For users who access vault via enterprise SSO, e.g. Okta, and don’t use master password, current UI forces user to logout + login every time the browser extension’s session runs out (vault locks).
It would be much more convenient (and clearer to new users) if the extension recognized that it is locked (which it does, in the bar icon) and offers a one-click “reauthenticate” button instead of “log out” and log in again, which is not very intuitive.
Hi huk, welcome to the community!
I’m a bit confused by the ask here. A user presented with the screen you are showing there can enter their Bitwarden master password and unlock their vault, no SSO needed. A user without a master password would never see this screen.
Users who don’t have a master password can still set up a PIN or biometric unlock method, and configure their vault to lock using one of these methods for unlock. By default, since these unlock methods need to be set up, a user without a master password is logged out when their vault times out, and they would not need to manually log out.
Let’s ignore whether or not the user has a master password.
Our primary authentication method is SSO. My request is that we make the user vault unlocking experience a little simpler by not forcing the logout+login to unlock. Instead, it would be more intuitive for users to have a “unlock via SSO” button that directly re-initiates the SSO authentication (and then unlocks the vault).
The SSO logout option forces the following extraneous steps:
I would like to have a one-click “unlock via SSO” button that is as efficient as the master password unlock option.
As for biometrics, I will look at those, but I’m not familiar with their use in the browser extensions.
Right - that shouldn’t ever happen. In the screenshot you showed, you could enter your master password and unlock, no SSO required. Similarly, if you have set up a PIN or biometrics, those would be unlock options that display on that screen. SSO is only needed to log in.
For users who have no master password, and no PIN or biometrics set up, they are automatically logged out and would never be presented with that screen.
I can confirm this is exactly what happens for all users in our organization that do not have a master password (that would be all users that are not org. owners or admins; except one).
That one user has a master password because his previous personal bitwarden account was later onboarded to the organization.
I recall being told that the only way for him to have a vault without a master password would be:
