use env variable for apple id password

bump version
Merge pull request #78 from bitwarden/update-jslib-sso
2025-12-05 23:53:21 +00:00 · 2020-12-03 23:10:30 -05:00 · 2020-12-03 23:01:06 -05:00 · 2020-12-02 14:52:53 -05:00 · 2020-12-02 14:27:55 -05:00 · 2020-12-02 14:24:30 -05:00
73 changed files with 13550 additions and 6916 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -4,10 +4,14 @@ node_modules
 npm-debug.log
 vwd.webinfo
 dist/
+dist-cli/
+css/
 *.crx
 *.pem
+build-cli/
 build/
 yarn-error.log
 .DS_Store
 *.nupkg
 *.provisionprofile
+*.env
--- a/README.md
+++ b/README.md
@@ -14,9 +14,36 @@ Supported directories:

 The application is written using Electron with Angular and installs on Windows, macOS, and Linux distributions.

-<a href="https://bitwarden.com/#download"><img src="https://imgur.com/SLv9paA.png" width="500" height="113"></a>
+[![Platforms](https://imgur.com/SLv9paA.png "Windows, macOS, and Linux")](https://help.bitwarden.com/article/directory-sync/#download-and-install)

-# Build/Run
+![Directory Connector](https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/directory-connector-macos.png "Dashboard")
+
+## Command-line Interface
+
+A command-line interface tool is also available for the Bitwarden Directory Connector. The Directory Connector CLI (`bwdc`) is written with TypeScript and Node.js and can also be run on Windows, macOS, and Linux distributions.
+
+## CLI Documentation
+
+The Bitwarden Directory Connector CLI is self-documented with `--help` content and examples for every command. You should start exploring the CLI by using the global `--help` option:
+
+```bash
+bwdc --help
+```
+
+This option will list all available commands that you can use with the Directory Connector CLI.
+
+Additionally, you can run the `--help` option on a specific command to learn more about it:
+
+```
+bwdc test --help
+bwdc config --help
+```
+
+**Detailed Documentation**
+
+We provide detailed documentation and examples for using the Directory Connector CLI in our help center at https://help.bitwarden.com/article/directory-sync/#command-line-interface.
+
+## Build/Run

 **Requirements**

@@ -27,10 +54,26 @@ The application is written using Electron with Angular and installs on Windows,

 ```bash
 npm install
+npm run reset # Only necessary if you have previously run the CLI app
+npm run rebuild
 npm run electron
 ```

-# Contribute
+**Run the CLI**
+
+```bash
+npm install
+npm run reset # Only necessary if you have previously run the desktop app
+npm run build:cli:watch
+```
+
+You can then run commands from the `./build-cli` folder:
+
+```bash
+node ./build-cli/bwdc.js --help
+```
+
+## Contribute

 Code contributions are welcome! Please commit any pull requests against the `master` branch. Learn more about how to contribute by reading the [`CONTRIBUTING.md`](CONTRIBUTING.md) file.

