Currently if a user that is required to login via SSO enters their username and password a prompt error is thrown
What will this feature do differently?
When a user enters a username that is part of an SSO enabled organisation and is required, redirect to the SSO auth stream. (similar to the âLogin with Enterprise single sign-onâ button, but org identifier should already be known)
What benefits will this feature bring?
Better end user experience, streamlined documentation. Less confusion and need to know org identifier
Related topics + references
Are there any related topics that may help explain the need and function of this feature?
Are there any references to this feature or function on other platforms that may be helpful?
Atlassian SSO, if user is set as required for SSO as soon as they enter their username it will redirect them. Canât attach screenshot, message appears as âOpening your single sign-on providerâ
Hello - is there any updates to this request? This would seem to be something critical for a frictionless end-user experience when signing into a company provided / SSO app.
This may now be resolved with the new release of the Domain verification option for Bitwarden enterprise organizations using SSO.
As stated in the documentation, once this domain verification is done anyone attempting to sign in with SSO from an email associated with that domain with the be redirected to your SSO provider for authentication without the need for the Organizationâs SSO identifier.
I do not believe that setting resolves the issue â at least, it did not seem to have any effect when I was testing over the weekend. Our domain is verified, and I had enabled the ârequire SSOâ policy setting as a test. It made the process more cumbersome/confusing to my end-user testing account because it let me go from:
enter email address > enter password > ask for 2fa code > then it notified me that I needed to log in with SSO
If the 1st step immediately bounced me over to the SSO provider, that would have been a much smoother experience. In the current form, it would seem the end-user would need to know they have to use the âenterprise single-sign onâ button ahead of time. This is counter-intuitive, especially when other modern apps do auto-bounce you over to the SSO provider after entering in your username/email (generally speaking).
I agree that this is not a good user experience.
If I have verified the domain, and âRequire Single Sign-Onâ is enabled, the users should not see any other options when logging in - it should seamlessly flow to SSO after they put in their email address / account name.
This needs to get implemented asap. 90% of the tickets generated by our users about Bitwarden are just users asking how to get past the SSO error.
If single organization is on and SSO is setup there is no reason for users to need to choose between âSign-inâ and âEnterprise single sign-on.â There should be a way to check if a domain matches an enterprise org anyways that would handle this. It also creates problems if people do not follow the account creation documentation.
Our org has the same problem, almost everyone is facing the same issue. SSO is forced and i have to send everyone specific steps to sign because it is not clear to users.
I am so tired of users not understanding what the message about SSO means and me having to send them instructions to click the right button. Why doesnât it just take them directly to the Enterprise Single Sign-on method when it knows thatâs what they need? At the very least the error message should direct them to use the Enterprise Single Sign-on button because average people donât know or care what SSO stands for.
Agreed, this needs to be implemented. One of the biggest challenges to getting people to use systems like this over built in password managers is how itâs less convenient, and things like this add just one more hurdle to user adoption and satisfaction. Especially since itâs not the technical people in the org who will struggle with the flow, itâs the C Suite who wonât want to be bothered with it. Not sure if we just need more votes or more comments to get this pushed through, but it really is a necessary feature.