Bitwarden Directory Connector is a standalone application that allows you to synchronize your Users and Groups from your LDAP directory to your Bitwarden Organization. This functionality is supported in current Teams and Enterprise Plans.
Bitwarden Directory Connector works with a variety of directory services such as:
Azure Active Directory
Google Workspace / G-Suite
Linking with a directory service (LDAP) is a great way to streamline user onboarding, organizing, and sharing. Deploying the Directory Connector application allows the current employee or team member onboarding processes to remain mostly unchanged, and preserves the existing organizational structure.
The Directory Connector tool also enables easy onboarding for new Bitwarden users. This is great for organizations of all sizes, who benefit by allowing Users added to a directory to receive an invitation to a Bitwarden Organization as soon as Directory Connector synchronization is run.
Most LDAP services are supported. For a complete list of those, along with examples, check out our help article.
A commonly asked question is whether or not this tool allows users to log in or authenticate with their LDAP credentials. The short answer is no, Directory Connector is simply a way to make sure that Users and Groups that are in your Organization’s directory are synchronized to your Bitwarden Organization.
Bitwarden Directory Connector also supports the synchronization of LDAP Groups. This is important because sharing through Bitwarden Collections is the most powerful and scalable when paired with user groups.
Assigning groups to specified Collections allow Administrators to understand the scope of sharing on a business-unit or functional level, instead of needing to perform individual audits for access.
The diagram below displays a general overview of a Bitwarden Organization and sharing best practices.
Large Organizations and those who may leverage extra Users and Grouping mechanisms in their LDAP directories can specify the Users and Groups that are synchronized into the Bitwarden Organization.
Users and Groups are related inside an LDAP directory, however, the user and group objects themselves are separate and are collected by the Directory Connector application independently.
This means that you can use filtering options to pull all LDAP Groups, except a group with component X.
However, this does not prevent Users in an LDAP Group with component X from being synchronized into Bitwarden; the group will simply not be added into Bitwarden, and those users will not be assigned to that group within the Bitwarden Organization.
The same principle applies to User synchronization. Synchronizing an LDAP Group with Bitwarden also allows excluding specific Users from that Group as well, based on the provided parameters.
Flexibility is key in User and Group management, as well as continuity of workflows. Bitwarden Directory Connector allows for maximum configuration.
When users are removed or disabled from your directory, this will trigger Bitwarden to remove them from your Organization and also remove access to any organizational data.
The Directory Connector application is available with a graphical interface for those who prefer to configure their apps on desktop machines, and a CLI variant for headless or desktop-less options.
Directory Connector currently supports the following platforms:
For full instructions on how to implement Bitwarden Directory Connector for your Organization and additional migration information, check out the following resources:
Check out our work and community contributions to Directory Connector on GitHub!
This blog was originally posted on January 1st, 2021 and updated on July 26th, 2021.