Summary
This guide details the implementation of the Login with SSO feature for Bitwarden, which allows enterprise organizations to use their existing Identity Provider for user authentication via SAML 2.0 or Open ID Connect (OIDC) protocols. It explains the unique aspects of this solution, particularly its adherence to a zero-knowledge encryption model, ensuring that neither Bitwarden nor the Identity Provider has access to vault data. The guide outlines the necessity of entering a master password and email for decryption unless using trusted devices, which can utilize a device-stored encryption key. It also describes the deployment process, which includes configuring SSO, testing the user experience, and educating organization members on its use. Additionally, it highlights the flexibility of the solution to accommodate various enterprise needs and the options available for member decryption to ensure secure data access workflows.
