[EC-19] Update Organization Settings Page (#3251)

* [EC-19] Refactor existing organization settings components to its own module * [EC-19] Move SSO page to settings tab * [EC-19] Move Policies page to Settings tab Refactor Policy components into its own module * [EC-19] Move ImageSubscriptionHiddenComponent * [EC-19] Lazy load org settings module * [EC-19] Add SSO Id to SSO config view * [EC-19] Remove SSO identfier from org info page * [EC-19] Update org settings/policies to follow ADR-0011 * [EC-19] Update two-step login setup description * [EC-19] Revert nested policy components folder * [EC-19] Revert nested org setting components folder * [EC-19] Remove left over image component * [EC-19] Prettier * [EC-19] Fix missing i18n * [EC-19] Update SSO form to use CL * [EC-19] Remove unused SSO input components * [EC-19] Fix bad SSO locale identifier * [EC-19] Fix import order linting * [EC-19] Add explicit whitespace check for launch click directive * [EC-19] Add restricted import paths to eslint config * [EC-19] Tag deprecated field with Jira issue to cleanup in future release * [EC-19] Remove out of date comment * [EC-19] Move policy components to policies module * [EC-19] Remove dityRequired validator * [EC-19] Use explicit type for SSO config form * [EC-19] Fix rxjs linter errors * [EC-19] Fix RxJS eslint comments in org settings component * [EC-19] Use explicit ControlsOf<T> helper for nested SSO form groups. * [EC-19] Attribute source of ControlsOf<T> helper * [EC-19] Fix missing settings side nav links * [EC-19] Fix member/user language for policy modals
2025-12-14 23:33:31 +00:00 · 2022-09-27 14:40:04 -07:00
parent 38204bf4dd
commit 75965b080f
48 changed files with 750 additions and 641 deletions
--- a/apps/web/.eslintrc.json
+++ b/apps/web/.eslintrc.json
@@ -6,7 +6,13 @@
    "no-restricted-imports": [
      "error",
      {
-        "patterns": ["**/app/core/*", "**/reports/*", "**/app/shared/*"]
+        "patterns": [
+          "**/app/core/*",
+          "**/reports/*",
+          "**/app/shared/*",
+          "**/organizations/settings/*",
+          "**/organizations/policies/*"
+        ]
      }
    ]
  }
--- a/apps/web/src/app/app.component.ts
+++ b/apps/web/src/app/app.component.ts
@@ -27,15 +27,17 @@ import { SyncService } from "@bitwarden/common/abstractions/sync/sync.service.ab
 import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";

 import { PolicyListService, RouterService } from "./core";
-import { DisableSendPolicy } from "./organizations/policies/disable-send.component";
-import { MasterPasswordPolicy } from "./organizations/policies/master-password.component";
-import { PasswordGeneratorPolicy } from "./organizations/policies/password-generator.component";
-import { PersonalOwnershipPolicy } from "./organizations/policies/personal-ownership.component";
-import { RequireSsoPolicy } from "./organizations/policies/require-sso.component";
-import { ResetPasswordPolicy } from "./organizations/policies/reset-password.component";
-import { SendOptionsPolicy } from "./organizations/policies/send-options.component";
-import { SingleOrgPolicy } from "./organizations/policies/single-org.component";
-import { TwoFactorAuthenticationPolicy } from "./organizations/policies/two-factor-authentication.component";
+import {
+  DisableSendPolicy,
+  MasterPasswordPolicy,
+  PasswordGeneratorPolicy,
+  PersonalOwnershipPolicy,
+  RequireSsoPolicy,
+  ResetPasswordPolicy,
+  SendOptionsPolicy,
+  SingleOrgPolicy,
+  TwoFactorAuthenticationPolicy,
+} from "./organizations/policies";

 const BroadcasterSubscriptionId = "AppComponent";
 const IdleTimeout = 60000 * 10; // 10 minutes
--- a/apps/web/src/app/core/policy-list.service.ts
+++ b/apps/web/src/app/core/policy-list.service.ts
@@ -1,4 +1,4 @@
-import { BasePolicy } from "../organizations/policies/base-policy.component";
+import { BasePolicy } from "../organizations/policies";

