When the “require SSO” policy is active, “log in with device” cannot be used. So, please do not display that option to users. It confuses them, especially because it looks like it should work, and simply silently fails. There is no error displayed or anything.
As the admin, I know why it doesn’t work, and I can see an error in the logs, but for the users, it’s silent.
This happens because we use Trusted Device Encryption and both “login with device” and TDE use the same API, mixing two incompatible concepts. The UI sees that I have a trusted device and assumes that I can log in with it.
This is NOT a feature request to make “log in with device” work with SSO. This is simply a request to not show broken UI to users. It’s a bug report, which I cannot file in the proper place, because Bitwarden staff apparently does not understand this distinction.