SSO Behavior

Is the SSO behavior as an admin the same users will experience? Currently it’s setup and working but I’m not sure of it’s efficiency.

Two entry points result in the same outcome:

  1. Go to bitwarden.com
  2. Click Log in
  3. Enter email address
  4. Click Continue
  5. Click Enterprise single sign-on
  6. Enter in SSO Identifier
  7. Click Log In
  8. Enter Master Password
  9. Click Unlock

Or

  1. Go to myapps.microsoft.com
  2. Click on the Bitwarden tile
  3. Enter SSO Identifier
  4. Click Log In
  5. Enter Master Password
  6. Click Unlock

I thought for the ease of use, users would click on the tile and boom they are in.

Hi @ConstrucITon, welcome to the Community! :wave:

Yes, this is expected behavior based on Bitwarden’s zero-knowledge encryption model. If you want to bypass the need for a master password, we also provide the option for organizations who self-host Bitwarden to connect login with SSO to your own self-hosted decryption key server using Key Connector.

If this is something you’re interested in setting up for your organization, please reach out to our support team for more details!

You can also have your team bookmark one of the links based on cloud/self-host to bypass the step of inputting identifier: https://bitwarden.com/help/sso-faqs/#q-do-i-need-to-enter-my-sso-identifier-every-time-i-login

Q: Do I need to enter my SSO identifier every time I login?

A: Nope! Bookmarking the Enterprise Single Sign-On page with your SSO identifier included as a query string will save you the trouble of entering it each time. For example:

  • https://vault.bitwarden.com/#/sso?identifier=your-org-id for cloud-hosted instances
  • https://your.domain.com/#/sso?identifier=your-org-id for self-hosted instances