--- a/appveyor.yml
+++ b/appveyor.yml
@@ -0,0 +1,162 @@
+image:
+- Visual Studio 2017
+- Ubuntu1804
+
+branches:
+  except:
+    - l10n_master
+
+environment:
+  WIN_PKG: C:\Users\appveyor\.pkg-cache\v2.5\fetched-v10.4.1-win-x64
+
+stack: node 10
+
+init:
+- ps: |
+    if($isWindows -and $env:DEBUG_RDP -eq "true") {
+      iex ((new-object net.webclient).DownloadString(`
+        'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
+    }
+- sh: sudo apt-get update
+- sh: sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm
+- ps: |
+    if($isWindows) {
+      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+      Install-Product node 10
+      $env:PATH = "C:\Program Files (x86)\Resource Hacker;${env:PATH}"
+    }
+    if($env:APPVEYOR_REPO_TAG -eq "true") {
+      $env:RELEASE_NAME = $env:APPVEYOR_REPO_TAG_NAME.TrimStart("v")
+    }
+
+install:
+- ps: |
+    $env:PACKAGE_VERSION = (Get-Content -Raw -Path .\src\package.json | ConvertFrom-Json).version
+    $env:PROD_DEPLOY = "false"
+    if($env:APPVEYOR_REPO_TAG -eq "true" -and $env:APPVEYOR_RE_BUILD -eq "True") {
+      $env:PROD_DEPLOY = "true"
+      echo "This is a production deployment."
+    }
+    if($isWindows) {
+      if(Test-Path -Path $env:WIN_PKG) {
+        $env:VER_INFO = "true"
+      }
+      choco install reshack --no-progress
+      choco install cloc --no-progress
+      choco install checksum --no-progress
+      cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
+      .\make-versioninfo.ps1
+    }
+- ps: |
+    if($isWindows) {
+      $keytarVersion = (Get-Content -Raw -Path .\src\package.json | ConvertFrom-Json).dependencies.keytar
+      $nodeModVersion = node -e "console.log(process.config.variables.node_module_version)"
+      $keytarTar = "keytar-v${keytarVersion}-node-v${nodeModVersion}-{0}-x64.tar"
+      $keytarTarGz = "${keytarTar}.gz"
+      $keytarUrl = "https://github.com/atom/node-keytar/releases/download/v${keytarVersion}/${keytarTarGz}"
+
+      New-Item -ItemType directory -Path .\keytar\macos | Out-Null
+      New-Item -ItemType directory -Path .\keytar\linux | Out-Null
+      New-Item -ItemType directory -Path .\keytar\windows | Out-Null
+
+      Invoke-RestMethod -Uri $($keytarUrl -f "darwin") -OutFile ".\keytar\macos\$($keytarTarGz -f "darwin")"
+      Invoke-RestMethod -Uri $($keytarUrl -f "linux") -OutFile ".\keytar\linux\$($keytarTarGz -f "linux")"
+      Invoke-RestMethod -Uri $($keytarUrl -f "win32") -OutFile ".\keytar\windows\$($keytarTarGz -f "win32")"
+
+      7z e ".\keytar\macos\$($keytarTarGz -f "darwin")" -o".\keytar\macos"
+      7z e ".\keytar\linux\$($keytarTarGz -f "linux")" -o".\keytar\linux"
+      7z e ".\keytar\windows\$($keytarTarGz -f "win32")" -o".\keytar\windows"
+
+      7z e ".\keytar\macos\$($keytarTar -f "darwin")" -o".\keytar\macos"
+      7z e ".\keytar\linux\$($keytarTar -f "linux")" -o".\keytar\linux"
+      7z e ".\keytar\windows\$($keytarTar -f "win32")" -o".\keytar\windows"
+    }
+
+before_build:
+- node --version
+- npm --version
+
+build_script:
+- cmd: |
+    if defined VER_INFO ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action delete -mask ICONGROUP,1,
+    if defined VER_INFO ResourceHacker -open version-info.rc -save version-info.res -action compile
+    if defined VER_INFO ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action addoverwrite -resource version-info.res
+- sh: npm install
+- sh: npm run rebuild
+- sh: npm run dist:lin
+- cmd: npm install
+- cmd: npm run rebuild
+- cmd: npm run dist:win:ci
+- cmd: npm run reset
+- cmd: npm run dist:cli
+- cmd: 7z a ./dist-cli/bwdc-windows-%PACKAGE_VERSION%.zip ./dist-cli/windows/bwdc.exe ./keytar/windows/keytar.node
+- cmd: 7z a ./dist-cli/bwdc-macos-%PACKAGE_VERSION%.zip ./dist-cli/macos/bwdc ./keytar/macos/keytar.node
+- cmd: 7z a ./dist-cli/bwdc-linux-%PACKAGE_VERSION%.zip ./dist-cli/linux/bwdc ./keytar/linux/keytar.node
+- ps: |
+    if($isWindows) {
+      Expand-Archive -Path "./dist-cli/bwdc-windows-${env:PACKAGE_VERSION}.zip" -DestinationPath "./test/windows"
+      $testVersion = Invoke-Expression '& ./test/windows/bwdc.exe -v'
+      if($testVersion -ne $env:PACKAGE_VERSION) {
+        Throw "Version test failed."
+      }
+    }
+- ps: |
+    if($isWindows) {
+      checksum -f="./dist-cli/bwdc-windows-${env:PACKAGE_VERSION}.zip" `
+        -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:PACKAGE_VERSION}.txt
+      checksum -f="./dist-cli/bwdc-macos-${env:PACKAGE_VERSION}.zip" `
+        -t sha256 | Out-File ./dist-cli/bwdc-macos-sha256-${env:PACKAGE_VERSION}.txt
+      checksum -f="./dist-cli/bwdc-linux-${env:PACKAGE_VERSION}.zip" `
+        -t sha256 | Out-File ./dist-cli/bwdc-linux-sha256-${env:PACKAGE_VERSION}.txt
+    }
+- ps: |
+    if($isLinux) {
+      Push-AppveyorArtifact ./dist/Bitwarden-Connector-${env:PACKAGE_VERSION}-x86_64.AppImage
+    }
+    else {
+      Push-AppveyorArtifact .\dist\Bitwarden-Connector-Portable-${env:PACKAGE_VERSION}.exe
+      Push-AppveyorArtifact .\dist\Bitwarden-Connector-Installer-${env:PACKAGE_VERSION}.exe
+      Push-AppveyorArtifact .\dist-cli\bwdc-windows-${env:PACKAGE_VERSION}.zip
+      Push-AppveyorArtifact .\dist-cli\bwdc-macos-${env:PACKAGE_VERSION}.zip
+      Push-AppveyorArtifact .\dist-cli\bwdc-linux-${env:PACKAGE_VERSION}.zip
+      Push-AppveyorArtifact .\dist-cli\bwdc-windows-sha256-${env:PACKAGE_VERSION}.txt
+      Push-AppveyorArtifact .\dist-cli\bwdc-macos-sha256-${env:PACKAGE_VERSION}.txt
+      Push-AppveyorArtifact .\dist-cli\bwdc-linux-sha256-${env:PACKAGE_VERSION}.txt
+    }
+
+on_finish:
+  - ps: |
+      if($isWindows -and $env:DEBUG_RDP -eq "true") {
+        $blockRdp = $true
+        iex ((new-object net.webclient).DownloadString(`
+          'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
+      }
+
+for:
+- 
+  matrix:
+    only:
+      - image: Visual Studio 2017
+  cache:
+  - '%LOCALAPPDATA%\electron'
+  - '%LOCALAPPDATA%\electron-builder'
+  - 'C:\Users\appveyor\.pkg-cache\'
+
+-
+  matrix:
+    only:
+      - image: Ubuntu1804
+  cache:
+  - '/home/appveyor/.cache/electron'
+  - '/home/appveyor/.cache/electron-builder'
+
+deploy:
+  tag: $(APPVEYOR_REPO_TAG_NAME)
+  release: $(RELEASE_NAME)
+  provider: GitHub
+  auth_token: $(GH_TOKEN)
+  artifact: /.*\.(zip|txt)/,
+  force_update: true
+  on:
+    branch: master
+    APPVEYOR_REPO_TAG: true
--- a/gulpfile.js
+++ b/gulpfile.js
@@ -0,0 +1,31 @@
+const gulp = require('gulp');
+const googleWebFonts = require('gulp-google-webfonts');
+const del = require('del');
+
+const paths = {
+    cssDir: './src/css/',
+};
+
+function clean() {
+    return del([paths.cssDir]);
+}
+
+function webfonts() {
+    return gulp.src('./webfonts.list')
+        .pipe(googleWebFonts({
+            fontsDir: 'webfonts',
+            cssFilename: 'webfonts.css',
+            format: 'woff',
+        }))
+        .pipe(gulp.dest(paths.cssDir));
+}
+
+// ref: https://github.com/angular/angular/issues/22524
+function cleanupAotIssue() {
+    return del(['./node_modules/@types/uglify-js/node_modules/source-map/source-map.d.ts']);
+}
+
+exports.clean = clean;
+exports.cleanupAotIssue = cleanupAotIssue;
+exports.webfonts = gulp.series(clean, webfonts);
+exports['prebuild:renderer'] = gulp.parallel(webfonts, cleanupAotIssue);;
--- a/2
+++ b/2
--- a/make-versioninfo.ps1
+++ b/make-versioninfo.ps1
@@ -0,0 +1,33 @@
+$major,$minor,$patch = $env:PACKAGE_VERSION.split('.')
+
+$versionInfo = @"
+
+1 VERSIONINFO
+FILEVERSION $major,$minor,$patch,0
+PRODUCTVERSION $major,$minor,$patch,0
+FILEOS 0x40004
+FILETYPE 0x1
+{
+BLOCK "StringFileInfo"
+{
+	BLOCK "040904b0"
+	{
+		VALUE "CompanyName", "Bitwarden Inc."
+		VALUE "ProductName", "Bitwarden"
+		VALUE "FileDescription", "Bitwarden Directory Connector CLI"
+		VALUE "FileVersion", "$env:PACKAGE_VERSION"
+		VALUE "ProductVersion", "$env:PACKAGE_VERSION"
+		VALUE "OriginalFilename", "bwdc.exe"
+		VALUE "InternalName", "bwdc"
+		VALUE "LegalCopyright", "Copyright Bitwarden Inc."
+	}
+}
+
+BLOCK "VarFileInfo"
+{
+	VALUE "Translation", 0x0409 0x04B0  
+}
+}
+"@
+
+$versionInfo | Out-File ./version-info.rc
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -9,7 +9,7 @@
    "vault",
    "password manager"
  ],
-  "author": "8bit Solutions LLC <hello@bitwarden.com> (https://bitwarden.com)",
+  "author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
  "homepage": "https://bitwarden.com",
  "repository": {
    "type": "git",
@@ -21,37 +21,61 @@
    "sub:update": "git submodule update --remote",
    "sub:pull": "git submodule foreach git pull origin master",
    "sub:commit": "npm run sub:pull && git commit -am \"update submodule\"",
-    "postinstall": "./node_modules/.bin/electron-rebuild && npm run sub:init",
+    "postinstall": "npm run sub:init",
+    "symlink:win": "rm -rf ./jslib && cmd /c mklink /J .\\jslib ..\\jslib",
+    "symlink:mac": "npm run symlink:lin",
+    "symlink:lin": "rm -rf ./jslib && ln -s ../jslib ./jslib",
+    "rebuild": "./node_modules/.bin/electron-rebuild",
+    "reset": "rimraf ./node_modules/keytar/* && npm install",
    "lint": "tslint src/**/*.ts || true",
    "lint:fix": "tslint src/**/*.ts --fix",
    "build": "concurrently -n Main,Rend -c yellow,cyan \"npm run build:main\" \"npm run build:renderer\"",
    "build:main": "webpack --config webpack.main.js",
-    "build:renderer": "webpack --config webpack.renderer.js",
-    "build:renderer:watch": "webpack --config webpack.renderer.js --watch",
+    "build:renderer": "gulp prebuild:renderer && webpack --config webpack.renderer.js",
+    "build:renderer:watch": "gulp prebuild:renderer && webpack --config webpack.renderer.js --watch",
+    "build:dist": "npm run reset && npm run rebuild && npm run build",
+    "build:cli": "webpack --config webpack.cli.js",
+    "build:cli:watch": "webpack --config webpack.cli.js --watch",
+    "build:cli:prod": "cross-env NODE_ENV=production webpack --config webpack.cli.js",
+    "build:cli:prod:watch": "cross-env NODE_ENV=production webpack --config webpack.cli.js --watch",
    "electron": "npm run build:main && concurrently -k -n Main,Rend -c yellow,cyan \"electron --inspect=5858 ./build --watch\" \"npm run build:renderer:watch\"",
    "clean:dist": "rimraf ./dist/*",
-    "pack:lin": "npm run clean:dist && build --linux --x64 -p never",
-    "pack:mac": "npm run clean:dist && build --mac -p never",
-    "pack:win": "npm run clean:dist && build --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"8bit Solutions LLC\"",
-    "pack:win:ci": "npm run clean:dist && build --win --x64 --ia32 -p never",
-    "dist:lin": "npm run build && npm run pack:lin",
-    "dist:mac": "npm run build && npm run pack:mac",
-    "dist:win": "npm run build && npm run pack:win",
+    "clean:dist:cli": "rimraf ./dist-cli/*",
+    "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never",
+    "pack:mac": "npm run clean:dist && electron-builder --mac -p never",
+    "pack:win": "npm run clean:dist && electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"8bit Solutions LLC\"",
+    "pack:win:ci": "npm run clean:dist && electron-builder --win --x64 --ia32 -p never",
+    "pack:cli": "npm run pack:cli:win | npm run pack:cli:mac | npm run pack:cli:lin",
+    "pack:cli:win": "pkg . --targets win-x64 --output ./dist-cli/windows/bwdc.exe",
+    "pack:cli:mac": "pkg . --targets macos-x64 --output ./dist-cli/macos/bwdc",
+    "pack:cli:lin": "pkg . --targets linux-x64 --output ./dist-cli/linux/bwdc",
+    "dist:lin": "npm run build:dist && npm run pack:lin",
+    "dist:mac": "npm run build:dist && npm run pack:mac",
+    "dist:win": "npm run build:dist && npm run pack:win",
    "dist:win:ci": "npm run build && npm run pack:win:ci",
-    "publish:lin": "npm run build && npm run clean:dist && build --linux --x64 -p always",
-    "publish:mac": "npm run build && npm run clean:dist && build --mac -p always",
-    "publish:win": "npm run build && npm run clean:dist && build --win --x64 --ia32 -p always -c.win.certificateSubjectName=\"8bit Solutions LLC\""
+    "dist:cli": "npm run build:cli:prod && npm run clean:dist:cli && npm run pack:cli",
+    "dist:cli:win": "npm run build:cli:prod && npm run clean:dist:cli && npm run pack:cli:win",
+    "dist:cli:mac": "npm run build:cli:prod && npm run clean:dist:cli && npm run pack:cli:mac",
+    "dist:cli:lin": "npm run build:cli:prod && npm run clean:dist:cli && npm run pack:cli:lin",
+    "publish:lin": "npm run build:dist && npm run clean:dist && electron-builder --linux --x64 -p always",
+    "publish:mac": "npm run build:dist && npm run clean:dist && electron-builder --mac -p always",
+    "publish:win": "npm run build:dist && npm run clean:dist && electron-builder --win --x64 --ia32 -p always -c.win.certificateSubjectName=\"8bit Solutions LLC\""
  },
  "build": {
    "appId": "com.bitwarden.directory-connector",
-    "copyright": "Copyright © 2015-2018 8bit Solutions LLC",
+    "copyright": "Copyright © 2015-2020 Bitwarden Inc.",
    "directories": {
      "buildResources": "resources",
      "output": "dist",
      "app": "build"
    },
+    "afterSign": "scripts/notarize.js",
    "mac": {
      "category": "public.app-category.productivity",
+      "gatekeeperAssess": false,
+      "hardenedRuntime": true,
+      "entitlements": "resources/entitlements.mac.plist",
+      "entitlementsInherit": "resources/entitlements.mac.plist",
      "target": [
        "dmg",
        "zip"
@@ -106,68 +130,100 @@
      "artifactName": "Bitwarden-Connector-${version}-${arch}.${ext}"
    }
  },
+  "bin": {
+    "bwdc": "./build-cli/bwdc.js"
+  },
+  "pkg": {
+    "assets": "./build-cli/**/*"
+  },
  "devDependencies": {
-    "@angular/compiler-cli": "5.2.0",
-    "@microsoft/microsoft-graph-types": "^1.2.0",
-    "@ngtools/webpack": "1.10.2",
-    "@types/keytar": "^4.0.1",
+    "@angular/compiler-cli": "^9.1.12",
+    "@microsoft/microsoft-graph-types": "^1.4.0",
+    "@ngtools/webpack": "^9.1.12",
+    "@types/commander": "^2.12.2",
+    "@types/form-data": "^2.2.1",
+    "@types/inquirer": "^0.0.43",
    "@types/ldapjs": "^1.0.3",
-    "@types/lunr": "2.1.5",
-    "@types/node": "8.0.19",
-    "@types/node-forge": "0.7.1",
-    "@types/webcrypto": "0.0.28",
-    "clean-webpack-plugin": "^0.1.17",
-    "concurrently": "3.5.1",
-    "copy-webpack-plugin": "^4.2.0",
-    "css-loader": "^0.28.7",
-    "electron": "1.8.4",
-    "electron-builder": "^20.8.1",
-    "electron-rebuild": "1.7.3",
-    "electron-reload": "1.2.2",
-    "extract-text-webpack-plugin": "^3.0.1",
-    "file-loader": "^1.1.5",
+    "@types/lowdb": "^1.0.5",
+    "@types/lunr": "^2.3.3",
+    "@types/node": "^10.17.28",
+    "@types/node-fetch": "^2.1.2",
+    "@types/node-forge": "^0.7.5",
+    "@types/papaparse": "^4.5.3",
+    "@types/semver": "^5.5.0",
+    "@types/source-map": "0.5.2",
+    "@types/webcrypto": "^0.0.28",
+    "@types/webpack": "^4.4.11",
+    "@types/zxcvbn": "4.4.0",
+    "clean-webpack-plugin": "^0.1.19",
+    "concurrently": "^4.0.1",
+    "copy-webpack-plugin": "^4.5.2",
+    "cross-env": "^5.2.0",
+    "css-loader": "^1.0.0",
+    "del": "^3.0.0",
+    "electron": "6.1.7",
+    "electron-builder": "22.4.0",
+    "electron-notarize": "^0.2.1",
+    "electron-rebuild": "^1.9.0",
+    "electron-reload": "^1.5.0",
+    "mini-css-extract-plugin": "^0.9.0",
+    "file-loader": "^2.0.0",
    "font-awesome": "4.7.0",
-    "google-fonts-webpack-plugin": "^0.4.4",
-    "html-loader": "^0.5.1",
-    "html-webpack-plugin": "^2.30.1",
+    "gulp": "^4.0.0",
+    "gulp-google-webfonts": "^2.0.0",
+    "html-loader": "^0.5.5",
+    "html-webpack-plugin": "^3.2.0",
+    "node-abi": "^2.9.0",
    "node-loader": "^0.6.0",
-    "node-sass": "^4.7.2",
+    "node-sass": "^4.13.1",
+    "pkg": "4.3.4",
    "rimraf": "^2.6.2",
-    "sass-loader": "^6.0.6",
-    "ts-loader": "^3.5.0",
-    "tslint": "^5.9.1",
-    "tslint-loader": "^3.5.3",
-    "typescript": "^2.7.1",
-    "webpack": "^3.10.0",
-    "webpack-merge": "^4.1.0",
-    "webpack-node-externals": "^1.6.0"
+    "sass-loader": "^7.1.0",
+    "ts-loader": "^7.0.5",
+    "tslint": "^5.12.1",
+    "tslint-loader": "^3.5.4",
+    "typescript": "3.8.3",
+    "webpack": "^4.29.0",
+    "webpack-cli": "^3.2.1",
+    "webpack-merge": "^4.2.1",
+    "webpack-node-externals": "^1.7.2"
  },
  "dependencies": {
-    "@angular/animations": "5.2.0",
-    "@angular/common": "5.2.0",
-    "@angular/compiler": "5.2.0",
-    "@angular/core": "5.2.0",
-    "@angular/forms": "5.2.0",
-    "@angular/http": "5.2.0",
-    "@angular/platform-browser": "5.2.0",
-    "@angular/platform-browser-dynamic": "5.2.0",
-    "@angular/router": "5.2.0",
-    "@angular/upgrade": "5.2.0",
-    "@microsoft/microsoft-graph-client": "1.0.0",
-    "@okta/okta-sdk-nodejs": "1.1.0",
-    "angular2-toaster": "4.0.2",
-    "angulartics2": "5.0.1",
-    "bootstrap": "4.1.0",
-    "core-js": "2.4.1",
-    "electron-log": "2.2.14",
+    "@angular/animations": "9.1.12",
+    "@angular/common": "9.1.12",
+    "@angular/compiler": "9.1.12",
+    "@angular/core": "9.1.12",
+    "@angular/forms": "9.1.12",
+    "@angular/platform-browser": "9.1.12",
+    "@angular/platform-browser-dynamic": "9.1.12",
+    "@angular/router": "9.1.12",
+    "@angular/upgrade": "9.1.12",
+    "@microsoft/microsoft-graph-client": "1.2.0",
+    "angular2-toaster": "8.0.0",
+    "angulartics2": "9.1.0",
+    "big-integer": "1.6.36",
+    "bootstrap": "4.3.1",
+    "chalk": "2.4.1",
+    "commander": "2.18.0",
+    "core-js": "2.6.2",
+    "duo_web_sdk": "git+https://github.com/duosecurity/duo_web_sdk.git",
+    "electron-log": "2.2.17",
    "electron-store": "1.3.0",
-    "electron-updater": "2.21.4",
-    "googleapis": "29.0.0",
-    "keytar": "4.1.0",
-    "ldapjs": "1.0.2",
-    "lunr": "2.1.6",
-    "node-forge": "0.7.1",
-    "rxjs": "5.5.6",
-    "zone.js": "0.8.19"
+    "electron-updater": "4.2.0",
+    "form-data": "2.3.2",
+    "googleapis": "43.0.0",
+    "https-proxy-agent": "4.0.0",
+    "inquirer": "6.2.0",
+    "keytar": "4.13.0",
+    "ldapjs": "git+https://git@github.com/kspearrin/node-ldapjs.git",
+    "lowdb": "1.0.0",
+    "lunr": "2.3.3",
+    "node-fetch": "2.2.0",
+    "node-forge": "0.7.6",
+    "open": "7.1.0",
+    "rxjs": "6.6.2",
+    "tslib": "^2.0.1",
+    "zone.js": "0.10.3",
+    "zxcvbn": "4.4.2"
  }
 }
--- a/resources/entitlements.mac.plist
+++ b/resources/entitlements.mac.plist
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+</dict>
+</plist>
--- a/scripts/notarize.js
+++ b/scripts/notarize.js
@@ -0,0 +1,18 @@
+require('dotenv').config();
+const { notarize } = require('electron-notarize');
+
+exports.default = async function notarizing(context) {
+    const { electronPlatformName, appOutDir } = context;
+    if (electronPlatformName !== 'darwin') {
+        return;
+    }
+    const appleId = process.env.APPLE_ID_USERNAME || process.env.APPLEID;
+    const appleIdPassword = process.env.APPLE_ID_PASSWORD || `@keychain:AC_PASSWORD`;
+    const appName = context.packager.appInfo.productFilename;
+    return await notarize({
+        appBundleId: 'com.bitwarden.directory-connector',
+        appPath: `${appOutDir}/${appName}.app`,
+        appleId: appleId,
+        appleIdPassword: appleIdPassword,
+    });
+};
--- a/src/app/accounts/environment.component.html
+++ b/src/app/accounts/environment.component.html
@@ -17,13 +17,19 @@
                </div>
                <h4>{{'customEnvironment' | i18n}}</h4>
                <p>{{'customEnvironmentFooter' | i18n}}</p>
+                <div class="form-group">
+                    <label for="webVaultUrl">{{'webVaultUrl' | i18n}}</label>
+                    <input id="webVaultUrl" type="text" name="WebVaultUrl" [(ngModel)]="webVaultUrl"
+                        class="form-control">
+                </div>
                <div class="form-group">
                    <label for="apiUrl">{{'apiUrl' | i18n}}</label>
                    <input id="apiUrl" type="text" name="ApiUrl" [(ngModel)]="apiUrl" class="form-control">
                </div>
                <div class="form-group">
                    <label for="identityUrl">{{'identityUrl' | i18n}}</label>
-                    <input id="identityUrl" type="text" name="IdentityUrl" [(ngModel)]="identityUrl" class="form-control">
+                    <input id="identityUrl" type="text" name="IdentityUrl" [(ngModel)]="identityUrl"
+                        class="form-control">
                </div>
            </div>
            <div class="modal-footer justify-content-start">
--- a/src/app/accounts/environment.component.ts
+++ b/src/app/accounts/environment.component.ts
@@ -1,10 +1,8 @@
 import { Component } from '@angular/core';

-import { ToasterService } from 'angular2-toaster';
-import { Angulartics2 } from 'angulartics2';
-
 import { EnvironmentService } from 'jslib/abstractions/environment.service';
 import { I18nService } from 'jslib/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';

 import { EnvironmentComponent as BaseEnvironmentComponent } from 'jslib/angular/components/environment.component';

