Add a Trusted Device

When you become a member of an organization, the device you log in with for the first time will automatically be registered as a trusted device. Once this occurs, all you'll need to do to log in to Bitwarden and decrypt your data is complete your company's established single sign-on flow.

When you log into a new device however, you'll need to approve, or trust, that device. There are a few methods for doing so:

• Approve from another device: If you have another Bitwarden Password Manager web app, mobile app or desktop app you're currently logged in to, you can approve the new device from there. On mobile, ensure first that the the Approve login requests option is enabled.
  

  Mobile appWeb appDesktop app

  To approve a request with the mobile app:

  1. Log in to the mobile app.

  2. Navigate to Settings → Account security → Pending login requests.

  3. Locate and select the active device request.

  4. Verify the fingerprint phrase and select Confirm login.
     

     

  To approve a request with the web app:

  1. Log in to the web app.

     note

     When requesting approval for a login of the browser extension, the extension will wait for up to two minutes for approval even if you click out of or minimize the extension window in order to approve the request using the web app.

  2. Navigate to Settings → Security → Devices, or select the link on the banner notification:
     

     

  3. Locate and select the active device request:
     

     

  4. Verify the fingerprint phrase and select Confirm login.
     

     

  To approve a request with the desktop app:

  1. Log in to the desktop app.

  2. An authentication request will be sent to your desktop app:
     

     

  3. Verify the fingerprint phrase and select Confirm login.

• Use master password: If you are an admin or owner, or joined your organization before SSO with trusted devices was implemented, and therefore still have a master password associated with your account, you can enter it to approve the device.

  

• Request admin approval: You can send a device approval request to admins and owners within your organization for approval. You must be enrolled in account recovery to request admin approval, though you may have been automatically enrolled when you joined the organization. In many cases, this will be the only option available to you (learn more).

Once the new device becomes trusted, all you'll need to do to log in to Bitwarden and decrypt your vault data is complete your company's established single sign-on flow.

The initial client used to access Bitwarden for users who were invited with Just in Time (JIT) provisioning using login with SSO will become their first trusted device. If the initial client accessed is the Bitwarden desktop or mobile app, this device can be used to approve additional devices.

For the desktop or mobile app to become the first trusted device, the user should not use the organization invite link. Instead, open the mobile or desktop app and select the Enterprise single sign-on option to begin the JIT process.

Devices will remain trusted until:

• The application or extension is uninstalled.

• The web browser's memory is cleared (web app only).

• The user's encryption key is rotated.

If you're having trouble establishing device trust:

• On Chrome, check that Allow sites to save data on your device is turned on (Settings → Privacy and security → Site settings → Additional content settings → On-device site data → Allow sites to save data on your device).