The Bitwarden Blog

Enterprise passwordless SSO brings better productivity and user sign in experience for employees

RL
authored by:Ryan Luibrand
posted:
Link Copied!
  1. Blog
  2. Enterprise passwordless SSO brings better productivity and user sign in experience for employees

Bitwarden Password Manager and Bitwarden Secrets Manager are zero knowledge, end-to-end encrypted, meaning that only the customer can ever access their encrypted data. This provides total security, and as a result, Bitwarden applications behave differently than other SSO-enabled business apps.

When logging in there is both an authentication process, and a decryption process. These are handled simultaneously, but separately when a user logs in. When set up with an identity provider (IdP) service, it authenticates the user through SSO. Then the data is separately decrypted with the account encryption key and made available to the user.

SSO with trusted devices for ease, speed, and scale

SSO with trusted devices provides a passwordless login experience for users on registered, trusted devices. Now, all a user needs to access their encrypted data is to simply be authenticated with their SSO provider. An encryption key used as part of the decryption process is securely stored on the device, so once the SSO service authenticates the user, the device is able to decrypt the data without additional user input. For more information read: About Trusted Devices

How to use SSO with trusted devices

Enabling SSO with trusted devices as an admin

If your organization is already using the Login with SSO function with Bitwarden (IdP authenticates, users enter Bitwarden password), then turning on SSO with trusted devices is as simple as selecting Trusted devices on the Single sign-on configuration window in Settings in the web app. If you have never enabled SSO before, you’ll need to set it up using the guides on the Bitwarden help center. A few enterprise policies are required to be activated before setup. Detailed instructions are available here: Setup SSO with Trusted Devices.

With SSO with trusted devices, there is a workflow where it is possible for employees to create accounts without ever setting a Bitwarden password. This can be easier for onboarding purposes, but note that doing so limits account recovery options.

Getting started as a user

Once SSO with trusted devices has been turned on, all you need to do as a user is log into Bitwarden through SSO. You will be redirected to your SSO login, and once authenticated, the device that you logged into will become your first trusted device. You can confirm other devices with the mobile app or desktop app. For this reason it is recommended that you start with either of those two first before the web app or browser extension. Otherwise you can request an admin to approve your device as trusted. More information for getting started is available here: Add a Trusted Device

The login screen on the Bitwarden desktop application during login as a new device, showing the options to approve the login.
The login screen on the Bitwarden desktop application during login as a new device, showing the options to approve the login.
Once logged in, a notification shows that the device is now trusted.
Once logged in, a notification shows that the device is now trusted.

Using Bitwarden with SSO extends the added control and protection to every item in your Bitwarden vault, which may include non-SSO enabled applications. With SSO with trusted devices, users are able to access their vaults quickly, removing passwords and authentication as a barrier to productivity. If you’re looking to bring easy SSO integration to your business, visit bitwarden.com today to start a 7-day trial or reach out to the business sales team to discuss your needs!

SSOPasswordlessBusinessPassword Manager
Link Copied!
Back to Blog

Ready to see Bitwarden in action?

Start a Trial
Contact Sales

Level up your cybersecurity knowledge.

Subscribe to the newsletter.


© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here