Admin ConsoleLogin with SSO

Domain Verification

Enterprise customers can verify domain ownership (eg. mycompany.com) for their organizations. Domain verification will allow organizations to associate a domain with their organization, supporting features such as automatic SSO action, allowing easier and faster login. Domains can be verified with a valid and unique-to-Bitwarden DNS TXT record.

Once a domain's ownership has been verified, users with that domain (eg. @mycompany.com) will be able to bypass the login with SSO step that would require the SSO identifier to be entered during login. Additionally, members of organizations that have verified a domain will have their email automatically verified when onboarded.

Verify a domain

In order to verify domain ownership, Bitwarden must verify that:

  • No other organization has verified the domain.

  • Your organization has ownership of the domain.

In order to verify ownership of the domain, Bitwarden will use a DNS TXT record. This DNS TXT record must be kept active and available at all times, as Bitwarden will continually check for it.

To verify a domain:

  1. Log in to the Bitwarden web app and open the Admin Console using the product switcher:

    Product switcher
    Product switcher
  2. Navigate to SettingsDomain verification:

    Domain verification
    Domain verification

  3. On the Domain verification screen you will see a list of active domains, along with status checks and options. If you have no active domains, select New domain.

  4. In the pop-up window, enter a Domain name.

    note

    Be sure that the format of the text entry does not include https:// or www..

  5. Copy the DNS TXT record and add it to your domain.

  6. Select Verify domain.

Managing domains

You can manage and view the status of your domains from the Domain verification page.

Verified domain
Verified domain

Select the domain name, or the menu located on the right side of the domain item if you wish to edit, or delete a domain.

The menu provides additional options to Copy DNS TXT records, and to manually verify domain if automatic verification was not successful during the new domain setup.

Domains will have a status of UNVERIFIED or VERIFIED.

warning

Bitwarden will attempt to verify the domain 3 times during the first 72 hours. If the domain has not been verified within 7 days after the 3rd attempt, the domain will be removed from your organization.

Domain setup activities will be logged in the organization event logs. To view events, navigate to ReportingEvent logs in the Admin Console.

Login

Now that your domain has been verified by your organization, you can login without an SSO identifier:

  1. Open the login page on your preferred Bitwarden client.

  2. Enter your email containing the domain that was verified (eg. @mydomain.com) and select Continue.

  3. Select Enterprise single sign-on.

  4. You will be redirected to your identity provider page, from here, use your SSO credentials to complete the login process.

Suggest changes to this page

How can we improve this page for you?
For technical, billing, and product questions, please contact support

Cloud Status

Check status

Level up your cybersecurity knowledge.

Subscribe to the newsletter.


© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here