SSO is only available to organizations on a Dashlane Business or Business Plus plan.
Upgrade your plan
Important: With the Dashlane Safari Extension, Self-Hosted SSO isn’t available at this time due to Apple limitations, but you can use it on a different browser like Chrome, Firefox, or Edge.
This article explains the plan member experience for migrating your organization from using Master Passwords to your Identity Provider's SSO. If you want to learn how to configure SSO to migrate your members, start with SSO overview and deployment.
After you enable single sign-on for your organization, your plan members will be able to use your organization's identity provider to sign in to Dashlane instead of their Master Password. However, because each member's data is encrypted using their Master Password, a one-time migration will be required for all members of your organization. This migration will decrypt the data using their Master Password and re-encrypt it using their SSO login. After the migration, the Master Password will no longer be used and your members will no longer need to remember their old Master Password.
This article outlines the important considerations before enabling SSO for your organization and how it will impact your organization.
Re-registering all devices
As part of the migration, all member devices will be deregistered. If the member uses multiple devices, they'll be signed out of all devices. Once the member signs in again, they'll receive an email notification that a new device was added even if they've signed in to Dashlane on that device before. Because the identity provider handles two-factor authentication (2FA), the member won't be prompted for a 2FA token when registering the new device. A 2FA challenge from the SSO identity provider may still occur if you have configured 2FA as part of SSO.
No access to any data after being removed from the team
If you remove a plan member who is using SSO to sign in, that member will no longer be able to access Dashlane, including the data stored in their Personal Space. However, if you need to give that member access again, you can add them back into your plan within 30 days of revoking them. No member data is deleted within 30 days, including the data in the Business Space.
More about offboarding plan members
Previously removed members not impacted
If you have plan members that you removed before enabling SSO for your organization, these members won't be disrupted and will continue to be able to sign in to Dashlane using their email and Master Password. They won't be forced to migrate to SSO either.
Member migration from Master Password to single sign-on
Important: With the Dashlane Safari Extension, Self-Hosted SSO isn’t available at this time due to Apple limitations, but you can use it on a different browser like Chrome, Firefox, or Edge.
After you activate SSO for your organization, all members (not admins) in your organization will be forced to re-encrypt their data so they can sign in to Dashlane using SSO instead of their Master Password at their next login. Admins in your organization won't be impacted and will continue to use their Master Password to sign in.
After you activate SSO, your members will go through the following migration:
- The next time the plan member successfully signs into their browser extension using their Master Password, they will see the following image. (If they attempt to sign into the web application in the browser, they'll be directly taken to the next step).
- After the member selects Log in with SSO, the member will see the following screen:
- After the member selects Log in with SSO, the member will be redirected to their identity provider to sign in.
- Upon a successful sign-in, the member will be redirected to Dashlane and automatically have their data re-encrypted. Once the re-encryption is complete, the member will be redirected to the Dashlane web app.
Note: If the member doesn't have the extension installed, they will have to type in the Master Password once more before the re-encryption happens.
The migration is complete. The member will no longer need their Master Password. Future logins will look like the following:
If the plan member wants to automatically log in with SSO on future logins, they can select the Automatically log in with SSO checkbox in the Log in with SSO pop-up. If they choose this option, we recommend that they set their browser to restore tabs on restart.
Learn how to set a browser to restore tabs on restart
Note: The same experience is available on the iOS and Android applications. The migration will be done only once per member and will happen on the device that the member signs into first after SSO has been activated for the organization.
Login issue when migrating from Master Password to SSO
If a member is having an issue in which the Log in with SSO button isn't working, the member will need to check the Dashlane extension browser settings:
- Right-click on the Dashlane D icon and select Manage extension.
- Scroll down to Site Access and confirm that On all sites is selected.
- Try the Log in with SSO button again.
If the issue persists, contact our Support team.