So I just set this up for my org and I am completely scratching my head that maybe I did something wrong.
I set up SSO with Google Workspace as my iDP and then I go to test it and I need to first sign in with an email so that Bitwarden knows what account its dealing with then I sign in with enterprise… it requires and SSO ID? why is this why can I just not say anyone with out domain email has to use SSO why do we have to have an identifier? Then I authenticate using Google and then it asks for my Bitwarden master password? How is this SSO this is like 4 factor authentication haha did i set something up wrong and turned on like super security?
This is actually useful information. I just had a call yesterday with them and they didn’t even mention this after I told them we didn’t want so many prompts to just login and users in a business are never going to remember this info. I found out that 1password gets around this by having a custom domain ie company.1password.com and the company name is your identifier so that you don’t have to type it in. This assumes that people are logging into the web version
I just need to figure out a way to store the keys and have it not be our responsibility I don’t want to setup a key server and be responsible for it but I do understand it’s part of the zero trust model.
Thanks, the team is working on a new process that uses a team member’s unique hardware device to provide encryption eliminating the need to input a master password, we will share more information as it becomes available.