Login with SSO FAQs
This article contains frequently asked questions (FAQs) regarding login with SSO.
For more high-level information about login with SSO, refer to about login with SSO
A: Login with SSO allows your employees to use your existing identity provider (IdP) to authenticate their identities. What makes login with SSO unique compared to other tools is that it retains our end-to-end zero knowledge encryption model. Nobody at Bitwarden should have access to your vault data and, importantly, neither should your identity provider.
That’s why the Bitwarden login with SSO offering decouples authentication and decryption. Your IdP can confirm that Alice is, in fact, Alice, but cannot and should not have the tools to decrypt Alice’s vault. Only Alice can have that tool and, conveniently, it’s her master password!
In practice, that means that anytime an employee logs in to Bitwarden using SSO, they will need to use their master password to decrypt their vault, protecting your businesses’ critical credentials and secrets.