Hello everyone,
We are a SMB company that manages passwords for multiple customers. We’re currently transitioning from LastPass, which involved Single Sign-On (SSO) integration and shared folders and Azure groups for folder access control. My question is whether Vaultwarden can accommodate these requirements or if we should consider using a self-hosted Bitwarden solution instead?
SSO is not supported yet. There is an open PR but it probably still needs more work.
dani-garcia:main ← bmunro-peralex:sso-support
opened 02:33PM - 19 Jan 23 UTC
Based off previous work by @pinpox and @m4w0lf
https://github.com/dani-garcia/v… aultwarden/pull/2787
https://github.com/dani-garcia/vaultwarden/pull/2449
All config is now done in the environment variables, removed all unneeded calls.
Bitwarden removed the identify payload from the client so the first organization is always used when using a domain_hint
Currently Working:
- Login from all web clients using sso
- Creating MasterPassword on new SSO Login when no user exists.
Not Working:
- Joining Organization link never fires accept so user never accepts invite during SSO login, normal login after the first SSO login that creates the account works
*The above has a workaround that can be enabled to accept all invites on login*
How to test:
Add the following environment variables and have at least one organization created in your instance
`
SSO_ENABLED: "true"
SSO_CLIENT_ID: "111111111111111111111111111111111"
SSO_CLIENT_SECRET: "222222222222222222222222222222222222222222222"
SSO_AUTHORITY: "https://auth.example.com"
//Optional
SSO_ACCEPTALL_INVITES: "true"
`
The callback url currently is always:
Replace example.com with your vaultwarden domain.
https://example.com/identity/connect/oidc-signin
cksapp
August 22, 2023, 1:25am
3
Also if you aren’t aware the upstream Bitwarden project has a Bitwarden for MSPs plus the partner portal which I do not believe Vaultwarden offers.
Not entirely sure what the MSP aspect of it entails but just good points to consider as well.
1 Like
Yeah ok beside single sign on and we focus in functionality. Can we use vaultewarden as an SMB company with around 100 users, several departments and customer passwords ?