This article provides an overview of how Dashlane integrates with your Identity Provider for single sign-on (SSO) and SCIM directory sync, which works with most SAML-based Identity Providers. After setup, members sign into Dashlane with their SSO credentials instead of a Master Password.
Before you get started, read the benefits and considerations carefully.
- Members don't need to remember another password. They log in to Dashlane the same way as any other SSO application—with their SSO credentials.
- Any 2FA configured with the SSO provider can also be used to log in to Dashlane with SSO.
- No multistep signup process is needed, as it is when creating a Master Password. After members are provisioned, members can sign into Dashlane with an IdP-initiated or SAML-initiated login, app.dashlane.com, the mobile apps, or the browser extension.
- VDI is fully supported with Dashlane SSO.
- SCIM directory sync allows you to link your Identity Provider with Dashlane, so members and groups are automatically added and removed from your Dashlane plan based on their status in your Identity Provider.
- Zero-Knowledge Account Recovery isn't available for members using SSO. A member's password is their SSO password and can be reset by anyone with the right to reset their SSO password. Admins can rely on the SSO provider’s log to identify any suspicious activity.
- Admins are still required to use a Master Password to log in on all Dashlane platforms. As an admin, you can choose to use a separate admin account for only the Admin Console and use a plan member account with SSO.
- Members using SSO who leave your Business plan lose access to all information in both their Personal and Business Spaces.
- An SSO login is required for members to access a Dashlane vault. Offline access is available only if biometrics have been enabled for the mobile app.
- We highly recommend that you enable SSO before you invite non-admin members. You can prevent the unnecessary extra step that requires members to create a Master Password only to be migrated to an SSO experience, which doesn't require a separate Master Password.
- Groups you sync with SCIM won't merge with your existing groups. Even if they have the same name, they'll be added as new groups.
Dashlane's Identity Provider integrations are uniquely secure. Standard SAML-based setups encrypt data only in transit, not at rest, and use the same encryption key for all members. With Dashlane, that data is encrypted in transit and at rest. Also, each member has a unique encryption key for all of their information, based on Dashlane's zero-knowledge architecture.
Dashlane requires the configuration of an SSO Encryption Service. This ensures Dashlane's zero-knowledge architecture by hosting your organization's encryption keys outside of both Dashlane's datacenter and the Identity Provider. Azure and AWS are two common services where you can set up your organization's Encryption Service.
Use these steps to integrate Dashlane with your Identity Provider for SSO and SCIM directory sync.
- Sign up for Dashlane Business.
- Invite additional admins to the account from the Dashlane Admin Console.
- Configure the Encryption Service on your preferred platform.
- Set up your integration with your Identity Provider.
- Add members to the SCIM enabled integration, invite members to your plan in the Admin Console, or use one of our provisioning methods.
- Once enabled, all non-admin plan members are converted to SSO members the next time they log in. Members enter their Master Password for the last time and use SSO going forward. Any new members invited to your Dashlane plan won't have a Master Password and will only use their SSO to log in. All members who use SSO are automatically redirected to the SSO login flow. To learn more about what members using a Master Password can expect, see Enabling SSO with existing users.
- Deploy the Dashlane extension to all members of your Dashlane plan.
- Start monitoring your company Password Health with the Dashlane Health Dashboard.