Dashlane's single sign-on (SSO) feature allows your users to sign in to Dashlane using their SSO credentials instead of a Master Password. This article will guide you through setting up single sign-on (SSO) with DUO.
Before you get started, make sure you have done the following:
- You have reviewed the SSO overview page.
- You have signed up for a Dashlane Business Plan. Dashlane Team does not allow enabling SSO. If you would like to upgrade, contact Dashlane Support.
- You have access to the SSO Identity Providers metadata and console (if applicable).
Step-by-step video walkthrough
Overview of single sign-on (SSO)
Today, the Master Password is used as one of the keys to encrypt/decrypt user data. Now, with SSO, your users can sign in to their Dashlane vault using their SSO credentials instead of a Master Password. Together with Dashlane's SSO Connector, users can sign in with their SSO credentials, all while Dashlane retains its zero-knowledge security architecture.
When a user attempts to sign in using SSO, they are redirected to the SSO Connector, which federates to the identity provider.
After the user successfully signs in, the SSO Connector sends a unique key to the client, decrypting the user's data.
The SSO Connector manages all user keys. To maintain our patented zero-knowledge security architecture, the SSO Connector must be hosted in an environment controlled by your organization. The SSO Connector runs on Docker and can be hosted in any environment where Docker is present.
Dashlane specific requirements
- Dashlane Business (Dashlane Team does not support SSO)
- Minimum version of the Dashlane app:
- Web: v6.2030.3
- iOS: v6.2029.0
- Android: v6.2030.1
- Desktop apps are not supported
Step 1: Verify your domain
You will need to verify the domain that your organization owns. Once you enable SSO, all users using your organization's domain will be required to use SSO to sign in.
- Log in to the Dashlane Admin Console, navigate to the Settings tab, and click Single sign-on.
- In the Verify your company email domain field, enter your company's domain name and click Add.
- If you have multiple e-mail domains configured for your SSO provider, add and verify all additional domains.
- Copy the Hostname and TXT values and add them to a new DNS TXT record for your domain. Once added, click Verify domain. Please note that it can take up to 24 hours to verify the domain.
- Verify all the email domains your users will use to sign in using SSO. If you have more than 5 domains, please contact Dashlane Support.
- You must verify your domain before you can configure the SSO Connector.
Step 2: Create the SSO Connector Endpoint
- Choose a single-sign-on URL endpoint that you would like to use for your SSO connector. There are three ways to deploy the SSO encryption connector, and how you choose to deploy it will change your ACS and Entity ID URLs.
SSO encryption service host SSO Connector endpoint Azure (recommended) https://mycompanysso.azurewebsites.net AWS https://mycompanysso.mycompany.com Linux VM (advanced) https://mycompanysso.mycompany.com
- Enter the SSO connector endpoint in the Dashlane admin portal
- Set the Single sign-on URL to https://<SSO Connector Endpoint>/saml/callback, where SSO Connector Endpoint URL is where the SSO Connector is hosted and can be reached publicly. Make sure to include /saml/callback at the end of the path.
- Set the Audience URI (SP Entity ID) to https://<SSO ConnectorEndpoint>/saml/, where SSO Connector Endpoint URL is where the SSO Connector is hosted and can be reached publicly. Make sure to include /saml/ at the end of the path.
- After you've named your SSO Connector Endpoint, in section 3 of the SAML SSO Configuration Page in the Dashlane Admin Console, you will find your SSO Connector Metadata URL, Entity ID, and Login URL (ACS URL).
Step 3: Create an application in DUO
DO NOT search for Dashlane in the DUO marketplace. It will not work for SSO.
- Navigate to the Admin center in DUO and go to Applications.
- Click Protect an Application.
- Search for "Generic Service Provider," select 2FA with SSO hosted by Duo, and click Protect.
- On the next page, scroll down and select Download your XML SAML Metadata.
- Navigate back to the SAML SSO section of the Settings tab in the Admin Console.
- Paste the SAML metadata from DUO that you just downloaded into the SAML SSO section of the Settings tab in the Admin Console.
- Navigate back to the DUO Generic Service Provider Page where you downloaded the XML SAML Metadata. Scroll down to the Service Provider Section and copy and paste the Entity ID and Assertion Consumer Service (ACS) URL that was created in step 2.4 above. These links are found in the Dashlane Admin console.
Step 4: Configure the SSO Connector
- Click Generate SSO Connector key. This will generate a key that will be used to encrypt all your company's data. Copy the generated key and save it somewhere secure (such as a secure note in Dashlane). We also recommend sharing it with any other admins as well. You will not be able to see this key again.
- Click Download Config file.
- Configure the SSO Connector encryption service. Learn more about the SSO encryption service, and then visit the following article for your preferred platform.
Step 5: Test and enable SSO
You can do a quick test to ensure that SSO Connector and DUO are configured correctly.
- Navigate to the Dashlane Admin Console and click Test SSO Connection.
- Sign in using any user account assigned to the application in DUO to test the account. Once you successfully sign in, you should see a Success message. If you don't, please contact Dashlane Support.
- Click Enable SSO.
You have enabled SSO for all your users! Remember, admins within Dashlane will not be impacted and will continue to sign in using their Master Password. All other users will be forced to use SSO to access Dashlane.