Google SSO
What Is Google SSO?
SSO is Single Sign-On, which ultimately just means, instead of using a new complex master password with your password manager, how could your team go about simply logging in with Google instead?
This would make Dashlane in some way feel like a Google password manager, but one with password sharing, team collaboration, more secure password functionality, and an alternative to Google authenticator 2FA functionality built right into Dashlane.
Why Use Google SSO?
Setting up Google login (SSO) for your software is a huge value add to your team, getting everyone easy access to their Dashlane password manager, well, if you're technical enough to manage to get it working that is... 😅
As someone that literally started an IT company over a decade ago and ran it for over 5 years, I too struggle getting Google SSO working with my favorite apps.
So if you're anything like me, looking to enable Google login for your team (or should I call it IdP (Identity Provider), SAML (Security Assertion Markup Language), or SSO (Single Sign On), yeah, that's what I'm talking about, and we're here to help you set it up once and for all.
Dashlane Password Manager
Dashlane is, in our opinion one of the best password managers on the market. With the built-in authenticator app, you won't need additional security tools like Authy or Google Authenticator. The main downfall is that using any password management software, you're also introducing an additional master password (that should be unique), and your team might not love you for this. 😅
Dashlane with Google SSO
Enter all the benefits of Dashlane, without the downfalls that come with higher security!
If you haven't yet signed up for the Dashlane Business tier for your Dashlane account (required for SSO), you can sign up for your free 14 day trial here.
Once you're logged in, you're going to want to visit the admin console of Dashlane (you can access it by visiting your Dashlane password vault and pressing "Open Admin Console" in the bottom-left corner). From there, you can visit Single sign-on -> Confidential SSO:
From here, you'll see the steps you need to complete and what information you need to copy/paste (some of it is universal, other parts, like the DNS verification, is unique to your account). We'll go through those steps below in this guide.
Google Admin Console
Create a Custom SAML App
In the Google Workspace Admin console, select Apps → Web and mobile apps from the navigation. On the Web and mobile apps screen, select Add App → Add custom SAML app:
1. App Details
On the app details screen, give the application a unique Dashlane-specific name and select the Continue button.
You can use the beautiful Dashlane logo that we made right here:
2. Google Identity Provider Details
On the Google Identity Provider details screen, use Option 1 and Download Metadata:
You're going to want to open up the XML file it downloaded googleidpmetadata.xml and copy the contents and pasting them back in the Dashlane Admin console under Step 2:
If the Valid Until date is not in the future, that means the certificate is expired. If the certificate is expired, that's fine, you can renew it later (after you complete setup), just continue for now—mind you, most people will not experience this:
Select Continue when you are finished.
3. Service Provider Details
On the Service provider details screen, configure the following fields:
Fields Explained
ACS URL: https://sso.nitro.dashlane.com/saml/callback
Set this field to the pre-generated Assertion Consumer Service (ACS) URL retrieved from the Dashlane SSO configuration screen.
Entity ID: dashlane-nitro-sso
Set this field to the pre-generated SP Entity ID retrieved from the Dashlane SSO Configuration screen.
Start URL: https://app.dashlane.com
Optionally, set this field to the login URL from which users will access Dashlane.
Signed response: ✅
Check this box if you want Workspace to sign SAML responses. If not checked, Workspace will sign only the SAML assertion. (We've checked this box)
Name ID format: EMAIL
Name ID: Basic Information > Primary Email
(Unless you'd rather use a different attribute like name, but email address will be the most unique and is recommended)
Select Continue when you are finished.
4. Attribute Mapping
On the Attribute mapping screen, select the Add Mapping button and construct the following mapping:
Google Directory attributes: Primary email
App attributes: email
Select Finish.
Debugging Issues (Optional)
Certificate Expired
If your certificate is expired (mentioned back in Step 2 as a potential issue that may have arisen), select Manage Certificates under Apps > Web and mobile Apps > Dashlane > Service provider details > Manage certificates:
And then select "Add Certificate":
Then select the new certificate on the prior screen (you might need to refresh if it's not letting you select the new certificate).
Re-Download Metadata
Make sure you also download the new Google IdP Metadata after adding the new certificate:
And be sure to open the downloaded file, googleidpmetadata.xml and copy the contents and pasting them back in the Dashlane Admin console under Step 2:
Turn on the app
By default, Workspace SAML apps will be OFF for everyone. Open the User access section for the SAML app and set to ON for everyone or for specific Groups, depending on your needs:
User Access
Save your changes. Please note that it can take up to 24 hours for a new Workspace app to propagate to users existing sessions, although it should be pretty immediate.
Dashlane Admin Console
At this point, you have configured everything you need within the context of the Google Workspace Admin console. Return to the Dashlane web password vault admin area to complete the configuration:
Step 3: Domain Name
Enter the email domain for your company and then select "Update Email Domain":
Step 4: Dashlane DNS TXT Record
Next, go to your DNS Provider and enter the following information as a DNS TXT record:
Update your DNS settings (we use Cloudflare to manage our DNS):
Then verify the DNS TXT record back in the Dashlane Admin SSO console:
Step 5: Test your SSO Connection
Select the account for the domain you've set it up for:
And then it should successfully redirect you back to Dashlane with a success message:
If you get an error here saying to reach out to Dashlane support and you initially had an expired certificate in the Google Admin console, make sure that you updated the IdP metadata in Step 2 to the new certificate generated (otherwise you'll get an expired certificate message in the console logs). Refer above to the Certificate Expired step if this is the case for you.
Step 6: Turn On SSO
Important Note: You'll need to contact Dashlane Support if you ever want to deactivate SSO after activating it:
If your team members formerly had a Dashlane login, the next time they login, they'll be prompted with the following message to login via SSO (Google Login):
Conclusion
And that's it! Any Dashlane users on your team should be on your way to never forgetting a password again, and you should never have to worry about them not having a strong master password again. And your team will appreciate you for making it so easy for them to login (and for them not having to remember another login again!)
With Dashlane as your team password vault, you'll also have a baked in 2FA authenticator app built right in to the password management software, so no longer will your team need to mess with SMS 2 factor authentication which brings with it many flaws and security concerns.
You now have Dashlane password manager as a replacement to the Google password manager for your entire team moving forward.
Limitations
Account Access
You cannot use SSO for the Admin Dashlane accounts for security reasons, so if you're just an individual, or a team of a few people, and you want everyone to have Admin access, enabling the above will not help as everyone will still have to login with their Dashlane password. This is the same for other password managers on the market though, it's just what comes with enabling SSO when you're an admin on the account.
Browser Extensions
Everyone on the team will need the Dashlane browser extension installed via your browser in order to sign in with Google. So if you ever login to your Dashlane password manager via incognito, that will no longer work. But logging in on your phone via Dashlane downloaded from the app store on iOS and Android will work completely fine.
- Time sensitive software discounts
- Exclusive access to our courses for free
Apps Discussed
Related Top Picks
You Might Also Like
(please note only eligible companies will be chosen for the audit.)