@@ -13,8 +11,8 @@ import { EnvironmentComponent as BaseEnvironmentComponent } from 'jslib/angular/
    templateUrl: 'environment.component.html',
 })
 export class EnvironmentComponent extends BaseEnvironmentComponent {
-    constructor(analytics: Angulartics2, toasterService: ToasterService,
-        environmentService: EnvironmentService, i18nService: I18nService) {
-        super(analytics, toasterService, environmentService, i18nService);
+    constructor(environmentService: EnvironmentService, i18nService: I18nService,
+        platformUtilsService: PlatformUtilsService) {
+        super(platformUtilsService, environmentService, i18nService);
    }
 }
--- a/src/app/accounts/login.component.html
+++ b/src/app/accounts/login.component.html
@@ -9,22 +9,31 @@
                    <div class="card-body">
                        <div class="form-group">
                            <label for="email">{{'emailAddress' | i18n}}</label>
-                            <input id="email" type="text" name="Email" [(ngModel)]="email" class="form-control" appAutoFocus>
+                            <input id="email" type="text" name="Email" [(ngModel)]="email" class="form-control">
                        </div>
                        <div class="form-group">
                            <div class="row-main">
                                <label for="masterPassword">{{'masterPass' | i18n}}</label>
-                                <input id="masterPassword" type="password" name="MasterPassword" [(ngModel)]="masterPassword" class="form-control">
+                                <input id="masterPassword" type="password" name="MasterPassword"
+                                    [(ngModel)]="masterPassword" class="form-control">
                            </div>
                        </div>
-                        <button type="submit" class="btn btn-primary" [disabled]="form.loading">
-                            <i class="fa fa-spinner fa-fw fa-spin" [hidden]="!form.loading"></i>
-                            <i class="fa fa-sign-in fa-fw" [hidden]="form.loading"></i>
-                            {{'logIn' | i18n}}
-                        </button>
-                        <button type="button" class="btn btn-link" (click)="settings()">
-                            {{'settings' | i18n}}
-                        </button>
+                        <div class="d-flex">
+                            <div>
+                                <button type="submit" class="btn btn-primary" [disabled]="form.loading">
+                                    <i class="fa fa-spinner fa-fw fa-spin" [hidden]="!form.loading"></i>
+                                    <i class="fa fa-sign-in fa-fw" [hidden]="form.loading"></i>
+                                    {{'logIn' | i18n}}
+                                </button>
+                                <button type="button" class="btn btn-secondary ml-1" (click)="sso()">
+                                    <i class="fa fa-bank" aria-hidden="true"></i>
+                                    {{'enterpriseSingleSignOn' | i18n}}
+                                </button>
+                            </div>
+                            <button type="button" class="btn btn-link ml-auto" (click)="settings()">
+                                {{'settings' | i18n}}
+                            </button>
+                        </div>
                    </div>
                </div>
            </div>
--- a/src/app/accounts/login.component.ts
+++ b/src/app/accounts/login.component.ts
@@ -6,14 +6,16 @@ import {
 } from '@angular/core';
 import { Router } from '@angular/router';

-import { ToasterService } from 'angular2-toaster';
-import { Angulartics2 } from 'angulartics2';
-
 import { EnvironmentComponent } from './environment.component';

 import { AuthService } from 'jslib/abstractions/auth.service';
+import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';
+import { EnvironmentService } from 'jslib/abstractions/environment.service';
 import { I18nService } from 'jslib/abstractions/i18n.service';
-import { SyncService } from 'jslib/abstractions/sync.service';
+import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
+import { StateService } from 'jslib/abstractions/state.service';
+import { StorageService } from 'jslib/abstractions/storage.service';

 import { LoginComponent as BaseLoginComponent } from 'jslib/angular/components/login.component';
 import { ModalComponent } from 'jslib/angular/components/modal.component';
@@ -23,12 +25,18 @@ import { ModalComponent } from 'jslib/angular/components/modal.component';
    templateUrl: 'login.component.html',
 })
 export class LoginComponent extends BaseLoginComponent {
-    @ViewChild('environment', { read: ViewContainerRef }) environmentModal: ViewContainerRef;
+    @ViewChild('environment', { read: ViewContainerRef, static: true }) environmentModal: ViewContainerRef;

    constructor(authService: AuthService, router: Router,
-        analytics: Angulartics2, toasterService: ToasterService,
-        i18nService: I18nService, private componentFactoryResolver: ComponentFactoryResolver) {
-        super(authService, router, analytics, toasterService, i18nService);
+        i18nService: I18nService, private componentFactoryResolver: ComponentFactoryResolver,
+        storageService: StorageService, stateService: StateService,
+        platformUtilsService: PlatformUtilsService, environmentService: EnvironmentService,
+        passwordGenerationService: PasswordGenerationService, cryptoFunctionService: CryptoFunctionService) {
+        super(authService, router,
+            platformUtilsService, i18nService,
+            stateService, environmentService,
+            passwordGenerationService, cryptoFunctionService,
+            storageService);
        super.successRoute = '/tabs/dashboard';
    }

@@ -42,4 +50,8 @@ export class LoginComponent extends BaseLoginComponent {
            modal.close();
        });
    }
+
+    sso() {
+        return super.launchSsoBrowser('connector', 'bwdc://sso-callback');
+    }
 }
--- a/src/app/accounts/sso.component.html
+++ b/src/app/accounts/sso.component.html
@@ -0,0 +1,30 @@
+<div class="container-fluid">
+    <form #form (ngSubmit)="submit()" [appApiAction]="formPromise">
+        <div class="row justify-content-center">
+            <div class="col-md-8 col-lg-6">
+                <div class="card" *ngIf="!showMasterPassRedirect">
+                    <div class="card-body">
+                        <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                        {{'loading' | i18n}}
+                    </div>
+                </div>
+                <div class="card" *ngIf="showMasterPassRedirect">
+                    <h5 class="card-header">{{'setMasterPassword' | i18n}}</h5>
+                    <div class="card-body">
+                        <p class="text-center">{{'setMasterPasswordRedirect' | i18n}}</p>
+                        <hr>
+                        <div class="d-flex">
+                            <button type="button" class="btn btn-primary btn-block btn-submit"
+                                (click)="launchWebVault()">
+                                {{'launchWebVault' | i18n}}
+                            </button>
+                            <button type="button" class="btn btn-secondary btn-block ml-2 mt-0" (click)="logOut()">
+                                {{'logOut' | i18n}}
+                            </button>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </form>
+</div>
--- a/src/app/accounts/sso.component.ts
+++ b/src/app/accounts/sso.component.ts
@@ -0,0 +1,61 @@
+import { Component } from '@angular/core';
+
+import {
+    ActivatedRoute,
+    Router,
+} from '@angular/router';
+
+import { ApiService } from 'jslib/abstractions/api.service';
+import { AuthService } from 'jslib/abstractions/auth.service';
+import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';
+import { EnvironmentService } from 'jslib/abstractions/environment.service';
+import { I18nService } from 'jslib/abstractions/i18n.service';
+import { MessagingService } from 'jslib/abstractions/messaging.service';
+import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
+import { StateService } from 'jslib/abstractions/state.service';
+import { StorageService } from 'jslib/abstractions/storage.service';
+
+import { SsoComponent as BaseSsoComponent } from 'jslib/angular/components/sso.component';
+
+@Component({
+    selector: 'app-sso',
+    templateUrl: 'sso.component.html',
+})
+export class SsoComponent extends BaseSsoComponent {
+    showMasterPassRedirect: boolean = false;
+
+    constructor(authService: AuthService, router: Router,
+        i18nService: I18nService, route: ActivatedRoute,
+        storageService: StorageService, stateService: StateService,
+        platformUtilsService: PlatformUtilsService, apiService: ApiService,
+        cryptoFunctionService: CryptoFunctionService,
+        passwordGenerationService: PasswordGenerationService, private messagingService: MessagingService,
+        private environmentService: EnvironmentService) {
+        super(authService, router, i18nService, route, storageService, stateService, platformUtilsService,
+            apiService, cryptoFunctionService, passwordGenerationService);
+        this.successRoute = '/tabs/dashboard';
+        this.redirectUri = 'bwdc://sso-callback';
+        this.clientId = 'connector';
+        this.onSuccessfulLoginChangePasswordNavigate = this.redirectSetMasterPass;
+    }
+
+    async redirectSetMasterPass() {
+        this.showMasterPassRedirect = true;
+    }
+
+    launchWebVault() {
+        const webUrl = this.environmentService.webVaultUrl == null ? 'https://vault.bitwarden.com' :
+            this.environmentService.webVaultUrl;
+
+        this.platformUtilsService.launchUri(webUrl);
+    }
+
+    async logOut() {
+        const confirmed = await this.platformUtilsService.showDialog(this.i18nService.t('logOutConfirmation'),
+            this.i18nService.t('logOut'), this.i18nService.t('logOut'), this.i18nService.t('cancel'));
+        if (confirmed) {
+            this.messagingService.send('logout');
+        }
+    }
+}
--- a/src/app/accounts/two-factor-options.component.html
+++ b/src/app/accounts/two-factor-options.component.html
@@ -9,7 +9,7 @@
            </div>
            <div class="modal-body">
                <p *ngFor="let p of providers">
-                    <a href="#" (click)="choose(p)">
+                    <a href="#" appStopClick (click)="choose(p)">
                        <strong>{{p.name}}</strong>
                    </a>
                    <br /> {{p.description}}
--- a/src/app/accounts/two-factor-options.component.ts
+++ b/src/app/accounts/two-factor-options.component.ts
@@ -1,9 +1,6 @@
 import { Component } from '@angular/core';
 import { Router } from '@angular/router';

-import { ToasterService } from 'angular2-toaster';
-import { Angulartics2 } from 'angulartics2';
-
 import { AuthService } from 'jslib/abstractions/auth.service';
 import { I18nService } from 'jslib/abstractions/i18n.service';
 import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
@@ -18,8 +15,7 @@ import {
 })
 export class TwoFactorOptionsComponent extends BaseTwoFactorOptionsComponent {
    constructor(authService: AuthService, router: Router,
-        analytics: Angulartics2, toasterService: ToasterService,
        i18nService: I18nService, platformUtilsService: PlatformUtilsService) {
-        super(authService, router, analytics, toasterService, i18nService, platformUtilsService, window);
+        super(authService, router, i18nService, platformUtilsService, window);
    }
 }
--- a/src/app/accounts/two-factor.component.html
+++ b/src/app/accounts/two-factor.component.html
@@ -5,7 +5,8 @@
                <div class="card">
                    <h5 class="card-header">{{title}}</h5>
                    <div class="card-body">
-                        <ng-container *ngIf="selectedProviderType === providerType.Email || selectedProviderType === providerType.Authenticator">
+                        <ng-container
+                            *ngIf="selectedProviderType === providerType.Email || selectedProviderType === providerType.Authenticator">
                            <p *ngIf="selectedProviderType === providerType.Authenticator">
                                {{'enterVerificationCodeApp' | i18n}}
                            </p>
@@ -14,15 +15,17 @@
                            </p>
                            <div class="form-group">
                                <label for="code">{{'verificationCode' | i18n}}</label>
-                                <input id="code" type="text" name="Code" [(ngModel)]="token" appAutofocus class="form-control">
+                                <input id="code" type="text" name="Code" [(ngModel)]="token" appAutofocus
+                                    class="form-control">
                            </div>
                        </ng-container>
                        <ng-container *ngIf="selectedProviderType === providerType.Yubikey">
                            <p>{{'insertYubiKey' | i18n}}</p>
-                            <img src="../../images/yubikey.jpg" alt="">
+                            <p><img src="../../images/yubikey.jpg" class="img-fluid rounded" alt=""></p>
                            <div class="form-group">
                                <label for="code">{{'verificationCode' | i18n}}</label>
-                                <input id="code" type="password" name="Code" [(ngModel)]="token" appAutofocus class="form-control">
+                                <input id="code" type="password" name="Code" [(ngModel)]="token" appAutofocus
+                                    class="form-control">
                            </div>
                        </ng-container>
                        <ng-container *ngIf="selectedProviderType === providerType.Duo ||
@@ -31,13 +34,16 @@
                                <iframe id="duo_iframe"></iframe>
                            </div>
                        </ng-container>
-                        <div class="form-group" *ngIf="selectedProviderType !== null && selectedProviderType !== providerType.U2f">
+                        <div class="form-group"
+                            *ngIf="selectedProviderType != null && selectedProviderType !== providerType.U2f">
                            <div class="form-check">
-                                <input class="form-check-input" type="checkbox" id="remember" [(ngModel)]="remember" name="Remember">
+                                <input class="form-check-input" type="checkbox" id="remember" [(ngModel)]="remember"
+                                    name="Remember">
                                <label class="form-check-label" for="remember">{{'rememberMe' | i18n}}</label>
                            </div>
                        </div>
-                        <ng-container class="card-body" *ngIf="selectedProviderType === null || selectedProviderType === providerType.U2f">
+                        <ng-container class="card-body"
+                            *ngIf="selectedProviderType === null || selectedProviderType === providerType.U2f">
                            <p>{{'noTwoStepProviders' | i18n}}</p>
                            <p>{{'noTwoStepProviders2' | i18n}}</p>
                        </ng-container>
@@ -52,7 +58,8 @@
                </div>
                <div class="text-center mt-3">
                    <a href="#" appStopClick (click)="anotherMethod()">{{'useAnotherTwoStepMethod' | i18n}}</a>
-                    <a href="#" appStopClick (click)="sendEmail(true)" [appApiAction]="emailPromise" *ngIf="selectedProviderType === providerType.Email">
+                    <a href="#" appStopClick (click)="sendEmail(true)" [appApiAction]="emailPromise"
+                        *ngIf="selectedProviderType === providerType.Email">
                        {{'sendVerificationCodeEmailAgain' | i18n}}
                    </a>
                </div>
--- a/src/app/accounts/two-factor.component.ts
+++ b/src/app/accounts/two-factor.component.ts
@@ -5,10 +5,10 @@ import {
    ViewContainerRef,
 } from '@angular/core';

-import { Router } from '@angular/router';
-
-import { ToasterService } from 'angular2-toaster';
-import { Angulartics2 } from 'angulartics2';
+import {
+    ActivatedRoute,
+    Router,
+} from '@angular/router';

 import { TwoFactorOptionsComponent } from './two-factor-options.component';

@@ -19,7 +19,8 @@ import { AuthService } from 'jslib/abstractions/auth.service';
 import { EnvironmentService } from 'jslib/abstractions/environment.service';
 import { I18nService } from 'jslib/abstractions/i18n.service';
 import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
-import { SyncService } from 'jslib/abstractions/sync.service';
+import { StateService } from 'jslib/abstractions/state.service';
+import { StorageService } from 'jslib/abstractions/storage.service';

 import { ModalComponent } from 'jslib/angular/components/modal.component';
 import { TwoFactorComponent as BaseTwoFactorComponent } from 'jslib/angular/components/two-factor.component';
@@ -29,15 +30,19 @@ import { TwoFactorComponent as BaseTwoFactorComponent } from 'jslib/angular/comp
    templateUrl: 'two-factor.component.html',
 })
 export class TwoFactorComponent extends BaseTwoFactorComponent {
-    @ViewChild('twoFactorOptions', { read: ViewContainerRef }) twoFactorOptionsModal: ViewContainerRef;
+    @ViewChild('twoFactorOptions', { read: ViewContainerRef, static: true }) twoFactorOptionsModal: ViewContainerRef;

    constructor(authService: AuthService, router: Router,
-        analytics: Angulartics2, toasterService: ToasterService,
        i18nService: I18nService, apiService: ApiService,
        platformUtilsService: PlatformUtilsService, environmentService: EnvironmentService,
-        private componentFactoryResolver: ComponentFactoryResolver) {
-        super(authService, router, analytics, toasterService, i18nService, apiService,
-            platformUtilsService, window, environmentService);
+        private componentFactoryResolver: ComponentFactoryResolver, stateService: StateService,
+        storageService: StorageService, route: ActivatedRoute) {
+        super(authService, router, i18nService, apiService, platformUtilsService, window, environmentService,
+            stateService, storageService, route);
+    }
+
+    async ngOnInit() {
+        await super.ngOnInit();
        super.successRoute = '/tabs/dashboard';
    }