 export class PolicyListService {
  private policies: BasePolicy[] = [];
--- a/apps/web/src/app/organizations/settings/image-subscription-hidden.component.svg
+++ b/apps/web/src/app/organizations/settings/image-subscription-hidden.component.svg
--- a/apps/web/src/app/organizations/settings/image-subscription-hidden.component.ts
+++ b/apps/web/src/app/organizations/settings/image-subscription-hidden.component.ts
--- a/apps/web/src/app/organizations/billing/organization-billing.module.ts
+++ b/apps/web/src/app/organizations/billing/organization-billing.module.ts
@@ -4,6 +4,7 @@ import { LooseComponentsModule } from "../../shared/loose-components.module";
 import { SharedModule } from "../../shared/shared.module";

 import { BillingSyncApiKeyComponent } from "./billing-sync-api-key.component";
+import { ImageSubscriptionHiddenComponent } from "./image-subscription-hidden.component";
 import { OrgBillingHistoryViewComponent } from "./organization-billing-history-view.component";
 import { OrganizationBillingRoutingModule } from "./organization-billing-routing.module";
 import { OrganizationBillingTabComponent } from "./organization-billing-tab.component";
@@ -14,6 +15,7 @@ import { OrganizationSubscriptionComponent } from "./organization-subscription.c
  declarations: [
    BillingSyncApiKeyComponent,
    OrganizationBillingTabComponent,
+    ImageSubscriptionHiddenComponent,
    OrganizationSubscriptionComponent,
    OrgBillingHistoryViewComponent,
  ],
--- a/apps/web/src/app/organizations/organization-routing.module.ts
+++ b/apps/web/src/app/organizations/organization-routing.module.ts
@@ -11,11 +11,7 @@ import {
  canAccessGroupsTab,
  canAccessMembersTab,
  canAccessOrgAdmin,
-  canAccessSettingsTab,
 } from "./navigation-permissions";
-import { AccountComponent } from "./settings/account.component";
-import { SettingsComponent } from "./settings/settings.component";
-import { TwoFactorSetupComponent } from "./settings/two-factor-setup.component";
 import { VaultModule } from "./vault/vault.module";

 const routes: Routes = [
@@ -34,18 +30,7 @@ const routes: Routes = [
      },
      {
        path: "settings",
-        component: SettingsComponent,
-        canActivate: [OrganizationPermissionsGuard],
-        data: { organizationPermissions: canAccessSettingsTab },
-        children: [
-          { path: "", pathMatch: "full", redirectTo: "account" },
-          { path: "account", component: AccountComponent, data: { titleId: "organizationInfo" } },
-          {
-            path: "two-factor",
-            component: TwoFactorSetupComponent,
-            data: { titleId: "twoStepLogin" },
-          },
-        ],
+        loadChildren: () => import("./settings").then((m) => m.OrganizationSettingsModule),
      },
      {
        path: "members",
--- a/apps/web/src/app/organizations/policies/index.ts
+++ b/apps/web/src/app/organizations/policies/index.ts
@@ -0,0 +1,12 @@
+export * from "./policies.module";
+export { BasePolicy, BasePolicyComponent } from "./base-policy.component";
+export { DisableSendPolicy } from "./disable-send.component";
+export { MasterPasswordPolicy } from "./master-password.component";
+export { PasswordGeneratorPolicy } from "./password-generator.component";
+export { PersonalOwnershipPolicy } from "./personal-ownership.component";
+export { RequireSsoPolicy } from "./require-sso.component";
+export { ResetPasswordPolicy } from "./reset-password.component";
+export { SendOptionsPolicy } from "./send-options.component";
+export { SingleOrgPolicy } from "./single-org.component";
+export { TwoFactorAuthenticationPolicy } from "./two-factor-authentication.component";
+export { PoliciesComponent } from "./policies.component";
--- a/apps/web/src/app/organizations/policies/policies.component.html
+++ b/apps/web/src/app/organizations/policies/policies.component.html
--- a/apps/web/src/app/organizations/policies/policies.component.ts
+++ b/apps/web/src/app/organizations/policies/policies.component.ts
@@ -10,7 +10,7 @@ import { Organization } from "@bitwarden/common/models/domain/organization";
 import { PolicyResponse } from "@bitwarden/common/models/response/policyResponse";

 import { PolicyListService } from "../../core";
-import { BasePolicy } from "../policies/base-policy.component";
+import { BasePolicy } from "../policies";

 import { PolicyEditComponent } from "./policy-edit.component";

