Internal note: Notify of changes

5.1 Single Sign-On (SSO)

Dashlane integrates with identity providers (IdPs) that use the SAML 2.0 standard, including Microsoft EntraID, Okta, and Google Identity Management, to allow employees to unlock their Dashlane vaults using corporate credentials instead of a Master Password. This integration preserves Dashlane’s zero-knowledge architecture, ensuring that neither Dashlane nor any third party can access user encryption keys.

5.1.1 Dashlane Confidential SSO

Dashlane Confidential SSO operates within AWS Nitro Enclaves, leveraging confidential computing to maintain zero-knowledge guarantees while providing easier deployment and management.

For general information about Dashlane’s use of confidential computing and cloud secure enclaves, please refer to 3.5 Confidential Computing & Secure Enclaves.

During team setup, administrators configure the IdP certificate and domain ownership through a DNS challenge, which is verified directly by the enclave before allowing configuration. Once the domain is validated, the enclave creates and stores the SPMasterKey and associated metadata (as described in 3.5.2 Enclave Workflows). For each user login, a User Service Provider Key (UserSPKey) is generated, encrypted with the SPMasterKey, and stored securely. During subsequent logins, the enclave decrypts and returns the UserSPKey to the Dashlane client via a secure channel after verifying the SAML assertion signed by the IdP.

These workflows ensure that:

• Encryption keys never leave the enclave in plaintext.
• SAML assertions are verified and processed only in attested environments.
• Team creation, user login, and key provisioning are fully auditable and verifiable.

Through this architecture, Dashlane provides a highly secure, verifiable, and zero-knowledge SSO solution that integrates seamlessly with enterprise identity systems.

Figure: Confidential SSO overview

Team Creation
When an organization configures SSO, the administrator provides the IdP certificate to verify SAML assertions for users within the organization’s domain. The enclave verifies ownership of the claimed domain via a DNS challenge before registration. Once verified, the enclave generates a SPMasterKey, an admin authentication token, and stores both encrypted by the EEKey. The admin token authenticates future SSO administrative operations.

Figure: Confidential SSO: Team creation flow

User Authentication
At login, the user authenticates via their enterprise IdP, which returns a signed SAML assertion. The Dashlane client forwards this assertion to the enclave through a secure, attested channel. The enclave verifies the signature using the stored IdP certificate, decrypts the SPMasterKey with the EEKey, and either generates or retrieves the UserSPKey for that user. This key is then securely returned to the client to unlock the vault. Subsequent logins reuse the stored, encrypted UserSPKey to minimize overhead while maintaining zero-knowledge guarantees.

Figure: Confidential SSO: User login flow

Figure: Confidential SSO: First login and standard logins

These steps ensure that key management, user provisioning, and authentication occur only within the enclave, providing verifiable protection and auditability throughout the SSO process.

5.2 Provisioning

Dashlane’s confidential computing infrastructure supports SCIM (System for Cross-domain Identity Management) for automated, secure user provisioning and deprovisioning.

5.2.1 User Provisioning

Administrators can configure confidential user provisioning directly from the Admin Console. When set up, the Dashlane extension generates a bearer token (UUIDv4) that is transmitted securely to the enclave, where it is encrypted and stored. The administrator then adds this token and a team-specific SCIM endpoint URL into their identity provider (IdP).

Once configured, user creation, updates, and deletions are automatically synchronized via HTTPS requests from the IdP to the enclave. The enclave validates the SCIM bearer token before forwarding operations to the Dashlane servers. Upon user creation, the enclave generates a unique SCIM user ID (scimId), shared between the IdP and Dashlane to maintain consistency across systems. This guarantees a reliable, auditable linkage between identity data and user vaults.

Figure: User provisioning

5.2.2 Group Provisioning

If enabled in the Admin Console, group provisioning occurs dynamically during user login through SAML assertions.

Group provisioning can give access to shared secrets, making it highly sensitive. SAML assertions are preferred because they transit through the secure tunnel created by the extension and are signed by the IdP. Therefore, user group memberships are updated on every user login.

