bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2025-12-15 15:53:53 +00:00
Code Issues Releases Wiki Activity
Files
2146aa80096cdd813676e10c2bf836ccf8d9ed24
help/_articles/login-with-sso/configure-sso-oidc.md
fred_the_tech_writer 2146aa8009 Login with SSO Rev 1 (#233) 
* Login with SSO Rev Cycle 1

* Login with SSO Rev Cycle 1 Spot Check
2020-10-20 09:50:44 -04:00

3.7 KiB
Raw Blame History

layout, title, categories, featured, popular, tags, order
layout title categories featured popular tags order
article Configure Login with SSO (OIDC)
login-with-sso
false false
sso
oidc
openid
idp
identity
04

This article will guide you through the steps required to configure Login with SSO for OpenID Connect (OIDC) authentication.

In This Article

Step 1: Enabling Login with SSO

Complete the following steps to enable Login with SSO for OIDC authentication:

  1. In the Web Vault, navigate to your Organization and open the Settings tab.

  2. In the Identifier field, enter a unique identifier for your Organization.

    Don't forget to Save your identifier. Users will be required to enter this Identifier upon login.

  3. Navigate to the Business Portal.

    {% image /organizations/business-portal-button-overlay.png Business Portal button %}

  4. Select the Single Sign-On button.

  5. Check the Enabled checkbox.

  6. From the Type dropdown menu, select the OpenID Connect option.

After selecting OpenID Connect, this page will display a list of configuration fields you will need to configure.

Keep this page on-hand, as you will need the values of Callback Path and Signed Out Callback Path to complete Step 2.

Step 2: Configure Your IdP

Before you can complete your configuration settings, you must configure your IdP to receive requests from and send responses to Bitwarden.

{% comment %} PLACEHOLDER TO ADD PROVIDER SCREENSHOTS Configuration can vary provider-to-provider. Refer to the following samples for assistance:

When you've successfully set your IdP, return to the Bitwarden Business Portal to complete your OIDC configuration.

Step 3: OpenID Connect Configuration

Fields in this section should come from the configured values in Step 2: Configure your IdP.

Required fields will be marked. Failing to provide a value for a required field will cause your configuration to be rejected.

{% image /sso/sso-oidc.png OpenID Connect Configuration screen %}

Callback Path

The URL for Bitwarden authentication automatic redirect. This value will be automatically generated. For all Cloud-hosted instances, https://sso.bitwarden.com/oidc-signin. For self-hosted instances, domain is based on your configured Server URL.

Signed Out Callback Path

The URL for Bitwarden sign-out automatic redirect. This value will be automatically generated. For all Cloud-hosted instances, https://sso.bitwarden.com/oidc-signedout. For self-hosted instances, domain is based on your configured Server URL.

Authority (Required)

Your Identity Provider URL or the Authority that Bitwarden will perform authentication against.

Client ID (Required)

The Client identifier used for Bitwarden, as configured in your Identity Provider.

Client Secret (Required)

May be required depending on your IdP's configuration, needs, or requirements

A secret used in conjunction with Client ID to exchange for an authentication token.

Metadata Address (Required if Authority is not a valid URL)

Identity Provider information which Bitwarden will perform authentication against (e.g. Okta Metadata URI).

OIDC Redirect Behavior

Method used by the IdP to respond to Bitwarden authentication requests. Options include:

  • Form POST
  • Redirect GET

Get Claims From User Info Endpoint

Check this checkbox if you receive URI Too Long (HTTP 414) errors, truncated URLs, or failures during SSO.