I knew I was missing something. It was the button to enable Trusted Devices.
I was looking for it under Policies but figured Bitwarden got rid of it.
As a suggestion, I would move the Member decrpytion option out of the Single sign-on settings section and make it its own policy.
When I think single sing-on settings I think of the OIDC or SAML configuration, not how to decrypt a vault.
Also, it feels a bit redundant to have to go in to Settings > Policies and enable the Require single sign-on authentication policy and then check a box in Settings > Single sign-on to Allow SSO authentication.
I feel like the Allow SSO authentication setting should be in the Require single sign-on authentication policy