--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@@ -8,6 +8,7 @@ import { AuthGuardService } from './services/auth-guard.service';
 import { LaunchGuardService } from './services/launch-guard.service';

 import { LoginComponent } from './accounts/login.component';
+import { SsoComponent } from './accounts/sso.component';
 import { TwoFactorComponent } from './accounts/two-factor.component';
 import { DashboardComponent } from './tabs/dashboard.component';
 import { MoreComponent } from './tabs/more.component';
@@ -22,6 +23,7 @@ const routes: Routes = [
        canActivate: [LaunchGuardService],
    },
    { path: '2fa', component: TwoFactorComponent },
+    { path: 'sso', component: SsoComponent },
    {
        path: 'tabs',
        component: TabsComponent,
--- a/src/app/app.component.ts
+++ b/src/app/app.component.ts
@@ -1,24 +1,26 @@
 import {
+    BodyOutputType,
+    Toast,
    ToasterConfig,
    ToasterContainerComponent,
+    ToasterService,
 } from 'angular2-toaster';
+import { Angulartics2 } from 'angulartics2';
 import { Angulartics2GoogleAnalytics } from 'angulartics2/ga';

 import {
    Component,
    ComponentFactoryResolver,
    NgZone,
-    OnDestroy,
    OnInit,
+    SecurityContext,
    Type,
    ViewChild,
    ViewContainerRef,
 } from '@angular/core';
+import { DomSanitizer } from '@angular/platform-browser';
 import { Router } from '@angular/router';

-import { ToasterService } from 'angular2-toaster';
-import { Angulartics2 } from 'angulartics2';
-
 import { ModalComponent } from 'jslib/angular/components/modal.component';

 import { BroadcasterService } from 'jslib/angular/services/broadcaster.service';
@@ -27,14 +29,11 @@ import { ApiService } from 'jslib/abstractions/api.service';
 import { AuthService } from 'jslib/abstractions/auth.service';
 import { I18nService } from 'jslib/abstractions/i18n.service';
 import { MessagingService } from 'jslib/abstractions/messaging.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
 import { StateService } from 'jslib/abstractions/state.service';
 import { StorageService } from 'jslib/abstractions/storage.service';
 import { TokenService } from 'jslib/abstractions/token.service';
 import { UserService } from 'jslib/abstractions/user.service';

-import { ConstantsService } from 'jslib/services/constants.service';
-
 import { ConfigurationService } from '../services/configuration.service';
 import { SyncService } from '../services/sync.service';

@@ -49,7 +48,7 @@ const BroadcasterSubscriptionId = 'AppComponent';
        <router-outlet></router-outlet>`,
 })
 export class AppComponent implements OnInit {
-    @ViewChild('settings', { read: ViewContainerRef }) settingsRef: ViewContainerRef;
+    @ViewChild('settings', { read: ViewContainerRef, static: true }) settingsRef: ViewContainerRef;

    toasterConfig: ToasterConfig = new ToasterConfig({
        showCloseButton: true,
@@ -66,10 +65,12 @@ export class AppComponent implements OnInit {
        private tokenService: TokenService, private storageService: StorageService,
        private authService: AuthService, private router: Router, private analytics: Angulartics2,
        private toasterService: ToasterService, private i18nService: I18nService,
-        private platformUtilsService: PlatformUtilsService, private ngZone: NgZone,
+        private sanitizer: DomSanitizer, private ngZone: NgZone,
        private componentFactoryResolver: ComponentFactoryResolver, private messagingService: MessagingService,
        private configurationService: ConfigurationService, private syncService: SyncService,
-        private stateService: StateService, private apiService: ApiService) { }
+        private stateService: StateService, private apiService: ApiService) {
+        (window as any).BitwardenToasterService = toasterService;
+    }

    ngOnInit() {
        this.broadcasterService.subscribe(BroadcasterSubscriptionId, async (message: any) => {
@@ -123,6 +124,18 @@ export class AppComponent implements OnInit {

                        this.messagingService.send('scheduleNextDirSync');
                        break;
+                    case 'showToast':
+                        this.showToast(message);
+                        break;
+                    case 'analyticsEventTrack':
+                        this.analytics.eventTrack.next({
+                            action: message.action,
+                            properties: { label: message.label },
+                        });
+                        break;
+                    case 'ssoCallback':
+                        this.router.navigate(['sso'], { queryParams: { code: message.code, state: message.state } });
+                        break;
                    default:
                }
            });
@@ -164,4 +177,31 @@ export class AppComponent implements OnInit {
            this.modal = null;
        });
    }
+
+    private showToast(msg: any) {
+        const toast: Toast = {
+            type: msg.type,
+            title: msg.title,
+        };
+        if (typeof (msg.text) === 'string') {
+            toast.body = msg.text;
+        } else if (msg.text.length === 1) {
+            toast.body = msg.text[0];
+        } else {
+            let message = '';
+            msg.text.forEach((t: string) =>
+                message += ('<p>' + this.sanitizer.sanitize(SecurityContext.HTML, t) + '</p>'));
+            toast.body = message;
+            toast.bodyOutputType = BodyOutputType.TrustedHtml;
+        }
+        if (msg.options != null) {
+            if (msg.options.trustedHtml === true) {
+                toast.bodyOutputType = BodyOutputType.TrustedHtml;
+            }
+            if (msg.options.timeout != null && msg.options.timeout > 0) {
+                toast.timeout = msg.options.timeout;
+            }
+        }
+        this.toasterService.popAsync(toast);
+    }
 }
--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
@@ -15,11 +15,13 @@ import { BrowserAnimationsModule } from '@angular/platform-browser/animations';

 import { AppComponent } from './app.component';

+import { CalloutComponent } from 'jslib/angular/components/callout.component';
 import { IconComponent } from 'jslib/angular/components/icon.component';
 import { ModalComponent } from 'jslib/angular/components/modal.component';

 import { EnvironmentComponent } from './accounts/environment.component';
 import { LoginComponent } from './accounts/login.component';
+import { SsoComponent } from './accounts/sso.component';
 import { TwoFactorOptionsComponent } from './accounts/two-factor-options.component';
 import { TwoFactorComponent } from './accounts/two-factor.component';
 import { DashboardComponent } from './tabs/dashboard.component';
@@ -27,6 +29,7 @@ import { MoreComponent } from './tabs/more.component';
 import { SettingsComponent } from './tabs/settings.component';
 import { TabsComponent } from './tabs/tabs.component';

+import { A11yTitleDirective } from 'jslib/angular/directives/a11y-title.directive';
 import { ApiActionDirective } from 'jslib/angular/directives/api-action.directive';
 import { AutofocusDirective } from 'jslib/angular/directives/autofocus.directive';
 import { BlurClickDirective } from 'jslib/angular/directives/blur-click.directive';
@@ -45,19 +48,21 @@ import { SearchCiphersPipe } from 'jslib/angular/pipes/search-ciphers.pipe';
        FormsModule,
        AppRoutingModule,
        ServicesModule,
-        Angulartics2Module.forRoot([Angulartics2GoogleAnalytics], {
+        Angulartics2Module.forRoot({
            pageTracking: {
                clearQueryParams: true,
            },
        }),
-        ToasterModule,
+        ToasterModule.forRoot(),
    ],
    declarations: [
+        A11yTitleDirective,
        ApiActionDirective,
        AppComponent,
        AutofocusDirective,
        BlurClickDirective,
        BoxRowDirective,
+        CalloutComponent,
        DashboardComponent,
        EnvironmentComponent,
        FallbackSrcDirective,
@@ -68,6 +73,7 @@ import { SearchCiphersPipe } from 'jslib/angular/pipes/search-ciphers.pipe';
        MoreComponent,
        SearchCiphersPipe,
        SettingsComponent,
+        SsoComponent,
        StopClickDirective,
        StopPropDirective,
        TabsComponent,
--- a/src/app/dummy.module.ts
+++ b/src/app/dummy.module.ts
@@ -0,0 +1,16 @@
+import { NgModule } from '@angular/core';
+
+import { InputVerbatimDirective } from 'jslib/angular/directives/input-verbatim.directive';
+import { TrueFalseValueDirective } from 'jslib/angular/directives/true-false-value.directive';
+import { SearchPipe } from 'jslib/angular/pipes/search.pipe';
+
+@NgModule({
+    imports: [],
+    declarations: [
+        InputVerbatimDirective,
+        TrueFalseValueDirective,
+        SearchPipe,
+    ],
+})
+export class DummyModule {
+}
--- a/src/app/main.ts
+++ b/src/app/main.ts
@@ -5,8 +5,6 @@ import { isDev } from 'jslib/electron/utils';

 // tslint:disable-next-line
 require('../scss/styles.scss');
-// tslint:disable-next-line
-require('../../jslib/src/misc/duo.js');

 import { AppModule } from './app.module';

@@ -14,4 +12,4 @@ if (!isDev()) {
    enableProdMode();
 }

-platformBrowserDynamic().bootstrapModule(AppModule);
+platformBrowserDynamic().bootstrapModule(AppModule, { preserveWhitespaces: true });
--- a/src/app/services/services.module.ts
+++ b/src/app/services/services.module.ts
@@ -1,3 +1,5 @@
+import { remote } from 'electron';
+
 import {
    APP_INITIALIZER,
    NgModule,
@@ -10,7 +12,6 @@ import { ElectronPlatformUtilsService } from 'jslib/electron/services/electronPl
 import { ElectronRendererMessagingService } from 'jslib/electron/services/electronRendererMessaging.service';
 import { ElectronRendererSecureStorageService } from 'jslib/electron/services/electronRendererSecureStorage.service';
 import { ElectronStorageService } from 'jslib/electron/services/electronStorage.service';
-import { isDev } from 'jslib/electron/utils';

 import { AuthGuardService } from './auth-guard.service';
 import { LaunchGuardService } from './launch-guard.service';
@@ -32,6 +33,8 @@ import { ContainerService } from 'jslib/services/container.service';
 import { CryptoService } from 'jslib/services/crypto.service';
 import { EnvironmentService } from 'jslib/services/environment.service';
 import { NodeCryptoFunctionService } from 'jslib/services/nodeCryptoFunction.service';
+import { PasswordGenerationService } from 'jslib/services/passwordGeneration.service';
+import { PolicyService } from 'jslib/services/policy.service';
 import { StateService } from 'jslib/services/state.service';
 import { TokenService } from 'jslib/services/token.service';
 import { UserService } from 'jslib/services/user.service';
@@ -45,7 +48,11 @@ import { EnvironmentService as EnvironmentServiceAbstraction } from 'jslib/abstr
 import { I18nService as I18nServiceAbstraction } from 'jslib/abstractions/i18n.service';
 import { LogService as LogServiceAbstraction } from 'jslib/abstractions/log.service';
 import { MessagingService as MessagingServiceAbstraction } from 'jslib/abstractions/messaging.service';
+import {
+    PasswordGenerationService as PasswordGenerationServiceAbstraction,
+} from 'jslib/abstractions/passwordGeneration.service';
 import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from 'jslib/abstractions/platformUtils.service';
+import { PolicyService as PolicyServiceAbstraction } from 'jslib/abstractions/policy.service';
 import { StateService as StateServiceAbstraction } from 'jslib/abstractions/state.service';
 import { StorageService as StorageServiceAbstraction } from 'jslib/abstractions/storage.service';
 import { TokenService as TokenServiceAbstraction } from 'jslib/abstractions/token.service';
@@ -54,36 +61,37 @@ import { UserService as UserServiceAbstraction } from 'jslib/abstractions/user.s
 const logService = new ElectronLogService();
 const i18nService = new I18nService(window.navigator.language, './locales');
 const stateService = new StateService();
-const platformUtilsService = new ElectronPlatformUtilsService(i18nService, true);
 const broadcasterService = new BroadcasterService();
 const messagingService = new ElectronRendererMessagingService(broadcasterService);
-const storageService: StorageServiceAbstraction = new ElectronStorageService();
+const storageService: StorageServiceAbstraction = new ElectronStorageService(remote.app.getPath('userData'));
+const platformUtilsService = new ElectronPlatformUtilsService(i18nService, messagingService, false, storageService);
 const secureStorageService: StorageServiceAbstraction = new ElectronRendererSecureStorageService();
 const cryptoFunctionService: CryptoFunctionServiceAbstraction = new NodeCryptoFunctionService();
-const cryptoService = new CryptoService(storageService, secureStorageService, cryptoFunctionService);
+const cryptoService = new CryptoService(storageService, secureStorageService, cryptoFunctionService,
+    platformUtilsService);
 const appIdService = new AppIdService(storageService);
 const tokenService = new TokenService(storageService);
 const apiService = new ApiService(tokenService, platformUtilsService,
-    (expired: boolean) => messagingService.send('logout', { expired: expired }));
-const environmentService = new EnvironmentService(apiService, storageService);
+    async (expired: boolean) => messagingService.send('logout', { expired: expired }));
+const environmentService = new EnvironmentService(apiService, storageService, null);
 const userService = new UserService(tokenService, storageService);
-const containerService = new ContainerService(cryptoService, platformUtilsService);
+const containerService = new ContainerService(cryptoService);
 const authService = new AuthService(cryptoService, apiService, userService, tokenService, appIdService,
-    i18nService, platformUtilsService, messagingService, false);
+    i18nService, platformUtilsService, messagingService, null, false);
 const configurationService = new ConfigurationService(storageService, secureStorageService);
-const syncSevrice = new SyncService(configurationService, logService, cryptoFunctionService, apiService,
+const syncService = new SyncService(configurationService, logService, cryptoFunctionService, apiService,
    messagingService, i18nService);
+const passwordGenerationService = new PasswordGenerationService(cryptoService, storageService, null);
+const policyService = new PolicyService(userService, storageService);

 const analytics = new Analytics(window, () => true, platformUtilsService, storageService, appIdService);
 containerService.attachToWindow(window);
-environmentService.setUrlsFromStorage().then(() => {
-    // Do nothing
-});

