Time to complete: 10 minutes
- Dashlane Administrator
- Azure AD administrator
- Public DNS editor for domain verification
Dashlane offers deep integration with Azure AD, with the ability to integrate SSO with SAML, user sync, and group sync using SCIM. It is possible to do only SSO or only SCIM provisioning, but we recommend doing both for the best experience.
Encryption Service Setup
1. Complete the Encryption Service setup.
Verify your encryption service is online by copy/pasting the URL from the encryption service setup into a new tab of your web browser.
If you do not get a Dashlane branded page, go back to step 1 and complete the encryption service setup.
2. Navigate to the Dashlane Admin Console through the extension or by going to console.dashlane.com.
3. Navigate Settings > Single sign-on > Edit under the SSO Settings.
4. Enter your company e-mail domain and click Verify.
5. Note the hostname and TXT value you need to copy into your public DNS provider. Use the Copy buttons to copy the hostname and TXT Value.
6. In a new browser tab, navigate to your Public DNS provider and Add a TXT Record.
7. Paste the "Host Name" and TXT Value from the Dashlane Admin Console into the new TXT record, and click Save.
8. Once you've entered the record, wait a few minutes and in the Dashlane Admin Console, click Verify domain. Public DNS changes can take up to 24 hours, but most new records take 5 minutes or less. If it doesn't work the first time, wait a few minutes and click Verify domain again.
If you entered the record correctly, you see a green check next to the verified e-mail domain. Repeat steps 3-8 for any additional domains you want to enable for SSO that are part of your same SSO tenant. We currently do not support linking multiple SSO providers to a single Dashlane plan.
You will now build an Enterprise Application in Azure for your users to connect to.
9. In a new browser tab, navigate to the Azure Portal and search for or select Enterprise Applications.
10. Click Create your own application.
11. Click New application.
12. Name the Application Dashlane > select Integrate any other application you don't find in the gallery > Click Create.
13. Click Set up single sign-on.
14. Click the SAML tile.
15. Under Basic SAML Configuration, click Edit.
16. In your Dashlane Admin Console, use the copy button to copy the values from the Entity ID and the Assertion Consumer Service (ACS) URL from Dashlane to the Azure Enterprise application.
16.1 Paste the Entity ID from the Dashlane administrator console to the Entity ID in the Azure Enterprise application.
16.2 Paste the Assertion Consumer URL from the Dashlane Admin Console to the corresponding field in Azure.
16.3 For the Sign on URL, enter https://app.dashlane.com.
16.4 Delete the default URL.
Ensure the Entity ID URL ends in /saml/ and the ACS URL ends in callback, as shown in the image.
16.5 Click Save.
17. On the Azure Enterprise app under the SAML signing Certificate, click to Download Federation Metadata XML.
18. Open "Federation Metadata XML" in Notepad or plain text editor > select all, copy the contents.
*Do not open the XML using Internet Explorer or Safari as it may break the format for the XML when copying.
19. Paste the Federation Metadata XML in console.dashlane.com > click Save changes.
Acknowledge you need to restart the SSO Encryption Service. You can ignore this for now as we will restart the service in a few steps.
20. Go to Enterprise Application in Azure > Users and Groups > Add the users or groups you want to have access to Dashlane SSO.
21. Restart the Encryption Service by navigating to your Encryption Service app in Azure.
22. Click Restart.
23. Once you've assigned users, you can test with any assigned user from the Dashlane Admin Console by clicking the Test connection. Use the Copy test URL to test the SSO connection from different locations, devices, and users.
If you've set up SSO as expected, you see the Success Message.
If you see an error message, contact Customer Support for assistance.
24. You can now Enable SSO by selecting the selector next to Enable SSO.
Once enabled, any non-admin master password users will be converted to an SSO user at the next login, at which time they will enter their Dashlane Password for the last time and only be able to login with SSO.
Any new users invited to your Dashlane plan will never have a separate password. They will use only their SSO credentials to log in.
SCIM Provisioning Setup
1. SCIM requires the configuration of the Dashlane Encryption Service. Complete the Encryption service steps if you have not done so already as part of the SSO setup.
Enabling SCIM provisioning will allow automatic provisioning and deprovisioning of users and groups.
2. Log in to the Dashlane administrator console and click Settings > Directory Sync > SCIM Provisioning > Set up.
3. Click Generate Token.
4. Enable the switch for Allow the Encryption Service to sync directory.
5. In Azure, navigate back to your Dashlane Enterprise Application (or create a new one by following the steps starting at step 9 of the SSO section above.)
6. Select Provisioning > Get Started.
7. Copy the Tenant URL and the Secret token from the Dashlane administrator console using the copy buttons, and paste them into the corresponding fields in Azure.
8. Acknowledge the message to restart the encryption service one last time. We will do this next.
9. In the Azure Portal, navigate to your resource group to find your SSO/SCIM Connector "Encryption Service" Web App Service.
10. Click Restart.
You can check that your SCIM service has been enabled by opening the Log Stream of your Dashlane Encryption Service.
11. In Azure, go back to Enterprise Apps > select Dashlane App > click Properties in the Navigation Pane > ensure Assignment is turned on.
12. Go to Enterprise Application in Azure > Users and Groups > Add the users or groups you would like to sync with SCIM (if not already done as part of Step 20 in the SSO Section).
13. Click Provisioning > Start Provisioning > Edit Provisioning.
14. Set Provisioning Status to On and click Save.
Any users you add to the groups you selected will be added automatically to your Dashlane plan.
Contact Customer Support for any further questions or assistance.