Articles in this section

See more

Setting up the SSO Connector on Amazon Web Services

This article describes how to deploy the Dashlane SSO Connector using a pre-configured AWS template.

The Dashlane SSO connector can also be deployed with an Azure Template.

Before getting started, please review the SSO Overview page.

Contents

  1. Set up the SSL certificate using AWS Certificate Manager
  2. Use AWS CloudFormation to deploy the SSO Connector
  3. Add a DNS entry to map the SSO Connector domain to the AWS Lambda endpoint
  4. Copy the values from the Config file into the AWS Secrets Manager
  5. Download the SAML metadata of the SSO Connector
  6. Maintain and upgrade the SSO Connector
  7. Advanced option: Run multiple instances for high availability

Set up the SSL certificate using AWS Certificate Manager

All traffic to and from the SSO Connector needs to be encrypted using SSL. Therefore, you first need to obtain an SSL Certificate for the SSO Connector.

  1. Sign in to AWS and ensure the AWS region is Ireland (EU-West-1) or AWS region is Virginia (US-East-1). Navigate to AWS Certificate Manager.
  2. If this is your first time using the AWS Certificate Manager, then click Get started under Provision certificates. Otherwise, click Request a certificate.
  3. Make sure Request a public certificate is selected and then click Request a certificate.
  4. For the Domain name, add the domain where you would like your SSO Connector to run (for example: dashlanesso.mycompany.com).

    mceclip0.png

  5. Complete the remaining steps to validate that you own the domain and request a certificate.
  6. Once the certificate is issued (or while you wait for it to validate), open the details of the certificate and copy/save the ARN of the certificate.

    mceclip4.png

Use AWS CloudFormation to deploy the SSO Connector

  1. Navigate to AWS CloudFormation to create a new stack. Note: The AWS region must be Ireland (EU-West-1)
  2. Make sure that Template is ready is selected.
  3. For the Template source, select Amazon S3 URL. For the Amazon S3 URL, enter the following:

    https://s3-eu-west-1.amazonaws.com/public-cloudformation.dashlane.com/sso-connector/sam-app/template-latest.yaml

  4. Click Next.
  5. Provide a Stack name (for example: Dashlane-SSO-Connector).
  6. For the Certificate, enter the ACN of the SSL Certificate that you generated in the section above.
  7. For the DomainName, enter the SSO Connector endpoint (for example: dashlanesso.mycompany.com).

    mceclip5.png

  8. You do not need to configure any additional settings in the stack. On Step 4, check the three boxes on the bottom to acknowledge and agree to the terms of service. Then click Create stack.

    mceclip6.png

  9. Creating the stack can take up to 5-10 minutes. Once the stack has been created, you will see CREATE_COMPLETE in your list of stacks on the left.

    mceclip0.png

Add a DNS entry to map the SSO Connector domain to the AWS Lambda endpoint

In the previous section, the CloudFormation created a Lambda function. You now need to add an entry in your DNS provider that will map the SSO Connector endpoint to the newly created Lambda endpoint.

  1. Within the Stack that you created in the previous section, click Outputs. Copy the Value that is shown under the Key CNAME.

    Secondscreenshot.png

  2. Go to your DNS provider and add a CNAME entry, where the Name is the subdomain where the SSO Connector will be running, and the Value is the value you copied in the step above. In your DNS provider, this will look similar to the following:

    mceclip2.png

Copy the values from the Config file into the AWS Secrets Manager

When you instantiate the SSO Connector service, you need to configure it so that it's specific to your company's requirements. The config file downloaded from Dashlane's Admin Console is used to configure the SSO Connector. Information needs to be entered into the Admin Console so that the config file can be generated and then downloaded. This includes:

  1. The SAML metadata of the identity provider.
  2. The SSO Connector endpoint, which is the endpoint that the SSO Connector can be accessed from. This needs to match the site name from the section above. So in our example, the SSO Connector endpoint will be https://dashlanesso.mycompany.com.
  3. The SSO Connector key generated from the Dashlane Admin Console, which is the unique key that allows Dashlane to have a zero-knowledge architecture. Note that if this key is lost, all user data will be lost. Make sure that the key is stored in a safe and memorable location.

Once you have generated the config file, open it in notepad or another text editor. You will need to copy this information and save it as a secret in AWS Secrets Manager. To configure the secret:

  1. Open AWS Secrets Manager. You should already have a secret because the CloudFormation generates one for you. Open the secret by clicking Dashlane-SSO-Connector-secret.

    mceclip3.png

  2. Scroll down and click Retrieve secret value.

    mceclip4.png

  3. Click Edit, and then under Plaintext, paste the config file that you downloaded from the Dashlane Admin Console. For example:

    mceclip5.png

  4. Click Save. The deployment is now complete and the SSO Connector should be successfully running.
  5. You can verify the SSO Connector deployed correctly by navigating to the URL/saml. For example, if your site is dashlaneSSO, your SAML data is located at https://dashlaneSSO.mycompany.com/saml

Download the SAML metadata of the SSO Connector

Once the SSO Connector is successfully running, you will be able to download the SSO Connector's SAML metadata. To download your saml metadata, go to the following site in any web browser.

https://{SSO connector endpoint}/saml/

Where {SSO connector endpoint} is the SSO Connector Domain Name you configured above.

In our example above, you will be able to download the SSO Connector SAML metadata by navigating to https://dashlanesso.mycompany.com/saml/.

The SAML metadata will automatically download.

You can now upload the SAML metadata to your identity provider.

Return to the remaining portion of the setup guide for your identity provider.

Azure AD Google Workspace
ADFS Okta

Maintain and upgrade the SSO Connector

We recommend that you periodically update the CloudFormation stack to ensure that the SSO Connector is up to date. To do this:

  1. Navigate to AWS CloudFormation and select the stack that you had created.

    mceclip0.png

  2. Click Update.
  3. Select Replace current template and then enter the following for the Amazon S3 URL:

    https://s3-eu-west-1.amazonaws.com/public-cloudformation.dashlane.com/sso-connector/sam-app/template-latest.yaml

  4. You should not need to make any further changes in the stack. Navigate to the last step by clicking Next, and then acknowledge the capabilities and transforms. Then click Update stack.

    mceclip0.png

  5. Once the Stack is updated, you should see UPDATE_COMPLETE. Your SSO Connector is now up to date!

    mceclip2.png

Advanced option: Run multiple instances for high availability

AWS Lambda is inherently elastic and will scale with demand. However, if you do choose to run multiple instances of the SSO Connector, you simply need to ensure that the SSO Connector Key within the config file is the same across all instances.

The SSO Connector key should have been securely saved after first generated at the time of deploying the first instance of the SSO Connector. If the key was not saved, you may be able to find the key in the config file downloaded during the setup of the first instance. If the initial config file is also not available, it will not be possible to create more instances of the SSO Connector.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Can't find what you're looking for?

Contact us
Powered by Zendesk