Error After Sign in Azure Ad SSO

Hi All,

I’m trying to setup SSO with Azure AD, I followed the instructions in the documentation and I am able to sign in but after sign in I get the following message. How do I make it so that it provisions the account without the need for an invite?

I seem to recall this being an issue with an existing account. For your account specifically, try going into your Web Vault > Settings > Organizations and click the gear icon, and “link sso”.

Sending an invite to a new user should work just fine, they will be added as ‘accepted’ status once they log in with SSO the first time, and just need to be ‘confirmed’ into the org.

Ran into a slight problem with these instructions. In the section that begins “Back to AAD:”, you say to go to Application Registration >> App Created. However, because I added the application via Enterprise Applications >> New App >> Non-gallery application, the app doesn’t show up in the App Registrations list. If I access the Overview area of the app in the Enterprise Applications list, unfortunately there is no Manifest section.

@tgreer Ran into a similar issue as you described.

I set up Azure SSO yesterday, signed in with userA and it worked fine. Deleted that user, then deleted the enterprise application, and deleted the organization in bitwarden.

Today set up Azure SSO again with a new organization and new enterprise app. UserA cannot sign in and gets the error above. Tried sending an invite and that doesn’t work either. However, other users can sign in and set up accounts so it’s only an issue with UserA.

Not sure if there’s anything I can do to fix it because the previous user, organization, and enterprise app are deleted. Maybe it just takes more time to work itself out??

Sorry for the delay!

Is this self-hosted or cloud? Are you by chance using the same Organization Identifier as the first org?

If this is urgent please don’t hesitate to contact our CS team at https://bitwarden.com/contact

Different org id I believe. It’s the cloud version. That particular user still can’t log in so waiting didn’t help.

I just re-read the first post - when you said you ‘deleted’ the user, did that mean you just removed them from the organization? If so, that may be the issue. I believe you’ll need to log in as User A (without SSO) and navigate to settings > organizations > use the gear icon to “unlink SSO” - as that user is still ‘bound’ to the original SSO configuration.

No, I haven’t removed them from the Organization in Azure AD. I deleted them from the users section in the Azure enterprise application and then deleted the enterprise application as well. I also deleted the user from Bitwarden. I tried to sent things up with a new enterprise app but now I’m getting the login error. It worked fine the first time but that particular user can’t log in now even though I set things up the same.

Tried to login as the user with what I thought was the master password but it’s not letting me in that way. Says username or password is incorrect.

Hmm - do you have the SSO policy enforced perhaps?

If not, I’m not exactly sure - but I am no SAML expert. I would definitely recommend reaching out to the CS team to troubleshoot.

I did have that enabled but the bitwarden org the user was in was deleted. I tried turning it off on the new org but still can’t login. I may reach out. Thanks