Configure OIDC for Bitwarden
This guide provides instructions on configuring OpenID Connect (OIDC) Single Sign-On (SSO) for the Bitwarden app.
Contents
Supported features
Bitwarden supports the following feature:
Prerequisites
- Ensure that you have an Okta admin role with permission to manage apps.
- Ensure that you have admin privileges in Bitwarden.
- Ensure that you have the Domain Value from Bitwarden.
Integrate the app in Okta
- In the Admin Console, go to Applications > Applications.
- Click Browse App Catalog.
- Search for and select the Bitwarden app.
- Click Add Integration.
- Click Next.
- Select the desired user or group assignments.
- Click Save.
- On the Sign On tab, copy your Client ID, Client secret, and your Okta org domain (for example, https://xyz.com).
If you're using Okta Identity Engine, the Sign On tab is called the Authentication tab.
Configure OIDC in Bitwarden
- Sign in to your Bitwarden account.
- Click the Admin Console, and click Settings.
- Go to the Single Sign-On section and enter the verified domain (for example, okta.com) into the SSO Identifier field.
- If a domain isn't yet established, go to the Claimed Domain section to complete the verification process.
- From the Type drop-down menu, select OpenID Connect.
- In the Authority field, enter your Okta org domain (for example, https://xyz.com), and enter the Client ID and Client secret.
- From the OIDC redirect behavior drop-down menu, select Redirect GET.
- Click Save.
Verify SP-initiated SSO
Go to https://vault.bitwarden.com/#/login. Enter the email address assigned to the Bitwarden app in Okta and click Use single sign-on. You're redirected to the sign-in page for your org. Enter your Okta credentials. You're signed in to Bitwarden.
See Okta OIDC.