--- a/apps/web/src/app/organizations/policies/policies.module.ts
+++ b/apps/web/src/app/organizations/policies/policies.module.ts
@@ -0,0 +1,46 @@
+import { NgModule } from "@angular/core";
+
+import { LooseComponentsModule, SharedModule } from "../../shared";
+
+import { DisableSendPolicyComponent } from "./disable-send.component";
+import { MasterPasswordPolicyComponent } from "./master-password.component";
+import { PasswordGeneratorPolicyComponent } from "./password-generator.component";
+import { PersonalOwnershipPolicyComponent } from "./personal-ownership.component";
+import { PoliciesComponent } from "./policies.component";
+import { PolicyEditComponent } from "./policy-edit.component";
+import { RequireSsoPolicyComponent } from "./require-sso.component";
+import { ResetPasswordPolicyComponent } from "./reset-password.component";
+import { SendOptionsPolicyComponent } from "./send-options.component";
+import { SingleOrgPolicyComponent } from "./single-org.component";
+import { TwoFactorAuthenticationPolicyComponent } from "./two-factor-authentication.component";
+
+@NgModule({
+  imports: [SharedModule, LooseComponentsModule],
+  declarations: [
+    DisableSendPolicyComponent,
+    MasterPasswordPolicyComponent,
+    PasswordGeneratorPolicyComponent,
+    PersonalOwnershipPolicyComponent,
+    RequireSsoPolicyComponent,
+    ResetPasswordPolicyComponent,
+    SendOptionsPolicyComponent,
+    SingleOrgPolicyComponent,
+    TwoFactorAuthenticationPolicyComponent,
+    PoliciesComponent,
+    PolicyEditComponent,
+  ],
+  exports: [
+    DisableSendPolicyComponent,
+    MasterPasswordPolicyComponent,
+    PasswordGeneratorPolicyComponent,
+    PersonalOwnershipPolicyComponent,
+    RequireSsoPolicyComponent,
+    ResetPasswordPolicyComponent,
+    SendOptionsPolicyComponent,
+    SingleOrgPolicyComponent,
+    TwoFactorAuthenticationPolicyComponent,
+    PoliciesComponent,
+    PolicyEditComponent,
+  ],
+})
+export class PoliciesModule {}
--- a/apps/web/src/app/organizations/policies/policy-edit.component.html
+++ b/apps/web/src/app/organizations/policies/policy-edit.component.html
--- a/apps/web/src/app/organizations/policies/policy-edit.component.ts
+++ b/apps/web/src/app/organizations/policies/policy-edit.component.ts
@@ -17,7 +17,7 @@ import { PolicyType } from "@bitwarden/common/enums/policyType";
 import { PolicyRequest } from "@bitwarden/common/models/request/policyRequest";
 import { PolicyResponse } from "@bitwarden/common/models/response/policyResponse";

-import { BasePolicy, BasePolicyComponent } from "../policies/base-policy.component";
+import { BasePolicy, BasePolicyComponent } from "../policies";