 export function initFactory(): Function {
    return async () => {
+        await environmentService.setUrlsFromStorage();
        await i18nService.init();
-        await authService.init();
+        authService.init();
        const htmlEl = window.document.documentElement;
        htmlEl.classList.add('os_' + platformUtilsService.getDeviceString());
        htmlEl.classList.add('locale_' + i18nService.translationLocale);
@@ -134,7 +142,10 @@ export function initFactory(): Function {
        { provide: StateServiceAbstraction, useValue: stateService },
        { provide: LogServiceAbstraction, useValue: logService },
        { provide: ConfigurationService, useValue: configurationService },
-        { provide: SyncService, useValue: syncSevrice },
+        { provide: SyncService, useValue: syncService },
+        { provide: PasswordGenerationServiceAbstraction, useValue: passwordGenerationService },
+        { provide: CryptoFunctionServiceAbstraction, useValue: cryptoFunctionService },
+        { provide: PolicyServiceAbstraction, useValue: policyService },
        {
            provide: APP_INITIALIZER,
            useFactory: initFactory,
--- a/src/app/tabs/dashboard.component.html
+++ b/src/app/tabs/dashboard.component.html
@@ -14,7 +14,8 @@
            <strong *ngIf="syncRunning" class="text-success">{{'running' | i18n}}</strong>
            <strong *ngIf="!syncRunning" class="text-danger">{{'stopped' | i18n}}</strong>
        </p>
-        <button #startBtn (click)="start()" [appApiAction]="startPromise" class="btn btn-primary" [disabled]="startBtn.loading">
+        <button #startBtn (click)="start()" [appApiAction]="startPromise" class="btn btn-primary"
+            [disabled]="startBtn.loading">
            <i class="fa fa-play fa-fw" [hidden]="startBtn.loading"></i>
            <i class="fa fa-spinner fa-fw fa-spin" [hidden]="!startBtn.loading"></i>
            {{'startSync' | i18n}}
@@ -23,7 +24,8 @@
            <i class="fa fa-stop fa-fw"></i>
            {{'stopSync' | i18n}}
        </button>
-        <button #syncBtn (click)="sync()" [appApiAction]="syncPromise" class="btn btn-primary" [disabled]="syncBtn.loading">
+        <button #syncBtn (click)="sync()" [appApiAction]="syncPromise" class="btn btn-primary"
+            [disabled]="syncBtn.loading">
            <i class="fa fa-refresh fa-fw" [ngClass]="{'fa-spin': syncBtn.loading}"></i>
            {{'syncNow' | i18n}}
        </button>
@@ -33,7 +35,8 @@
    <h3 class="card-header">{{'testing' | i18n}}</h3>
    <div class="card-body">
        <p>{{'testingDesc' | i18n}}</p>
-        <button #simBtn (click)="simulate()" [appApiAction]="simPromise" class="btn btn-primary" [disabled]="simBtn.loading">
+        <button #simBtn (click)="simulate()" [appApiAction]="simPromise" class="btn btn-primary"
+            [disabled]="simBtn.loading">
            <i class="fa fa-spinner fa-fw fa-spin" [hidden]="!simBtn.loading"></i>
            <i class="fa fa-bug fa-fw" [hidden]="simBtn.loading"></i>
            {{'testNow' | i18n}}
--- a/src/app/tabs/dashboard.component.ts
+++ b/src/app/tabs/dashboard.component.ts
@@ -12,18 +12,17 @@ import { I18nService } from 'jslib/abstractions/i18n.service';
 import { MessagingService } from 'jslib/abstractions/messaging.service';
 import { StateService } from 'jslib/abstractions/state.service';

-import { AzureDirectoryService } from '../../services/azure-directory.service';
-import { GSuiteDirectoryService } from '../../services/gsuite-directory.service';
-import { LdapDirectoryService } from '../../services/ldap-directory.service';
 import { SyncService } from '../../services/sync.service';

-import { Entry } from '../../models/entry';
 import { GroupEntry } from '../../models/groupEntry';
+import { SimResult } from '../../models/simResult';
 import { UserEntry } from '../../models/userEntry';
 import { ConfigurationService } from '../../services/configuration.service';

 import { BroadcasterService } from 'jslib/angular/services/broadcaster.service';

+import { ConnectorUtils } from '../../utils';
+
 const BroadcasterSubscriptionId = 'DashboardComponent';

@Component({
@@ -36,7 +35,7 @@ export class DashboardComponent implements OnInit, OnDestroy {
    simEnabledUsers: UserEntry[] = [];
    simDisabledUsers: UserEntry[] = [];
    simDeletedUsers: UserEntry[] = [];
-    simPromise: Promise<any>;
+    simPromise: Promise<SimResult>;
    simSinceLast: boolean = false;
    syncPromise: Promise<[GroupEntry[], UserEntry[]]>;
    startPromise: Promise<any>;
@@ -103,63 +102,18 @@ export class DashboardComponent implements OnInit, OnDestroy {
        this.simDisabledUsers = [];
        this.simDeletedUsers = [];

-        this.simPromise = new Promise(async (resolve, reject) => {
-            try {
-                const result = await this.syncService.sync(!this.simSinceLast, true);
-                if (result[0] != null) {
-                    this.simGroups = result[0];
-                }
-                if (result[1] != null) {
-                    this.simUsers = result[1];
-                }
-            } catch (e) {
-                this.simGroups = null;
-                this.simUsers = null;
-                reject(e || this.i18nService.t('syncError'));
-                return;
-            }
-
-            const userMap = new Map<string, UserEntry>();
-            this.sort(this.simUsers);
-            for (const u of this.simUsers) {
-                userMap.set(u.externalId, u);
-                if (u.deleted) {
-                    this.simDeletedUsers.push(u);
-                } else if (u.disabled) {
-                    this.simDisabledUsers.push(u);
-                } else {
-                    this.simEnabledUsers.push(u);
-                }
-            }
-
-            this.sort(this.simGroups);
-            for (const g of this.simGroups) {
-                if (g.userMemberExternalIds == null) {
-                    continue;
-                }
-
-                const anyG = (g as any);
-                anyG.users = [];
-                for (const uid of g.userMemberExternalIds) {
-                    if (userMap.has(uid)) {
-                        anyG.users.push(userMap.get(uid));
-                    } else {
-                        anyG.users.push({ displayName: uid });
-                    }
-                }
-
-                this.sort(anyG.users);
-            }
-
-            resolve();
-        });
-    }
-
-    private sort(arr: Entry[]) {
-        arr.sort((a, b) => {
-            return this.i18nService.collator ? this.i18nService.collator.compare(a.displayName, b.displayName) :
-                a.displayName.localeCompare(b.displayName);
-        });
+        try {
+            this.simPromise = ConnectorUtils.simulate(this.syncService, this.i18nService, this.simSinceLast);
+            const result = await this.simPromise;
+            this.simGroups = result.groups;
+            this.simUsers = result.users;
+            this.simEnabledUsers = result.enabledUsers;
+            this.simDisabledUsers = result.disabledUsers;
+            this.simDeletedUsers = result.deletedUsers;
+        } catch (e) {
+            this.simGroups = null;
+            this.simUsers = null;
+        }
    }

    private async updateLastSync() {
--- a/src/app/tabs/more.component.html
+++ b/src/app/tabs/more.component.html
@@ -6,7 +6,7 @@
                <p>
                    {{'bitwardenDirectoryConnector' | i18n}}
                    <br /> {{'version' | i18n : version}}
-                    <br /> &copy; 8bit Solutions LLC 2015-{{year}}
+                    <br /> &copy; Bitwarden Inc. LLC 2015-{{year}}
                </p>
                <button class="btn btn-primary" type="button" (click)="update()" [disabled]="checkingForUpdate">
                    <i class="fa fa-download fa-fw" [hidden]="checkingForUpdate"></i>
--- a/src/app/tabs/settings.component.html
+++ b/src/app/tabs/settings.component.html
@@ -12,7 +12,8 @@
                <div [hidden]="directory != directoryType.Ldap">
                    <div class="form-group">
                        <label for="hostname">{{'serverHostname' | i18n}}</label>
-                        <input type="text" class="form-control" id="hostname" name="Hostname" [(ngModel)]="ldap.hostname">
+                        <input type="text" class="form-control" id="hostname" name="Hostname"
+                            [(ngModel)]="ldap.hostname">
                        <small class="text-muted form-text">{{'ex' | i18n}} ad.company.com</small>
                    </div>
                    <div class="form-group">
@@ -22,37 +23,107 @@
                    </div>
                    <div class="form-group">
                        <label for="rootPath">{{'rootPath' | i18n}}</label>
-                        <input type="text" class="form-control" id="rootPath" name="RootPath" [(ngModel)]="ldap.rootPath">
+                        <input type="text" class="form-control" id="rootPath" name="RootPath"
+                            [(ngModel)]="ldap.rootPath">
                        <small class="text-muted form-text">{{'ex' | i18n}} dc=company,dc=com</small>
                    </div>
-                    <div class="form-group">
-                        <div class="form-check">
-                            <input class="form-check-input" type="checkbox" id="ssl" [(ngModel)]="ldap.ssl" name="SSL">
-                            <label class="form-check-label" for="ssl">{{'ldapSsl' | i18n}}</label>
-                        </div>
-                    </div>
                    <div class="form-group">
                        <div class="form-check">
                            <input class="form-check-input" type="checkbox" id="ad" [(ngModel)]="ldap.ad" name="AD">
                            <label class="form-check-label" for="ad">{{'ldapAd' | i18n}}</label>
                        </div>
                    </div>
+                    <div class="form-group" *ngIf="!ldap.ad">
+                        <div class="form-check">
+                            <input class="form-check-input" type="checkbox" id="pagedSearch"
+                                [(ngModel)]="ldap.pagedSearch" name="PagedSearch">
+                            <label class="form-check-label"
+                                for="pagedSearch">{{'ldapPagedResults' | i18n}}</label>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="form-check">
+                            <input class="form-check-input" type="checkbox" id="ldapEncrypted" [(ngModel)]="ldap.ssl"
+                                name="Encrypted">
+                            <label class="form-check-label" for="ldapEncrypted">{{'ldapEncrypted' | i18n}}</label>
+                        </div>
+                    </div>
+                    <div class="ml-4" *ngIf="ldap.ssl">
+                        <div class="form-group">
+                            <div class="form-radio">
+                                <input class="form-radio-input" type="radio" [value]="false" id="ssl"
+                                    [(ngModel)]="ldap.startTls" name="SSL">
+                                <label class="form-radio-label" for="ssl">{{'ldapSsl' | i18n}}</label>
+                            </div>
+                            <div class="form-radio">
+                                <input class="form-radio-input" type="radio" [value]="true" id="startTls"
+                                    [(ngModel)]="ldap.startTls" name="StartTLS">
+                                <label class="form-radio-label" for="startTls">{{'ldapTls' | i18n}}</label>
+                            </div>
+                        </div>
+                        <div class="ml-4" *ngIf="ldap.startTls">
+                            <p>{{'ldapTlsUntrustedDesc' | i18n}}</p>
+                            <div class="form-group">
+                                <label for="tlsCaPath">{{'ldapTlsCa' | i18n}}</label>
+                                <input type="file" class="form-control-file mb-2" id="tlsCaPath_file"
+                                    (change)="setSslPath('tlsCaPath')">
+                                <input type="text" class="form-control" id="tlsCaPath" name="TLSCaPath"
+                                    [(ngModel)]="ldap.tlsCaPath">
+                            </div>
+                        </div>
+                        <div class="ml-4" *ngIf="!ldap.startTls">
+                            <p>{{'ldapSslUntrustedDesc' | i18n}}</p>
+                            <div class="form-group">
+                                <label for="sslCertPath">{{'ldapSslCert' | i18n}}</label>
+                                <input type="file" class="form-control-file mb-2" id="sslCertPath_file"
+                                    (change)="setSslPath('sslCertPath')">
+                                <input type="text" class="form-control" id="sslCertPath" name="SSLCertPath"
+                                    [(ngModel)]="ldap.sslCertPath">
+                            </div>
+                            <div class="form-group">
+                                <label for="sslKeyPath">{{'ldapSslKey' | i18n}}</label>
+                                <input type="file" class="form-control-file mb-2" id="sslKeyPath_file"
+                                    (change)="setSslPath('sslKeyPath')">
+                                <input type="text" class="form-control" id="sslKeyPath" name="SSLKeyPath"
+                                    [(ngModel)]="ldap.sslKeyPath">
+                            </div>
+                            <div class="form-group">
+                                <label for="sslCaPath">{{'ldapSslCa' | i18n}}</label>
+                                <input type="file" class="form-control-file mb-2" id="sslCaPath_file"
+                                    (change)="setSslPath('sslCaPath')">
+                                <input type="text" class="form-control" id="sslCaPath" name="SSLCaPath"
+                                    [(ngModel)]="ldap.sslCaPath">
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <div class="form-check">
+                                <input class="form-check-input" type="checkbox" id="certDoNotVerify"
+                                    [(ngModel)]="ldap.sslAllowUnauthorized" name="CertDoNoVerify">
+                                <label class="form-check-label"
+                                    for="certDoNotVerify">{{'ldapCertDoNotVerify' | i18n}}</label>
+                            </div>
+                        </div>
+                    </div>
                    <div class="form-group" [hidden]="true">
                        <div class="form-check">
-                            <input class="form-check-input" type="checkbox" id="currentUser" [(ngModel)]="ldap.currentUser" name="CurrentUser">
+                            <input class="form-check-input" type="checkbox" id="currentUser"
+                                [(ngModel)]="ldap.currentUser" name="CurrentUser">
                            <label class="form-check-label" for="currentUser">{{'currentUser' | i18n}}</label>
                        </div>
                    </div>
                    <div [hidden]="ldap.currentUser">
                        <div class="form-group">
                            <label for="username">{{'username' | i18n}}</label>
-                            <input type="text" class="form-control" id="username" name="Username" [(ngModel)]="ldap.username">
+                            <input type="text" class="form-control" id="username" name="Username"
+                                [(ngModel)]="ldap.username">
                            <small class="text-muted form-text" *ngIf="ldap.ad">{{'ex' | i18n}} company\admin</small>
-                            <small class="text-muted form-text" *ngIf="!ldap.ad">{{'ex' | i18n}} cn=admin,dc=company,dc=com</small>
+                            <small class="text-muted form-text" *ngIf="!ldap.ad">{{'ex' | i18n}}
+                                cn=admin,dc=company,dc=com</small>
                        </div>
                        <div class="form-group">
                            <label for="password">{{'password' | i18n}}</label>
-                            <input type="password" class="form-control" id="password" name="Password" [(ngModel)]="ldap.password">
+                            <input type="password" class="form-control" id="password" name="Password"
+                                [(ngModel)]="ldap.password">
                        </div>
                    </div>
                </div>
@@ -64,7 +135,8 @@
                    </div>
                    <div class="form-group">
                        <label for="applicationId">{{'applicationId' | i18n}}</label>
-                        <input type="text" class="form-control" id="applicationId" name="ApplicationId" [(ngModel)]="azure.applicationId">
+                        <input type="text" class="form-control" id="applicationId" name="ApplicationId"
+                            [(ngModel)]="azure.applicationId">
                    </div>
                    <div class="form-group">
                        <label for="secretKey">{{'secretKey' | i18n}}</label>
@@ -79,7 +151,28 @@
                    </div>
                    <div class="form-group">
                        <label for="oktaToken">{{'token' | i18n}}</label>
-                        <input type="text" class="form-control" id="oktaToken" name="OktaToken" [(ngModel)]="okta.token">
+                        <input type="text" class="form-control" id="oktaToken" name="OktaToken"
+                            [(ngModel)]="okta.token">
+                    </div>
+                </div>
+                <div [hidden]="directory != directoryType.OneLogin">
+                    <div class="form-group">
+                        <label for="oneLoginClientId">{{'clientId' | i18n}}</label>
+                        <input type="text" class="form-control" id="oneLoginClientId" name="OneLoginClientId"
+                            [(ngModel)]="oneLogin.clientId">
+                    </div>
+                    <div class="form-group">
+                        <label for="oneLoginClientSecret">{{'clientSecret' | i18n}}</label>
+                        <input type="text" class="form-control" id="oneLoginClientSecret" name="OneLoginClientSecret"
+                            [(ngModel)]="oneLogin.clientSecret">
+                    </div>
+                    <div class="form-group">
+                        <label for="oneLoginRegion">{{'region' | i18n}}</label>
+                        <select class="form-control" id="oneLoginRegion" name="OneLoginRegion"
+                            [(ngModel)]="oneLogin.region">
+                            <option value="us">US</option>
+                            <option value="eu">EU</option>
+                        </select>
                    </div>
                </div>
                <div [hidden]="directory != directoryType.GSuite">
@@ -90,26 +183,31 @@
                    </div>
                    <div class="form-group">
                        <label for="adminUser">{{'adminUser' | i18n}}</label>
-                        <input type="text" class="form-control" id="adminUser" name="AdminUser" [(ngModel)]="gsuite.adminUser">
+                        <input type="text" class="form-control" id="adminUser" name="AdminUser"
+                            [(ngModel)]="gsuite.adminUser">
                        <small class="text-muted form-text">{{'ex' | i18n}} admin@company.com</small>
                    </div>
                    <div class="form-group">
                        <label for="customerId">{{'customerId' | i18n}}</label>
-                        <input type="text" class="form-control" id="customerId" name="CustomerId" [(ngModel)]="gsuite.customer">
+                        <input type="text" class="form-control" id="customerId" name="CustomerId"
+                            [(ngModel)]="gsuite.customer">
                        <small class="text-muted form-text">{{'ex' | i18n}} 39204722352</small>
                    </div>
                    <div class="form-group">
                        <label for="keyFile">{{'jsonKeyFile' | i18n}}</label>
-                        <input type="file" class="form-control-file" id="keyFile" accept=".json" (change)="parseKeyFile()">
+                        <input type="file" class="form-control-file" id="keyFile" accept=".json"
+                            (change)="parseKeyFile()">
                        <small class="text-muted form-text">{{'ex' | i18n}} My Project-jksd3jd223.json</small>
                    </div>
                    <div class="form-group" [hidden]="!gsuite.clientEmail">
                        <label for="clientEmail">{{'clientEmail' | i18n}}</label>
-                        <input type="text" class="form-control" id="clientEmail" name="ClientEmail" [(ngModel)]="gsuite.clientEmail">
+                        <input type="text" class="form-control" id="clientEmail" name="ClientEmail"
+                            [(ngModel)]="gsuite.clientEmail">
                    </div>
                    <div class="form-group" [hidden]="!gsuite.privateKey">
                        <label for="privateKey">{{'privateKey' | i18n}}</label>
-                        <textarea class="form-control text-monospace" id="privateKey" name="PrivateKey" [(ngModel)]="gsuite.privateKey">
+                        <textarea class="form-control text-monospace" id="privateKey" name="PrivateKey"
+                            [(ngModel)]="gsuite.privateKey">
                            </textarea>
                    </div>
                </div>
@@ -134,49 +232,66 @@
            <div class="card-body">
                <div class="form-group">
                    <label for="interval">{{'interval' | i18n}}</label>
-                    <input type="number" min="5" class="form-control" id="interval" name="Interval" [(ngModel)]="sync.interval">
+                    <input type="number" min="5" class="form-control" id="interval" name="Interval"
+                        [(ngModel)]="sync.interval">
                    <small class="text-muted form-text">{{'intervalMin' | i18n}}</small>
                </div>
                <div class="form-group">
                    <div class="form-check">
-                        <input class="form-check-input" type="checkbox" id="removeDisabled" [(ngModel)]="sync.removeDisabled" name="RemoveDisabled">
+                        <input class="form-check-input" type="checkbox" id="removeDisabled"
+                            [(ngModel)]="sync.removeDisabled" name="RemoveDisabled">
                        <label class="form-check-label" for="removeDisabled">{{'removeDisabled' | i18n}}</label>
                    </div>
                </div>
+                <div class="form-group">
+                    <div class="form-check">
+                        <input class="form-check-input" type="checkbox" id="overwriteExisting"
+                            [(ngModel)]="sync.overwriteExisting" name="OverwriteExisting">
+                        <label class="form-check-label" for="overwriteExisting">{{'overwriteExisting' | i18n}}</label>
+                    </div>
+                </div>
                <div [hidden]="directory != directoryType.Ldap">
                    <div [hidden]="ldap.ad">
                        <div class="form-group">
                            <label for="memberAttribute">{{'memberAttribute' | i18n}}</label>
-                            <input type="text" class="form-control" id="memberAttribute" name="MemberAttribute" [(ngModel)]="sync.memberAttribute">
+                            <input type="text" class="form-control" id="memberAttribute" name="MemberAttribute"
+                                [(ngModel)]="sync.memberAttribute">
                            <small class="text-muted form-text">{{'ex' | i18n}} uniqueMember</small>
                        </div>
                        <div class="form-group">
                            <label for="creationDateAttribute">{{'creationDateAttribute' | i18n}}</label>
-                            <input type="text" class="form-control" id="creationDateAttribute" name="CreationDateAttribute" [(ngModel)]="sync.creationDateAttribute">
+                            <input type="text" class="form-control" id="creationDateAttribute"
+                                name="CreationDateAttribute" [(ngModel)]="sync.creationDateAttribute">
                            <small class="text-muted form-text">{{'ex' | i18n}} whenCreated</small>
                        </div>
                        <div class="form-group">
                            <label for="revisionDateAttribute">{{'revisionDateAttribute' | i18n}}</label>
-                            <input type="text" class="form-control" id="revisionDateAttribute" name="RevisionDateAttribute" [(ngModel)]="sync.revisionDateAttribute">
+                            <input type="text" class="form-control" id="revisionDateAttribute"
+                                name="RevisionDateAttribute" [(ngModel)]="sync.revisionDateAttribute">
                            <small class="text-muted form-text">{{'ex' | i18n}} whenChanged</small>
                        </div>
                    </div>
-
+                </div>
+                <div [hidden]="directory != directoryType.Ldap && directory != directoryType.OneLogin">
                    <div class="form-group">
                        <div class="form-check">
-                            <input class="form-check-input" type="checkbox" id="useEmailPrefixSuffix" [(ngModel)]="sync.useEmailPrefixSuffix" name="UseEmailPrefixSuffix">
-                            <label class="form-check-label" for="useEmailPrefixSuffix">{{'useEmailPrefixSuffix' | i18n}}</label>
+                            <input class="form-check-input" type="checkbox" id="useEmailPrefixSuffix"
+                                [(ngModel)]="sync.useEmailPrefixSuffix" name="UseEmailPrefixSuffix">
+                            <label class="form-check-label"
+                                for="useEmailPrefixSuffix">{{'useEmailPrefixSuffix' | i18n}}</label>
                        </div>
                    </div>
                    <div [hidden]="!sync.useEmailPrefixSuffix">
-                        <div class="form-group" [hidden]="ldap.ad">
+                        <div class="form-group" [hidden]="ldap.ad || directory != directoryType.Ldap">
                            <label for="emailPrefixAttribute">{{'emailPrefixAttribute' | i18n}}</label>
-                            <input type="text" class="form-control" id="emailPrefixAttribute" name="EmailPrefixAttribute" [(ngModel)]="sync.emailPrefixAttribute">
+                            <input type="text" class="form-control" id="emailPrefixAttribute"
+                                name="EmailPrefixAttribute" [(ngModel)]="sync.emailPrefixAttribute">
                            <small class="text-muted form-text">{{'ex' | i18n}} accountName</small>
                        </div>
                        <div class="form-group">
                            <label for="emailSuffix">{{'emailSuffix' | i18n}}</label>
-                            <input type="text" class="form-control" id="emailSuffix" name="EmailSuffix" [(ngModel)]="sync.emailSuffix">
+                            <input type="text" class="form-control" id="emailSuffix" name="EmailSuffix"
+                                [(ngModel)]="sync.emailSuffix">
                            <small class="text-muted form-text">{{'ex' | i18n}} @company.com</small>
                        </div>
                    </div>
@@ -184,33 +299,43 @@

