Skip to main content

Okta

This guide will set up basic SSO auth using Okta. This is for testing ONLY and should not be linked to any production environment.

Prerequisites

  1. Bitwarden server set up and configured with the following server projects running:

    • Identity
    • API
    • SSO (located at server/bitwarden_license/src/Sso)

  2. Access to Development collection in your Bitwarden Vault

Steps

In your browser do the following steps to access Okta.

  1. Launch the "oktapreview.com" login item in the Development collection
  2. Log in using those credentials
  3. Expand the "Directory" section on the left menu panel
  4. Click "People"
  5. Click "Add Person" and create a profile for yourself
    • Use the same email as your local Bitwarden user
    • For the Password field, choose "Set by admin" and set a secure password
    • Uncheck "User must change password on first login"
  6. Click "Applications" in the top menu bar
  7. You should now see a list of our test apps. For the purpose of local testing, click the "Bitwarden Test 2" application. The Client Credentials and other information for this application will be listed, which you can use in the subsequent steps.

Open a separate browser tab to configure SSO in your local Bitwarden web vault.

  1. Log into your web vault and navigate to the organization you want to enable SSO for
  2. Click Settings for the organization and enter an Identifier. This should be unique - it can just be the organization name. Click Save.
  3. Go to Manage > Single Sign-On and input the following information:
TypeOpenId Connect
Authorityhttps://dev-836655.oktapreview.com
Client IDCopy from Okta
Client SecretCopy from Okta
OIDCS Redirect BehaviorRedirect GET
Get Claims From User Info Endpoint

You can now log in using SSO.

note

You must have your vault URL set in your client endpoints

Example configuration

Any fields not shown should be blank.