@Component({
  selector: "app-policy-edit",
--- a/apps/web/src/app/organizations/settings/account.component.html
+++ b/apps/web/src/app/organizations/settings/account.component.html
@@ -51,16 +51,6 @@
          [disabled]="selfHosted || !canManageBilling"
        />
      </div>
-      <div class="form-group">
-        <label for="identifier">{{ "identifier" | i18n }}</label>
-        <input
-          id="identifier"
-          class="form-control"
-          type="text"
-          name="Identifier"
-          [(ngModel)]="org.identifier"
-        />
-      </div>
    </div>
    <div class="col-6">
      <app-avatar data="{{ org.name }}" dynamic="true" size="75" fontSize="35"></app-avatar>
--- a/apps/web/src/app/organizations/settings/index.ts
+++ b/apps/web/src/app/organizations/settings/index.ts
@@ -0,0 +1,2 @@
+export * from "./organization-settings.module";
+export { DeleteOrganizationComponent } from "./delete-organization.component";
--- a/apps/web/src/app/organizations/settings/organization-settings-routing.module.ts
+++ b/apps/web/src/app/organizations/settings/organization-settings-routing.module.ts
@@ -0,0 +1,52 @@
+import { NgModule } from "@angular/core";
+import { RouterModule, Routes } from "@angular/router";
+
+import { Organization } from "@bitwarden/common/models/domain/organization";
+
+import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard";
+import { canAccessSettingsTab } from "../navigation-permissions";
+import { PoliciesComponent } from "../policies";
+
+import { AccountComponent } from "./account.component";
+import { SettingsComponent } from "./settings.component";
+import { TwoFactorSetupComponent } from "./two-factor-setup.component";
+
+const routes: Routes = [
+  {
+    path: "",
+    component: SettingsComponent,
+    canActivate: [OrganizationPermissionsGuard],
+    data: { organizationPermissions: canAccessSettingsTab },
+    children: [
+      { path: "", pathMatch: "full", redirectTo: "account" },
+      { path: "account", component: AccountComponent, data: { titleId: "organizationInfo" } },
+      {
+        path: "two-factor",
+        component: TwoFactorSetupComponent,
+        data: { titleId: "twoStepLogin" },
+      },
+      {
+        path: "policies",
+        component: PoliciesComponent,
+        canActivate: [OrganizationPermissionsGuard],
+        data: {
+          organizationPermissions: (org: Organization) => org.canManagePolicies,
+          titleId: "policies",
+        },
+      },
+      {
+        path: "tools",
+        loadChildren: () =>
+          import("../tools/import-export/org-import-export.module").then(
+            (m) => m.OrganizationImportExportModule
+          ),
+      },
+    ],
+  },
+];
+
+@NgModule({
+  imports: [RouterModule.forChild(routes)],
+  exports: [RouterModule],
+})
+export class OrganizationSettingsRoutingModule {}
--- a/apps/web/src/app/organizations/settings/organization-settings.module.ts
+++ b/apps/web/src/app/organizations/settings/organization-settings.module.ts
@@ -0,0 +1,27 @@
+import { NgModule } from "@angular/core";
+
+import { LooseComponentsModule, SharedModule } from "../../shared";
+import { PoliciesModule } from "../policies";
+
+import { AccountComponent } from "./account.component";
+import { AdjustSubscription } from "./adjust-subscription.component";
+import { ChangePlanComponent } from "./change-plan.component";
+import { DeleteOrganizationComponent } from "./delete-organization.component";
+import { DownloadLicenseComponent } from "./download-license.component";
+import { OrganizationSettingsRoutingModule } from "./organization-settings-routing.module";
+import { SettingsComponent } from "./settings.component";
+import { TwoFactorSetupComponent } from "./two-factor-setup.component";
+
+@NgModule({
+  imports: [SharedModule, LooseComponentsModule, PoliciesModule, OrganizationSettingsRoutingModule],
+  declarations: [
+    SettingsComponent,
+    AccountComponent,
+    AdjustSubscription,
+    ChangePlanComponent,
+    DeleteOrganizationComponent,
+    DownloadLicenseComponent,
+    TwoFactorSetupComponent,
+  ],
+})
+export class OrganizationSettingsModule {}
--- a/apps/web/src/app/organizations/settings/settings.component.html
+++ b/apps/web/src/app/organizations/settings/settings.component.html
@@ -7,14 +7,54 @@
          <a routerLink="account" class="list-group-item" routerLinkActive="active">
            {{ "organizationInfo" | i18n }}
          </a>
+          <a
+            routerLink="policies"
+            class="list-group-item"
+            routerLinkActive="active"
+            *ngIf="organization?.canManagePolicies"
+          >
+            {{ "policies" | i18n }}
+          </a>
          <a
            routerLink="two-factor"
            class="list-group-item"
            routerLinkActive="active"
-            *ngIf="access2fa"
+            *ngIf="organization?.use2fa"
          >
            {{ "twoStepLogin" | i18n }}
          </a>
+          <a
+            routerLink="tools/import"
+            class="list-group-item"
+            routerLinkActive="active"
+            *ngIf="organization?.canAccessImportExport"
+          >
+            {{ "importData" | i18n }}
+          </a>
+          <a
+            routerLink="tools/export"
+            class="list-group-item"
+            routerLinkActive="active"
+            *ngIf="organization?.canAccessImportExport"
+          >
+            {{ "exportVault" | i18n }}
+          </a>
+          <a
+            routerLink="sso"
+            class="list-group-item"
+            routerLinkActive="active"
+            *ngIf="organization?.canManageSso"
+          >
+            {{ "singleSignOn" | i18n }}
+          </a>
+          <a
+            routerLink="scim"
+            class="list-group-item"
+            routerLinkActive="active"
+            *ngIf="organization?.canManageScim"
+          >
+            {{ "scim" | i18n }}
+          </a>
        </div>
      </div>
    </div>
--- a/apps/web/src/app/organizations/settings/settings.component.ts
+++ b/apps/web/src/app/organizations/settings/settings.component.ts
@@ -1,30 +1,34 @@
-import { Component } from "@angular/core";
+import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
+import { Subject, switchMap, takeUntil } from "rxjs";

 import { OrganizationService } from "@bitwarden/common/abstractions/organization.service";
-import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
+import { Organization } from "@bitwarden/common/models/domain/organization";