                <div class="form-group">
                    <div class="form-check">
-                        <input class="form-check-input" type="checkbox" id="syncUsers" [(ngModel)]="sync.users" name="SyncUsers">
+                        <input class="form-check-input" type="checkbox" id="syncUsers" [(ngModel)]="sync.users"
+                            name="SyncUsers">
                        <label class="form-check-label" for="syncUsers">{{'syncUsers' | i18n}}</label>
                    </div>
                </div>
                <div [hidden]="!sync.users">
                    <div class="form-group">
                        <label for="userFilter">{{'userFilter' | i18n}}</label>
-                        <textarea class="form-control" id="userFilter" name="UserFilter" [(ngModel)]="sync.userFilter"></textarea>
-                        <small class="text-muted form-text" *ngIf="directory === directoryType.Ldap">{{'ex' | i18n}} (&amp;(givenName=John)(|(l=Dallas)(l=Austin)))</small>
-                        <small class="text-muted form-text" *ngIf="directory === directoryType.AzureActiveDirectory">{{'ex' | i18n}} exclude:joe@company.com</small>
-                        <small class="text-muted form-text" *ngIf="directory === directoryType.Okta">{{'ex' | i18n}} exclude:joe@company.com | profile.firstName eq "John"</small>
-                        <small class="text-muted form-text" *ngIf="directory === directoryType.GSuite">{{'ex' | i18n}} exclude:joe@company.com | orgName=Engineering</small>
+                        <textarea class="form-control" id="userFilter" name="UserFilter"
+                            [(ngModel)]="sync.userFilter"></textarea>
+                        <small class="text-muted form-text" *ngIf="directory === directoryType.Ldap">{{'ex' | i18n}}
+                            (&amp;(givenName=John)(|(l=Dallas)(l=Austin)))</small>
+                        <small class="text-muted form-text"
+                            *ngIf="directory === directoryType.AzureActiveDirectory">{{'ex' | i18n}}
+                            exclude:joe@company.com</small>
+                        <small class="text-muted form-text" *ngIf="directory === directoryType.Okta">{{'ex' | i18n}}
+                            exclude:joe@company.com | profile.firstName eq "John"</small>
+                        <small class="text-muted form-text" *ngIf="directory === directoryType.GSuite">{{'ex' | i18n}}
+                            exclude:joe@company.com | orgName=Engineering</small>
+                    </div>
+                    <div class="form-group" [hidden]="directory != directoryType.Ldap">
+                        <label for="userPath">{{'userPath' | i18n}}</label>
+                        <input type="text" class="form-control" id="userPath" name="UserPath"
+                            [(ngModel)]="sync.userPath">
+                        <small class="text-muted form-text">{{'ex' | i18n}} CN=Users</small>
                    </div>
                    <div [hidden]="directory != directoryType.Ldap || ldap.ad">
                        <div class="form-group">
                            <label for="userObjectClass">{{'userObjectClass' | i18n}}</label>
-                            <input type="text" class="form-control" id="userObjectClass" name="UserObjectClass" [(ngModel)]="sync.userObjectClass">
+                            <input type="text" class="form-control" id="userObjectClass" name="UserObjectClass"
+                                [(ngModel)]="sync.userObjectClass">
                            <small class="text-muted form-text">{{'ex' | i18n}} inetOrgPerson</small>
                        </div>
-                        <div class="form-group">
-                            <label for="userPath">{{'userPath' | i18n}}</label>
-                            <input type="text" class="form-control" id="userPath" name="UserPath" [(ngModel)]="sync.userPath">
-                            <small class="text-muted form-text">{{'ex' | i18n}} CN=Users</small>
-                        </div>
                        <div class="form-group">
                            <label for="userEmailAttribute">{{'userEmailAttribute' | i18n}}</label>
-                            <input type="text" class="form-control" id="userEmailAttribute" name="UserEmailAttribute" [(ngModel)]="sync.userEmailAttribute">
+                            <input type="text" class="form-control" id="userEmailAttribute" name="UserEmailAttribute"
+                                [(ngModel)]="sync.userEmailAttribute">
                            <small class="text-muted form-text">{{'ex' | i18n}} mail</small>
                        </div>
                    </div>
@@ -218,33 +343,44 @@

                <div class="form-group">
                    <div class="form-check">
-                        <input class="form-check-input" type="checkbox" id="syncGroups" [(ngModel)]="sync.groups" name="SyncGroups">
+                        <input class="form-check-input" type="checkbox" id="syncGroups" [(ngModel)]="sync.groups"
+                            name="SyncGroups">
                        <label class="form-check-label" for="syncGroups">{{'syncGroups' | i18n}}</label>
                    </div>
                </div>
                <div [hidden]="!sync.groups">
                    <div class="form-group">
                        <label for="groupFilter">{{'groupFilter' | i18n}}</label>
-                        <textarea class="form-control" id="groupFilter" name="GroupFilter" [(ngModel)]="sync.groupFilter"></textarea>
-                        <small class="text-muted form-text" *ngIf="directory === directoryType.Ldap">{{'ex' | i18n}} (&amp;!(name=Sales*)!(name=IT*))</small>
-                        <small class="text-muted form-text" *ngIf="directory === directoryType.AzureActiveDirectory">{{'ex' | i18n}} include:Sales,IT</small>
-                        <small class="text-muted form-text" *ngIf="directory === directoryType.Okta">{{'ex' | i18n}} include:Sales,IT | type eq "APP_GROUP"</small>
-                        <small class="text-muted form-text" *ngIf="directory === directoryType.GSuite">{{'ex' | i18n}} include:Sales,IT</small>
+                        <textarea class="form-control" id="groupFilter" name="GroupFilter"
+                            [(ngModel)]="sync.groupFilter"></textarea>
+                        <small class="text-muted form-text" *ngIf="directory === directoryType.Ldap">{{'ex' | i18n}}
+                            (&amp;!(name=Sales*)!(name=IT*))</small>
+                        <small class="text-muted form-text"
+                            *ngIf="directory === directoryType.AzureActiveDirectory">{{'ex' | i18n}}
+                            include:Sales,IT</small>
+                        <small class="text-muted form-text" *ngIf="directory === directoryType.Okta">{{'ex' | i18n}}
+                            include:Sales,IT | type eq "APP_GROUP"</small>
+                        <small class="text-muted form-text" *ngIf="directory === directoryType.GSuite">{{'ex' | i18n}}
+                            include:Sales,IT</small>
+                    </div>
+                    <div class="form-group" [hidden]="directory != directoryType.Ldap">
+                        <label for="groupPath">{{'groupPath' | i18n}}</label>
+                        <input type="text" class="form-control" id="groupPath" name="GroupPath"
+                            [(ngModel)]="sync.groupPath">
+                        <small class="text-muted form-text" *ngIf="!ldap.ad">{{'ex' | i18n}} CN=Groups</small>
+                        <small class="text-muted form-text" *ngIf="ldap.ad">{{'ex' | i18n}} CN=Users</small>
                    </div>
                    <div [hidden]="directory != directoryType.Ldap || ldap.ad">
                        <div class="form-group">
                            <label for="groupObjectClass">{{'groupObjectClass' | i18n}}</label>
-                            <input type="text" class="form-control" id="groupObjectClass" name="GroupObjectClass" [(ngModel)]="sync.groupObjectClass">
+                            <input type="text" class="form-control" id="groupObjectClass" name="GroupObjectClass"
+                                [(ngModel)]="sync.groupObjectClass">
                            <small class="text-muted form-text">{{'ex' | i18n}} groupOfUniqueNames</small>
                        </div>
-                        <div class="form-group">
-                            <label for="groupPath">{{'groupPath' | i18n}}</label>
-                            <input type="text" class="form-control" id="groupPath" name="GroupPath" [(ngModel)]="sync.groupPath">
-                            <small class="text-muted form-text">{{'ex' | i18n}} CN=Groups</small>
-                        </div>
                        <div class="form-group">
                            <label for="groupNameAttribute">{{'groupNameAttribute' | i18n}}</label>
-                            <input type="text" class="form-control" id="groupNameAttribute" name="GroupNameAttribute" [(ngModel)]="sync.groupNameAttribute">
+                            <input type="text" class="form-control" id="groupNameAttribute" name="GroupNameAttribute"
+                                [(ngModel)]="sync.groupNameAttribute">
                            <small class="text-muted form-text">{{'ex' | i18n}} name</small>
                        </div>
                    </div>
--- a/src/app/tabs/settings.component.ts
+++ b/src/app/tabs/settings.component.ts
@@ -19,8 +19,11 @@ import { AzureConfiguration } from '../../models/azureConfiguration';
 import { GSuiteConfiguration } from '../../models/gsuiteConfiguration';
 import { LdapConfiguration } from '../../models/ldapConfiguration';
 import { OktaConfiguration } from '../../models/oktaConfiguration';
+import { OneLoginConfiguration } from '../../models/oneLoginConfiguration';
 import { SyncConfiguration } from '../../models/syncConfiguration';

