JPZone
October 10, 2021, 8:49pm
1
Is there a way where a user can not click “new organisation” and only admins can do that?
That is a bit difficult since when there are no orgs, everybody is a user.
You could do two things. Create a list of users who are allowed to create orgs.
## Vaultwarden Configuration File
## Uncomment any of the following lines to change the defaults
##
## Be aware that most of these settings will be overridden if they were changed
## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
## Main data folder
# DATA_FOLDER=data
## Database URL
## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
# DATABASE_URL=data/db.sqlite3
## When using MySQL, specify an appropriate connection URI.
## Details: https://docs.diesel.rs/diesel/mysql/struct.MysqlConnection.html
# DATABASE_URL=mysql://user:password@host[:port]/database_name
## When using PostgreSQL, specify an appropriate connection URI (recommended)
## or keyword/value connection string.
## Details:
## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html
## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
show original
Or with the latest testing image based upon the main branch contains single org option feature: Support single organization policy by domdomegg · Pull Request #1991 · dani-garcia/vaultwarden · GitHub (though, maybe not yet fully visible within the web-vault - Stop hiding single organization policy by domdomegg · Pull Request #50 · dani-garcia/bw_web_builds · GitHub )
JPZone
October 12, 2021, 7:20pm
3
Yeah, that’s what I want to have a list of users who can create an organisations.
cksapp
October 12, 2021, 8:16pm
4
How are you deploying Vaultwarden? If you use docker or docker-compose you can set the environment variable
ORG_CREATION_USERS=admin1@example.com,admin2@example.com
As described in
## Controls if new users from a list of comma-separated domains can register
## even if SIGNUPS_ALLOWED is set to false
# SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org
## Controls which users can create new orgs.
## Blank or 'all' means all users can create orgs (this is the default):
# ORG_CREATION_USERS=
## 'none' means no users can create orgs:
# ORG_CREATION_USERS=none
## A comma-separated list means only those users can create orgs:
# ORG_CREATION_USERS=admin1@example.com,admin2@example.com
## Token for the admin interface, preferably use a long random string
## One option is to use 'openssl rand -base64 48'
## If not set, the admin panel is disabled
# ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
## Enable this to bypass the admin panel security. This option is only
## meant to be used with the use of a separate auth layer in front
# DISABLE_ADMIN_TOKEN=false
If you have the admin page enabled with the environment variable
ADMIN_TOKEN=some_random_token_as_per_above_explanation
You can also set the list of users allowed to create organizations in the admin page with a comma separated list of emails, and save the config within the admin page.