Admin ConsoleLogin with SSO

Setup SSO with Trusted Devices

This document will walk you through adding SSO with trusted devices to your organization. You must be an organization owner or admin to complete these steps:

  1. Open your organization and navigate to the Settings Policies page.

  2. On the Policies page, activate the following policies which are required for using trusted devices:

    • The Single organization policy.

    • The Require single sign-on authentication policy.

    • The Account recovery administration policy.

    • The Account recovery administration policy's Require new members to be enrolled automatically option.

      備考

      If you do not activate these policies beforehand, they will be automatically activated when you activate the Trusted devices member decryption option. However, if any accounts do not have account recovery enabled, they will need to self-enroll before they can use admin approval for trusted devices. Users who enable account recoverymust log in at least once post-account recovery to fully complete the account recovery workflow.

  3. Navigate to the Settings > Single sign-on page. If you haven't setup SSO yet, follow one of our SAML 2.0 or OIDC implementation guides for help.

  4. Next, select the Trusted devices option in the Member decryption options section.

Once activated, users can begin decrypting their vaults with trusted device.

If your desired outcome is to have members without master passwords who can only used trusted devices, instruct users to select Log in → Enterprise SSO from the organization invite to initiate JIT provisioning. Admins/owners should still use the Create account option so that they have master passwords for redundancy and failover purposes.

注意

Migration from SSO with trusted devices to other member decryption options is not currently recommended:

Changing member decryption option from Trusted devices to Master password

Changing the member decryption option from Trusted devices to Master password without issuing master passwords will result in user account lockout. In order to make this policy change, you must:

  1. Issue master passwords using account recovery.

  2. Users must log in at least once post-account recovery in order to fully complete the workflow and prevent lockout.

If the member decryption option was changed without issuing master password, the following three options remain for users:

Make a suggestion to this page

サポートチームへのお問い合わせ

For technical, billing, product, and Family/Premium questions.

お名前*
ビットワルデン*
アカウントのメールアドレスを確認してください*
製品*
あなたは自己ホスト型ですか?*
件名*
お問い合わせ内容を入力してください...*

クラウドのステータス

ステータスを確認する

© 2024 Bitwarden, Inc.利用規約プライバシーポリシーサイトマップ
このサイトは日本語でご利用いただけます。
Go to EnglishStay Here