This article provides an Overview of the Dashlane single sign-on (SSO) connector which works with any SAML-based Identity Provider. Users configured for SSO will sign-in to Dashlane with their SSO credentials instead of a master password.
Before getting started, read the benefits and considerations carefully.
SSO Benefits and considerations
- Users do not need to remember another password. The user will login to Dashlane like any other SSO application, with their SSO credentials.
- Any 2FA configured at the SSO provider can also be used for logging into Dashlane via SSO.
- No multi-step sign-up process for creating a Master Password. Once provisioned, users can sign-in to Dashlane with an IDP-initiated or SAML-initiated login, app.dashlane.com, the mobile apps or the browser extension.
- VDI is fully supported with Dashlane SSO.
- Zero-knowledge account recovery is not available for SSO users. The user's password is their SSO password and can be reset by anyone with rights to reset their SSO password. The SSO provider’s logs is relied on for any potential nefarious activity in this regard.
- Currently all members and admins will need to be on the same e-mail domain. Multi-domain support is coming soon!
- Admins will still be required to use a Master Password to log in on all Dashlane platforms. You may choose to use a separate admin account for only the admin console, and use your standard user account for your SSO Dashlane account.
- The desktop app is not compatible with SSO. Review our Desktop and web app feature comparison page to learn more.
- Dashlane SSO users who leave the Business plan will lose access to all accounts in both the personal and business space.
- SSO login is required to access your Dashlane vault. Offline access is only available if biometrics is enabled for the mobile app.
- SSO makes provisioning easier as users can login once they are invited to your business plan, but SSO does not take place of user provisioning. Users will still need to be added via one of our user provisioning methods.
- It is highly recommended that SSO is enabled before inviting non-admin users to prevent unnecessary extra steps, which would require the users to create a Master Password only to be migrated to an SSO experience which does not require a separate master password.
Dashlane SSO continues our Zero-knowledge architecture, ensuring only the user has access to the encrypted vault data. Dashlane’s SSO is different than most SSO integrations. Standard SAML setups only encrypt data in transit, not at rest, and use one encryption key for all users. Dashlane uses a zero-knowledge architecture to ensure data is encrypted in transit, at rest, and each user has a unique encryption key for their vault.
SSO Encryption Service Connector
To ensure Dashlane stays zero-knowledge, Dashlane requires the configuration of an SSO encryption service that hosts the company encryption keys outside Dashlane’s datacenter and the Identity Provider. Most Dashlane customers choose to host our pre-configured SSO Connector in Azure or AWS.
There are three ways to deploy the SSO encryption connector, and how you choose to deploy will change your SSO connector endpoint and in turn your ACS & Entity ID URL's.
|SSO encryption service host||SSO Connector endpoint|
|Linux VM (advanced)||https://mycompanysso.mycompany.com|
The SSO connector endpoint will get entered during setup in the admin portal.
Once you have chosen your SSO connector endpoint, you will build the SSO encryption service to route to the name you have already configured above.
The Basic steps for deploying Dashlane with SSO are as follows:
- Sign up for Dashlane Business
- Invite additional admins to the account via the Dashlane Admin Console
- Prepare your identity provider for SSO
- Configure the SSO Encryption Service on your preferred platform
- Invite users using the Admin Console or one of our user provisioning methods.
- Once SSO is enabled, all new users will join with their SSO credentials and all current Master Password users will be converted to an SSO user the next time they login. To learn more about what current Master Password users can expect, see Enabling SSO with existing users.
- Deploy the Dashlane extension to all Dashlane users.
- Start monitoring your company password health using the Dashlane health dashboard