Following up here again. Really hoping to take our MSP to Bitwarden and bring our clients along but a masterpasswordless SSO option is a must-have.
Has there been any movement on this? It appears the last post is over a year old. We are new to Bitwarden and would like to implement SSO, but it seems unnecessary to do so if you are still required to enter the Master Password too.
Hi @brianknight Yes! You can check out SSO with Trusted Devices About Trusted Devices | Bitwarden Help Center
Has there been any update on this? The last post is from 7 months ago.
1Password is now able to do this by only requiring your Azure Entra ID credentials to unlock your vaults on their cloud hosted version (not sure if they have a self hosted version).
1 Like
Trusted Devices are not really the benefit I was looking for. Removing the second step (Masterpassword or Device Approval) would be preferred, not replacing it.
The more so as a Browser Update seems to trigger the need for re-approving all browsers of the company! So we just approve everything we getā¦ but the user needs to wait and we have a lot of support effort ā¦
1 Like
This is still a feature that organizations want desperately. Weāve just signed on for Bitwarden Enterprise and the SSO process requiring an additional MP entry after the fact will add major annoyance to our users. Hopefully, this feature can see some prioritization for Cloud-hosted Enterprise Customers in 2025 
What makes things (kind of) even worse is that they now have trusted device for SSO but it is only for logging in and not for unlocking which is an epic failure.
I was really hoping for trusted device unlock. I donāt see why it isnāt possible if it can be done when logging in since when you login you are also unlocking.
I am really wanting unlocking (decryption) with our own identity provider. 1Password currently supports this via trusted device.
It would be nice if bitwarden implemented this too. By not having this for organizations/enterprises, itās like bitwarden is playing in the minors leagues while 1Password is playing in the major leagues.
As of now, the only somewhat seamless configuration is to have our users setup a PIN after unlocking their vaults.
1 Like
Users can trust a device, after which future logins will unlock with only the SSO flow. It is only the first time logging in on a new device that a user needs to use their other device or get admin assistance to unlock.
Iād appreciate if it would be like that already. But please Bitwarden. Start listening!
Itās not even āTrusted Deviceā, itās āTrusted App on Deviceā. Browser, Browser Plugin, Windows App, Mobile App ā¦ they all need an extra approval! Approving a new Windows Laptop once, that would be better already. But three times for Windows only? Users are confused, technicians annoyed, IT simply approves everything without looking, bc you canāt verify if Mr. Bean or Mr. Hacker wantās to register this new Device.
Thatās random! Additionally clearing the Browser cache/cookies for some IT-Support Troubleshooting ends in a user being locked out of Bitwarden! Thatās ridiculous.
And you got solutions at hand ā¦ please listen!
Iāll give this a try again but when I tested on Monday it was wanting me to enter my master password to unlock the web browser extension.
Iām pretty sure the Trusted Device in the web browser extension is based off of the hardware ID of the browser and the browser is not capable of grabbing the actual hardware ID of the computer. This is a limitation of the browser and not Bitwarden.
This is why if you ever take a survey and the survey only allows 1 submission but if you go in to In-Cognito/Private Browsing mode, you can submit the survey as many times as you want.
Again, this is a limitation of the browser and not the actual computer or Bitwarden.
I guess something to bear in mind is that the app has a session timeout, that the user can configure, that will determine when the app locks or logs the user out.
For a user who has a master password, the default values for those timeouts are to lock the vault after 15 minutes. Again, you can adjust this. You can set up unlock with PIN or biometrics to give yourself other unlock options, or extend or shorten the time as you like.
For users who donāt have a master password, the default values are to log the user out after 15 minutes. On a trusted device, they can log in again going through the SSO flow and unlock is automatic after SSO. Or, these users can set up PIN or biometrics, so that they donāt have to go through SSO to unlock.