Each SAML assertion includes the list of groups the user belongs to, which the enclave validates against the IdP’s signature. The enclave then determines which groups to create, update, or revoke memberships for and instructs Dashlane’s servers accordingly. The process is idempotent, ensuring that after each login, a user’s group memberships in Dashlane exactly match those defined in the IdP.

Figure: Group provisioning

This approach secures group management while supporting compliance and least-privilege principles:

• All provisioning logic and token handling occur inside the enclave.
• Group membership data is verified through signed SAML assertions.
• Operations are fully auditable and resistant to tampering.

By combining SCIM automation with secure, enclave-based processing, Dashlane ensures that enterprise user and group management remains both frictionless and verifiably secure.

5.3 Role-Based Access Control (RBAC)

Dashlane’s Role-based access control (RBAC) model enables organizations to manage permissions and sharing responsibilities securely and at scale.

5.3.1 Role Hierarchy

Dashlane business accounts support multiple administrative roles, each with distinct privileges:

• Admin: Has full control over the organization’s Dashlane workspace, including user provisioning, SSO/SCIM configuration, billing, and security tools and policies management. Admins can delegate group management rights and configure account recovery policies.
• Group Manager: Oversees sharing groups. Group Managers can manage both groups and membership within groups but have no access to other organizational data.
• Scoped Group Manager: Oversees only admin-assigned sharing groups. Scoped Group Managers can manage membership within assigned groups but have no access to other organizational data. It’s also possible to assign only a specific set of groups for the user to manage. 
• Member/User: Standard users who can create and manage personal or shared credentials within the policies defined by admins.

This hierarchy supports the principle of least privilege, ensuring each user has only the permissions necessary for their function.

5.3.2 Sharing Groups and Collections

Dashlane supports secure, structured credential sharing through groups and Collections, allowing admins to organize credentials based on teams, functions, or projects. Each shared item or collection is encrypted with a unique GroupKey (AES-256) that is then re-encrypted for each authorized member’s public key.

• Groups simplify access control by linking permissions to organizational or project structures managed through SCIM or the Admin Console.
• Collections provide a flexible container for sets of shared items. Within a Collection, access is governed by two specific collection roles: Editor and Manager. Both roles are authorized to manage Collection contents and item-level permissions. The Collection Manager has the elevated privilege to control user and group access to the Collection.

Access modifications automatically trigger re-encryption of affected GroupKeys, ensuring that departing users lose access immediately while preserving zero-knowledge integrity.

5.3.3 Security Enforcement and Auditability

RBAC is enforced through cryptographic operations validated on each client device:

• Role assignments and sharing actions are recorded in the Activity Log for compliance and forensic purposes.
• Group and Collection changes propagate in real time via Dashlane’s synchronization service, maintaining consistent policy enforcement across all platforms.

Through its cryptographically enforced RBAC, Dashlane ensures granular, auditable, and secure management of user permissions, supporting enterprise compliance and minimizing the risk of unauthorized access.

5.4 Activity Logging & Auditing

Dashlane provides enterprise administrators with Activity Logging and auditing capabilities to ensure visibility, accountability, and compliance across their organization. These logs capture critical events, such as user activity, admin actions, and security-related events, while preserving the platform’s zero-knowledge design.

5.4.1 Overview

The Activity Log is accessible through the Admin Console and provides a timestamped record of user and administrative actions. Events are divided into two categories:

• Standard Activity Logs: Generated by Dashlane servers to record common user and admin events (e.g., user invitations, policy changes, SSO configurations).
• Sensitive Activity Logs: Additional logs produced by client applications, encrypted locally before being uploaded to Dashlane servers for secure aggregation. These contain user events related to their sharing and vault activity, though they will never include actual login details. This set of logs can be enabled or disabled by administrators.

A complete and continuously updated list of event types is available in Dashlane’s Activity Log documentation.

