From 43ef49f9d0f2a9ba5c65cd6edde907a38edcaa2e Mon Sep 17 00:00:00 2001
From: Trey Greer <61418192+tgreer-bw@users.noreply.github.com>
Date: Thu, 17 Sep 2020 16:13:38 -0400
Subject: [PATCH] Clarify SSO FAQs (#192)

---
 .../login-with-sso/getting-started-with-sso.md     | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/_articles/login-with-sso/getting-started-with-sso.md b/_articles/login-with-sso/getting-started-with-sso.md
index bf1317a1..2f257744 100644
--- a/_articles/login-with-sso/getting-started-with-sso.md
+++ b/_articles/login-with-sso/getting-started-with-sso.md
@@ -128,9 +128,21 @@ To do this, the user will need to log into their Web Vault using their `email` a
 
 **A:** Current Enterprise plans offer this feature. To upgrade from a Classic Enterprise plan to a current Enterprise offering, please [contact us](https://bitwarden.com/contact)
 
+**Q: Does SSO Replace my Master Password and Email?**
+
+**A:** No, SSO is meant to be an easier way for Organizations to maintain control of Organization users, allow just-in-time new user provisioning, centralized MFA, and in the near future, improved employee succession management.
+
+Logging in with SSO will authenticate your Bitwarden session and allow you to use an existing IdP session if it exists, and leverage any currently implemented MFA rules as well.
+
+Once logged in, after providing (or creating) your Master Password will perform the encryption/decryption of your Vault data, just as it always has, keeping the audited Bitwarden security model intact.
+
 **Q: Will changing my SSO password affect my Master Password?**
 
-**A:** No, your Master Password will remain the same unless changed within the web Vault.
+**A:** No, your Master Password will remain the same and will still be used to decrypt your Vault data. You can change your Master Password in the Web Vault.
+
+**Q: Can I still log in with my Master Password if my Organization has SSO enabled?**
+
+**A:** Currently, yes. In the near future we will be enabling Enterprise Policies to allow Organizations to control authentication mechanisms for their users.
 
 **Q: Will this work with a self-hosted instance of Bitwarden?**