Enterprise Reference Guide to Bitwarden Authentication
Outlining critical capabilities and features around Bitwarden authentication
Outlining critical capabilities and features around Bitwarden authentication
Authentication type | What is it? | Deployment considerations |
---|---|---|
Login with Bitwarden | This enables employees to use their email and master password to login and decrypt their Bitwarden vault. | For companies that want to get started quickly, Login with Bitwarden allows employees to use their unique email and master password to access their vault. It is perfect for companies that do not yet centrally manage authentication or use an identity profiver. Administrators can manually invite employees into Organizations and shared Collections, or use the Bitwarden Directory Connector to synchronize LDAP groups |
Login with SSO | This separates user authentication from vault decryption by leveraging your company’s identity provider to authenticate users into their Bitwarden vault and using master passwords for decryption of vault data. | This option supports identity providers using SAML 2.0 or OpenID Connect standards. |
Login with SSO and customer-managed encryption | Employees use their SSO credentials to authenticate and decrypt all in a single step. This option shifts retention of the users master passwords to companies requiring the business to deploy a key connector to store the user keys. | For companies with widely adopted SSO implementations, and the desire to integrate authentication and decryption, Bitwarden offers Login with SSO and customer-managed encryption. |