5.4.2 End-to-End Encrypted Logging

Dashlane’s zero-knowledge architecture extends to encrypt all data, including Activity Logs. Our platform's Activity Log infrastructure addresses the challenge of securing the massive volume of sensitive data generated by end-user usage of Dashlane, ensuring these logs are fully encrypted while remaining queryable for Security Operations purposes.

The architecture allows for server-side processing and analysis of logs without Dashlane employees or any third party ever having access to the customer data. This unique combination of end-to-end encryption with necessary performance and usability sets it apart from other credential security or identity management platforms.

Dashlane’s confidential computing infrastructure, powered by AWS Nitro, forms the foundation for our security architecture. Originally developed to support third-party integrations, such as Confidential single-sign on (SSO) and Confidential Provisioning with SCIM, this infrastructure was leveraged to isolate sensitive log data from external attackers and potential internal threats.

This architecture provides the following core security benefits:

1. Complete, isolated log encryption: All log data is encrypted with team-specific keys accessible only within the secure enclaves. Log decryption is performed exclusively inside the secure enclave.
2. Secure communication for logs: Server API endpoints responsible for storing and retrieving logs are moved into the Nitro enclaves. A secure tunnel capability establishes a private communication channel between client applications and the enclave, ensuring all log data remains encrypted in transit and is never decrypted on our standard server infrastructure.
3. Secured Admin Access: Secure log access for administrators is facilitated by the same secure tunnel. Logs are decrypted inside the enclave and sent back to the authorized admin via the secure tunnel, ensuring the decrypted data is never exposed on Dashlane’s servers. All activity log endpoints are further protected with an Admin Access Token—a secret token shared only between administrators and our Nitro enclaves—to defend against external and internal threat actors.
4. Device authentication for logged-out users: Omnix generates critical activity logs even when employees are logged out of Dashlane. This flow is secured by provisioning unique encryption keys during team deployment, which cryptographically binds the logs to the correct organization. This mechanism prevents attackers from intercepting and redirecting log data between teams, even during unauthenticated sessions.
    

Figure: Activity Log encryption

5.5 Deployment

Dashlane supports extension and policy deployment capabilities to help IT and Security teams roll out the Dashlane browser extension across all managed endpoints efficiently and securely.

Administrators can distribute Dashlane via enterprise management solutions such as Microsoft Intune, Jamf, or Microsoft Group Policy Objects (GPO). Deployment scripts generated from Dashlane’s Admin Console include configuration details like the organization’s team key and extension settings.

During deployment, the Dashlane extension automatically associates installed instances with the organization through a Mass Deployment Team Key, allowing Credential Risk Detection and other policy enforcements to function even when end-users are logged out. All communications and configurations are handled securely, maintaining Dashlane’s zero‑knowledge architecture.

5.6 Account Recovery for Enterprise

Dashlane provides enterprise-grade account recovery mechanisms designed to restore user access without compromising its zero-knowledge architecture. The process is built to ensure that even during recovery, Dashlane cannot access a user’s vault.

• Account Recovery Key (ARK): Provides a secure, self-service recovery option for employees.
• Admin-assisted account recovery: Allows Dashlane business users who log in with a Master Password to reset it securely while preserving data confidentiality. Dashlane’s patented recovery process guarantees that the Master Password is never stored or transmitted.

These dual mechanisms, admin-assisted recovery and ARK, enable organizations to balance usability and compliance while maintaining Dashlane’s zero-knowledge security model.

More details are available in 4.3 Account Recovery.

5.7 Dashlane Omnix™ Platform Capabilities

Dashlane Omnix extends enterprise-grade visibility and proactive protection across the workforce through security services: Credential Risk Detection, Risk Alerts & Notifications, and AI Phishing Alerts. All components operate within Dashlane’s zero-knowledge model and are designed to enhance organizational password hygiene and threat resilience.

5.7.1 Credential Risk Detection

Credential Risk Detection monitors the security posture of employee credentials, identifying weak, reused, or compromised passwords, for logged-in users, logged-out users, and employees without Dashlane accounts.

