Bitwarden adds passwordless SSO function with universal compatibility
Bitwarden has announced a new single sign-on (SSO) offering that brings convenience and security to enterprise users, regardless of identity provider. Coming later in 2023, SSO with trusted devices presents another milestone offering for enterprises seeking secure and convenient passwordless authentication.
Integrating with any SAML 2.0 or OIDC based identity provider, the new solution gives employees the option to access their business applications through a trusted device, foregoing the need for usernames and passwords. And, backed by the Bitwarden promise of end-to-end and zero knowledge encryption, SSO with trusted devices upholds the highest levels of security for enterprise customers.
The new SSO with trusted devices imparts vault decryption to registered devices where each device or client is provisioned with its own encryption keys. This means that users do not need to enter a Bitwarden password when logging in after they are authenticated by the identity provider. New devices can be confirmed by a trusted device or through an administrator request.
SSO with trusted devices expands single sign-on methods offered by Bitwarden to provide flexibility in how enterprises manage user access and credentials. Businesses can choose between three types of SSO solutions based on their preference for how the process of decrypting a secure password vault takes place – keeping encryption keys with the user through a password, with the device, or managed on a centralized customer-owned server. These choices provide options for integrating a password manager with SSO security and convenience.
Bitwarden SSO integrations are compatible with all SAML 2.0 or Open ID Connect-based identity providers, allowing for easy integration into a businesses’ existing ID management infrastructure. This means that businesses using Azure AD, Okta, Google Workspace, or any other compatible platforms can easily leverage Bitwarden SSO functionality to ensure secure and convenient access to secured credentials, without needing to migrate to a specific identity provider’s platform.