@Component({
  selector: "app-org-settings",
  templateUrl: "settings.component.html",
 })
-// eslint-disable-next-line rxjs-angular/prefer-takeuntil
-export class SettingsComponent {
-  access2fa = false;
-  showBilling: boolean;
+export class SettingsComponent implements OnInit, OnDestroy {
+  organization: Organization;

-  constructor(
-    private route: ActivatedRoute,
-    private organizationService: OrganizationService,
-    private platformUtilsService: PlatformUtilsService
-  ) {}
+  private destroy$ = new Subject<void>();
+
+  constructor(private route: ActivatedRoute, private organizationService: OrganizationService) {}

  ngOnInit() {
-    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
-    this.route.parent.params.subscribe(async (params) => {
-      const organization = await this.organizationService.get(params.organizationId);
-      this.showBilling = !this.platformUtilsService.isSelfHost() && organization.canManageBilling;
-      this.access2fa = organization.use2fa;
-    });
+    this.route.params
+      .pipe(
+        switchMap(async (params) => await this.organizationService.get(params.organizationId)),
+        takeUntil(this.destroy$)
+      )
+      .subscribe((organization) => {
+        this.organization = organization;
+      });
+  }
+
+  ngOnDestroy(): void {
+    this.destroy$.next();
+    this.destroy$.complete();
  }
 }
--- a/apps/web/src/app/organizations/sponsorships/families-for-enterprise-setup.component.ts
+++ b/apps/web/src/app/organizations/sponsorships/families-for-enterprise-setup.component.ts
@@ -15,8 +15,8 @@ import { ProductType } from "@bitwarden/common/enums/productType";
 import { Organization } from "@bitwarden/common/models/domain/organization";
 import { OrganizationSponsorshipRedeemRequest } from "@bitwarden/common/models/request/organization/organizationSponsorshipRedeemRequest";

+import { DeleteOrganizationComponent } from "../../organizations/settings";
 import { OrganizationPlansComponent } from "../../settings/organization-plans.component";
-import { DeleteOrganizationComponent } from "../settings/delete-organization.component";