When deployed via endpoint management solutions (e.g., Intune, Jamf, or GPO), the Dashlane browser extension operates in a special mode authenticated with a Mass Deployment Team Key. After assessing password strength and exposure locally without accessing or transmitting vault data, this Mass Deployment Team Key allows the extension to securely log the results for exclusive visibility by the team admin.
 

Figure: Credential Risk Detection deployment process

Credential Risk Detection performs the following checks:

1. Weakness detection: Evaluates passwords locally using the open-source zxcvbn library.
2. Compromise detection: Uses Dashlane’s privacy-preserving leaked passwords database and Argon2 hashing to detect exposed credentials without uploading plaintext data. See 4.9.2 Dark Web Monitoring for Master Password section for more details.
3. Activity logging: Sends encrypted status reports (safe, weak, or compromised) to Dashlane’s secure enclave for processing and admin visibility.

Evaluation of credentials occurs locally, and only the results of those operations are sent to a confidential computing environment. Administrators can view aggregated insights in the Security Dashboard, enabling them to assess organizational risk and prioritize remediation.

Figure: Credential Risk Detection activity log upload

5.7.2 Risk Alerts & Notifications

Risk Alerts & Notifications enable administrators to automate password hygiene campaigns and send scheduled and real-time prompts to employees about vulnerable credentials.

5.7.2.1 Risk Notifications

Admins can configure Risk Notifications in the Admin Console and integrate them directly with Slack.

• The admin installs the Dashlane Slack app and authorizes it through OAuth.

Figure: Dashlane Slack app installation

• A scheduled routine evaluates vault data (using encrypted health metrics) and sends context-aware notifications to targeted users.
• Results of each risk notification execution are logged for compliance and transparency.

Figure: Risk Notifications configuration

All Slack API tokens are encrypted and processed exclusively inside Dashlane’s enclave, ensuring that no other system or internal employee can use these Slack tokens.

In addition, the risk notifications contain no specific information about the user's vulnerable credentials, only a deep link to the Password Health dashboard inside the Dashlane browser extension. This prevents Slack's systems or employees from seeing details of the user's vulnerable credentials.

Results of each notification execution are logged for compliance and transparency, and they are stored encrypted by Dashlane's enclave so only the team's admins can access them (see 5.4 Activity Logging & Auditing).

Figure: Risk Notification routine

5.7.2.2 Credential Risk Alerts

Admins can configure Credential Risk Alerts in the Admin Console, so the Dashlane browser extension will immediately inform users when they use vulnerable credentials.

This feature extends the Credential Risk Detection feature by displaying a notification to the user in addition to sending a securely encrypted activity log to the admin. See 5.7.1 Credential Risk Detection for details on this detection of vulnerable credentials.

Figure: Credential Risk Alert processing

5.7.3 AI Phishing Alerts

Dashlane’s AI Phishing Alerts use a combination of machine learning and contextual analysis to protect users from credential theft and fraudulent websites. Unlike traditional blocklist-based protections that rely solely on static lists of known domains, Dashlane’s AI system proactively identifies emerging, never-before-seen phishing campaigns by analyzing the page's intrinsic characteristics in real time. It operates directly within Dashlane’s browser extension, providing on-device threat detection that aligns with Dashlane’s zero-knowledge model.

To ensure fast and private protection, the system identifies potential threats in real time through these components:

• Optimized model architecture: Models are developed using lightweight models (such as Random Forest and Gradient Boosting) via scikit-learn and converted to the Open Neural Network Exchange (ONNX) format to ensure cross-platform compatibility. We also strip the runtime of unnecessary components, keeping the average model size under 3MB to guarantee that the entire inference process runs locally on the user’s device without ever sharing data to the cloud.
• Multi-vector feature extraction: The AI model analyzes the webpage DOM structure to extract critical features, including URL anomalies (such as typo-squatting), content indicators (suspicious text patterns or brand mimicry), and structural anomalies (hidden form fields, unusual redirect patterns, or iframe abuse).
• Privacy-first training: Our models are trained exclusively on data collected through internal crowdsourcing and publicly available threat intelligence feeds. No user personal data is ever used in the training process.

