As an admin, you can set up Okta single sign-on (SSO) for your plan members with SAML. You can further control your SSO integration by syncing it with your Identity Provider’s directory of plan members and groups with SCIM.
We recommend setting up both SSO and SCIM at the same time to get the full benefits of both.
Time to complete: 15 minutes
- Dashlane admin account
- Okta admin account
- Public DNS editor for domain verification
Set up SSO
Copy the URL from the encryption service setup, open a new tab in your browser, and paste the URL into the address bar. A Dashlane page appears to confirm that the encryption service is set up.
Note: If this confirmation doesn't appear, make sure you completed the encryption service setup.
- Log in to the Dashlane Admin Console by logging into the Dashlane extension and selecting More and then Open the Admin Console.
- Navigate Settings > Single sign-on > Set up under the SSO Settings.
- Enter your company e-mail domain and click Verify.
Notice the copy buttons you will use to copy the hostname and TXT values to your public DNS provider.
- Go to your Public DNS provider account and create a new TXT record. The exact steps vary depending on your provider.
- Return to the Dashlane Admin Console and copy the HOSTNAME TXT VALUE and paste this information into the new TXT record you created in your Public DNS provider.
- Wait a few minutes for the DNS record to be replicated throughout the internet and select Verify domain. A green checkmark appears to verify your company email domain. Public DNS changes can take up to 24 hours, but most new records take 5 minutes or less.
- Repeat steps 5-8 to add more company email domains.
Note: You can’t link multiple SSO providers to a single Dashlane plan.
- Navigate to your Okta Admin Console and select Applications, select Applications again and then Create App Integration.
- On the Create a new app integration page, select SAML 2.0 and then Next.
- Download a Dashlane logo for the application display if you'd like.
- On the Create SAML Integration screen, enter "Dashlane" for the app name, upload a logo, and select Next.
- From the Dashlane Admin Console, copy the text to the corresponding entries in the Okta app. Copy the Assertion Consumer Service URL to Single sign on URL in Okta. Copy Entity ID to Audience URI (SP Entity ID) in Okta.
- In Okta, verify that the Single sign-on URL ends in "/callback" and the Audience URI ends in "/saml/". All other fields can be left alone unless you have a custom configuration that you know to be different.
- Scroll to the bottom of the page and select Next.
- In the Help Okta Support page, select I'm an Okta customer adding an internal app and then Finish.
- In Okta, on the Dashlane SAML app that was just created, select Sign On, and then in Settings, select Edit.
- To access your XML metadata, select View Setup Instructions in the SAML 2.0 section.
- In the Optional section, select and copy all of your IDP metadata.
- In the Dashlane Admin Console, paste the XML data and select Save changes.
- Go to https://portal.azure.com and select Restart to restart your Azure encryption service.
- Go to the Dashlane app in the Okta Admin Console and select Assignments and then Assign.
- Select Assign to People or Assign to Groups and assign to test.
- In the Test the SSO connection section in Dashlane, select Test connection for any of the groups or people you assigned. Select Copy test URL to test the SSO connection from different locations, devices, and members.
A success message will tell you if SSO was set up as expected.
If you see an error message, contact us.
- Turn on the Enable SSO setting.
Once enabled, all non-admin plan members are converted to SSO members the next time they log in. They'll enter their Master Password for the last time and use SSO going forward.
Any new members invited to your Dashlane plan will never have a Master Password and will only use their SSO to log in.
All members who use SSO will be automatically redirected to the SSO login flow.
Set up SCIM provisioning and directory sync
- Set up the Dashlane encryption service.
- Go to step 10 in the SSO setup section and set up a new Dashlane Application in Okta.
- In your Dashlane application in Okta, select Edit, select the check box to Enable SCIM provisioning and select Save.
- Log in to the Dashlane Admin Console and select Settings, Directory Sync, SCIM Provisioning, and then Set up.
- Select Generate Token.
- Turn on Allow the Encryption Service to sync directory and Save changes.
- Restart your Dashlane encryption service in Azure to enable the changes for SCIM enablement. If you don't remember how to do this, you can start at step 22 in the SSO setup section.
- In the Okta Dashlane app, select the Provisioning tab, select Edit, and copy the SCIM values from the Dashlane Admin Console to the Okta text fields.
- For SCIM connector base URL, copy and paste the URL from Dashlane.
- In the Unique identifier field for users field, enter "email."
- Enable all the Supported provisioning methods.
- For Authentication Mode, select HTTP Header.
- For Authorization, copy and paste the SCIM token from Dashlane and the Bearer field.
- Select Test Connector Configuration. You should receive a successful test.
- Save the configuration.
- In the Provisioning tab, select Settings, To App, and Edit.
- Enable Create Users, Update User Attributes, Deactivate Users, and select Save.
After you complete the SSO setup, all non-admin plan members will use SSO the next time they log in. This includes any new people added to your plan and anyone already using SSO.
If you have questions or need help, contact us.