Single Sign-On (SSO)
Setup and configuration
You can set up SSO for development using:
- a local IdP (recommended)
- Okta
Desktop client
note
This workaround may not be required - SSO may just work, even on a development build. Try it first!
The desktop client opens a browser to complete the SSO authentication flow. After you have
authenticated with the IdP, your browser will redirect to a bitwarden:// URI. This URI would
usually open the desktop client, however if your desktop client is not properly installed (e.g.
because you're running from source), this may not work. It will probably just open an empty Electron
window (or maybe the official release of the client if you have it installed).
You can work around this as follows:
- Navigate through the SSO flow until the browser window opens
- Open the developer tools and click on the "Network" tab
- Complete the sign on with the IdP
- When the Bitwarden client fails to launch, go back to the browser and click on the last network
request. The request should have been made to
localhostand start withcallback?client_id=desktop... - Copy the
locationURI from the Response Headers. It should start withbitwarden://sso-callback?code=. Here is an example:
- Go back to your desktop client and open the developer tools.
- Paste the following command into the console and press enter:
window.location.href = '<paste the URI here>' - Your desktop client should now complete the SSO login