As an admin, you can set up JumpCloud single sign-on (SSO) for your plan members with SAML. You can further control your SSO integration by syncing it with your Identity Provider’s directory of plan members and groups with SCIM.
We recommend setting up both SSO and SCIM at the same time to get the full benefits of both.
Before you start
Open and log in to these platforms with your admin accounts:
- The Dashlane Admin Console
- The JumpCloud Admin Console
- Your Public DNS provider account
- Your encryption service account—Azure or AWS
Time to complete SSO and SCIM setup: 15 minutes
Set up SSO
- Set up the Dashlane encryption service.
Copy the URL from the encryption service setup, open a new tab in your browser, and paste the URL into the address bar. A Dashlane page appears to confirm that the encryption service is set up.
Note: If this confirmation doesn't appear, make sure you completed the encryption service setup.
- Log in to the JumpCloud Admin Console, select the USER AUTHENTICATION drop-down list, and select SSO.
- Select + to create a new application.
- Select Custom SAML App.
- In the General Info tab, enter "Dashlane" for the Display Label, and select activate.
- Open the Dashlane Admin Console, select Settings, Single sign-on, and select Set up for SSO settings.
- In the Verify your company email domain section, enter your company email domain and then select Add domain to see the new HOSTNAME and TXT VALUE.
- Go to your Public DNS provider account and create a new TXT record. The exact steps vary depending on your provider.
- Return to the Dashlane Admin Console, Copy the HOSTNAME and TXT VALUE, and paste this information into the new TXT record you created in your Public DNS provider. Save your changes.
- Return to the Dashlane Admin Console, and in the Verify your company email domain section, select Verify next to your company's domain name.
- Wait a few minutes for the DNS record to be replicated throughout the internet. A green checkmark appears to verify your company email domain. In rare cases, it could take up to 24 hours. Continue to select Verify until the green checkmark appears.
- Repeat steps 7-11 to add more company email domains.
Note: You can’t link multiple SSO providers to a single Dashlane plan.
- Select the Copy icon to copy the ENTITY ID, return to the JumpCloud Admin Console, select the SSO tab, and paste that information into IdP Entity ID and SP Entity ID. Then, copy the Assertion Consumer Service URL from Dashlane and paste it into ACS URL in JumpCloud.
- Select email in the SAMLSubject NameID drop-down list.
- For Login URL, enter "https://app.dashlane.com".
- Select the User Groups tab, add All Users or search and add specific groups and members, and select activate.
- Select continue to Please confirm your new SSO connector instance.
- Select Dashlane, which appears in the Name column.
- Select the SSO tab and select Export Metadata to download a copy of the metadata.
- Open the XML metadata file that was downloaded to your computer in an application like TextEdit for Mac or Notepad for Windows.
- Select all and copy the contents of the XML file.
- Return to the Dashlane Admin Console, paste the contents of the XML file into the Add identity provider metadata section, and select Save changes.
- Return to the JumpCloud Admin Console, select the USER MANAGEMENT drop-down list, User Groups, and All Users or search and add specific groups and members.
- Select the Applications tab, Dashlane checkbox, and save.
- Select the Users tab, the checkboxes for the Name of each person you want to add, and save.
- In the Test the SSO connection section in Dashlane, select Test connection for any of the groups or people you assigned. A SUCCESS message appears if SSO was set up as expected. To test with an individual member, select Copy test URL and send it to that member to open. That member enters their SSO Email and Password. If MFA is enabled, the member also logs into that.
Note: As an admin, you can't test the SSO connection yourself because you will continue to use your Master Password and not SSO.
When you're ready to enable, return to the Dashlane Admin Console and select Enable SSO.
Once enabled, all non-admin plan members are converted to SSO members the next time they log in. Members enter their Master Password for the last time and use SSO going forward.
Any new members invited to your Dashlane plan won't have a Master Password and will only use their SSO to log in.
All members who use SSO are automatically redirected to the SSO login flow.
Set up SCIM
After you complete the SCIM setup, anyone you add to a group in your Identity Provider is automatically invited to your Dashlane plan.
- Open the Dashlane Admin Console, select Settings, Directory Sync, and in the SCIM provisioning settings section, select Set up.
- Select Generate token, turn on Allow the Encryption Service to sync directory, and select Save changes.
- Select the Copy icon to copy the SCIM API token and the SCIM endpoint.
- Open the JumpCloud Admin Console, select the USER AUTHENTICATION drop-down list, and select SSO.
- Select Dashlane, the Identity Management tab, and select SCIM 2.0 if it isn't selected already.
- For Base URL, paste the SCIM endpoint from Dashlane. For Token Key, paste the SCIM API token from Dashlane and save.