2.0 for Google Workspace
Prerequisites
To complete this setup, you need admin permission for:
- Dashlane Admin Console
- Google Workspace super administrator role (Identity Provider)
- Your Public DNS provider (for domain verification)
Table of contents
- Step 1: Register a New Application in Google Workspace
- Step 2: Download Google Workspace Metadata
- Step 3: Configure Dashlane with Google Workspace Metadata
- Step 4: Verify your domain in DNS Provider
- Step 5: Assign Users in Google Workspace
- Step 6: Test your SSO configuration
- Step 7: Enable SSO for all users
Set up Group SAML Provisioning
- Step 1: Set up Group Provisioning with SAML in Google Workspace
- Step 2: Set up Group Provisioning with SAML in Dashlane
Set up SSO
Step 1: Register a New Application in Google Workspace
- Open the Google Workspace Admin Console, select the Apps drop-down list, and select Web and mobile apps.
- Select the Add app list and then Add a custom SAML app.
- On the App details page, enter "Dashlane" for App name and "Dashlane SSO" for the description.
- Upload the Dashlane logo for the App icon. You can download the logo from this page https://www.pngrepo.com/svg/331360/dashlane-v2.
- Select Continue.
- Select Continue again to confirm the Google Identity Provider details.
- On Service provider details session, enter "https://sso.nitro.dashlane.com/saml/callback" for the ACS URL and "dashlane-nitro-sso" for Entity ID. Select Continue.
- Select Finish.
- In the Dashlane app you just created in Google Workspace, select OFF for everyone in the User Access section.
- In the Service status section, select ON for everyone and then Save.
Step 2: Download Google Workspace Metadata
- Select Download metadata.
- Select Download metadata again in the Option 1: Download IdP metadata section.
- Open the XML metadata file that was downloaded to your computer using an application like TextEdit for Mac or Notepad for Windows.
- Select all and copy the contents of the XML file.
Step 3: Configure Dashlane with Google Workspace Metadata
- Log in to the Dashlane Admin Console
- In the Integrations section of the left menu, select Single sign-on. If you've already started the setup, select Edit. Otherwise, select Set up Confidential SSO.
- Navigate to Step 2: Save your IdP metadata and paste the metadata copied earlier.
- Select Save.
Step 4: Verify your domain in DNS Provider
- In Step 3: Verify your domain(s) on the Admin Console, enter your company email domain and select Verify domain. Note the copy buttons you'll use to copy the hostname and TXT values to your public DNS provider.
- In a new browser tab, navigate to your Public DNS provider and Add a TXT Record. The exact steps vary depending on your provider.
- Paste the Host Name and TXT Value from the Dashlane Admin Console into the new TXT record, and select Save.
- After you've entered the record, wait a few minutes, and in the Dashlane Admin Console, select Verify domain.
Public DNS changes can take up to 24 hours, but most new records take 5 minutes or less. If it doesn't work the first time, wait a few minutes and select Verify domain again.
After the domain is verified, a green checkmark appears. Repeat the steps for any additional domains in your SSO tenant you want to enable for SSO. We don't support linking multiple SSO providers to a single Dashlane plan.
(Optional) Just In Time Provisioning
You can turn on Just In Time Provisioning to automatically add any employee with your verified domains at their first login attempt.
Before you turn on Just in Time Provisioning, ensure your plan members have already been added to the Dashlane SAML application in your IdP.
After you turn it on, they can install the Dashlane browser extension and create their account.
If your plan is out of seats, members won’t be able to log in until you buy more seats.
If you’re using Just in Time Provisioning along with another automatic provisioning method, like SCIM or AD sync, make sure to add all of your plan members to your synced groups. Otherwise, plan members who aren’t added to synced groups will be removed the next time the directory syncs.
More about Just in Time Provisioning
Step 5: Assign Users in Google Workspace
- In the Dashlane SAML app created in Google Workspace, select User Access(1).
- Assign the app to the relevant users or organizational units that need access to Dashlane.
Step 6: Test your SSO configuration
- Return to the Dashlane Admin Console and perform a Test connection.
- A success message appears if SSO was set up as expected.
If you see an error message, you can open a ticket through our support chatbot.
Step 7: Enable SSO for all users
- After testing is successful, activate SSO in Dashlane Step 4: Activate SSO for verified domains.
- Notify members about the new SSO login method. Members with an account created with a Master Password must do a final login with the Master Password before activating SSO. To see how the process works for members, refer to this article:
- Ensure that members can log in with their Google credentials.
Set up Group SAML Provisioning
Step 1: Set up Group Provisioning with SAML in Google Workspace
- Open Dashlane app in Google's interface and go to SAML attribute mapping.
- Select Configure SAML attribute mapping.
- Select the groups under Google groups.
- For the App attribute, insert dashlaneSharingGroups and SAVE.
Step 2: Set up Group Provisioning with SAML in Dashlane
- Log in to the Dashlane Admin Console
- Go to Integration, select Provisioning settings in the Integrations section, and select Confidential Provisioning.
- Select Set up or Edit if you've already started the setup.
- Scroll down to the Group Provisioning session.
- Turn on Group Provisioning in Step 2: Activate group syncing.
- Your plan members may need to log in to Dashlane to see if changes will be reflected in the Admin Console.
- As a plan admin, you won't be added to the groups. You'll continue to use your primary password to log in.
- To see the changes in the Groups tab in the Dashlane Admin Console, force log in to the Admin Console if you don't see the groups.
- Your plan members can accept group invitations through the invite email or by selecting Notifications, shown as a bell icon, in the Dashlane app.
Troubleshoot Dashlane with Google
(SSO) Error: app_not_configured_for_user
This error indicates you could have created the Dashlane app on Google via OAuth, not SAML.
How to fix
- Rebuild the app correctly via SAML, using the guidelines in this article: Step 1: Set up SSO in Google Workspace.
(SSO) Error message: We couldn't verify your SSO connection
Error when testing the connection with Dashlane in the Admin Console. You might also see this error when trying to save the metadata.
How to fix
- Confirm you're opening and logging in to the Admin Console from the Dashlane extension.
- If your IDP's admin portal is open, log out from your admin account on Google and close the browser tab before testing the connection with Dashlane again.
Contact Support
Please contact our Support team if you encounter any issues or have questions about this process.