How Dashlane Built Our SSO With Zero-Knowledge Architecture
Employees today must keep track of dozens of passwords for business applications. It’s a tedious, time-consuming task that often tempts employees into reusing passwords—a potentially dangerous practice that can give threat actors access to your environment. You can avoid this risk by adopting identity and access management (IAM) solutions that can help secure your business without disrupting productivity.
One of the most liberating IAM technologies is single sign-on (SSO), which give employees secure, seamless access to multiple applications using a single login. Pairing SSO with a password manager can help streamline password management by storing all user credentials in a secure centralized location. This integrated architecture allows you to secure all accounts with unique passwords, which can reduce the number of credentials that are in use and vulnerable to compromise. SSO credentials also make it easier for security admins to track shadow IT accounts and better manage the security landscape.
We built Dashlane’s SSO technology with these needs in mind.
Dashlane’s SSO Technology
As a security-first company, we wanted to ensure that business data was fully protected, which meant giving businesses the ability to connect their password manager to SSO. Dashlane’s SSO was created around one core principle: a zero-knowledge architecture that keeps a user’s data private and ensures we cannot access their account.
To that end, our top security engineers developed a robust new SSO that significantly enhances an organization’s security posture. Our SSO allows employees to sign in to their Dashlane account using SSO credentials rather than their Master Password. This means they only need to remember one password, their SSO password, in order to get access to all their accounts. Lessening the passwords an employee must remember means they're far less likely to use weak or recycled ones—ultimately lessening the risks for your business.
What’s more, our SSO architecture further limits risks by storing encryption and decryption keys in multiple locations. We store one key for each user in our SSO technology and a second key in Dashlane servers.
Here’s how our SSO works: First, users configured for SSO sign in to Dashlane with their SSO credentials rather than their Master Password. They are then redirected to our SSO technology, which federates to the identity provider. As a result, users need only one password to securely access all applications and their Dashlane account.
How we built our SSO technology
In developing our SSO technology, our team designed a product-agnostic architecture that supports all SAML 2.0-based identity providers. Dashlane’s SSO works with Azure AD, Okta, and G Suite (renamed Google Workspace), among others. Not all password managers can claim this level of integration.
Our zero-knowledge architecture encrypts data in transit and at rest, unlike standard SAML tools that only encrypt data in transit. To protect user accounts, we host an SSO encryption service that uses confidential computing technology to create a secure environment. Dashlane encrypts every bit of information and treats it with complete confidentiality, which means neither Dashlane nor our hosting provider can decrypt any customer data, ever. Only the authorized owner can access and view the encrypted information.
The combined power of two
Our SSO technology fuses the security capabilities of SSO and password management to simplify the protection of your valuable data. All credentials are captured and stored in the same place, which streamlines management of accounts and applications. Ultimately, this combination enables your business to add new layers of security, including multifactor authentication (MFA), encryption, and network logging and monitoring. And that can help end the password guessing game for employees and allow system admins to more efficiently manage credentials and security.
To learn more, read our latest white paper, Better Together: Why You Should Integrate Password Management with SSO.