Administrators can configure custom rules to exclude phishing detection on internal websites or known safe domains. See 5.8.4 Anti-Phishing Custom Rules

This approach provides users and enterprises with proactive, privacy-preserving defense against phishing attempts, delivering protection that evolves as threats do, without compromising user confidentiality.

Note: AI phishing alerts are also available for personal customers, as AI-powered Scam Protection

5.8 Enterprise Policies and Settings: Security Governance and Enforcement

Dashlane enables administrators to enforce enterprise-wide security policies that align with organizational requirements, ensuring compliance and robust risk mitigation while maintaining a seamless user experience. These controls can be configured through the Admin Console and are rigorously applied across all plan members via cryptographic or client-side enforcement mechanisms. All policy changes are enforced centrally and synchronized to all users’ devices in real time through Dashlane’s secure synchronization service.

5.8.1 Identity and Access Management (IAM)

These controls govern user lifecycle management, provisioning, and the integrity of the authentication process required to decrypt the vault.

• 2-factor authentication (2FA) enforcement: Mandates that all members must enable a second factor when authenticating with their Master Password.
• New user provisioning: Enables administrators to provision new user accounts using a dedicated, authenticated signup link or via automatic SCIM provisioning. User enrollment is secured by mandatory email verification to confirm identity before Master Password creation. See 5.2 Provisioning for details.
• Cryptography Policy: Enables administrators to select the cryptography that complies with the company’s policy. Dashlane encrypts data using AES-256 and the Argon2d key derivation function (KDF) by default.
• Restrict Non-verified Domains from Login into Dashlane: Enables administrators to restrict employees from logging into Dashlane accounts with non verified work domains, such as personal accounts

5.8.2 Session Management and User Monitoring

These policies dictate session longevity, auditability, and the level of visibility afforded to administrators.

• Enforced auto-logout on inactivity: Administrators configure a mandatory session timeout (for example, 15 min, 30 min, 1 hr) after which the user's vault automatically locks if the system is not in a locked state.
• Mandatory auto-lock on mobile app exit: Ensures the Dashlane application on iOS and Android automatically locks immediately upon exiting the app.
• Enhanced business activity logging: Enables end-to-end logging of user sharing and vault activity by business users, while excluding all sensitive information such as login and password details.
• Login list visibility: Provides administrators with a list of the names or URLs of logins stored in an employee's business vault, while excluding all sensitive information such as login and password details.

5.8.3 Data Sharing Policy Controls

These policies govern the secure, cryptographically controlled flow of credential sharing between plan members and external entities.

• Sharing restrictions: Allows admins to enable or disable the zero-knowledge-based sharing function for logins, Secure Notes, and secrets
• External sharing prohibition: Allows compliance with data sharing policy and blocks all sharing attempts with users whose identity key is not associated with an account within the organization's plan
• Link based sharing: Link-based sharing requires the "Secure sharing for logins, Secure Notes and Secrets" policy to be enabled. In addition, Link-based sharing requires the "Allow sharing outside company" policy to be enabled

5.8.4 Phishing Alerts Custom Rules

These policies allow the admin to mute phishing alerts on specific domains (typically internal domains). One rule can cover multiple domains (inclusive of sub-domains) and apply to AI Phishing Alerts, vault phishing alerts, or both. 

The list of rules for each team is encrypted, authenticated, and processed exclusively within Dashlane's enclave, ensuring that no Dashlane employee or system can view the sensitive information it contains, including internal domains. The integrity of the data is also enforced with the use of authenticated encryption to prevent an adversary from tampering with the rule server-side.

As an additional precaution, cleartext domains are not sent to end users' devices; only a hash of each domain is sent. When the end user visits a domain, the Dashlane extension is able to hash it and compare it locally to the list of hashes for each rule without ever receiving the cleartext domains. Only the admin is able to retrieve the cleartext domains.