@Component({
  selector: "families-for-enterprise-setup",
--- a/apps/web/src/app/settings/two-factor-setup.component.html
+++ b/apps/web/src/app/settings/two-factor-setup.component.html
@@ -1,8 +1,17 @@
 <div class="tabbed-header">
-  <h1>{{ "twoStepLogin" | i18n }}</h1>
+  <h1 *ngIf="!organizationId">{{ "twoStepLogin" | i18n }}</h1>
+  <h1 *ngIf="organizationId">{{ "twoStepLoginEnforcement" | i18n }}</h1>
 </div>
 <p *ngIf="!organizationId">{{ "twoStepLoginDesc" | i18n }}</p>
-<p *ngIf="organizationId">{{ "twoStepLoginOrganizationDesc" | i18n }}</p>
+<ng-container *ngIf="organizationId">
+  <p>
+    {{ "twoStepLoginOrganizationDescStart" | i18n }}
+    <a routerLink="../policies">{{ "twoStepLoginPolicy" | i18n }}.</a>
+    <br />
+    {{ "twoStepLoginOrganizationDuoDesc" | i18n }}
+  </p>
+  <p>{{ "twoStepLoginOrganizationSsoDesc" | i18n }}</p>
+</ng-container>
 <bit-callout type="warning" *ngIf="!organizationId">
  <p>{{ "twoStepLoginRecoveryWarning" | i18n }}</p>
  <button bitButton buttonType="secondary" (click)="recoveryCode()">
@@ -55,7 +64,13 @@
    </div>
  </li>
 </ul>
-<form *ngIf="!loading" #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate>
+<form
+  *ngIf="!loading && !organizationId"
+  #form
+  (ngSubmit)="submit()"
+  [appApiAction]="formPromise"
+  ngNativeValidate
+>
  <div class="row">
    <div class="col-12">
      <h2 class="mt-5 spaced-header">
--- a/apps/web/src/app/shared/loose-components.module.ts
+++ b/apps/web/src/app/shared/loose-components.module.ts
@@ -42,29 +42,10 @@ import { GroupAddEditComponent as OrgGroupAddEditComponent } from "../organizati
 import { GroupsComponent as OrgGroupsComponent } from "../organizations/manage/groups.component";
 import { ManageComponent as OrgManageComponent } from "../organizations/manage/manage.component";
 import { PeopleComponent as OrgPeopleComponent } from "../organizations/manage/people.component";
-import { PoliciesComponent as OrgPoliciesComponent } from "../organizations/manage/policies.component";
-import { PolicyEditComponent as OrgPolicyEditComponent } from "../organizations/manage/policy-edit.component";
 import { ResetPasswordComponent as OrgResetPasswordComponent } from "../organizations/manage/reset-password.component";
 import { UserAddEditComponent as OrgUserAddEditComponent } from "../organizations/manage/user-add-edit.component";
 import { UserConfirmComponent as OrgUserConfirmComponent } from "../organizations/manage/user-confirm.component";
 import { UserGroupsComponent as OrgUserGroupsComponent } from "../organizations/manage/user-groups.component";
-import { DisableSendPolicyComponent } from "../organizations/policies/disable-send.component";
-import { MasterPasswordPolicyComponent } from "../organizations/policies/master-password.component";
-import { PasswordGeneratorPolicyComponent } from "../organizations/policies/password-generator.component";
-import { PersonalOwnershipPolicyComponent } from "../organizations/policies/personal-ownership.component";
-import { RequireSsoPolicyComponent } from "../organizations/policies/require-sso.component";
-import { ResetPasswordPolicyComponent } from "../organizations/policies/reset-password.component";
-import { SendOptionsPolicyComponent } from "../organizations/policies/send-options.component";
-import { SingleOrgPolicyComponent } from "../organizations/policies/single-org.component";
-import { TwoFactorAuthenticationPolicyComponent } from "../organizations/policies/two-factor-authentication.component";
-import { AccountComponent as OrgAccountComponent } from "../organizations/settings/account.component";
-import { AdjustSubscription } from "../organizations/settings/adjust-subscription.component";
-import { ChangePlanComponent } from "../organizations/settings/change-plan.component";
-import { DeleteOrganizationComponent } from "../organizations/settings/delete-organization.component";
-import { DownloadLicenseComponent } from "../organizations/settings/download-license.component";
-import { ImageSubscriptionHiddenComponent as OrgSubscriptionHiddenComponent } from "../organizations/settings/image-subscription-hidden.component";
-import { SettingsComponent as OrgSettingComponent } from "../organizations/settings/settings.component";
-import { TwoFactorSetupComponent as OrgTwoFactorSetupComponent } from "../organizations/settings/two-factor-setup.component";
 import { AcceptFamilySponsorshipComponent } from "../organizations/sponsorships/accept-family-sponsorship.component";
 import { FamiliesForEnterpriseSetupComponent } from "../organizations/sponsorships/families-for-enterprise-setup.component";
 import { ExposedPasswordsReportComponent as OrgExposedPasswordsReportComponent } from "../organizations/tools/exposed-passwords-report.component";
@@ -172,7 +153,6 @@ import { SharedModule } from ".";
    AddEditCustomFieldsComponent,
    AdjustPaymentComponent,
    AdjustStorageComponent,
-    AdjustSubscription,
    ApiKeyComponent,
    AttachmentsComponent,
    BillingSyncKeyComponent,
