We’re using the latest version of Vaultwarden in a docker container on a Synology NAS. After creating an organization and inviting a user, I cannot confirm her as that option is not available. The user has accepted the invitation and her emailadress is verified.
At the organizations tab however, it’s stated that there are 2 users for this organization, which should indicate that she’s added to this organization. However, she can’t see it.
I’ve searched on the internet and the Bitwarden site, but I’ve no idea why this doesn;t work. Anyone any clue?
Just wanted to get some more specifics here, are you looking within the organization on the main webpage, or within the “organizations” tab in the /admin page?
Please see the provided link on how to invite, and accept users added to an organization via the webpage.
Thanks for the link, but I know how to invite a user.and have done that accordingly. It’s just that on the admin panel you see she’s verified and on the “normal” organization page you see her as a user, but you cannot select confirm in the dropdown (it isn’t there).
I’ll try creating some images to clarify and post them later.
If with admin panel you mean /admin, that has nothing to do with the org. Only if the email is verified.
On that same row you should also see if that person is part of an org at all.
You need to still invite a user to an org, that user needs to accept. And after that you should verify it via the org tab interface within the web-vault, not via /admin.
While preparing a test case I found the problem. I think it has to do with the email verification:
Invite a user that doesn’t exist yet in Vaultwarden.
The user gets an email inviting him/her for the organization and clicks on the link.
User creates a new account and gets a welcome email with a link for verifying his/her email.
After verifying, the user can login
At this moment the organization admin should be able to accept the user. However, that option is not available. Only after the user clicks again on the invitation link, that option will become visible.
I thought of disabling the verification of the email addresses, but that will still show a remark about verification on the right side when a user logs on.
Org admin is able to see test-user is in Invited status, and can only resend invite.
Org admin does not receive email verification of test-user being accepted to Org.
Just a note here, unfortunately as I only have the family plan for Bitwarden as of now I cannot determine if this is specific to Bitwarden’s own mechanisms or particular to Vaultwarden.
It seems regardless for now some process may need to be set up for this, and possibly end user training would be helpful.
Works as expected when user verifies email prior to initial login
If the user does not automatically get accepted into the Org due to initial login issue with email verification, user can select Org invite link from email after email successfully verified and account login successful.
User has already verified email address, and has selected Org invite email link again.
User will chose to Log in as account is already successfully created
Having 2FA enterprise policy enabled on the Org also helps as it provides some end user error message that prompts a user to interact with the user account and then re-click the Org invite email.
Plus you get the added benefit of ensuring 2FA for your users, which is just another additional step in the security space
Thanks for your elaborate answer. I had made many (simular) screen shots, but thought it would be too extensive here .2FA is definitely something to activate for all users, but I was first trying to get those invitations work. For which 2FA comes in handy as it seems!
.2FA is definitely something to activate for all users, but I was first trying to get those invitations work. For which 2FA comes in handy as it seems!