Enterprise Reference Guide to Bitwarden Authentication
Outlining critical capabilities around Bitwarden authentication and SSO offerings
- Ressources
- Enterprise Reference Guide to Bitwarden Authentication
Authentication type | What is it? | Deployment considerations |
|---|---|---|
SSO with trusted devices | For a passwordess experience, employees use their SSO credentials to authenticate and decrypt in a single step. Registered, trusted devices are able to decrypt vaults and confirm and accept new devices. Once a device is trusted it does not need approval again. | Selecting this option will allow employees to log in and decrypt their vaults without needing a password. Trusted devices are registered and can confirm logins and extend trust to other devices.
Additional trusted devices can be registered with approval from the Bitwarden desktop app, mobile app, or by a Bitwarden administrator. Each trusted device has an individual device encryption key, and zero-knowledge, end-to-end encryption and security is maintained across devices. Additional resources: Set up SSO with trusted devices Enterprise passwordless SSO brings better productivity and user sign in experience for employees |
Login with SSO | User authentication is separated from vault decryption by leveraging your company’s identity provider to authenticate users into their Bitwarden vault and using master passwords for decryption of vault data. | This option supports identity providers using SAML 2.0 or OpenID Connect standards. Selecting this option means that anytime an employee logs into Bitwarden using SSO, they’ll need to use their master password to decrypt their vault, protecting your businesses’ critical credentials and secrets.
|
Login with SSO and customer-managed encryption | Employees use their SSO credentials to authenticate and decrypt all in a single step. This option shifts retention of the users master passwords to companies requiring the business to deploy a key connector to store the user keys. | For companies with widely adopted SSO implementations, and the desire to integrate authentication and decryption in an on-premises solution, Bitwarden offers SSO with customer-managed encryption. In this scenario, companies manage a key connector agent. This requires a connection to a database that stores encrypted user keys, and an RSA key pair to encrypt and decrypt those keys. This approach maintains a zero knowledge encryption architecture because no decryption keys pass through Bitwarden servers at any point. Management of cryptographic keys is incredibly sensitive and is only recommended for enterprises with a team and utilizing infrastructure that has already securely deployed and managed a key server. SSO with customer-managed encryption is available for customers self-hosting Bitwarden.
|
Login with Bitwarden | Employees use their email and master password to login and decrypt their Bitwarden vault. | For companies that want to get started quickly, login with Bitwarden allows employees to use their unique email and master password to access their vault. It is perfect for companies that do not yet centrally manage authentication or use an identity profiver. Administrators can manually invite employees into Organizations and shared Collections, or use the Bitwarden Directory Connector to synchronize LDAP groups |
Login with device | Employees use their email to login and then confirm the login from a second, authenticated device (mobile app or desktop app) that securely shares the vault encryption key on approval. | Login with device is an available option to all employees after they have logged in with email and master password at least once on the device. This allows employees to quickly log back in to all of their Bitwarden clients after first logging into their mobile or desktop app. Additional resources: |
Choisissez le plan qui correspond à vos besoins
Gratuit
$0
par mois
Gratuit pour Toujours
Obtenir un coffre-fort Bitwarden
- ��Appareils illimités
- Gestion des clés d'accès
- Toutes les fonctions essentielles
- Toujours gratuit
Partager des éléments du coffre-fort avec un autre utilisateur
Premium
Less than$1
par mois
10 $ facturés annuellement
Profitez des fonctionnalités premium
- Bitwarden Authenticator
- Pièces jointes
- Accès d'urgence
- Rapports de sécurité et plus encore
Partager des éléments du coffre-fort avec un autre utilisateur
Familles
$3.33
par mois
Jusqu'à 6 utilisateurs, 40 $ facturés annuellement
Sécuriser vos identifiants familiaux
- 6 comptes premium
- Partage illimité
- Collections illimitées
- Organisation du stockage
Partager les éléments du coffre-fort entre six personnes
Les tarifs sont indiqués en USD et sont basés sur un abonnement annuel
Équipes
Protection résiliente pour les équipes en croissance
$4
par mois / par utilisateur facturé annuellement
Partagez des données sensibles en toute sécurité avec des collègues, à travers les départements ou l'ensemble de l'entreprise
Inclut des fonctionnalités premium pour tous les utilisateurs
Entreprise
Fonctionnalités avancées pour les grandes organisations
$6
par mois / par utilisateur facturé annuellement
Utilisez des fonctionnalités avancées, notamment des politiques d'entreprise, la connexion sans mot de passe unique (SSO) et la récupération de compte.
Inclut des fonctionnalités premium et un plan familial gratuit pour tous les utilisateurs
Obtenez un devis
Pour les entreprises comptant des centaines ou des milliers d'employés, veuillez contacter notre service commercial pour obtenir un devis personnalisé et voir comment Bitwarden peut vous aider :
- Réduire le risque de cybersécurité
- Augmenter la productivité
- Intégrer de manière transparente
Bitwarden s'adapte à toutes les tailles d'entreprise pour garantir la sécurité des mots de passe au sein de votre organisation.
Les tarifs sont indiqués en USD. Plan Entreprise basé sur un abonnement annuel