Admin ConsoleDeploy Client Apps

Connect Managed Devices

When operating a self-hosted Bitwarden server in a business setting, administrators may want to centrally configure client application settings (particularly, Server URL) before deploying to users with an endpoint management platform. Settings are applied upon installation of the client application. These processes may also be helpful if you're using a Bitwarden Cloud EU server.

The process for doing so will be different for each client application:

Browser extensions

Chrome and Chromium

The following steps assume that users do not yet have the Bitwarden browser extension installed on their machines. If they do, they will need to reset to pre-configured settings, which they will be prompted to do when following this workflow:

To pre-configure environment URLs for Linux:

  1. Create one of the following directory structures if they do not already exist on your system:

    • For Chrome, /etc/opt/chrome/policies/managed/

    • For Chromium, /etc/opt/chromium/policies/managed/

  2. In the managed folder, create a bitwarden.json file with the following contents:

    Bash
    {
  "3rdparty": {
  "extensions": {
  "nngceckbapebfimnlniiiahkandclblb": {
      "environment": {
        "base": "https://my.bitwarden.server.com"
        }
      }
    }
  }
}

    The extension ID (nngceckbapebfimnlniiiahkandclblb) will vary depending on your installation method. You can find your extension ID by navigating to your browser's extension menu (for example, chrome://extensions).

    Most installations will only require the "base": URL, however some unique setups may require you to enter URLs for each service independently:

    Bash
    {
  "3rdparty": {
  "extensions": {
  "nngceckbapebfimnlniiiahkandclblb": {
      "environment": {
        "base": "https://my.bitwarden.server.com",
        "webVault": "https://my.bitwarden.server.com",
        "api": "https://my.bitwarden.server.com",
        "identity": "https://my.bitwarden.server.com",
        "icons": "https://my.bitwarden.server.com",
        "notifications": "https://my.bitwarden.server.com",
        "events": "https://my.bitwarden.server.com"
        }
      }
    }
  }
}

    note

    If you'll be using the Chrome or Chromium Web Store version of Bitwarden, you can follow these instructions to force install Bitwarden on end-user machines when you distribute managed policies. You can skip overlapping steps, like creating required directories.

  3. As you will need to deploy these files to users' machines, we recommend making sure only admins can write files in the /policies directory.

  4. Using your preferred software distribution or MDM tool, deploy the following to users' machines:

    • The Chrome or Chromium-based browser

    • /etc/opt/{chrome or chromium}/policies/managed/bitwarden.json

tip

For more help, refer to Google's Chrome Browser Quick Start for Linux guide.

Firefox

To pre-configure environment URLs for Linux:

  1. Create a directory /etc/firefox/policies:

    Bash
    mkdir -p /etc/firefox/policies

  2. As you will need to deploy this directory and the files in it to users' machines, we recommend making sure old admins can write files in the /policies directory:

    Bash
    chmod -R 755 /etc/firefox/policies

  3. Create a policies.json file in /etc/firefox/policies and add the following contents:

    Bash
    {
 "policies": {
    "3rdparty": {
      "Extensions": {
        "{446900e4-71c2-419f-a6a7-df9c091e268b}": {
          "environment": {
            "base": "https://my.bitwarden.server.com"
          }
        }
      }
    }
  }
}

    Most installations will only require the "base": URL, however some unique setups may require you to enter URLs for each service independently:

    Bash
    {
 "policies": {
    "3rdparty": {
      "Extensions": {
        "{446900e4-71c2-419f-a6a7-df9c091e268b}": {
          "environment": {
            "base": "https://my.bitwarden.server.com",
            "webVault": "https://my.bitwarden.server.com",
            "api": "https://my.bitwarden.server.com",
            "identity": "https://my.bitwarden.server.com",
            "icons": "https://my.bitwarden.server.com",
            "notifications": "https://my.bitwarden.server.com",
            "events": "https://my.bitwarden.server.com"
          }
        }
      }
    }
  }
}

  4. Using your preferred software distribution or MDM tool, deploy /etc/firefox/policies/policies.json to users' machines.

note

In order to centrally deploy the Bitwarden browser extension to EU servers, base and notifications must be set to the EU cloud. For example:

Plain Text
"base": "https://vault.bitwarden.eu"
"notifications": "https://notifications.bitwarden.eu"

If enabled correctly, user's browser extensions will display Logging in on: self-hosted but will still connect to bitwarden.eu.

Desktop apps

To centrally configure the Desktop app for deployment, first complete the following steps on a single workstation:

  1. Install the Desktop app. If you're using Windows, silently install Bitwarden as an administrator using installer.exe /allusers /S (see NSIS documentation).

  2. Navigate to the Desktop app's locally stored settings. This directory is different depending on your OS (e.g. %AppData%\Bitwarden on Windows, ~/Library/Application Support/Bitwarden on macOS). Find your directory.

  3. In the directory, open the data.json file.

  4. Edit data.json to configure the Desktop app as desired. In particular, create the following object to configure the app with your self-hosted Server URL:

    Bash
     "global_environment_environment": {
    "region": "Self-hosted",
    "urls": {
       "base": "self-host.com"
     }
  }
    tip

    Customers using Bitwarden cloud servers may instead set "region": to "US" or "EU" to connect to those servers.

  5. Once configured the way you want it, use your endpoint management solution of choice (like Jamf) to deploy the pre-configured Desktop app as a template.

    note

    As an alternative to manually configuring the data.json file, you can assign environmentUrls using the Bitwarden desktop app. Select your desired region using the desktop app GUI, then close the app and locate your data.json file in order to copy the environment variable information.

If users are experiencing graphics or performance issues, Bitwarden includes settings that can be adjusted to improve performance. See Password Manager FAQs.

Mobile apps

Most Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions allow administrators to pre-configure applications before deployment in a standard fashion. To pre-configure Bitwarden Mobile apps to use your self-hosted Server URL, construct the following Application Configuration:

Configuration Key

Value Type

Configuration Value

baseEnvironmentUrl

string

Your self-hosted Server URL, for example https://my.bitwarden.server.com.

Web app

For users of the web app, Bitwarden recommends using your endpoint, group policy, or mobile device management tool to setup a bookmark or desktop shortcut pointing to the appropriate web app URL (for example, https://vault.bitwarden.eu or your self-hosted server).

Learn how to deploy managed bookmarks using Google Admin Console.