Good Morning,
Our owner accounts don’t require SSO and can sign in with just a master password, but is it possible to have SSO still be active for regular users along with being able to sign in with a master password?
Hello and welcome to the community!
According to BW documentation, Enterprise customer can set SSO login requirement for non-owner/non-admin accounts ONLY except when self-hosting.
More info on SSO:
thank you for the reply, but can non owner accounts use SSO along with having a master password?
Yes, it’s a REQUIREMENT to have a master password for decryption along with SSO in a zero-knowledge architecture, except when you are self-hosting and using key connector:
That’s why login with SSO decouples authentication and decryption. In all login with SSO implementations, your Identity Provider cannot and will not have access to the decryption key needed to decrypt vault data.
In most scenarios, that decryption key is the user’s master password, which they retain sole responsibility for, however organizations self-hosting Bitwarden can use Key Connector as an alternative means of decrypting vault data.
where can we set that to allow non owner accounts to utiltize a master password?
Have you configured SSO and turned it on? AFAIK, there isn’t an option to require a master password as it’s a required feature.
If you have turned it on but somehow it doesn’t seem to require a master password, I suggest you try clearing cookies on bitwarden websites, and logging in with the web vault using a non-admin/non-owner account.
yes, our non owners need to login with SSO and cannot login with a master password.
If you have turned on SSO, and the master password isn’t working, I suggest you contact support directly. Maybe other community members will answer here too.
ps: If you are talking about allowing the non-admins/non-owners to optionally login with just the master passwords, with SSO turned on, I don’t think that’s possible.
Or you are using trusted devices.
1 Like