Two-step Login via Duo
Two-step login using Duo is unique among available two-step login methods in that it can be enabled by an individual (like the other methods) or enabled for an entire Organization by Teams and Enterprise Organizations.
Enabling Duo for an Organization will prompt all enrolled members to register a device for Duo two-step login the next time they log in.
Configuring Duo in the Duo Admin Panel and registering a device will follow the same procedure in either case, but the setup procedure in Bitwarden varies depending on whether you're setting up Duo for yourself or for an Organization.
In the left menu, navigate to Applications.
Select the Protect an Application button.
Find or search for Bitwarden in the Applications list, and select the Protect button. You will be redirected to a Bitwarden application page:
Take note of the Integration Key, Secret Key, and API Hostname. You will need to reference these values when you Setup Duo within Bitwarden.
Setting up Duo in Bitwarden is different depending on whether you're enabling it for yourself or for an Organization. Select one of the following tabs accordingly for instructions:
Register a Device
Follow the on-screen prompts to configure a secondary device to use Duo (for example, type of device to register and send SMS or send push notification). If you haven't already downloaded the Duo Mobile App, we recommend that you do so:
The following assumes that Duo is your highest-priority enabled method. To access your vault using Duo:
Login to your Bitwarden vault on any app and enter your email address and master password.
A Duo screen will appear to begin your two-step login verification.
Depending on how you've configured Duo, complete the authentication request by:
Approving the Duo Push request from your registered device.
Finding the 6 digit verification code in your Duo Mobile app or SMS messages, and enter the code on the vault login screen.
Check the Remember Me box to remember your device for 30 days. Remembering your device will mean you won't be required to complete your two-step login step.
You will not be required to complete your secondary two-step login step to Unlock your vault once logged in. For help configuring Log Out vs. Lock behavior, see Vault Timeout Options.