Using Login with SSO

As an end-user of Bitwarden, you will need to have your organization identifier before you can login using SSO.

tip

Depending on how your organization is set up, you may also need to link your account to SSO. This is typically required if you already have a Bitwarden account that's a member of an organization or if your organization does not require you to use SSO.

Get your organization identifier

Every Bitwarden organization has a unique identifier specifically for login with SSO. You will need this value to login, so ask your manager or Bitwarden administrator to retrieve it for you.

Join an organization using SSO

The steps required to join an organization using SSO will be slightly different depending on whether you have received an email invitation and whether you already have a Bitwarden account associated with the email address you want to join Bitwarden with:

If you have an email invitation to join the organization in your inbox, follow one of these procedures depending on whether you already have a Bitwarden account with that email address:

I already have a Bitwarden account

If the invitation is sent to an email that is already linked to a Bitwarden account and matches the email address supplied by the IdP, follow these steps to join the organization:

  1. Click the Join Organization button in the email invitation.

  2. On the Bitwarden login page, enter your email address and master password and select Log In.

  3. Once you have successfully logged in, a green banner will appear at the top of your vault, indicating that your organization invitation has been accepted. An organization admin will need to confirm you to the organization before you can proceed.

  4. Once you're confirmed, you'll be able to access the organization by logging in to Bitwarden again, time using the Enterprise Single Sign-On option.

I don't have a Bitwarden account

If the invitation is sent to an email that isn't already linked to a Bitwarden account, follow these steps:

  1. Click the Join Organization button in the email invitation.

  2. On the Bitwarden login page, select the Enterprise Single Sign-On button.

  3. Enter your Organization identifier and select Log In.

  4. Log in to your IdP. Once you do, you'll be redirected to a page where you can create a master password for your new account.

  5. Create a master password for the account. An organization admin will need to confirm you to the organization before you can proceed.

  6. Once you're confirmed, you'll be able to access the organization by logging in to Bitwarden using the Enterprise Single Sign-On option.

If you receive the error message <email> has been invited to the organization, please accept invitation. while attempting to log in, there's already a Bitwarden account associated with this email. Please follow the I already have a Bitwarden account instructions above.

If you don't have an email invitation to join the organization in your inbox, follow one of these procedures depending on whether you already have a Bitwarden account with that email address:

I already have a Bitwarden account

You won't be able to join an organization using SSO with this account. Contact your organization admin to request an invitation.

I don't have a Bitwarden account

If you are joining an organization without an invite and no pre-existing Bitwarden account, follow these instructions:

  1. On the Bitwarden login page, select the Enterprise Single Sign-On button.

  2. Enter your Organization Identifier and select Log In.

  3. Log in to your IdP. Once you do, you'll be redirected to a page where you can create a master password for your new account.

  4. Create a master password for the account. An organization admin will need to confirm you to the organization before you can proceed.

  5. Once you're confirmed, you'll be able to access the organization by logging in to Bitwarden using the Enterprise Single Sign-On option.

Login using SSO

The steps required to login using SSO will be slightly different depending on whether your organization is using Key Connector or not:

To login using SSO and your master password:

  1. Open your Bitwarden web vault and select the Enterprise Single Sign-On button:

    Enterprise Single Sign-On button
    Enterprise Single Sign-On button
  2. Enter your Organization identifier and select Log In:

    Organization Identifier field
    Organization Identifier field
    tip

    We recommend bookmarking this page with your organization identifier included as a query string so that you don't have to enter it each time, for example https://vault.bitwarden.com/#/sso?identifier=YOUR-ORG-ID or https://your.domain.com/#/sso?identifier=YOUR-ORG-ID.

  3. Now that you have authenticated your identity using SSO, you will be prompted to either create a master password for your new account or, if you already have a Bitwarden account, to enter your master password to decrypt your Vault.

    note

    Why is my master password still required?

    All vault data, including credentials shared by your organization, is kept by Bitwarden only in its encrypted form. This means that in order to use any of those credentials, you need a way to decrypt that data. We can't.

    Your master password is the source of that decryption key. Even though you are authenticating (proving your identity) to Bitwarden using SSO, you still need to use a decryption key (your master password) to unscramble vault data.

  4. If you are using two-step login, authenticate using your secondary device.

    warning

    Two-step login via email is not recommended if you are using login with SSO, as using multiple methods will cause errors. Consider setting up two-step login via a free authenticator instead.

To login using SSO and Key Connector:

  1. Open your Bitwarden web vault and select the Enterprise Single Sign-On button:

    Enterprise Single Sign-On button
    Enterprise Single Sign-On button
  2. Enter your Organization identifier and select Log In:

    Organization Identifier field
    Organization Identifier field
    tip

    We recommend bookmarking this page with your organization identifier includes as a query string so that you don't have to enter it each time, for example https://vault.bitwarden.com/#/sso?identifier=YOUR-ORG-ID or https://your.domain.com/#/sso?identifier=YOUR-ORG-ID.

  3. Depending on your account status, you might be required to enter or create a master password the first time you login with SSO and Key Connector. Doing so will remove the master password from your account.

    tip

    We encourage you to read this and this to fully understand what it means to remove a master password from your account. You can instead elect to leave the organization instead, however this will remove access to both organization-owned vault items and collections and to single sign-on.

  4. If you are using two-step login, authenticate using your secondary device.

    warning

    Two-step login via email is not recommended if you are using login with SSO, as using multiple methods will cause errors. Consider setting up two-step login via a free authenticator instead.

You should only need to link your account to SSO if you already have a Bitwarden account that's a member of the organization or if your organization does not require you to use SSO:

  1. Open the web vault, and select the Options menu next to your organization.

  2. From the dropdown menu, select Link SSO.

    Link SSO in the Web Vault
    Link SSO in the Web Vault

Once linked, you should be able to login using SSO as documented above.


言語
© 2022 Bitwarden, Inc.
利用規約プライバシーポリシーサイトマップ