Okta

Configure OIDC for Bitwarden

This guide provides instructions on configuring OpenID Connect (OIDC) Single Sign-On (SSO) for the Bitwarden app.

Contents


Supported features

Bitwarden supports the following feature:

Prerequisites

Integrate the app in Okta

  1. In the Admin Console, go to Applications > Applications.
  2. Click Browse App Catalog.
  3. Search for and select the Bitwarden app.
  4. Click Add Integration.
  5. Click Next.
  6. Select the desired user or group assignments.
  7. Click Save.
  8. On the Sign On tab, copy your Client ID, Client secret, and your Okta org domain (for example, https://xyz.com).
  9. If you're using Okta Identity Engine, the Sign On tab is called the Authentication tab.

Configure OIDC in Bitwarden

  1. Sign in to your Bitwarden account.
  2. Click the Admin Console, and click Settings.
  3. Go to the Single Sign-On section and enter the verified domain (for example, okta.com) into the SSO Identifier field.
  4. If a domain isn't yet established, go to the Claimed Domain section to complete the verification process.
  5. From the Type drop-down menu, select OpenID Connect.
  6. In the Authority field, enter your Okta org domain (for example, https://xyz.com), and enter the Client ID and Client secret.
  7. From the OIDC redirect behavior drop-down menu, select Redirect GET.
  8. Click Save.

Verify SP-initiated SSO

Go to https://vault.bitwarden.com/#/login. Enter the email address assigned to the Bitwarden app in Okta and click Use single sign-on. You're redirected to the sign-in page for your org. Enter your Okta credentials. You're signed in to Bitwarden.

Additional information

See Okta OIDC.