SSO is only available to organizations on a Dashlane Business plan.
Upgrade to Dashlane Business
This article explains the plan member experience for migrating your organization from using Master Passwords to your Identity Provider's SSO. If you want to learn how to configure SSO to migrate your members, start with SSO overview and deployment.
Once you enable single sign-on for your organization, the members of your team will be able to use your organization's identity provider to sign in to Dashlane instead of their Master Password. However, because each member's data is encrypted using their Master Password, a one-time migration will be required for all members of your organization. This migration will decrypt the data using their Master Password and re-encrypt it using their SSO login. After the migration, the Master Password will no longer be used and your members will no longer need to remember their old Master Password.
This article outlines the important considerations before enabling SSO for your organization and how it will impact your organization.
Re-registering all devices
As part of the migration, all member devices will be deregistered. If the member uses multiple devices, they'll be signed out of all devices. Once the member signs in again, they'll receive an email notification that a new device was added even if they've signed in to Dashlane on that device before. Because the identity provider handles two-factor authentication (2FA), the member won't be prompted for a 2FA code when registering the new device. A 2FA challenge from the SSO identity provider may still occur if you have configured 2FA as part of SSO.
No access to any data after being revoked from the team
If you revoke a plan member that is using SSO to sign in, that member will no longer be able to access Dashlane, including the data stored in their Personal Space. However, if you need to give that member access again, you can add them back into your business plan within 30 days of revoking them. No member data is deleted within 30 days, including the data in the Business Space.
Previously revoked members not impacted
If you have plan members that you revoked before enabling SSO for your organization, these members won't be disrupted and will continue to be able to sign in to Dashlane using their email and Master Password. They won't be forced to migrate to SSO either.
Member migration from Master Password to single sign-on
Once you activate SSO for your organization, all members (not admins) in your organization will be forced to re-encrypt their data so they can sign in to Dashlane using SSO instead of their Master Password at their next login. Admins in your organization won't be impacted and will continue to use their Master Password to sign in.
Once you activate SSO, your members will go through the following migration:
- The next time the plan member successfully signs into their browser extension using their Master Password, they will see the following image. (If they attempt to sign into the web application in the browser, they will be directly taken to the next step).
- Once the member clicks on Log in with SSO, the member will see the following screen:
- Once the member clicks Log in with SSO, the member will be redirected to their identity provider to sign in.
- Upon a successful sign-in, the member will be redirected to Dashlane and automatically have their data re-encrypted. Once the re-encryption is complete, the member will be redirected to the Dashlane web app. Note: If the member doesn't have the extension installed, they will have to type in the Master Password once more before the re-encryption happens.
The migration is complete - the member will no longer need their Master Password! Future logins will look like the following:
Note: The same experience is available on the iOS and Android applications. The migration will be done only once per member and will happen on the device that the member signs into first after SSO has been activated for the organization.