5.8.5 Other Security Controls

• Turn off auto-login and autofill: Prevents accidental credential exposure or autofill on specific high-risk, forbidden websites or IP addresses
• Virtual private network (VPN): Allows centralized control over the use of the VPN service for secure browsing on public networks

5.9 Dashlane Developer Tools

Dashlane provides developers and administrators with command-line and API-based interfaces to integrate Dashlane into enterprise automation, DevOps workflows, and security monitoring systems.

5.9.1 Command Line Interface (CLI)

The Dashlane Command Line Interface (CLI) enables secure, programmatic access to Dashlane vault data, Activity Logs, and other admin-level data without using the graphical application. It supports automation for credential retrieval, integration with CI/CD pipelines, and machine account access management.

• Authentication: The CLI uses the same zero-knowledge architecture as Dashlane’s applications. Authentication can be completed using a Master Password or enterprise SSO, with local decryption of vault data on the device.
• Encryption and key handling: All secrets remain encrypted end-to-end; no plaintext credentials are ever transmitted or stored on Dashlane servers.
• Integration capabilities: The CLI integrates with tools such as Jenkins, GitHub Actions, and GitLab CI, enabling developers to securely inject credentials into build and deployment workflows.
• Access control: The CLI respects Dashlane’s role-based access controls and sharing permissions, ensuring that automation processes can access only authorized credentials.
• Admin capabilities: Admins can see Activity Logs, access a list of team members, and view Dark Web Insights reports directly in the CLI. They can also automate tasks, use bots, and export important data for their organization's security information and event management (SIEM) tool.
• Plan member capabilities: Plan members can use the CLI to access their vault. They can also use the CLI to securely access secrets from the terminal and inject them into template files, environment variables, or the pastebin.

Comprehensive usage documentation, including installation and command references, is available in Dashlane’s GitHub CLI repository and support article.

5.9.2 Public API

The Dashlane Public API provides a secure interface for enterprise integrations such as reporting automation and identity lifecycle management.

• Authentication and authorization: The API uses OAuth 2.0 with scoped permissions to control access and ensure compliance with enterprise least-privilege policies.
• Supported operations: Includes endpoints for retrieving organizational data such as company account status information, user information, password health metrics, and device information.
• Data protection: All API responses are encrypted in transit using TLS 1.3 and signed to ensure data integrity.

Dashlane’s Public API documentation and support guide provide full reference schemas, sample code, and integration examples.

5.9.3 Dashlane MCP Server for Audit Logs

The Dashlane CLI includes a Model Context Protocol (MCP) server that exposes audit log data to local AI agents. This enables security and IT teams to natively interact with AI agents and query credential activity, investigate incidents, and run compliance checks using natural language, without exporting logs to external systems or building custom integrations.

Architecture Overview

The MCP server is not a standalone hosted service. It runs as a local process, launched by the Dashlane CLI (dcli) on the operator's machine, and communicates with AI agents over stdio transport. No audit log data is transmitted to a third-party AI provider. The AI agent queries the MCP server locally, and only the query results are passed to the model in context.

AI Agent (e.g. Claude Code)

       |

  stdio transport (local)

       |

  dcli team mcp  <-- MCP server process

       |

  Dashlane API  <-- authenticated with CLI keys, per-tenant scoped

The MCP server exposes audit logs as structured, read-only resources. It does not provide write access to any Dashlane data.

Authentication and Authorization

Access to the MCP server requires valid Business CLI keys (DASHLANE_ENROLLED_TEAM_DEVICE_KEYS). These keys are scoped to a specific team tenant and must be generated by an admin with CLI key generation permissions.

CLI keys can be passed at runtime or embedded in the MCP configuration. Dashlane enforces per-tenant authorization server-side: a CLI key for one team cannot access the data of another.

There is no unauthenticated access path to the MCP server. Any AI agent connecting to it must operate in an environment where valid CLI credentials are present.

Data Access Scope

The MCP server provides access to the same audit log data available through dcli team logs, subject to the same controls.