@@ -184,15 +164,11 @@ import { SharedModule } from ".";
    ChangeEmailComponent,
    ChangeKdfComponent,
    ChangePasswordComponent,
-    ChangePlanComponent,
    CollectionsComponent,
    CreateOrganizationComponent,
    DeauthorizeSessionsComponent,
    DeleteAccountComponent,
-    DeleteOrganizationComponent,
-    DisableSendPolicyComponent,
    DomainRulesComponent,
-    DownloadLicenseComponent,
    EmergencyAccessAddEditComponent,
    EmergencyAccessAttachmentsComponent,
    EmergencyAccessComponent,
@@ -206,11 +182,9 @@ import { SharedModule } from ".";
    FrontendLayoutComponent,
    HintComponent,
    LockComponent,
-    MasterPasswordPolicyComponent,
    NavbarComponent,
    NestedCheckboxComponent,
    OrganizationSwitcherComponent,
-    OrgAccountComponent,
    OrgAddEditComponent,
    OrganizationLayoutComponent,
    OrganizationPlansComponent,
@@ -230,14 +204,9 @@ import { SharedModule } from ".";
    OrgManageCollectionsComponent,
    OrgManageComponent,
    OrgPeopleComponent,
-    OrgPoliciesComponent,
-    OrgPolicyEditComponent,
    OrgResetPasswordComponent,
    OrgReusedPasswordsReportComponent,
-    OrgSettingComponent,
    OrgToolsComponent,
-    OrgTwoFactorSetupComponent,
-    OrgSubscriptionHiddenComponent,
    OrgUnsecuredWebsitesReportComponent,
    OrgUserAddEditComponent,
    OrgUserConfirmComponent,
@@ -245,12 +214,10 @@ import { SharedModule } from ".";
    OrgWeakPasswordsReportComponent,
    GeneratorComponent,
    PasswordGeneratorHistoryComponent,
-    PasswordGeneratorPolicyComponent,
    PasswordRepromptComponent,
    UserVerificationPromptComponent,
    PaymentComponent,
    PaymentMethodComponent,
-    PersonalOwnershipPolicyComponent,
    PreferencesComponent,
    PremiumBadgeComponent,
    PremiumComponent,
@@ -261,25 +228,20 @@ import { SharedModule } from ".";
    RecoverTwoFactorComponent,
    RegisterComponent,
    RemovePasswordComponent,
-    RequireSsoPolicyComponent,
-    ResetPasswordPolicyComponent,
    SecurityComponent,
    SecurityKeysComponent,
    SendAddEditComponent,
    SendComponent,
    SendEffluxDatesComponent,
-    SendOptionsPolicyComponent,
    SetPasswordComponent,
    SettingsComponent,
    ShareComponent,
-    SingleOrgPolicyComponent,
    SponsoredFamiliesComponent,
    SponsoringOrgRowComponent,
    SsoComponent,
    SubscriptionComponent,
    TaxInfoComponent,
    ToolsComponent,
-    TwoFactorAuthenticationPolicyComponent,
    TwoFactorAuthenticatorComponent,
    TwoFactorComponent,
    TwoFactorDuoComponent,
@@ -316,7 +278,6 @@ import { SharedModule } from ".";
    AddEditCustomFieldsComponent,
    AdjustPaymentComponent,
    AdjustStorageComponent,
-    AdjustSubscription,
    ApiKeyComponent,
    AttachmentsComponent,
    BulkActionsComponent,
@@ -327,15 +288,11 @@ import { SharedModule } from ".";
    ChangeEmailComponent,
    ChangeKdfComponent,
    ChangePasswordComponent,
-    ChangePlanComponent,
    CollectionsComponent,
    CreateOrganizationComponent,
    DeauthorizeSessionsComponent,
    DeleteAccountComponent,
-    DeleteOrganizationComponent,
-    DisableSendPolicyComponent,
    DomainRulesComponent,
-    DownloadLicenseComponent,
    EmergencyAccessAddEditComponent,
    EmergencyAccessAttachmentsComponent,
    EmergencyAccessComponent,
@@ -349,11 +306,9 @@ import { SharedModule } from ".";
    FrontendLayoutComponent,
    HintComponent,
    LockComponent,
-    MasterPasswordPolicyComponent,
    NavbarComponent,
    NestedCheckboxComponent,
    OrganizationSwitcherComponent,
-    OrgAccountComponent,
    OrgAddEditComponent,
    OrganizationLayoutComponent,
    OrganizationPlansComponent,
@@ -373,13 +328,9 @@ import { SharedModule } from ".";
    OrgManageCollectionsComponent,
    OrgManageComponent,
    OrgPeopleComponent,
-    OrgPoliciesComponent,
-    OrgPolicyEditComponent,
    OrgResetPasswordComponent,
    OrgReusedPasswordsReportComponent,
-    OrgSettingComponent,
    OrgToolsComponent,
-    OrgTwoFactorSetupComponent,
    OrgUnsecuredWebsitesReportComponent,
    OrgUserAddEditComponent,
    OrgUserConfirmComponent,
@@ -387,11 +338,9 @@ import { SharedModule } from ".";
    OrgWeakPasswordsReportComponent,
    GeneratorComponent,
    PasswordGeneratorHistoryComponent,
-    PasswordGeneratorPolicyComponent,
    PasswordRepromptComponent,
    PaymentComponent,
    PaymentMethodComponent,
-    PersonalOwnershipPolicyComponent,
    PreferencesComponent,
    PremiumBadgeComponent,
    PremiumComponent,
@@ -402,25 +351,20 @@ import { SharedModule } from ".";
    RecoverTwoFactorComponent,
    RegisterComponent,
    RemovePasswordComponent,
-    RequireSsoPolicyComponent,
-    ResetPasswordPolicyComponent,
    SecurityComponent,
    SecurityKeysComponent,
    SendAddEditComponent,
    SendComponent,
    SendEffluxDatesComponent,
-    SendOptionsPolicyComponent,
    SetPasswordComponent,
    SettingsComponent,
    ShareComponent,
-    SingleOrgPolicyComponent,
    SponsoredFamiliesComponent,
