This article will guide you through setting up single sign-on (SSO) with Azure AD.
Before you get started, make sure you have done the following:
- You have reviewed the SSO overview page
- You have signed up for a Dashlane Business Plan, Dashlane Team does not allow enabling SSO. If you would like to upgrade, contact us.
- You have access to the SSO Identity Providers metadata and console (if applicable)
Contents
- Step by Step video walkthrough
- Prepare the Azure Enterprise SSO Application
- Complete the Azure Enterprise Application setup
Step by Step video walk through
Verify your e-mail domains.
Visit the Dashlane Admin Console and navigate to the Settings tab.
2. Click the SAML SSO tab. In the Verify your company email domain field, enter your company's domain name and click the Verify button.
- If you have multiple e-mail domains configured for your SSO provider, add and verify all additional domains.
3. Copy the Hostname and TXT values and add them to a new DNS TXT record for your domain. Once added, click on the Verify domain button. Please note that it can take up to 24 hours to verify the domain.
4. Verify all the email domains your users will use to sign in using SSO. If you have more than 5, contact support.
You must verify your domain before you can configure the SSO Connector.
Prepare the Azure Enterprise SSO Application
- Login to portal.azure.com with your administrator azure account.
- Use the search bar to open the Enterprise Applications module
- Select ‘New application’
- Select ‘Integrate any other application you didn't find in the gallery’
- Give it a name like “Dashlane SSO” and click add
- Go to the Dashlane SSO enterprise application properties page, and click the ‘set up single sign on’ button.
- On the Select a single sign-on method, select SAML
-
Choose a single-sign on URL endpoint that you would like to use for your SSO connector.
There are three ways to deploy the SSO encryption connector, and how you choose to deploy will change your ACS & Entity ID URL's.
SSO encryption service host SSO Connector endpoint Azure (recommended) https://mycompanysso.azurewebsites.net AWS https://mycompanysso.mycompany.com Linux VM (advanced) https://mycompanysso.mycompany.com -
Enter the SSO connector endpoint in the Dashlane admin portal
-
In the Azure Enterprise App - Basic SAML configuration settings, enter the Entity ID and ACS URL using the SSO Connector endpoint as the root. Replace 'mycompanysso' with the name you chose in step 6.
- Identifier (Entity ID): https://mycompanysso.azurewebsites.net/saml/
- Reply URL (ACS URL): https://mycompanysso.azurewebsites.net/saml/callback
-
Notice the slash at the end of the entity ID!
- Go to the section for the SAML Signing Certificate > Federation Metadata XML and click the link to Download
- Upload the xml metadata in the Dashlane admin portal > Settings > SAML SSO
- Opening with IE can parse XML files incorrectly, be sure to open the XML file with a plain text editor like notepad.
- In the Azure Enterprise app, add your desired users or groups rights to use the newly created application using the users and groups tab.
- Alternatively, you can set the 'user assignment required' to 'no', on the properties page of the Azure Enterprise App.
- Setup the SSO connector in your preferred environment
Complete The Azure Enterprise Application Setup
- Now that the SSO connector is configured, you can verify it is running by ensuring the xml file downloads by browsing to your URL https://mycompanysso.azurewebsites.net/saml
- Login to https://console.dashlane.com > Settings > SAML SSO > test SSO connection.
- Click the button to Enable SSO
- Invite users using the Admin Console or one of our user provisioning methods.
- Once SSO is enabled, all new users will join with their SSO credentials and all current Master Password users will be converted to an SSO user the next time they login. To learn more about what current Master Password users can expect, see Enabling SSO with existing users.