Act as a SAML service provider for onboarding

It should be possible to make Bitwarden behave as an SAML service provider, though a user would still need to input their master password for Bitwarden each time. This would mostly be beneficial for companies to aid in on-boarding of users and control things like 2FA on their side. A true SSO implementation is not really possible due to the master password (encryption key) requirements of Bitwarden.

GitHub issue:

We also need this feature as currently, we are moving all our services under Okta SSO and where it is possible adding provisioning for users, so in general, Okta acts now as our users’ management system.
Bitwarden is one of the most critical components in our security system, so it will be great to have the ability to integrate it into the whole system fully.
So, it will be great to have both features - SAML SP and users provisioning, to avoid adding them manually and especially - to avoid letting them set a password via invite emails, as also we are trying to implement passwordless authentification - users will have access only via Okta’s application.

It’s unfortunately not clear to me how lastpass achieve this, but they do.
Having the ability to use the Active Directory credentials to access the bitwarden account would be, i think, the only remaining reason we’re still considering lastpass.
(on the basis bitwarden already has the groups and user provisioning functionality in the bitwarden directory connector)

1 Like

Yes, we need this as well. We are using Azure AD Premium with MFA, and we don’t want to setup another system for MFA.

We will postpone our migration to Bitwarden until this feature is available.