About Directory Connector
note
This article discusses only one of the available methods to invite users and manage your subscription’s seat count:
All organizations can manually invite users and update the seat count.
Teams and Enterprise organizations can use SCIM.
Teams and Enterprise organizations can use Directory Connector.
Enterprise organizations can use just-in-time (JIT).
The Bitwarden Directory Connector app:
Automatically provisions users, groups, and group associations in your Bitwarden organization by pulling from a selection of source directory services. Provisioned users will be issued invitations to join the organization, and can subsequently complete the acceptance and confirmation steps of the normal onboarding procedure.
Can be configured to remove users from your Bitwarden organization when they are disabled from the source directory. This won't delete their Bitwarden accounts, but they will lose all access to your organization.
Can be run on-demand or automatically on a configured interval.
Applications
Directory Connector is available as a cross-platform desktop app and as a command line interface (CLI). The desktop app and CLI share a database and configurations, so simultaneous use on a single machine is not recommended.
The recommended path is to complete configuration and testing using the desktop app, and subsequently using the CLI to schedule automatic syncing to your production organization.
Directory Connector can be installed on any desktop device that can access the source directory, including as an agent on the server that hosts your directory or on an administrator's workstation.
note
To use Directory Connector, you must have access to your organization API key which can only be retrieved by an organization owner and securely shared using Bitwarden Send.
Download
Download Directory Connector now:
Download the latest version of the Directory Connector desktop app from GitHub or using one of the following links:
As with everything at Bitwarden, Directory Connector is open source and hosted on GitHub at github.com/bitwarden/directory-connector.
Source directories
Directory Connector supports sync from the following sources:
Changing email addresses
note
Members of organizations using trusted devices cannot change their email address unless issued a master password with account recovery.
Members of organizations using Key Connector cannot change their email address. Members accounts will need to deleted and re-provisioned to accommodate an email address change. Remind users to export data prior to account deletion and re-import their data once provisioned with their new email address.
Members provisioned using Directory Connector are able to change their account email address in Bitwarden and in the source directory, however in order to do so:
First change the email address in Bitwarden by navigating to Settings → My account (learn more).
Once the email has been changed in Bitwarden, an administrator can change the user value on the directory.
Re-sync the directory to implement the changes.
note
If the user email address is updated and synced on the IdP or AD prior to updating the Bitwarden email, the updated email will be interpreted as a new user.