How Dashlane Built Our SSO Connector With Zero-Knowledge Architecture

Dashlane’s SSO Connector fuses the security capabilities of SSO and password management to simplify the protection of your valuable data. 

Employees today must keep track of dozens of passwords for business applications. It’s a tedious, time-consuming task that often tempts employees into reusing passwords—a potentially dangerous practice that can give threat actors access to your environment. You can avoid this risk by adopting identity and access management (IAM) solutions that can help secure your business without disrupting productivity. 

One of the most liberating IAM technologies is single sign-on (SSO), which give employees secure, seamless access to multiple applications using a single login. Pairing SSO with a password manager can help streamline password management by storing all user credentials in a secure centralized location. This integrated architecture allows you to secure all accounts with unique passwords, which can reduce the number of credentials that are in use and vulnerable to compromise. SSO credentials also make it easier for security admins to track shadow IT accounts and better manage the security landscape.   

We built Dashlane’s SSO Connector with these needs in mind. 

Dashlane’s SSO Connector  

As a security-first company, we wanted to ensure that business data was fully protected, which meant giving businesses the ability to connect their password manager to SSO. Dashlane’s SSO Connector was created around one core principle: a zero-knowledge architecture that keeps a user’s data private and ensures we cannot access their account.  

To that end, our top security engineers developed a robust new SSO Connector that significantly enhances an organization’s security posture. The SSO Connector allows employees to sign in to their Dashlane account using SSO credentials rather than their Master Password. This means they only need to remember one password, their SSO password, in order to get access to all their accounts. Lessening the passwords an employee must remember means they’re far less likely to use weak or recycled ones—ultimately lessening the risks for your business. 

What’s more, the SSO Connector’s architecture further limits risks by storing encryption and decryption keys in multiple locations. We store one key for each user in the SSO Connector and a second key in Dashlane servers.

Here’s how the SSO Connector works: First, users configured for SSO sign in to Dashlane with their SSO credentials rather than their Master Password. They are then redirected to the SSO Connector, which federates to the identity provider. As a result, users need only one password to securely access all applications and their Dashlane account.  

How we built our SSO Connector 

In developing the SSO Connector, our team designed a product-agnostic architecture that supports all SAML 2.0-based identity providers. Dashlane’s SSO Connector works with Azure AD, Okta, and G Suite (renamed Google Workspace), among others. Not all password managers can claim this level of integration. 

Our zero-knowledge architecture encrypts data in transit and at rest, unlike standard SAML tools that only encrypt data in transit. To protect user accounts, we never store all encryption keys in one place. Instead, we configured an SSO encryption service that hosts the company encryption keys outside Dashlane’s data center and the identity provider. 

Other password managers may have similar SSO technologies, but they come with limitations. Standard SAML-based SSO tools, for instance, only encrypt data in transit but not at rest, and they employ one encryption key for all users. Dashlane’s SSO Connector, by comparison, encrypts data at rest and in transit, and creates multiple encryption keys.  

The combined power of two 

Our SSO Connector fuses the security capabilities of SSO and password management to simplify the protection of your valuable data. All credentials are captured and stored in the same place, which streamlines management of accounts and applications. Ultimately, this combination enables your business to add new layers of security, including multifactor authentication (MFA), encryption, and network logging and monitoring. And that can help end the password guessing game for employees and allow system admins to more efficiently manage credentials and security. 

To learn more, read our latest white paper, Better Together: Why You Should Integrate Password Management with SSO

    Dashlane

    Dashlane gives everyone who uses the internet a simple way to live savvier online. Generate strong, randomized passwords for every account, and autofill logins, personal info, and payment details instantly—without compromising your data security. Dashlane works across devices on every major operating system and browser, making the internet safer and easier to navigate at home, at work, and on the go.

    Read More