Bitwarden, our pick as the best password manager for free, has now added Single Sign-On (SSO) support for trusted devices on its enterprise tiers, which allows users to access their vaults without a password.
On registered devices, users can access their encrypted vault data with SSO authentication alone, via their identity management software of choice. No longer is the Bitwarden master password required.
Even though the Bitwarden Password Manager and Bitwarden Secrets Manager are zero knowledge and end-to-end encrypted, an external SSO provider can still grant access without compromising these security and privacy measures, as the data is separately decrypted after the user is authenticated, using a key that is stored securely on device.
Trusted devices
For users already using the Login with SSO feature in Bitwarden - which still requires the Bitwarden master password to decrypt vault data - turning on the new SSO with trusted devices is simple: in the web app, there is an SSO configuration section in the settings, where the option to enable trusted devices will be found.
For organizations who have never used SSO with Bitwarden before, this will need to be set up first, and requires the activation of some enterprise policies first. Bitwarden has an online guide to explain what is needed.
The company also explains that SSO with trusted devices makes it, "possible for employees to create accounts without ever setting a Bitwarden password. This can be easier for onboarding purposes, but note that doing so limits account recovery options."
Once SSO with trusted devices is enabled, you'll be redirected to your SSO provider to login. Once authenticated, the device you are using will become trusted. Other devices can be confrmed as trusted using Bitwarden's mobile or desktop app. You can also send a request to your admin to approve devices too.
Bitwarden also notes that even items in your vault that pertain to non-SSO enabled applications can still be accessed via SSO with trusted devices. The new integration is available across various Bitwarden Password Manager and Secrets Manger clients on the enterprise plans, with Firefox support set to come soon.
