With Dashlane's single sign-on (SSO) feature, members can sign in to Dashlane with their SSO credentials instead of a Master Password. This article shows you how to set up SSO with an on-premise—or cloud-hosted—ADFS infrastructure.
Before you get started, complete these steps:
- Review our Identity Provider integrations article.
- Sign up for a Dashlane Business plan if you haven't already. The Dashlane Team plan doesn't allow you to enable SSO. If you want to upgrade, contact Dashlane Customer Support.
- Make sure you can access your Identity Provider's metadata and console, if applicable.
We recommend that you set up both SSO and AD sync to get the full benefits of both.
Before you start
Open and log in to these platforms with your admin accounts:
- The Dashlane Admin Console
- The ADFS administrator console
- Your Public DNS provider account
- Your encryption service account—Azure or AWS
Time to complete SSO setup: 15 minutes
Set up SSO
To set up SSO, complete these steps:
Step 1: Set up and test your encryption service
- Follow this guide to set up the encryption service.
- Validate that your encryption service is set up. Go to your encryption service URL and verify that you see the Dashlane branded test page.
Step 2: Verify your company domain with your DNS Provider
- Select the Dashlane D icon in your browser’s toolbar and enter your admin Master Password if prompted. In the extension pop-up, select More and then Open the Admin Console.
- In the Dashlane Admin Console, select Settings, Single sign-on, and then Edit or Set up, depending on what you see.
- In the Verify your company email domain section, enter your company email domain and select Verify to see the new HOSTNAME and TXT VALUE.
- Navigate to your Public DNS provider's console and account and create a new TXT record.
- Return to the Dashlane Admin Console and copy the HOSTNAME and TXT VALUE and paste this information into the new TXT record you created in your Public DNS provider. Select the Copy icon to copy the information.
- Paste the information into a new TXT record in your public DNS provider. You may need to consult your DNS provider's documentation for specific steps.
- Wait a few minutes for the DNS record to be replicated throughout the internet, and then select Verify domain. A green checkmark appears to verify your company email domain.
- Confirm that you now have a green check next to your domain, which indicates it has been verified.
- Repeat steps 1–6 to add more company email domains.
Note: You can link multiple domains, but they all need to be on the same SSO provider tenant.
Step 3: Setup ADFS to connect to SSO
- Navigate to the SAML SSO section of the Settings tab in the Dashlane Admin Console.
- Copy and paste the SAML metadata of ADFS into the Enter the identity provider metadata here field. If you need help finding the metadata, go to your ADFS metadata URL where "ADFSName.Domain.com" is the URL of your ADFS server or farm.
You can also use Microsoft's tool to download your Federation Metadata Document.
- Paste the ADFS metadata into the Dashlane Admin Console.
Step 4: Configure ADFS
- To configure ADFS, you need the SAML metadata from the encryption service. To find your SAML URL, go to the Dashlane Admin Console, select Single Sign-on in the menu. In the Settings section, go to the Entity ID.
- Enter the Entity ID URL in your browser to download a local copy of the SAML metadata.
- Open the ADFS Management Console and select Add Relying Party Trust.
- In the drop-down menu, select Claims aware and then select Start.
- Select Import data about the relying part from a file and select Browse to select your SSO Connector's metadata XML file saved in Step 1. Then, select Next.
- Type "Dashlane Encryption Service" as the display name and select Next.
- Select your access control policy and select Next. This will vary based on your company's security policies. In this example, access is granted to everyone.
- Review the relying party trust, select Next, and then select Close. The new trust is created.
- Allow the Dashlane SSO Connector to retrieve the member's email address from ADFS. Select the newly created Relying Party Trust. If you don't see it, select Relying Party Trusts in the left sidebar. Then, select Edit Claim Issuance Policy.
- Select Add Rule.
- In the Claim rule template drop-down menu, select Transform an incoming claim and select Next.
- Set the Claim rule name field to "Send Email as Name ID."
- Set Incoming claim type to "UPN."
- Set Outgoing claim type to "Name ID."
- Set Outgoing name ID format to "Email."
- Select Finish.
Step 4: Test and enable SSO
- After members are assigned, you can test with an assigned member from the Dashlane Admin Console. Select Test connection. Use the Copy test URL to test the SSO connection from different locations, devices, and members.
If SSO is set up as expected, the success message appears.
If you see an error message, contact Customer Support for assistance.
- When you're ready to enable, return to the Dashlane Admin Console and select Enable SSO.
Once enabled, all non-admin plan members are converted to SSO members the next time they log in. Members enter their Master Password for the last time and use SSO going forward.
Any new members invited to your Dashlane plan won't have a Master Password and will only use their SSO to log in.
All members who use SSO are automatically redirected to the SSO login flow.
You can continue with your AD integration by configuring Active Directory sync for automated onboarding and offboarding of members based on their AD account status.