Chrome Extension and SSO no Okta prompt

Our organization has the below enabled.

  • Single organization
  • Require single sign-on authentication (Okta MFA)
  • Vault timeout: 4hrs

I have one user that has the Bitwarden Chrome extension. This user in not an Admin or Owner yet he can log in via the Chrome extension with is master password and doesn’t get redirected to Okta, which from my understanding should not be possible.

What am I missing?



Sounds like the browser extension is locking, rather than logging out as the default.

Locking only requires master password, or either PIN or Biometrics to unlock and decrypt the locked encrypted local vault.

Login though requires you to authenticate with the Bitwarden server, requiring SSO, MFA, or any conditional access you may have to get the copy of the local vault cached to the device.

Indeed, that is what it is. Is there a policy setting that will force web and the extension to “log out” instead of the default “lock” option?

Not yet, but something that the team is working on adding.