Managing users for large organizations can often be difficult. Most organizations of size rely on directory tools, such as Active Directory or GSuite, to help with this problem. User directories are an important part of user access control at any large company or organization.
Today we are happy to announce the release of our Enterprise plan for organizations that includes two important features to aid larger organizations: User groups & directory sync.
In addition to collections, groups are a new way for organizations to further control user access. After creating a user, you can assign that user to one or more groups. From the users listing (People) page, Select the Groups option for a particular user to make your group selections.
Access control for a group is done by assigning collections to a group (or vice versa). You can assign which collections a group can access by editing the group from the group listing page. Alternatively, edit a collection from the collections listing page to choose which groups can access it.
Organization users will only be able to access logins that belong to the groups that they are members of. If a user belongs to multiple groups, that user will be able to access logins from the union of all collections for their groups plus any individual collections that they have been assigned to.
Read more about user groups on our help site at: https://bitwarden.com/help/article/groups/
bitwarden supports syncing users and/or groups from outside directories through the use of the bitwarden Directory Connector tool.
The following directories are supported:
Azure Active Directory
Any other LDAP-based directory
The bitwarden Directory Connector is a windows-based console application (CLI) that allows you to keep your bitwarden organization and user directory in sync. Directory Connector can be run on-demand manually as well as automatically in the background on an configured interval through the use of the included windows service. The tool provides a console-based UI in addition to a full array of command line arguments.
You can install and run Directory Connector on the server that hosts your directory, an administrator's machine, or any other windows-based device than can access the directory.
As groups and users are added, modified, and removed from your directory, the changes will be automatically synced to your bitwarden organization.
You can read more about how to use Directory Connector on our help site at: https://bitwarden.com/help/article/directory-sync/
As with everything here at bitwarden, Directory Connector is open source software and is available on GitHub at: https://github.com/bitwarden/directory-connector
This is just the first iteration of many new features yet to come for bitwarden Enterprise organizations. In the future, expect more features such as on-premise hosting, user audit logs, and more.
As always, feel free to contact us if you have any questions.