This article provides an Overview of the Dashlane single sign-on (SSO) connector which works with any SAML-based Identity Provider. Users configured for SSO will sign-in to Dashlane with their SSO credentials instead of a master password.
Before getting started, read the benefits and considerations carefully.
Contents
1. SSO Benefits and considerations
SSO Benefits and considerations
Benefits
- Users do not need to remember another password. The user will login to Dashlane like any other SSO application, with their SSO credentials.
- Any 2FA configured at the SSO provider level is automatically used for Dashlane sign-in.
- No multi-step sign-up process for creating a Master Password. Once provisioned, users can sign-in to Dashlane with an IDP-initiated or SAML-initiated login, app.dashlane.com, the mobile apps or the browser extension.
- VDI is fully supported with Dashlane SSO.
Considerations
- Zero-knowledge account recovery is not available for SSO users. The user's password is their SSO password and can be reset by anyone with rights to reset their SSO password. The SSO provider’s logs is relied on for any potential nefarious activity in this regard.
- Admins will still be required to use a Master Password to log in on all Dashlane platforms. You may choose to use a separate admin account for only the admin console, and use your standard user account for your SSO Dashlane account.
- The desktop app is not compatible with SSO. Review our Desktop and web app feature comparison page to learn more.
- Dashlane SSO users who leave the Business plan will lose access to all accounts in both the personal and business space.
- SSO login is required to access your Dashlane vault. Offline access is only available if biometrics is enabled for the mobile app.
- SSO makes provisioning easier as users can login once they are added, but SSO does not take place of user provisioning. Users will still need to be added via one of our user provisioning methods.
SSO Architecture
Dashlane SSO continues our Zero-knowledge architecture, ensuring only the user has access to the encrypted vault data. Dashlane’s SSO is different than most SSO integrations. Standard SAML setups only encrypt data in transit, not at rest, and uses one encryption key for all users. Dashlane uses a zero-knowledge architecture to ensure data is encrypted in transit, at rest, and each user has a unique encryption key for their vault.
To ensure Dashlane stays zero-knowledge, Dashlane requires the configuration of an SSO encryption service that hosts the company encryption keys outside Dashlane’s datacenter and the IdP. Most Dashlane customers choose to host our pre-configured SSO Connector in Azure or AWS.
SSO Deployment
The Basic steps for deploying Dashlane with SSO are as follows:
- Sign up for Dashlane Business
- Invite any admins for the account from the Dashlane Admin Console
- Ensure no other users have been invited, you will not be able to enable SSO if non-admin users are currently configured on your plan.
- Prepare your identity provider for SSO.
- Azure AD | ADFS | Okta | Gsuite | Other SAML (contact us)
- Configure the SSO Encryption Service on your preferred platform
- Setup your desired user provisioning method or manually invite users via the Admin Console
- Deploy the Dashlane extension to all Dashlane users.
- Start monitoring your company password health using the Dashlane health dashboard