Filter logins by referrer

As an end user, I would like to filter my logins by referrer, in addition to the URI of the site I am on so that I can more easily choose from multiple credentials used on a single SSO provider.

I have multiple accounts registered with an SSO provider and I want to choose a specific account depending upon which site I’m logging into via that provider. Currently, I need to be careful to choose the right account, and using CMD+L to auto-fill may result in me logging in with the wrong account and an eventual failure of the auth flow, which must be fixed by clearing my cookies for the URI of the SSO provider.

It would be helpful if BitWarden could detect which site I was referred by so that the correct login is chosen and I can use the CMD+L without fear of the wrong creds being entered.

I’m aware that this is a serious edge case, but figured it’s worth raising in case others have seen the same use case.

1 Like

This sounds like a very interesting and promising idea.

Can you provide an example to illustrate (fictional is fine)?

With the end goal being to filter multiple logins for the same URI, I wonder if additional techniques could be considered. Perhaps a mechanism to create browser bookmarks that will go to a URI and filter the available logins.

Of course, if the full path of URIs was checked for the referer, one could likely create bookmarks to local pages that contain links to external login pages. But there may be more direct possibilities for implementation as well.

In my current situation, one account is for “end-user” type activities, like access to o365, a Wiki, etc… The other is reserved for administrative tasks. Chiefly cloud service provider access.

I’ve thought a bit about how bookmarks might be used to differentiate logins, but given that it’s a redirect every time I hit the site for which I want the logins filtered, I haven’t found a way.

From an administrative perspective, I think the maintainers of the current system would do well to use multiple URLs for the SSO page to prevent this kind of thing, but then I’m also not sure that the multiple sets of credentials make sense in the first place.