Vault timeout asks for master password on SSO-only account. Intended behavior?
Edit: I was wrong my account was created with a master password. When accounts are created without one it just locks them out if they don't have a avalible unlock method such as biometric or pin.
I’m setting up Bitwarden Enterprise with SSO and trusted devices. My account was created/logged in using SSO, and I do not have a master password.
The issue I’m running into is that when the vault times out/locks, Bitwarden shows the normal unlock screen and requires a master password. Since this account does not have one, the only option that works is to log out completely and sign back in with SSO again.
Is this intended behavior?
I would expect there to be some kind of option for SSO-only/trusted device accounts, such as:
- Unlock with SSO again
- Approve the unlock from another trusted device
- Some other trusted device re-verification flow
But only showing a master password prompt does not really make sense for an account that was created without a master password.
Has anyone else run into this? Is there a setting I am missing, or is logging out and signing back in the expected workflow after vault timeout?