Redirect User to SSO when attempting to sign in with username

Thank you for your post!

Feature name

  • SSO Redirect / force

Feature function

Currently if a user that is required to login via SSO enters their username and password a prompt error is thrown image

  • What will this feature do differently?
    When a user enters a username that is part of an SSO enabled organisation and is required, redirect to the SSO auth stream. (similar to the “Login with Enterprise single sign-on” button, but org identifier should already be known)
  • What benefits will this feature bring?
    Better end user experience, streamlined documentation. Less confusion and need to know org identifier

Related topics + references

  • Are there any related topics that may help explain the need and function of this feature?
  • Are there any references to this feature or function on other platforms that may be helpful?
    Atlassian SSO, if user is set as required for SSO as soon as they enter their username it will redirect them. Can’t attach screenshot, message appears as “Opening your single sign-on provider”

Any movement on this?

Hello - is there any updates to this request? This would seem to be something critical for a frictionless end-user experience when signing into a company provided / SSO app.

This may now be resolved with the new release of the Domain verification option for Bitwarden enterprise organizations using SSO.

As stated in the documentation, once this domain verification is done anyone attempting to sign in with SSO from an email associated with that domain with the be redirected to your SSO provider for authentication without the need for the Organization’s SSO identifier.

I do not believe that setting resolves the issue – at least, it did not seem to have any effect when I was testing over the weekend. Our domain is verified, and I had enabled the ‘require SSO’ policy setting as a test. It made the process more cumbersome/confusing to my end-user testing account because it let me go from:
enter email address > enter password > ask for 2fa code > then it notified me that I needed to log in with SSO

If the 1st step immediately bounced me over to the SSO provider, that would have been a much smoother experience. In the current form, it would seem the end-user would need to know they have to use the ‘enterprise single-sign on’ button ahead of time. This is counter-intuitive, especially when other modern apps do auto-bounce you over to the SSO provider after entering in your username/email (generally speaking).

1 Like

I agree that this is not a good user experience.
If I have verified the domain, and “Require Single Sign-On” is enabled, the users should not see any other options when logging in - it should seamlessly flow to SSO after they put in their email address / account name.

1 Like

This needs to get implemented asap. 90% of the tickets generated by our users about Bitwarden are just users asking how to get past the SSO error.

If single organization is on and SSO is setup there is no reason for users to need to choose between “Sign-in” and “Enterprise single sign-on.” There should be a way to check if a domain matches an enterprise org anyways that would handle this. It also creates problems if people do not follow the account creation documentation.

1 Like

Our org has the same problem, almost everyone is facing the same issue. SSO is forced and i have to send everyone specific steps to sign because it is not clear to users.

1 Like

I am so tired of users not understanding what the message about SSO means and me having to send them instructions to click the right button. Why doesn’t it just take them directly to the Enterprise Single Sign-on method when it knows that’s what they need? At the very least the error message should direct them to use the Enterprise Single Sign-on button because average people don’t know or care what SSO stands for.

Any updates on this?

Agreed, this needs to be implemented. One of the biggest challenges to getting people to use systems like this over built in password managers is how it’s less convenient, and things like this add just one more hurdle to user adoption and satisfaction. Especially since it’s not the technical people in the org who will struggle with the flow, it’s the C Suite who won’t want to be bothered with it. Not sure if we just need more votes or more comments to get this pushed through, but it really is a necessary feature.

1 Like