Handling SSO for different services

I am cleaning up my vault after migrating from LastPass. I had a lot of work to do, as I had a poor track record of not reusing passwords :confused:

I also had a lot of old entries. Which is good, because then I know where to delete accounts or just make them safe.

However, I stumbled across some accounts which changed to SSO. I would like to remember where I have logins for, but as some of the shifted to SSO, how should I handle this.

One example is Skype and Hotmail. They both use live.com now. How do you guys handle entries like this?

Hi @lsolesen and welcome to the community! One option is to create an item with
Name: Name of website
Username: Which sign in service did/do you use
Website: Appropriate URL
This way when you land on that website you will get the login flag on your browser extension icon, and if you click on the extension icon you will immediately be able to see which sign on service you use.
Hope that helps!

@lsolesen The advice provided by @go12 is good for cases where you have elected an optional SSO sign-in option, like “Sign-in with Google”, etc., as an alternative to signing in with a username and password.

However, I think for a case like Skype, in which the sign-in link on skype.com always redirects every user to login.live.com, I would suggest one of the approaches described below. In the Bitwarden vault item for your Skype account, start by keeping the skype.com URL as URI1, and clicking the :gear: next to the URL to set the match detection to “Never”.

It’s unclear whether your live.com username and password for Skype and Hotmail are the same or different. I’m assuming that they are the same, since you’ve referred to this arrangement as “SSO”. If this is the case, then store the common username/password in a separate vault item for login.live.com. When you are redirected to the live.com login form (whether from Skype or from Hotmail), Bitwarden will automatically match the username and password in the login.live.com vault item to the login form, allowing you to auto-fill the credentials.

However, if the two account (Skype and Hotmail) have different login credentials, then it gets a little more complicated. In that case, you would store each username/password within the original vault items for your Skype and Hotmail accounts, but you would now need to add a second URL (“URI2”) with the full login.live.com URL. You would have to use the :gear: icon to change the match detection to either “Exact”, or “Starts with”, or “Regexp”. Which one of these three options you need will require some experimenting; it is going to depend on how much of the login.live.com URL string changes each time that you log in to one of those services, and which parts of the URL string are in common between the Skype login and the Hotmail login. Please note that if the “Exact” matching option does not work, you will have to tailor the URL expression before it can be used with the “Starts with” or “Regexp” options.

Please let us know whether your credentials are the same or different for the Skype and Hotmail accounts. If the latter (the more complicated case), then we can try to help you set up the URI match detection so that it works.

1 Like

They are the same, so I will go for @grb solution for Skype. I am a little in doubt what you think I should put in username and password for the Skype-entry which basically is just being a placeholder telling me, that I have a Skype-login now?

However, @go12 seems brilliant for exactly when choosing Google Signin or other means of signin to accounts. Never thought of that.

1 Like

Yes, it is just a placeholder so that you can remember you have a Skype account. You can also use the “Launch” button to quickly access the Skype website (although you can use a bookmark manager for this, also). The username and password can be left blank, or you can put “live.com” in the Username field, like in the method suggested by Gary.

Alternatively, if you don’t need to use Bitwarden’s launch function, and if you don’t care about having a placeholder vault item for Skype and Hotmail, then you can just delete those items. In that case, I would suggest maybe adding the Skype and Hotmail URLs as URI2 and URI3 in the vault item for login.live.com, setting the match detection for those two URIs to “Never”. That way, you have some kind of record that your live.com login is used for your Skype and Hotmail accounts, and you should also be able to search for “skype” in your vault. You will even be able to use the launch function, if you first open the login.live.com vault item for viewing (so that you can see the stored websites).

1 Like