Dashlane's single sign-on (SSO) feature allows your users to sign in to Dashlane using their SSO credentials instead of a Master Password. This article will guide you through setting up single sign-on (SSO) with Google Workspace.
Before you get started, make sure you have done the following:
- You have reviewed the SSO overview page.
- You have signed up for a Dashlane Business Plan. Dashlane Team does not allow enabling SSO. If you would like to upgrade, contact Dashlane Support.
- You have access to the Google Workspace Admin console.
Step-by-step video walkthrough
Overview of single sign-on (SSO)
Today, Dashlane uses the Master Password as one of the keys to encrypt/decrypt user data. Now, with SSO, your users can sign in to their Dashlane vault using their SSO credentials instead of a Master Password. Together with Dashlane's SSO Connector, users can sign in with their SSO credentials while Dashlane retains its zero-knowledge security architecture.
When a user attempts to sign in using SSO, they are redirected to the SSO Connector, which federates to the identity provider.
After the user successfully signs in, the SSO Connector sends a unique key to the client, which then decrypts the user's data.
The SSO Connector manages all user keys. To maintain our patented zero-knowledge security architecture, the SSO Connector must be hosted in an environment controlled by your organization. The SSO Connector runs on Docker and can be hosted in any environment where Docker is present.
Dashlane specific requirements
- Dashlane Business (Dashlane Team does not support SSO)
- Minimum version of the Dashlane app:
- Web: v6.2030.3
- iOS: v6.2029.0
- Android: v6.2030.1
- Desktop apps are not supported
Step 1: Verify your domain
You will need to verify the domain that your organization owns. Once you enable SSO, all users that are using your organization's domain will be required to use SSO to sign in.
- Log in to the Dashlane Admin Console, navigate to the Settings tab, and click Single sign-on.
- In the Verify your company email domain field, enter your company's domain name and click Add.
- If you have multiple e-mail domains configured for your SSO provider, add and verify all additional domains.
- Copy the Hostname and TXT values and add them to a new DNS TXT record for your domain. Once added, click Verify domain. Please note that it can take up to 24 hours to verify the domain.
- Verify all the email domains that your users will use to sign in using SSO. If you have more than 5 domains, please contact Dashlane Support.
Step 2: Create an application in Google Workspace
- Navigate to the Google Workspace Admin center and use the side menu to navigate to Apps > SAML apps.
- Select Add App > Add custom SAML app
- Click Add a service/App to your domain.
- For the Custom App name, type "Dashlane."
- Under Option 1, click DOWNLOAD METADATA. This will download the IDP metadata in a file named GoogleIDPMetadata.xml. You will need this file in the next section.
- Click Continue.
- Choose a single-sign-on URL endpoint that you would like to use for your SSO connector.
There are three ways to deploy the SSO encryption connector, and how you choose to deploy will change your ACS & Entity ID URLs.
SSO encryption service host SSO Connector endpoint Azure (recommended) https://mycompanysso.azurewebsites.net AWS https://mycompanysso.mycompany.com Linux VM (advanced) https://mycompanysso.mycompany.com
- Enter the SSO connector endpoint in the Dashlane admin portal.
- Your SSO encryption host will dictate your ACS and entity ID URLs.
- SSO Connector Endpoint = https://mycompanysso.azurewebsites.net
- ACS URL would = https://mycompanysso.azurewebsites.net/saml/callback
- Entity ID would = https://mycompanysso.azurewebsites.net/saml/
- Leave the default settings for the Name ID format and Name ID and click Continue.
- On the Attribute Mapping page, click Finish.
Step 3: Configure the SSO Connector
- Navigate back to the SAML SSO section of the Settings tab in the Dashlane Admin Console.
- Open the GoogleIDPMetadata.xml file that you downloaded in the section above. Copy and paste the contents of the file (the SAML metadata of Google Workspace) into the Enter the identity provider metadata field.
- Enter the URL where your SSO Connector instance will exist if you have not done so already. This is the URL that the SSO Connector service can be reached (such as https://mycomponysso.azurewebsites.net).
- Click the Generate SSO Connector key. This will generate a key that will be used to encrypt all your company's data. Copy the generated key and save it somewhere secure (such as a secure note in Dashlane). We also recommend sharing it with any other admins as well. You will not be able to see this key again.
- Click Download Config file. You will use this for completing the SSO connector setup in the next step.
- Configure the SSO Connector encryption service. Learn more about the SSO encryption service, and then visit the following article for your preferred platform.
Step 4: Test and enable SSO
You can do a quick test to ensure that SSO Connector and Google Workspace are configured correctly.
- Navigate to the Dashlane Admin Console and click Test Connection.
- Sign in using any Google user account that has access to the Dashlane application within Google Workspace. Once you successfully sign in, you should see a Success message. If you don't, please contact Dashlane Support.
- Click Enable SSO.
You have enabled SSO for all your users! Remember, admins within Dashlane will not be impacted and will continue to sign in using their Master Password. All other users will be forced to use SSO to access Dashlane.