The Login with SSO feature allows you to use your existing Identity Provider to authenticate into Bitwarden. Login with SSO is available on the current Enterprise Plan.
We understand that security requirements and Identity providers can vary greatly between Organizations. Classic 2019 Enterprise Plan customers are encouraged to trial Login with SSO before upgrading to the new Enterprise Plan and deploying globally.
To Trial our new Enterprise Plan, we recommend creating a new Trial Organization.
Navigate to your Web Vault and select “New Organization”
Select Enterprise as your plan, and remember to add as many seats as you’ll need to test with. You will automatically get 7 free days, but you may also leverage our monthly billing option to allow for extended testing if you need.
You can now begin using your new organization to test Login with SSO. For self-hosted and on-premise users, you will need to do this as well to generate a new license file. We recommend using a separate Bitwarden instance for testing Login with SSO for self-hosted and on-premise users.
For more information on Plan comparisons, please visit our plan comparison article here.
To enable Login with SSO, you’ll need to log into the Bitwarden Web Vault and access your Organization.
When enabling Login with SSO, you’ll create an organization identifier, unique to your organization, that will allow the client to identify and connect to the right identity servers. This will be entered upon login.
Define the Organization Identifier inside the Organization Vault: Settings > My Organization.
Once you have created your Organization Identifier from the Organization Settings page, you’ll select the link to the Business Portal.
Within the Business Portal, you’ll see the option to enable and configure Login with SSO.
Click the checkbox to enable Single Sign-On and select the protocol for your Identity Provider.
Depending on your Identity Provider and configuration, you may need to perform the creation of an additional API key or Application ID within the Identity service prior to enabling and configuring your Bitwarden Organization.
We recommend you maintain a distinct application ID or reference for Bitwarden within your Identity Server.
Bitwarden Login with SSO is configurable to work with your SAML 2.0 IdP - for details on configuration please use this article.
Bitwarden Login with SSO is configurable to work with your OIDC IdP - for details on configuration please use this article.
Logging into your Bitwarden client using Login with SSO is accomplished by a few steps.
Users that register “Just-In-Time” or “on the fly” for their Organization will still need to be confirmed to access any shared Organization Items. For more information about managing and confirming users, visit our article here.
Users will also need to be assigned to any Groups and Collections.
Users that are created via Login with SSO will still be properly organized into their groups and collections if leveraging the Directory Connector. utility.
Organizations with existing Bitwarden users that are deploying Login with SSO will need to have their users link their existing account to an SSO authentication.
To do this, the user will need to log into their Web Vault using their
Please visit our Login with SSO FAQs for more information.
Rate this article:
Want to talk to a human?Send Us An Email