    SponsoringOrgRowComponent,
    SsoComponent,
    SubscriptionComponent,
    TaxInfoComponent,
    ToolsComponent,
-    TwoFactorAuthenticationPolicyComponent,
    TwoFactorAuthenticatorComponent,
    TwoFactorComponent,
    TwoFactorDuoComponent,
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -1288,11 +1288,24 @@
  "twoStepLogin": {
    "message": "Two-step login"
  },
+  "twoStepLoginEnforcement": {
+    "message": "Two-step Login Enforcement"
+  },
  "twoStepLoginDesc": {
    "message": "Secure your account by requiring an additional step when logging in."
  },
-  "twoStepLoginOrganizationDesc": {
-    "message": "Require two-step login for your organization's users by configuring providers at the organization level."
+  "twoStepLoginOrganizationDescStart": {
+    "message": "Enforce Bitwarden Two-step Login options for members by using the ",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Enforce Bitwarden Two-step Login options for members by using the Two-step Login Policy.'"
+  },
+  "twoStepLoginPolicy": {
+    "message": "Two-step Login Policy"
+  },
+  "twoStepLoginOrganizationDuoDesc": {
+    "message": "To enforce Two-step Login through Duo, use the options below."
+  },
+  "twoStepLoginOrganizationSsoDesc": {
+    "message": "If you have setup SSO or plan to, Two-step Login may already be enforced through your Identity Provider."
  },
  "twoStepLoginRecoveryWarning": {
    "message": "Enabling two-step login can permanently lock you out of your Bitwarden account. A recovery code allows you to access your account in the event that you can no longer use your normal two-step login provider (ex. you lose your device). Bitwarden support will not be able to assist you if you lose access to your account. We recommend you write down or print the recovery code and keep it in a safe place."
@@ -3687,6 +3700,12 @@
  "ssoIdentifierRequired": {
    "message": "Organization Identifier is required."
  },
+  "ssoIdentifier": {
+    "message": "SSO Identifier"
+  },
+  "ssoIdentifierHint": {
+    "message": "Provide this ID to your members to login with SSO."
+  },
  "unlinkSso": {
    "message": "Unlink SSO"
  },
@@ -4032,7 +4051,7 @@
    "description": "'Send' is a noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
  },
  "disableSendExemption": {
-    "message": "Organization users that can manage the organization's policies are exempt from this policy's enforcement."
+    "message": "Organization members that can manage the organization's policies are exempt from this policy's enforcement."
  },
  "sendDisabled": {
    "message": "Send disabled",
@@ -4051,7 +4070,7 @@
    "description": "'Sends' is a plural noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
  },
  "sendOptionsExemption": {
-    "message": "Organization users that can manage the organization's policies are exempt from this policy's enforcement."
+    "message": "Organization members that can manage the organization's policies are exempt from this policy's enforcement."
  },
  "disableHideEmail": {
    "message": "Always show member’s email address with recipients when creating or editing a send.",
@@ -4362,19 +4381,19 @@
    "message": "Allow admins to reset master passwords for members."
  },
  "resetPasswordPolicyWarning": {
-    "message": "Users in the organization will need to self-enroll or be auto-enrolled before administrators can reset their master password."
+    "message": "Members in the organization will need to self-enroll or be auto-enrolled before administrators can reset their master password."
  },
  "resetPasswordPolicyAutoEnroll": {
    "message": "Automatic Enrollment"
  },
  "resetPasswordPolicyAutoEnrollDescription": {
-    "message": "All users will be automatically enrolled in password reset once their invite is accepted and will not be allowed to withdraw."
+    "message": "All members will be automatically enrolled in password reset once their invite is accepted and will not be allowed to withdraw."
  },
  "resetPasswordPolicyAutoEnrollWarning": {
-    "message": "Users already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password."
+    "message": "Members already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password."
  },
  "resetPasswordPolicyAutoEnrollCheckbox": {
-    "message": "Require new users to be enrolled automatically"
+    "message": "Require new members to be enrolled automatically"
  },
  "resetPasswordAutoEnrollInviteWarning": {
    "message": "This organization has an enterprise policy that will automatically enroll you in password reset. Enrollment will allow organization administrators to change your master password."
@@ -5377,6 +5396,15 @@
      }
    }
  },
+  "inputMaxLength": {
+    "message": "Input must not exceed $COUNT$ characters in length.",
+    "placeholders": {
+      "count": {
+        "content": "$1",
+        "example": "20"
+      }
+    }
+  },
  "fieldsNeedAttention": {
    "message": "$COUNT$ field(s) above need your attention.",
    "placeholders": {