This article will guide you through a standard SSO configuration setup using a single Ubuntu VM as the SSO connector. At the completion of this walk-through, SSO will be fully enabled for your organization.
Before you get started, make sure:
- You have read and understood the SSO limitations page.
- You have read and understood the feature comparison page, as SSO users will not be able to login to the Dashlane desktop apps.
- You have signed up for a Dashlane Business Plan. Dashlane Team does not allow enabling SSO.
- You have access to the SSO Identity Providers metadata and console (if applicable).
- You have the ability to create an Ubuntu VM—no further Linux experience is required!
SSO architecture overview
In this example, we have two VM's that have ports published to the internet.
- Windows Server 2016, hosting ADFS
- Ubuntu 18.0.4 which will host the Dashlane SSO connector
Verify the domain
- Login to console.dashlane.com > Settings > Saml SSO
- Enter your company domain and click Verify.
- Copy the hostname and TXT value to create a TXT record for your Public DNS provider.
- Paste the TXT record into the TXT fields for your public DNS provider.
- Back in https://console.dashlane.com click the Verify Domain. It may take a few minutes for your new DNS record to be published to the internet. If it fails, try again in a few minutes. Notice the domain says Verified next to it now.
Enter the environment details
- Download your identity providers metadata from your IdP's portal or download via the metadata url. When visiting the page it should automatically download the XML file.
ADFS default location
- You can also use Microsoft's tool to download the metadata XML for your ADFS instance.
Follow the Azure guide to create a new Enterprise SSO application and download the metadata.
Copy the XML metadata and paste it into the Dashlane Admin console as shown.
Enter the URL you will use for the Ubuntu SSO connector.
- Acquire a publicly trusted SSL certificate for the domain name you have chosen in step 3. You will use the .crt file and private.key you acquire later in the setup.
This is all for now, we will come back to this once our Ubuntu server is ready to go!
Prep the Ubuntu VM
- Create an Ubuntu 18.04 virtual machine with the following minimum configuration settings.
- Port 22 and 443 are published to the internet for SSH and HTTPS.
- Authentication type: Username and password is recommended for admins without Linux experience.
- A minimum of 1CPU, 4GB of RAM and 20GB HDD, double the CPU and RAM for every 1000 users.
- If a dynamic Public IP address was assigned, set it to static.
- Create a Public DNS A record pointing to the static public IP.
- Login to the Ubuntu VM using SSH.
- From Windows PowerShell, SSH into the the Ubuntu machine by running the following single line command:
- Type yes for any prompts about authenticity.
- Enter your password when prompted (the cursor may not move).
- See that you are connected to username@computername when complete.
While connected the the Ubuntu machine via SSH do the following.
- Setup the Docker repository by following guide to Install using a repository.
- Make sure to complete the 'Install Docker engine' section after completing the repository setup.
Prep the config file and install the SSO connector
- Go to https://console.dashlane.com > Settings >SAML SSO
- Click the Generate SSO connector key button
- Save the SSO connector key to a secure location, you will need it if you want to redeploy the SSO connector. If something happens to this machine and you do not have this SSO connector key, all dashlane data will become inaccessible!
- Download your config file and save it to the same location as your .crt and private.key files.
You should now have all your certificate files and dashlane-sso-config.env file in a single folder.
Because we are doing SSL encryption on this Docker instance and not using an external load balancer, we will edit the dashlane-sso-config.env file to add generic lines for the .crt file and private.key.
- Open the dashlane-sso-config.env file with a text editor. You may have to change the extension from .env to .txt to open it.
- Add the below two lines to the bottom of the file and save the file.
The file will look something like the following when this is complete.
Rename the file back to dashlane-sso-config.env if you changed it to make the edits.
Now you will transfer all the files from your local machine to Ubuntu so we can run the installation script with all the necessary files and variables accessible by ubuntu.
Open up PowerShell or your preferred SSH app and connect to your Ubuntu machine.
Once connected, type the following command and note the folder location.
For my SSH connection I am in the /home/dash-admin location. This is where I will transfer my config and certificate files to.
Open up a second Powershell or SSH window which we will use to transfer the required files from the local machine to the Ubuntu VM. Navigate to the location you have saved the dashlane-sso-config.env, private.key and the certificate.crt file. I have saved my files to C:\Dashlane\SSOConnector. I use the LS command to list the files in this folder.
Transfer all the files to the Ubuntu VM target location you noted in step 9, by running the following PowerShell command. This will transfer all files from the current folder location to the remote folder location.
scp * Ubuntu_admin_User@123.456.78.9:/home/Ubuntu_admin_User
scp * firstname.lastname@example.org:/home/dash-admin
Note the output window of the successful transfer of files.
In your Ubuntu SSH Session, run the following command to verify the transferred files are present in the expected location.
Now you will run the SSO connector installer script!
Modify the below command appropriately and execute it to start the SSO Connector service:
- Update <PATH TO CONFIG FILE> with the local path to the SSO Connector config file that you transferred over.
- Update <PATH TO SSL CERTIFICATE> with the local path to the SSL certificate.
- Update <PATH TO SSL CERTIFICATE> with the local path to the SSL certificate's private key.
sudo docker run -p 443:3000 --name dashlane-sso-connector --env-file=<PATH TO CONFIG FILE> -v <PATH TO SSL CERTIFICATE>:/certificate.crt -v
<PATH TO SSL CERTIFICATE PRIVATE KEY>:/private.key --privileged=false dashlane/sso-connector:latest
sudo docker run -p 443:3000 --name dashlane-sso-connector --env-file=/home/dash-admin/dashlane-sso-config.env -v /home/dash-admin/dashlanesso.dashlaneinc.com.crt:/certificate.crt -v /home/dash-admin/private.key:/private.key --privileged=false dashlane/sso-connector:latest
Complete the rest of the setup for your SSO identity provider
Follow the steps for your IdP to complete the setup and allow for single-sign on.
- ADFS SSO configuration steps
- Azure AD configuration steps (coming soon!)