Hello there!
We are facing an “issue” - more like an inconvenience that takes much longer than it probably could - where we need to invite a user to 30+ organizations.
Long story short, we use Vaultwarden as the company internal password manager. And we use organizations and folders extensively. In fact, it does cause the Bitwarden client to be a little laggy and odd - but it’s still fine. What is not fine, is that when we onboard a new employee, we have to manually add them to each individual organization one by one and flood their inbox with a bunch of invites.
Likewise, when we want to remove an organization and wish to soft-delete it (= making it inaccessible to everyone but keep it present for archival reasons) we have to remove each user one by one as well.
That is why I would like to request a bulk-management solution where:
- One user can be put into many orgs by the admin
- An org can be “soft-deleted” whereby either the status of all participants changes or all but the owner are removed
I was looking into the OIDC fork in order to possibly use our existing Keycloak instance to map groups to orgs and whatnot, but I am not very sure how stable that fork is - so, I opted not to do that. For now, anyway.
Is that a feasible option? And if not, is there a set of API endpoints I could use instead and just write a script that does that? It would be an alternative we could use - but I am very much not familiar with the API unfortunately.
Kind regards!
Most of these items seem to be client side items. Since the Vaultwarden doesn’t maintain the clients it is not something we can fix or add.
A soft delete of an organization might be possible i think, since there is a flag enabled if i remember correctly. That might be able to be added to our /admin interface.
Also, Vaultwarden does not support the Public API endpoints so those won’t help.
Maybe the Bitwarden cli serve function is an option?
1 Like
I also suffer from the tedious task of inviting new users to multiple organizations. From what I’ve gathered, official Bitwarden makes that easy if you let them host it. But Vaultwarden lacks that proprietary management feature and will likely never get it. I chalk it up to the “cost of being free”.
1 Like
To which feature are you referring too which Vaultwarden will most probably never get?
Also, have you checked the Directory Connector?
I’m referring to inviting users to multiple organizations easily. I never heard of the Directory Connector before, and it looks like that might solve the problem. I do have LDAP available. Hopefully this works efficiently across 50+ organizations.
1 Like
It will at least not be something which we will provide via a simple user interface i think. A seen, there are several other methods which could help.
1 Like
I just did, as it looked like the most promising. But I couldn’t find the proper client secret/id pair - the only one I could find was for my user for API access, but not for the whole instance. The tool asks for credentials for an organization - and my situation is that we have one Vaultwarden instance with a dozen organizations that new users need to be added to and remove dfrom.
That said, the LDAP Sync looks quite interesting on its own - would take away a bit of the manual labor in onboarding new people in terms of creating the account invite. This, however, does not solve the issue of “auto-joining” all the required orgs.
Thank you for the recommendations though, I will look more into those, maybe I can find my solution somewhere amidst them!
@techweenie If you do figure out how to configure Vaultwarden in BWDC, please share it so I can try it as well. Thank you!