Summary and recommendation
Dashlane user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Dashlane's Admin Console (app.dashlane.com/admin) covers the full user lifecycle: invite, manage groups, and revoke access. The permission model is a strict two-role system - Admin or Member - with no granular sub-roles or read-only admin tiers.
Every app in your stack that relies on shared credentials is affected by how cleanly you manage group membership here, since group assignment is the only mechanism for controlling which shared credentials a member can reach.
Quick facts
| Admin console path | app.dashlane.com → Admin Console (left sidebar) |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Business/Omnix |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Full access to Admin Console: invite/remove members, manage groups, configure SSO/SCIM, view activity logs, manage billing, promote/demote other admins, access shared Spaces settings | Cannot access individual members' personal vault items (zero-knowledge architecture enforced); cannot recover member master passwords unless account recovery is configured | Business or Omnix | Consumes a paid seat ($8/user/month on Business, $11/user/month on Omnix, billed annually) | Multiple admins can be assigned, but there is no granular sub-admin or read-only admin role; all admins have equivalent full admin permissions |
| Member (User) | Access to personal vault, access to shared collections/groups the admin has granted, use of SSO if configured | Cannot access Admin Console, cannot manage other users, cannot view organization-wide settings | Business or Omnix | Consumes a paid seat ($8/user/month on Business, $11/user/month on Omnix, billed annually) | Members on Business plan also receive a personal Dashlane Premium account bundled with their seat; personal vault data is not visible to admins |
Permission model
- Model type: role-based
- Description: Dashlane uses a two-role model: Admin and Member. Admins have full administrative access; Members have end-user access only. There are no custom roles, permission sets, or granular permission assignments beyond group-level sharing of credentials and secure notes.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Coarse: Admin vs. Member only. Group membership controls which shared credentials a member can access, but there are no per-permission toggles within the admin role.
How to add users
- Sign in at app.dashlane.com and navigate to Admin Console
- Select 'Members' from the left sidebar
- Click 'Invite members'
- Enter one or more email addresses in the invite field (comma-separated for multiple)
- Click 'Send invitations'
- Invited users receive an email prompting them to create or link a Dashlane account and join the organization
Required fields: Email address of the invitee
Watch out for:
- Invitees must accept the email invitation before they appear as active members and consume a seat
- Pending invitations count toward seat usage on some billing configurations; verify with Dashlane billing
- If SSO is enforced, users must authenticate via the configured IdP before accessing the vault; inviting a user whose email domain is not covered by SSO may cause login issues
- Users already on a personal Dashlane plan will be prompted to merge or keep separate their existing vault when joining a Business plan
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Yes | Admin Console → Members → Invite members → 'Import CSV' option; CSV must contain one email address per line |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Business or Omnix (SSO must be configured as a prerequisite for SCIM) |
How to remove or deactivate users
- Can delete users: Verify in tenant
- Delete/deactivate behavior: This app exposes delete operations in its API documentation, but the admin-console path may present removal as deactivation, archiving, or deletion depending on tenant configuration. Confirm whether the UI action is reversible before treating removal as recoverable.
- Sign in at app.dashlane.com and navigate to Admin Console
- Select 'Members' from the left sidebar
- Locate the member to remove
- Click the three-dot (⋯) menu next to the member's name
- Select 'Revoke access'
- Confirm the action in the dialog
| Data impact | Behavior |
|---|---|
| Owned records | Items stored only in the member's personal vault remain with the member's personal account and are not accessible to the organization. Admins cannot retrieve personal vault items. |
| Shared content | The revoked member immediately loses access to all shared credentials, secure notes, and collections in the Business Space. Shared items remain in the organization's shared groups/collections for other members. |
| Integrations | If SCIM is in use, deprovisioning via the IdP triggers automatic revocation in Dashlane. SSO sessions are terminated upon revocation. |
| License freed | The seat is freed immediately upon revocation and becomes available for a new invite. |
Watch out for:
- Admins cannot recover or export a departing member's personal vault items; only items explicitly shared to the Business Space are retained by the organization
- If the member was the sole admin, another admin must be promoted before revoking that account to avoid losing admin access
- Revoked members revert to a free Dashlane personal account (or no account if the free plan has been discontinued as of September 2025); they retain their personal vault data
- There is no 'suspend' or temporary deactivation state; revocation is immediate and permanent from the organization's perspective
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Business seat | Admin Console access (for admins), Business Space vault, shared groups/collections, SSO, SCIM, activity logs, bundled personal Dashlane Premium account for the member | $8/user/month billed annually |
| Omnix seat | All Business seat features plus Dashlane's AI-powered Omnix capabilities (credential risk detection, advanced reporting, and additional security features) | $11/user/month billed annually |
- Where to check usage: Admin Console → Members tab displays total active members, pending invitations, and seat count; Admin Console → Billing section shows seat allocation vs. usage
- How to identify unused seats: Filter the Members list by 'Last activity' date in the Admin Console to identify members who have not logged in recently. No dedicated 'inactive seat' report exists natively; admins must sort/filter manually.
- Billing notes: Seats are billed per active member. Pending invitations may or may not consume a seat depending on contract terms; confirm with Dashlane account management. Starter, Team, and Standard plans are no longer sold. Free plan discontinued September 2025. Annual billing is required for published per-seat pricing; monthly billing options may differ.
The cost of manual management
Identifying unused seats requires manually sorting the Members list by 'Last activity' date; there is no native inactive-seat report. Pending invitations may consume seats depending on contract terms, and Dashlane's documentation does not resolve this definitively - unexpected billing surprises have been reported.
Offboarding is particularly costly: admins cannot export a departing member's personal vault items, so work credentials stored in the personal space rather than the Business Space are unrecoverable by the organization.
What IT admins are saying
The most consistent friction points reported by admins center on three areas. First, the flat admin model means every admin has identical full permissions - there is no way to assign a read-only or scoped admin role.
Second, there is no enforcement mechanism to require members to store credentials in the Business Space, which leads to credential sprawl across personal vaults. Third, the deprecation of self-hosted SSO caused disruption for organizations that had deployed the on-premises connector.
Common complaints:
- Self-hosted SSO deprecation caused disruption for organizations that had deployed Dashlane's on-premises SSO connector
- No granular admin roles: all admins have identical full permissions, making it impossible to assign read-only or limited admin access
- Admins cannot retrieve or export a departing employee's personal vault items, creating offboarding gaps when employees stored work credentials in their personal space rather than the Business Space
- No native way to enforce that members store credentials in the Business Space rather than personal vault, leading to credential sprawl
- Pending invitations behavior around seat consumption is unclear and has caused unexpected billing surprises
- No built-in inactive seat report; identifying unused licenses requires manual sorting by last activity date
- SCIM requires SSO as a prerequisite, which increases setup complexity for organizations that want automated provisioning without full SSO deployment
The decision
Dashlane fits teams that want a password manager with SSO and SCIM on a single Business or Omnix plan and can accept a coarse admin model.
It is a poor fit if your compliance posture requires granular admin permissions, if you need to audit or recover credentials from departing employees' personal vaults, or if you need to enforce Business Space storage. Every app whose credentials live in Dashlane is only as well-governed as the group structure admins maintain manually.
Bottom line
Dashlane delivers a capable password management platform with solid SSO and SCIM support on Business and Omnix plans, but its flat two-role admin model and lack of a native inactive-seat report create real operational overhead at scale.
Teams with straightforward provisioning needs and disciplined credential hygiene will find it workable; teams that need granular delegation, enforced vault policies, or reliable offboarding of personal vault data will hit structural limits quickly.
Automate Dashlane workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