+import { ConnectorUtils } from '../../utils';
+
@Component({
    selector: 'app-settings',
    templateUrl: 'settings.component.html',
@@ -32,6 +35,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
    gsuite = new GSuiteConfiguration();
    azure = new AzureConfiguration();
    okta = new OktaConfiguration();
+    oneLogin = new OneLoginConfiguration();
    sync = new SyncConfiguration();
    organizationId: string;
    directoryOptions: any[];
@@ -46,6 +50,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
            { name: 'Azure Active Directory', value: DirectoryType.AzureActiveDirectory },
            { name: 'G Suite (Google)', value: DirectoryType.GSuite },
            { name: 'Okta', value: DirectoryType.Okta },
+            { name: 'OneLogin', value: DirectoryType.OneLogin },
        ];
    }

@@ -68,6 +73,8 @@ export class SettingsComponent implements OnInit, OnDestroy {
            DirectoryType.AzureActiveDirectory)) || this.azure;
        this.okta = (await this.configurationService.getDirectory<OktaConfiguration>(
            DirectoryType.Okta)) || this.okta;
+        this.oneLogin = (await this.configurationService.getDirectory<OneLoginConfiguration>(
+            DirectoryType.OneLogin)) || this.oneLogin;
        this.sync = (await this.configurationService.getSync()) || this.sync;
    }

@@ -76,37 +83,21 @@ export class SettingsComponent implements OnInit, OnDestroy {
    }

    async submit() {
-        if (this.ldap.ad) {
-            this.sync.creationDateAttribute = 'whenCreated';
-            this.sync.revisionDateAttribute = 'whenChanged';
-            this.sync.emailPrefixAttribute = 'sAMAccountName';
-            this.sync.groupPath = 'CN=Users';
-            this.sync.userPath = 'CN=Users';
-            this.sync.memberAttribute = 'member';
-            this.sync.userObjectClass = 'person';
-            this.sync.groupObjectClass = 'group';
-            this.sync.userEmailAttribute = 'mail';
-            this.sync.groupNameAttribute = 'name';
+        ConnectorUtils.adjustConfigForSave(this.ldap, this.sync);
+        if (this.ldap != null && this.ldap.ad) {
+            this.ldap.pagedSearch = true;
        }
-
-        if (this.sync.interval != null) {
-            if (this.sync.interval <= 0) {
-                this.sync.interval = null;
-            } else if (this.sync.interval < 5) {
-                this.sync.interval = 5;
-            }
-        }
-
        await this.configurationService.saveOrganizationId(this.organizationId);
        await this.configurationService.saveDirectoryType(this.directory);
        await this.configurationService.saveDirectory(DirectoryType.Ldap, this.ldap);
        await this.configurationService.saveDirectory(DirectoryType.GSuite, this.gsuite);
        await this.configurationService.saveDirectory(DirectoryType.AzureActiveDirectory, this.azure);
        await this.configurationService.saveDirectory(DirectoryType.Okta, this.okta);
+        await this.configurationService.saveDirectory(DirectoryType.OneLogin, this.oneLogin);
        await this.configurationService.saveSync(this.sync);
    }

