bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2025-12-16 00:03:41 +00:00
Code Issues Releases Wiki Activity
Files
e38132bcda16cc4ec0a2f5e0a8ab9ccf0424131a
help/_articles/login-with-sso/getting-started-with-sso.md
Trey Greer e38132bcda Release Help Site Update (#167) 
* added new categories for SSO and FAQs, updated existing policies article to refelect business portal

* more details for SSO config

* updated formatting for config articles

* add/edits from @cscharf

* added categories list to category landing page

* added security FAQ

* updated pricing and feature comparison tables for subscription article
2020-09-05 21:32:07 -04:00

5.2 KiB
Raw Blame History

layout, title, categories, featured, popular, tags
layout title categories featured popular tags
article Getting started with Login with SSO
login-with-sso
true false
sso
saml
oidc
openid
saml2.0
idp
identity

What is Login with SSO?

The Login with SSO feature allows you to use your existing Identity Provider to authenticate into Bitwarden. Login with SSO is available on the current Enterprise Plan.

Identity Server Requirements

  • Support for SAML 2.0
  • Support for OpenID Connect

Bitwarden API/ Server Requirements

  • Bitwarden Cloud services
  • Self-hosted Bitwarden Server v1.37+

Client requirements

  • Desktop version 1.21+
  • Browser extension version 1.46+
  • Mobile version 2.6+
  • Web version 2.16+
  • CLI version 1.12+ (CLI applications leveraging Login with SSO must run on systems with an available web browser)

Workflow

{%image /sso/sso-workflow.png Overview of Bitwarden Single Sign-On Workflow %}

General settings and configuration

To enable Login with SSO, youll need to log into the Bitwarden Web Vault and access your Organization.

Organization Identifier

When enabling Login with SSO, youll create an organization identifier, unique to your organization, that will allow the client to identify and connect to the right identity servers. This will be entered upon login.

Define the Organization Identifier inside the Organization Vault: Settings > My Organization.

{%image /sso/sso-orgid.png Overview of Bitwarden Single Sign-On Workflow %}

Once you have created your Organization Identifier from the Organization Settings page, youll select the link to the Business Portal.

{%image /sso/sso-business-portal.png Enter the new Business Portal to manage Organization settings %}

Within the Business Portal, youll see the option to enable and configure Login with SSO.

{%image /sso/sso-select.png Select your protocol %}

Click the checkbox to enable Single Sign-On and select the protocol for your Identity Provider.

{%note%} Depending on your Identity Provider and configuration, you may need to perform the creation of an additional API key or Application ID within the Identity service prior to enabling and configuring your Bitwarden Organization.

We recommend you maintain a distinct application ID or reference for Bitwarden within your Identity Server. {%endnote%}

SAML 2.0 Configuration

Bitwarden Login with SSO is configurable to work with your SAML 2.0 IdP - for details on configuration please use this article.

{%image /sso/sso-saml.png SAML 2.0 Configuration Options %}

Open ID Connect (OIDC) Configuration

Bitwarden Login with SSO is configurable to work with your OIDC IdP - for details on configuration please use this article.

{%image /sso/sso-oidc.png Open ID Connect Configuration Options %}

Logging In with SSO

Logging into your Bitwarden client using Login with SSO is accomplished by a few steps.

  1. Once your Bitwarden client app is installed, navigate to the login screen or window.
  2. Click or tap the Enterprise Single Sign-On button.
  3. Enter your Organization Identifier.
  4. A browser window will open, allowing you to enter your Single-Sign-On credentials and any other required authentication mechanisms.
  5. Upon successful login:
  • For existing accounts, you will be brought back into the Bitwarden application and prompted for your Master Password.
  • For new accounts, you will be prompted to create your Master Password and provide a password hint if desired.
  • The user is now logged into their Bitwarden account and is in accepted status within their organization.

{%note%} Users that register “Just-In-Time” or “on the fly” for their Organization will still need to be confirmed to access any shared Organization Items. For more information about managing and confirming users, visit our article here.

Users will also need to be assigned to any Groups and Collections.

Users that are created via Login with SSO will still be properly organized into their groups and collections if leveraging the Directory Connector. utility. {%endnote%}

FAQs

Q: What Plans offer Login with SSO?

A: Current Enterprise plans offer this feature. To upgrade from a Classic Enterprise plan to a current Enterprise offering, please contact us

Q: Will changing my SSO password affect my Master Password?

A: No, your Master Password will remain the same unless changed within the web Vault.

Q: Will this work with a self-hosted instance of Bitwarden?

A: Yes! It will work with self-hosted regardless of whether it is on-premise or in your own cloud, as long as your Identity server is reachable from the Bitwarden instance.

Q: Do I still need to use Bitwarden Directory Connector?

A: If you manually manage your Bitwarden Group and Collection assignments, there is no need to leverage the Directory Connector. However, if you would like to have Groups and users automatically synchronized, we recommended leveraging Login with SSO with Directory Connector for the most complete solution.