The Bitwarden philosophy for SSO integrations has always been about ensuring universal compatibility and maintaining end-to-end, zero knowledge encryption. To that end, Bitwarden SSO integrations are universally compatible with any SAML 2.0 or Open ID Connect-based identity provider, an approach that allows for easy integration into your existing ID management infrastructure.
SSO with trusted devices, a new passwordless SSO offering gives enterprises complete flexibility in where and how encryption keys are kept, all while maintaining secure, end-to-end, zero knowledge encryption.
Here’s an overview of each Single Sign-On solution:
The SSO selection window for Bitwarden Password Manager
Login with SSO - This method uses SSO to authenticate users, supplementing the login process with the security measures of the Identity Provider. The user inputs a Master Password which is then used to decrypt the vault, keeping the encryption key with the user.
SSO with trusted devices - Users log in via SSO, and a device-stored encryption key is used to decrypt the vault, eliminating the need to enter a master password. Devices are registered as trusted in advance and are confirmed by another trusted device or an administrator. This method keeps the encryption key safely with the device.
This new solution gives business end users a passwordless experience that is also zero-knowledge and end-to-end encrypted. This prevents users from getting locked out due to forgotten master passwords and allows them to enjoy a streamlined login experience. SSO with trusted devices is especially appealing to organizations that can couple this solution with vigorous managed device controls for ensuring convenient and strong, secure endpoints.
SSO with customer managed encryption - For self-hosted customers with a robust IT infrastructure, this solution allows users to log in with SSO while the Bitwarden client retrieves the vault encryption key from a self-hosted key server to decrypt the user’s vault. No passwords are required, and the encryption key remains securely with the customer and their IT department.
More information on authentication types and SSO solutions are on the Enterprise Reference Guide to Bitwarden Authentication
No matter which solution fits your needs, Bitwarden SSO integrations offer businesses the ability to incorporate their identity provider authentication policies to Bitwarden, effectively extending that same level of security to every credential stored in the Bitwarden vault. This fills a critical security gap by offering SSO protection to all applications, websites, and other vital resources that may not support SSO natively. This innovative approach strengthens your cybersecurity defense, making Bitwarden an invaluable tool in your security strategy.