Top of Article
Contact us

Integrate Dashlane with your Identity Provider (IdP) for SSO and SCIM

Articles in this section

See more

Integrate Dashlane with your Identity Provider (IdP) for SSO and SCIM Expand Sections

SSO and SCIM are only available to Dashlane Business plans.
Upgrade to Dashlane Business

Important: With the Dashlane Safari extension, SSO isn’t available at this time due to Apple limitations. You can use self-hosted or Confidential SSO on a different browser like Chrome, Firefox, or Edge.

Admins of Business plans can integrate Dashlane with any SAML 2.0 Identity Provider (IdP)—such as Azure, Okta, or Google Workspace—so that plan members can log in to Dashlane with SSO. Depending on their configuration, admins may also be able to set up SCIM with Dashlane to handle group and user provisioning.

Note: As an admin, you will still use a Master Password to log in to your Dashlane admin account, even if you set up SSO for your plan. We recommend having more than one admin on your plan in case you ever forget your Master Password.
Add another admin to your plan

Tip: If you’re deploying Dashlane for the first time, we recommend setting up SSO before inviting people to your plan so they can log in with SSO right away and won’t have to create a Master Password.

Step 1: Choose Dashlane Confidential SSO or self-hosted SSO

Before you can set up SSO, you have to choose between two options: Dashlane Confidential SSO and self-hosted SSO. Both options are equally secure and maintain Dashlane’s zero-knowledge security architecture.

If you don't need SCIM, we recommend Dashlane Confidential SSO because it's a simpler and faster setup experience.

Note: Dashlane Confidential SSO doesn't support Microsoft Conditional Access on mobile devices.
More about this limitation with Microsoft Conditional Access

If you need SCIM, you should choose self-hosted SSO because Confidential SSO doesn't currently support SCIM.

More about Dashlane Confidential SSO
More about self-hosted SSO

Step 2: Follow the steps in the Admin Console to integrate with your IdP

After you’ve chosen Confidential SSO or self-hosted SSO, follow the steps in the Admin Console:

  1. Select the Dashlane D icon in your browser’s toolbar and enter your admin Master Password if prompted. In the extension pop-up, select More and then Open the Admin Console.
  2. Select Settings and then select Single sign-on.
  3. Choose to set up either self-hosted SSO or Confidential SSO.

    Learn more about the difference between Dashlane Confidential SSO and self-hosted SSO

  4. Follow the steps in the Admin Console. If you’re not sure how to create a new SSO application with your Identity Provider, visit that provider’s Help Center:

    Azure AD | ADFS | Okta | Google Workspace | Jumpcloud

FAQ about SSO and SCIM

What’s SSO and how can I use it with Dashlane?

Single sign-on, known as SSO, is an authentication scheme that allows your employees to log in to all of your organization’s software with a single login.

When integrated with Dashlane, SSO allows members of your Business plan to sign in to Dashlane using their SSO login instead of a Master Password. Members can sign in to Dashlane using SSO on the web, mobile, and the Dashlane macOS app. With the Dashlane Safari extension, SSO isn't available at this time due to Apple limitations. You can use Dashlane SSO on a different browser like Chrome, Firefox, or Edge.

What’s SCIM and how can I use it with Dashlane?

System for Cross-domain Identity Management, known as SCIM, allows you to use each member’s status in your Identity Provider to provision and deprovision groups of members.

When integrated with Dashlane, SCIM makes it easier to add and remove members, or groups of members, from Dashlane.

Note: You can also create and manage groups with Dashlane, which is totally separate from SCIM. These groups don’t merge or sync with SCIM groups.
More about creating and managing groups with Dashlane

What’s an Identity Provider (IdP)?

Many organizations use an Identity Provider to manage and authenticate members’ access to applications and software with SSO and SCIM. Popular Identity Providers include Azure, Okta, and Google Workspace.

What Identity Providers (IdP) can I use with Dashlane?

You can use any SAML 2.0 Identity Provider, including Azure, Okta, and Google Workspace.

Is it secure to use SSO with Dashlane?

While many password managers wouldn’t be secure with SSO, Dashlane uses an encryption service to allow for SSO while retaining our zero-knowledge architecture. That way, data stored in Dashlane remains encrypted. Neither Dashlane nor your Identity Provider have your encryption key, so even if either experienced a breach, no one could access your data.

White paper: Dashlane’s security principles and architecture

What’s an encryption service?

Your logins and personal information are always “encrypted” in Dashlane. Encryption scrambles your data so no one can read it. To decrypt and access your encrypted data, a unique encryption key is needed.

An “encryption service” is a service that provides that unique encryption key. Without SSO, your Master Password acts as the encryption key, because only you know it. With SSO, we need a way to verify your identity to your Identity Provider without a Master Password. That’s what the encryption service is for.

We require anyone setting up SSO or SCIM with Dashlane to use an encryption service. It’s an essential layer of our zero-knowledge architecture that protects your data in the event of a breach.

We offer two options for your encryption service—Dashlane Confidential SSO and self-hosted SSO.

Why use an encryption service?

The encryption service can benefit your organization more than competitor solutions. End-to-end encryption and encrypted sharing keys require a necessary layer of security that SAML and SCIM don't provide out of the box. You can use the encryption service to seamlessly integrate Dashlane with these protocols while keeping the encryption keys secure and the experience intuitive for the plan members and admins.

This graphic explains how the encryption service fits in the SSO and SCIM architecture:

Can I access Dashlane offline after setting up SSO?

Because the Dashlane SSO connector needs to communicate with your Identity Provider to verify your login, you need to be connected to the internet to log in to your Dashlane account with SSO. However, SSO members with biometric unlock enabled on their mobile devices can access their vault using biometrics.

Learn how to enable biometric unlock

Is Virtual Desktop Infrastructure (VDI) supported with Dashlane SSO?

Yes, VDI is fully supported with Dashlane SSO.

Why did I get an “Application with identifier was not found in the directory” error?

If you get this error, try these troubleshooting steps:

  1. Make sure your members and groups are assigned to the Dashlane SAML app you created in your IdP during the setup process.
  2. Make sure your browser profile is signed in with the same email address. This often happens for admins that use multiple profiles on Google Chrome browsers.
  3. Make sure your Entity ID and ACS URLs match those in your Admin Console and that the Entity ID isn’t missing the “/” at the end.
  4. Make sure the member is logging in with the email address that's displayed in the Admin Console.
Was this article helpful?
18 out of 59 found this helpful
Thank you! Your feedback helps us improve this article for everyone.

In this Article

Articles in this section

Related articles

Can't find what you're looking for?

Contact us
Powered by Zendesk