Deployment Considerations

• The MCP server process runs on the same machine as the AI agent. Admins should evaluate the trust level of that environment before enabling sensitive log access.
• CLI keys should be treated as secrets and stored accordingly (e.g., in a secrets manager or environment variable store with restricted access).
• Because the MCP server fetches logs on demand from the Dashlane API, it does not persist any log data locally beyond what the AI agent processes in-session.

For setup instructions, see the AI Agents integration guide.

5.9.4 Automation and Lifecycle Management

Enterprises can leverage the CLI, MCP and API together to automate credential management and compliance reporting:

• Automatically rotate credentials used in service accounts.
• Audit password health across departments.
• Feed activity logs and credential risk logs directly into SIEM and governance systems.

5.10 Integrations

Dashlane offers a broad ecosystem of enterprise integrations designed to connect seamlessly with existing IT, identity, and security infrastructures. These integrations help organizations streamline deployment, simplify user management, and enhance visibility across their security operations, all while preserving Dashlane’s zero-knowledge guarantees.

5.10.1 Identity and Access Management (IAM)

Integrate Dashlane with your organization’s identity provider (IdP) to enable SSO-based authentication and automated provisioning:

• Supported SSO providers: Microsoft Entra ID (formerly Azure AD), Okta, Ping Identity, Google Workspace, JumpCloud, Duo, Keycloak, and any IdP supporting SAML 2.0.
• SCIM provisioning: Automate user lifecycle management with SCIM integrations for Microsoft Entra ID, Okta, Ping Identity, JumpCloud, and Duo.

These integrations simplify onboarding and deprovisioning, ensuring that users gain or lose access automatically in line with corporate identity policies.

5.10.2 Multi-Factor Authentication (MFA)

Dashlane supports integration with popular MFA solutions to enforce strong authentication policies. Supported second-factor apps include:

• TOTP authenticators: Google Authenticator, Microsoft Authenticator
• Enterprise MFA platforms: Duo Security and other FIDO2-compliant devices

5.10.3 Endpoint and Browser Management

Dashlane integrates with leading endpoint and device management solutions to simplify organization-wide deployment:

• Jamf for macOS (Google Chrome and Mozilla Firefox)
• Intune or Group Policy Objects (GPO) for Windows (Edge, Chrome, Firefox)
• Browser compatibility: Dashlane browser extension supports all major browsers, Safari, Chrome, Edge, Firefox, Opera, Brave, and other Chromium-based browsers

5.10.4 Security Monitoring and SIEM

To support enterprise monitoring and compliance, Dashlane integrates with Security Information and Event Management (SIEM) platforms:

• Pre-built connectors: Splunk
• Custom SIEM integration: Available via the Dashlane CLI, allowing export of logs and telemetry for correlation with existing IT data sources

5.10.5 Productivity and Communication Tools

Dashlane integrates directly with collaboration tools to improve employee engagement and password hygiene:

• Slack: Dashlane integrates with Slack to send risk notifications, secure, context-aware messages to employees.
• Credential import/export: Seamlessly migrate existing credentials from Chrome, LastPass, or CSV files. On iOS, a secure, seamless protocol is available through the Credential Exchange protocol.

5.10.6 Developer and Custom Integrations

Dashlane’s Public API and CLI allow organizations to create custom integrations for DevOps and security automation:

• Build internal tools to automate credential rotation and reporting.
• Integrate with CI/CD pipelines for secure secret injection.
• Extend security visibility by connecting Dashlane telemetry with SIEM tools or related monitoring tools, custom dashboards, and compliance systems.

5.10.7 Benefits of Integration

Dashlane integrations deliver:

• Faster deployment: Deploy organization-wide in minutes through SSO and endpoint management.
• Reduced IT overhead: Eliminate manual credential onboarding and offboarding.
• Improved security posture: Strengthen identity management and streamline threat monitoring via native integrations with IAM, SIEM, and MFA platforms.

By connecting Dashlane with existing enterprise systems, organizations achieve unified, scalable credential protection while maintaining seamless workflows for employees and administrators.