The Bitwarden Blog
Bitwarden launches SSO authentication to integrate password security with identity providers
September 30, 2020
Bitwarden, the open source password manager for organizations and individuals, today announced the availability of Login with SSO for its updated Enterprise plan.
The Bitwarden Login with SSO feature integrates password security with identity-based single sign-on. Users can authenticate through their existing identity provider and gain access to all Bitwarden password management capabilities. This security feature also introduces new advantages for administrators and end-users:
- Simplifies platform access for employees
- Standardizes logging in with work credentials
- Allows secure user onboarding and succession
- Leverages any existing multi-factor authentication
Bitwarden Login with SSO gives organizations the ultimate flexibility for identity management by integrating with existing SSO solutions that use SAML 2.0 or OpenID Connect.
Administrators on the updated Enterprise Plan can now implement Login with SSO for their organization. Learn more about our subscription plans.
Along with the identity integration capability, Bitwarden also released a new Business Portal for enterprises to configure security controls for their organization. The updated UI enhances and streamlines the way administrators access organizational settings.
Through the Business Portal, administrators can set Enterprise Policies and Login with SSO configuration. The update also paves the way for other expanded Enterprise features.
To view the Business Portal, visit your Web Vault > Settings > Organizations.
Entering the Business Portal will present options for configuring Login with SSO and other Enterprise features.
Bitwarden built its Login with SSO implementation for password management to be both highly secure and also flexible enough to integrate with existing identity providers.
Implementing the SSO option separates user authentication from Vault encryption. Logging in with SSO will authenticate your Bitwarden session using an existing Identity Provider (IdP) session if it exists, and leverage any currently implemented MFA rules.
Once authenticated, after providing (or creating) your Master Password, your personal Bitwarden Vault data will be decrypted for viewing, keeping the audited Bitwarden security model intact. Only the individual user can access their Vault information and it is only decrypted after they enter their Master Password.
To see an overview of the single sign-on workflow, settings, and configuration information see our Help article.
If you have more questions about Login with SSO, visit our FAQs.
December 2021 Update:
For companies that have experience deploying, securing, and managing crytopgrahic keys, a new customer-managed encryption option allows their teams to deploy a local key server for users' vaults. This enables users to be authenticated and their vaults decrypted with a single click without additional user input. More information can be found in the Help Center, in the SSO Reference Guide, and in the SSO Login Strategy paper.
Back to Blog