Two-step Login via Duo

Category: Two-step Login
On this page:

    Two-step Login using Duo is available for Premium users, including members of a Paid Organization (Families, Teams, or Enterprise).

    Enabling Duo for your Organization will prompt all enrolled members to register a device for Duo Two-step Login on their next login. Users with user type Owner can enable Two-step Login via Duo for the Organization. For more information, see User Types and Access Control.

    Activate Bitwarden in Duo

    In order to use Two-step Login to access Bitwarden using Duo, you’ll need a Duo account. Sign up for free, or log in to your existing Duo Admin Panel, and complete the following steps:

    1. In the left menu, navigate to Applications.
    2. Select the Protect an Application button.
    3. Find or search for Bitwarden in the Applications list, and select the Protect button. You will be redirected to a Bitwarden Application page:

      Bitwarden Application page
      Bitwarden Application page

    Take note of the Integration Key, Secret Key, and API Hostname. You will need to reference these values when you Setup Duo within Bitwarden.

    Setup Duo

    Complete the following steps to enable Two-step Login using Duo:

    Warning

    Losing access to your Duo-enabled device can permanently lock you out of your Vault, unless you write down and keep your Two-step Login Recovery Code in a safe place.

    Get your Recovery Code from the Two-step Login screen before enabling any method.

    1. Log in to your Web Vault.
    2. If you’re an Individual User, select Settings from the top navigation bar.

      If you’re an Organization Owner, open your Organization and select the Settings tab.

    3. Select Two-step Login from the left-side menu.
    4. Locate the Duo or Duo (Organization) option and select the Manage option.

      Select the Manage button
      Select the Manage button

      You will be prompted to enter your Master Password to continue.

    5. Enter the Integration Key, Secret Key, and API Hostname provided in your Duo Admin portal (see Activate Bitwarden in Duo).
    6. Select the Enable button. A green Enabled message will indicate that Two-step Login using Duo has been enabled.
    7. Select the Close button and confirm that the Duo option is now enabled, as indicated by a green checkmark ( ).
    Note

    When you setup Two-step Login, you should logout of all your Bitwarden apps to immediately activate Two-step Login for each app. You will eventually be logged out automatically.

    Register a Device

    In a new tab, navigate to the Web Vault. If Duo is your highest-priority Two-step Login method, you will be prompted by a Duo setup screen. Organization members will be prompted by this screen on their next login.

    Duo Setup Screen
    Duo Setup Screen

    Follow the on-screen prompts to finish configuring Two-step Login using Duo (for example, type of device to register and send SMS or send push notification). If you haven’t already downloaded the Duo Mobile App, you will be prompted to do so.

    Get the Duo Mobile App

    To take advantage of quick Two-step Login with Duo Push, download the Duo Mobile app for free. You can alternatively use Duo for SMS, phone call, or U2F security key verification.

    Use Duo

    The following assumes that Duo is your highest-priority enabled method. Complete the following steps to access your Vault using Two-step Login:

    1. Login to your Bitwarden Vault on any app and enter your Email Address and Master Password.

      A Duo screen will appear to begin your Two-step Login verification.

    2. Depending on how you’ve configured Duo, complete the authentication request by:

      • Approving the Duo Push request from your registered device.
      • Finding the 6 digit verification code in your Duo Mobile app or SMS messages, and enter the code on the Vault login screen.

    You will not be required to complete your secondary Two-step Login step to Unlock your Vault once logged in. For help configuring Log Out vs. Lock behavior, see Vault Timeout Options.

    Was this helpful?

    Rate this article:

    Email Us

    Want to talk to a human?

    Send Us An Email