Using Login with SSO

Category: Login with SSO
On this page:

    As an end-user of Bitwarden, you will need to have your Organization identifier before you can login using SSO:

    Tip

    Depending on how your Organization is set up, you may also need to link your account to SSO. This is typically required if you already have a Bitwarden account that’s a member of an Organization or if your Organization does not require you to use SSO.

    Get your Organization Identifier

    Every Bitwarden Organization has a unique identifier specifically for Login with SSO. You’ll need this value to login, so ask your manager or Bitwarden administrator to retrieve it for you.

    Login using SSO

    The steps required to login using SSO will be slightly different depending on whether your Organization is using Key Connector or not:

    Login with SSO & Master Password

    To login using SSO and your Master Password:

    1. Open your Bitwarden Web Vault and select the Enterprise Single Sign-On button:

      Enterprise Single Sign-On button
      Enterprise Single Sign-On button
    2. Enter your Organization Identifier and select Log In:

      Organization Identifier field
      Organization Identifier field
      Tip

      We recommend bookmarking this page with your Organization Identifier included as a query string so that you don’t have to enter it each time, for example https://vault.bitwarden.com/#/sso?identifier=YOUR-ORG-ID or https://your.domain.com/#/sso?identifier=YOUR-ORG-ID.

    3. Now that you’ve authenticated your identity using SSO, you’ll be prompted to either create a Master Password for your new account or, if you already have a Bitwarden account, to enter your Master Password to decrypt your Vault.

    Note

    Why is my Master Password still required?

    All Vault data, including credentials shared by your Organization, is kept by Bitwarden only in its encrypted form. This means that in order to use any of those credentials, you need a way to decrypt that data. We can’t.

    Your Master Password is the source of that decryption key. Even though you’re authenticating (proving your identity) to Bitwarden using SSO, you still need to use a decryption key (your Master Password) to unscramble Vault data.

    Login with SSO & Key Connector

    To login using SSO and Key Connector:

    1. Open your Bitwarden Web Vault and select the Enterprise Single Sign-On button:

      Enterprise Single Sign-On button
      Enterprise Single Sign-On button
    2. Enter your Organization Identifier and select Log In:

      Organization Identifier field
      Organization Identifier field
      Tip

      We recommend bookmarking this page with your Organization Identifier includes as a query string so that you don’t have to enter it each time, for example https://vault.bitwarden.com/#/sso?identifier=YOUR-ORG-ID or https://your.domain.com/#/sso?identifier=YOUR-ORG-ID.

    3. Depending on your account status, you might be required to enter or create a Master Password the first time you login with SSO and Key Connector. If you do, the following dialog should prompt you to remove your Master Password:

      Remove Master Password
      Remove Master Password
      Tip

      We encourage you to read this and this to fully understand what it means to remove a Master Password from your account. You can instead elect to Leave the Organization instead, however this will remove access to both Organization-owned Vault items and Collections and to Single Sign-On.

    Once you’re removed your Master Password, or if this isn’t your first time logging in using SSO and Key Connector, you’ll be logged in to your Vault with no further steps required!

    You should only need to link your account to SSO if you already have a Bitwarden account that’s a member of the Organization or if your Organization does not require you to use SSO:

    1. Open the Web Vault, navigate to your Settings tab and open your Organizations.
    2. Hover over the desired Organization and select the gear dropdown:

      Link SSO Dropdown Option
      Link SSO Dropdown Option
    3. From the dropdown menu, select Link SSO.

    Once linked, you should be able to login using SSO as documented above.