Last week I was testing this as well as converting my SSO from going directly to my Keycloak server to Azure so I could use a CA policy for Duo.
I can confirm also, the experience between a Bitwarden administrator and Bitwarden end user are two different experiences.
Bitwarden Administrators have to use a master password so they don’t get locked out of their cloud instance which makes sense.
I’m using SSO and trusted device and the user experience is somewhat seamless.
However, I did run in to 3 problems.
-
I wasn’t receiving the emails once the end user accepted the invite but other admins did. I check my spam folder and Outlooks rules and even the exchange server but never received it.
-
When clicking the enterprise login button, the text box for the master password would error out in red text saying you need to enter a password but then would proceed to the enterprise SSO login.
-
When new user devices needed to be approved, we were not reviewing emails to let us know it needed approval.