No organisations in android app

Hello,

This is how things are handled with the upstream Bitwarden project and as such Vaultwarden tries to match the intended behavior expected from the server.
The Org invite, and further the user acceptance is part of how the Org and user exchange encryption information, please see Bitwarden Security White Paper for more.

The third step of approving the user, I believe is a function added after the 2018 Security Code Assessment regarding the vulnerability BWN-01-008

Public key authentication via fingerprint (see #1 above) has been added to the confirmation step while
onboarding new users into an organization. Users can view and verify their fingerprint under their
account’s settings in various Bitwarden client applications. Going forward, we will continue to investigate
the possibility of implementing public key authentication for organization user onboarding in other
Bitwarden client applications, such as the desktop app, which are less susceptible to malicious server-
side attacks (see #2 above). This would make the authentication process of public keys returned by the
Bitwarden API server even safer.
Finally, it should be noted that users also have the ability to self-host the Bitwarden server on their own
trusted infrastructure which would remove the risks associated with this issue almost entirely.

As such this prompts the Org admin to confirm the users’ account fingerprint phrase to confirm the proper account is being accepting into the Organization.


Can you confirm if she is able to see them in the main web interface of her “personal” vault or only when she going into the “Organization Vault” view?
As long as she is assigned access to the Organization and the collections then those should show up in the personal vault and subsequently in the Android app.

If she is an Organization Owner or manager (I believe) then they will have access to the Organization and collections even if they are not “assigned” to the user to view, but will still not show up in the user’s personal vault view and the applications or browser extensions.
Hope this info helps :slight_smile:

1 Like