-    async parseKeyFile() {
+    parseKeyFile() {
        const filePicker = (document.getElementById('keyFile') as HTMLInputElement);
        if (filePicker.files == null || filePicker.files.length < 0) {
            return;
@@ -117,7 +108,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
        reader.onload = (evt) => {
            this.ngZone.run(async () => {
                try {
-                    const result = JSON.parse((evt.target as FileReader).result);
+                    const result = JSON.parse((evt.target as FileReader).result as string);
                    if (result.client_email != null && result.private_key != null) {
                        this.gsuite.clientEmail = result.client_email;
                        this.gsuite.privateKey = result.private_key;
@@ -133,4 +124,18 @@ export class SettingsComponent implements OnInit, OnDestroy {
            filePicker.value = '';
        };
    }
+
+    setSslPath(id: string) {
+        const filePicker = (document.getElementById(id + '_file') as HTMLInputElement);
+        if (filePicker.files == null || filePicker.files.length < 0) {
+            return;
+        }
+
+        (this.ldap as any)[id] = filePicker.files[0].path;
+        // reset file input
+        // ref: https://stackoverflow.com/a/20552042
+        filePicker.type = '';
+        filePicker.type = 'file';
+        filePicker.value = '';
+    }
 }
--- a/src/bwdc.ts
+++ b/src/bwdc.ts
@@ -0,0 +1,141 @@
+import * as fs from 'fs';
+import * as path from 'path';
+
+import { LogLevelType } from 'jslib/enums/logLevelType';
+
+import { AuthService } from 'jslib/services/auth.service';
+
+import { ConfigurationService } from './services/configuration.service';
+import { I18nService } from './services/i18n.service';
+import { KeytarSecureStorageService } from './services/keytarSecureStorage.service';
+import { SyncService } from './services/sync.service';
+
+import { CliPlatformUtilsService } from 'jslib/cli/services/cliPlatformUtils.service';
+import { ConsoleLogService } from 'jslib/cli/services/consoleLog.service';
+
+import { AppIdService } from 'jslib/services/appId.service';
+import { ConstantsService } from 'jslib/services/constants.service';
+import { ContainerService } from 'jslib/services/container.service';
+import { CryptoService } from 'jslib/services/crypto.service';
+import { EnvironmentService } from 'jslib/services/environment.service';
+import { LowdbStorageService } from 'jslib/services/lowdbStorage.service';
+import { NodeApiService } from 'jslib/services/nodeApi.service';
+import { NodeCryptoFunctionService } from 'jslib/services/nodeCryptoFunction.service';
+import { NoopMessagingService } from 'jslib/services/noopMessaging.service';
+import { PasswordGenerationService } from 'jslib/services/passwordGeneration.service';
+import { TokenService } from 'jslib/services/token.service';
+import { UserService } from 'jslib/services/user.service';
+
+import { StorageService as StorageServiceAbstraction } from 'jslib/abstractions/storage.service';
+
+import { Program } from './program';
+
+// tslint:disable-next-line
+const packageJson = require('./package.json');
+
+export class Main {
+    dataFilePath: string;
+    logService: ConsoleLogService;
+    messagingService: NoopMessagingService;
+    storageService: LowdbStorageService;
+    secureStorageService: StorageServiceAbstraction;
+    i18nService: I18nService;
+    platformUtilsService: CliPlatformUtilsService;
+    constantsService: ConstantsService;
+    cryptoService: CryptoService;
+    tokenService: TokenService;
+    appIdService: AppIdService;
+    apiService: NodeApiService;
+    environmentService: EnvironmentService;
+    userService: UserService;
+    containerService: ContainerService;
+    cryptoFunctionService: NodeCryptoFunctionService;
+    authService: AuthService;
+    configurationService: ConfigurationService;
+    syncService: SyncService;
+    passwordGenerationService: PasswordGenerationService;
+    program: Program;
+
+    constructor() {
+        const applicationName = 'Bitwarden Directory Connector';
+        if (process.env.BITWARDENCLI_CONNECTOR_APPDATA_DIR) {
+            this.dataFilePath = path.resolve(process.env.BITWARDENCLI_CONNECTOR_APPDATA_DIR);
+        } else if (process.env.BITWARDEN_CONNECTOR_APPDATA_DIR) {
+            this.dataFilePath = path.resolve(process.env.BITWARDEN_CONNECTOR_APPDATA_DIR);
+        } else if (fs.existsSync(path.join(__dirname, 'bitwarden-connector-appdata'))) {
+            this.dataFilePath = path.join(__dirname, 'bitwarden-connector-appdata');
+        } else if (process.platform === 'darwin') {
+            this.dataFilePath = path.join(process.env.HOME, 'Library/Application Support/' + applicationName);
+        } else if (process.platform === 'win32') {
+            this.dataFilePath = path.join(process.env.APPDATA, applicationName);
+        } else if (process.env.XDG_CONFIG_HOME) {
+            this.dataFilePath = path.join(process.env.XDG_CONFIG_HOME, applicationName);
+        } else {
+            this.dataFilePath = path.join(process.env.HOME, '.config/' + applicationName);
+        }
+
+        const plaintextSecrets = process.env.BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS === 'true';
+        this.i18nService = new I18nService('en', './locales');
+        this.platformUtilsService = new CliPlatformUtilsService('connector', packageJson);
+        this.logService = new ConsoleLogService(this.platformUtilsService.isDev(),
+            (level) => process.env.BITWARDENCLI_CONNECTOR_DEBUG !== 'true' && level <= LogLevelType.Info);
+        this.cryptoFunctionService = new NodeCryptoFunctionService();
+        this.storageService = new LowdbStorageService(this.logService, null, this.dataFilePath, true);
+        this.secureStorageService = plaintextSecrets ?
+            this.storageService : new KeytarSecureStorageService(applicationName);
+        this.cryptoService = new CryptoService(this.storageService, this.secureStorageService,
+            this.cryptoFunctionService, this.platformUtilsService);
+        this.appIdService = new AppIdService(this.storageService);
+        this.tokenService = new TokenService(this.storageService);
+        this.messagingService = new NoopMessagingService();
+        this.apiService = new NodeApiService(this.tokenService, this.platformUtilsService,
+            async (expired: boolean) => await this.logout());
+        this.environmentService = new EnvironmentService(this.apiService, this.storageService, null);
+        this.userService = new UserService(this.tokenService, this.storageService);
+        this.containerService = new ContainerService(this.cryptoService);
+        this.authService = new AuthService(this.cryptoService, this.apiService, this.userService, this.tokenService,
+            this.appIdService, this.i18nService, this.platformUtilsService, this.messagingService, null, false);
+        this.configurationService = new ConfigurationService(this.storageService, this.secureStorageService,
+            process.env.BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS !== 'true');
+        this.syncService = new SyncService(this.configurationService, this.logService, this.cryptoFunctionService,
+            this.apiService, this.messagingService, this.i18nService);
+        this.passwordGenerationService = new PasswordGenerationService(this.cryptoService, this.storageService, null);
+        this.program = new Program(this);
+    }
+
+    async run() {
+        await this.init();
+        this.program.run();
+    }
+
+    async logout() {
+        await Promise.all([
+            this.tokenService.clearToken(),
+            this.userService.clear(),
+        ]);
+    }
+
+    private async init() {
+        this.storageService.init();
+        this.containerService.attachToWindow(global);
+        await this.environmentService.setUrlsFromStorage();
+        // Dev Server URLs. Comment out the line above.
+        // this.apiService.setUrls({
+        //     base: null,
+        //     api: 'http://localhost:4000',
+        //     identity: 'http://localhost:33656',
+        // });
+        const locale = await this.storageService.get<string>(ConstantsService.localeKey);
+        await this.i18nService.init(locale);
+        this.authService.init();
+
+        const installedVersion = await this.storageService.get<string>(ConstantsService.installedVersionKey);
+        const currentVersion = this.platformUtilsService.getApplicationVersion();
+        if (installedVersion == null || installedVersion !== currentVersion) {
+            await this.storageService.save(ConstantsService.installedVersionKey, currentVersion);
+        }
+    }
+}
+
+const main = new Main();
+main.run();
--- a/src/commands/clearCache.command.ts
+++ b/src/commands/clearCache.command.ts
@@ -0,0 +1,22 @@
+import * as program from 'commander';
+
+import { I18nService } from 'jslib/abstractions/i18n.service';
+
+import { ConfigurationService } from '../services/configuration.service';
+
+import { Response } from 'jslib/cli/models/response';
+import { MessageResponse } from 'jslib/cli/models/response/messageResponse';
+
+export class ClearCacheCommand {
+    constructor(private configurationService: ConfigurationService, private i18nService: I18nService) { }
+
+    async run(cmd: program.Command): Promise<Response> {
+        try {
+            await this.configurationService.clearStatefulSettings(true);
+            const res = new MessageResponse(this.i18nService.t('syncCacheCleared'), null);
+            return Response.success(res);
+        } catch (e) {
+            return Response.error(e);
+        }
+    }
+}
--- a/src/commands/config.command.ts
+++ b/src/commands/config.command.ts
@@ -0,0 +1,141 @@
+import * as program from 'commander';
+
+import { EnvironmentService } from 'jslib/abstractions/environment.service';
+import { I18nService } from 'jslib/abstractions/i18n.service';
+
+import { ConfigurationService } from '../services/configuration.service';
+
+import { DirectoryType } from '../enums/directoryType';
+
+import { Response } from 'jslib/cli/models/response';
+import { MessageResponse } from 'jslib/cli/models/response/messageResponse';
+
+import { AzureConfiguration } from '../models/azureConfiguration';
+import { GSuiteConfiguration } from '../models/gsuiteConfiguration';
+import { LdapConfiguration } from '../models/ldapConfiguration';
+import { OktaConfiguration } from '../models/oktaConfiguration';
+import { OneLoginConfiguration } from '../models/oneLoginConfiguration';
+import { SyncConfiguration } from '../models/syncConfiguration';
+
+import { ConnectorUtils } from '../utils';
+
+export class ConfigCommand {
+    private directory: DirectoryType;
+    private ldap = new LdapConfiguration();
+    private gsuite = new GSuiteConfiguration();
+    private azure = new AzureConfiguration();
+    private okta = new OktaConfiguration();
+    private oneLogin = new OneLoginConfiguration();
+    private sync = new SyncConfiguration();
+
+    constructor(private environmentService: EnvironmentService, private i18nService: I18nService,
+        private configurationService: ConfigurationService) { }
+
+    async run(setting: string, value: string, cmd: program.Command): Promise<Response> {
+        setting = setting.toLowerCase();
+        try {
+            switch (setting) {
+                case 'server':
+                    await this.setServer(value);
+                    break;
+                case 'directory':
+                    await this.setDirectory(value);
+                    break;
+                case 'ldap.password':
+                    await this.setLdapPassword(value);
+                    break;
+                case 'gsuite.key':
+                    await this.setGSuiteKey(value);
+                    break;
+                case 'azure.key':
+                    await this.setAzureKey(value);
+                    break;
+                case 'okta.token':
+                    await this.setOktaToken(value);
+                    break;
+                case 'onelogin.secret':
+                    await this.setOneLoginSecret(value);
+                    break;
+                default:
+                    return Response.badRequest('Unknown setting.');
+            }
+        } catch (e) {
+            return Response.error(e);
+        }
+        const res = new MessageResponse(this.i18nService.t('savedSetting', setting), null);
+        return Response.success(res);
+    }
+
+    private async setServer(url: string) {
+        url = (url === 'null' || url === 'bitwarden.com' || url === 'https://bitwarden.com' ? null : url);
+        await this.environmentService.setUrls({
+            base: url,
+        });
+    }
+
+    private async setDirectory(type: string) {
+        const dir = parseInt(type, null);
+        if (dir < DirectoryType.Ldap || dir > DirectoryType.OneLogin) {
+            throw new Error('Invalid directory type value.');
+        }
+        await this.loadConfig();
+        this.directory = dir;
+        await this.saveConfig();
+    }
+
+    private async setLdapPassword(password: string) {
+        await this.loadConfig();
+        this.ldap.password = password;
+        await this.saveConfig();
+    }
+
+    private async setGSuiteKey(key: string) {
+        await this.loadConfig();
+        this.gsuite.privateKey = key != null ? key.trimLeft() : null;
+        await this.saveConfig();
+    }
+
+    private async setAzureKey(key: string) {
+        await this.loadConfig();
+        this.azure.key = key;
+        await this.saveConfig();
+    }
+
+    private async setOktaToken(token: string) {
+        await this.loadConfig();
+        this.okta.token = token;
+        await this.saveConfig();
+    }
+
+    private async setOneLoginSecret(secret: string) {
+        await this.loadConfig();
+        this.oneLogin.clientSecret = secret;
+        await this.saveConfig();
+    }
+
+    private async loadConfig() {
+        this.directory = await this.configurationService.getDirectoryType();
+        this.ldap = (await this.configurationService.getDirectory<LdapConfiguration>(DirectoryType.Ldap)) ||
+            this.ldap;
+        this.gsuite = (await this.configurationService.getDirectory<GSuiteConfiguration>(DirectoryType.GSuite)) ||
+            this.gsuite;
+        this.azure = (await this.configurationService.getDirectory<AzureConfiguration>(
+            DirectoryType.AzureActiveDirectory)) || this.azure;
+        this.okta = (await this.configurationService.getDirectory<OktaConfiguration>(
+            DirectoryType.Okta)) || this.okta;
+        this.oneLogin = (await this.configurationService.getDirectory<OneLoginConfiguration>(
+            DirectoryType.OneLogin)) || this.oneLogin;
+        this.sync = (await this.configurationService.getSync()) || this.sync;
+    }
+
+    private async saveConfig() {
+        ConnectorUtils.adjustConfigForSave(this.ldap, this.sync);
+        await this.configurationService.saveDirectoryType(this.directory);
+        await this.configurationService.saveDirectory(DirectoryType.Ldap, this.ldap);
+        await this.configurationService.saveDirectory(DirectoryType.GSuite, this.gsuite);
+        await this.configurationService.saveDirectory(DirectoryType.AzureActiveDirectory, this.azure);
+        await this.configurationService.saveDirectory(DirectoryType.Okta, this.okta);
+        await this.configurationService.saveDirectory(DirectoryType.OneLogin, this.oneLogin);
+        await this.configurationService.saveSync(this.sync);
+    }
+}
--- a/src/commands/lastSync.command.ts
+++ b/src/commands/lastSync.command.ts
@@ -0,0 +1,29 @@
+import * as program from 'commander';
+
+import { ConfigurationService } from '../services/configuration.service';
+
+import { Response } from 'jslib/cli/models/response';
+import { StringResponse } from 'jslib/cli/models/response/stringResponse';
+
+export class LastSyncCommand {
+    constructor(private configurationService: ConfigurationService) { }
+
+    async run(object: string, cmd: program.Command): Promise<Response> {
+        try {
+            switch (object.toLowerCase()) {
+                case 'groups':
+                    const groupsDate = await this.configurationService.getLastGroupSyncDate();
+                    const groupsRes = new StringResponse(groupsDate == null ? null : groupsDate.toISOString());
+                    return Response.success(groupsRes);
+                case 'users':
+                    const usersDate = await this.configurationService.getLastUserSyncDate();
+                    const usersRes = new StringResponse(usersDate == null ? null : usersDate.toISOString());
+                    return Response.success(usersRes);
+                default:
+                    return Response.badRequest('Unknown object.');
+            }
+        } catch (e) {
+            return Response.error(e);
+        }
+    }
+}
--- a/src/commands/sync.command.ts
+++ b/src/commands/sync.command.ts
@@ -0,0 +1,25 @@
+import * as program from 'commander';
+
+import { I18nService } from 'jslib/abstractions/i18n.service';
+
+import { SyncService } from '../services/sync.service';
+
+import { Response } from 'jslib/cli/models/response';
+import { MessageResponse } from 'jslib/cli/models/response/messageResponse';
+
+export class SyncCommand {
+    constructor(private syncService: SyncService, private i18nService: I18nService) { }
+
+    async run(cmd: program.Command): Promise<Response> {
+        try {
+            const result = await this.syncService.sync(false, false);
+            const groupCount = result[0] != null ? result[0].length : 0;
+            const userCount = result[1] != null ? result[1].length : 0;
+            const res = new MessageResponse(this.i18nService.t('syncingComplete'),
+                this.i18nService.t('syncCounts', groupCount.toString(), userCount.toString()));
+            return Response.success(res);
+        } catch (e) {
+            return Response.error(e);
+        }
+    }
+}
--- a/src/commands/test.command.ts
+++ b/src/commands/test.command.ts
@@ -0,0 +1,24 @@
+import * as program from 'commander';
+
+import { I18nService } from 'jslib/abstractions/i18n.service';
+
+import { SyncService } from '../services/sync.service';
+
+import { ConnectorUtils } from '../utils';
+
+import { Response } from 'jslib/cli/models/response';
+import { TestResponse } from '../models/response/testResponse';
+
+export class TestCommand {
+    constructor(private syncService: SyncService, private i18nService: I18nService) { }
+
+    async run(cmd: program.Command): Promise<Response> {
+        try {
+            const result = await ConnectorUtils.simulate(this.syncService, this.i18nService, cmd.last || false);
+            const res = new TestResponse(result);
+            return Response.success(res);
+        } catch (e) {
+            return Response.error(e);
+        }
+    }
+}
--- a/src/enums/directoryType.ts
+++ b/src/enums/directoryType.ts
@@ -3,4 +3,5 @@ export enum DirectoryType {
    AzureActiveDirectory = 1,
    GSuite = 2,
    Okta = 3,
+    OneLogin = 4,
 }
--- a/src/global.d.ts
+++ b/src/global.d.ts
@@ -1,2 +1,3 @@
 declare function escape(s: string): string;
 declare function unescape(s: string): string;
+declare module 'duo_web_sdk';
--- a/src/index.html
+++ b/src/index.html
@@ -2,6 +2,8 @@
 <html>
 <head>
    <meta charset="UTF-8">
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline';
+        img-src 'self' data: *; child-src *; frame-src *; connect-src *;">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Bitwarden Directory Connector</title>
    <base href="">
--- a/src/locales/en/messages.json
+++ b/src/locales/en/messages.json
@@ -129,7 +129,7 @@
        "message": "Self-hosted Environment"
    },
    "selfHostedEnvironmentFooter": {
-        "message": "Specify the base URL of your on-premise hosted Bitwarden installation."
+        "message": "Specify the base URL of your on-premises hosted Bitwarden installation."
    },
    "customEnvironment": {
        "message": "Custom Environment"
@@ -140,6 +140,9 @@
    "baseUrl": {
        "message": "Server URL"
    },
+    "webVaultUrl": {
+        "message": "Web Vault Server URL"
+    },
    "apiUrl": {
        "message": "API Server URL"
    },
@@ -414,12 +417,42 @@
    "sync": {
        "message": "Sync"
    },
+    "ldapEncrypted": {
+        "message": "This server uses an encrypted connection"
+    },
+    "ldapTls": {
+        "message": "Use TLS (STARTTLS)"
+    },
+    "ldapTlsCa": {
+        "message": "Certificate CA Chain (PEM)"
+    },
    "ldapSsl": {
-        "message": "This server uses SSL (LDAPS)"
+        "message": "Use SSL (LDAPS)"
+    },
+    "ldapTlsUntrustedDesc": {
+        "message": "If your LDAP server uses a self-signed certificate for STARTTLS, you can configure certificate options below."
+    },
+    "ldapSslUntrustedDesc": {
+        "message": "If your LDAPS server uses an untrusted certificate you can configure certificate options below."
+    },
+    "ldapSslCa": {
+        "message": "Certificate CA Chain (PEM)"
+    },
+    "ldapSslCert": {
+        "message": "Certificate (PEM)"
+    },
+    "ldapSslKey": {
+        "message": "Certificate Private Key (PEM)"
+    },
+    "ldapCertDoNotVerify": {
+        "message": "Do not verify server certificates (not recommended)."
    },
    "ldapAd": {
        "message": "This server uses Active Directory"
    },
+    "ldapPagedResults": {
+        "message": "This server pages search results"
+    },
    "select": {
        "message": "Select"
    },
@@ -501,6 +534,9 @@
    "noGroups": {
        "message": "No groups to list."
    },
+    "syncingComplete": {
+        "message": "Syncing complete."
+    },
    "syncingStarted": {
        "message": "Syncing started."
    },
@@ -550,5 +586,141 @@
    },
    "hideToTray": {
        "message": "Hide to Tray"
+    },
+    "alwaysOnTop": {
+        "message": "Always on Top",
+        "description": "Application window should always stay on top of other windows"
+    },
+    "hideToMenuBar": {
+        "message": "Hide to Menu Bar"
+    },
+    "savedSetting": {
+        "message": "Saved setting `$SETTING_NAME$`.",
+        "placeholders": {
+            "setting_name": {
+                "content": "$1",
+                "example": "server"
+            }
+        }
+    },
+    "overwriteExisting": {
+        "message": "Overwrite existing organization users based on current sync settings."
+    },
+    "clientId": {
+        "message": "Client ID"
+    },
+    "clientSecret": {
+        "message": "Client Secret"
+    },
+    "region": {
+        "message": "Region"
+    },
+    "enterpriseSingleSignOn": {
+        "message": "Enterprise Single Sign-On"
+    },
+    "setMasterPassword": {
+        "message": "Set Master Password"
+    },
+    "ssoCompleteRegistration": {
+        "message": "In order to complete logging in with SSO, please set a master password to access and protect your vault."
+    },
+    "newMasterPass": {
+        "message": "New Master Password"
+    },
+    "confirmNewMasterPass": {
+        "message": "Confirm New Master Password"
+    },
+    "masterPasswordPolicyInEffect": {
+        "message": "One or more organization policies require your master password to meet the following requirements:"
+    },
+    "policyInEffectMinComplexity": {
+        "message": "Minimum complexity score of $SCORE$",
+        "placeholders": {
+            "score": {
+                "content": "$1",
+                "example": "4"
+            }
+        }
+    },
+    "policyInEffectMinLength": {
+        "message": "Minimum length of $LENGTH$",
+        "placeholders": {
+            "length": {
+                "content": "$1",
+                "example": "14"
+            }
+        }
+    },
+    "policyInEffectUppercase": {
+        "message": "Contain one or more uppercase characters"
+    },
+    "policyInEffectLowercase": {
+        "message": "Contain one or more lowercase characters"
+    },
+    "policyInEffectNumbers": {
+        "message": "Contain one or more numbers"
+    },
+    "policyInEffectSpecial": {
+        "message": "Contain one or more of the following special characters $CHARS$",
+        "placeholders": {
+            "chars": {
+                "content": "$1",
+                "example": "!@#$%^&*"
+            }
+        }
+    },
+    "masterPassDesc": {
+        "message": "The master password is the password you use to access your vault. It is very important that you do not forget your master password. There is no way to recover the password in the event that you forget it."
+    },
+    "reTypeMasterPass": {
+        "message": "Re-type Master Password"
+    },
+    "masterPassHint": {
+        "message": "Master Password Hint (optional)"
+    },
+    "masterPassHintDesc": {
+        "message": "A master password hint can help you remember your password if you forget it."
+    },
+    "strong": {
+        "message": "Strong",
+        "description": "ex. A strong password. Scale: Weak -> Good -> Strong"
+    },
+    "good": {
+        "message": "Good",
+        "description": "ex. A good password. Scale: Weak -> Good -> Strong"
+    },
+    "weak": {
+        "message": "Weak",
+        "description": "ex. A weak password. Scale: Weak -> Good -> Strong"
+    },
+    "weakMasterPassword": {
+        "message": "Weak Master Password"
+    },
+    "weakMasterPasswordDesc": {
+        "message": "The master password you have chosen is weak. You should use a strong master password (or a passphrase) to properly protect your Bitwarden account. Are you sure you want to use this master password?"
+    },
+    "errorOccurred": {
+        "message": "An error has occurred."
+    },
+    "error": {
+        "message": "Error"
+    },
+    "masterPassLength": {
+        "message": "Master password must be at least 8 characters long."
+    },
+    "masterPassDoesntMatch": {
+        "message": "Master password confirmation does not match."
+    },
+    "masterPasswordPolicyRequirementsNotMet": {
+        "message": "Your new master password does not meet the policy requirements."
+    },
+    "loading": {
+        "message": "Loading"
+    },
+    "setMasterPasswordRedirect": {
+        "message": "In order to log in with SSO from the Directory Connector, you must first log in through the web vault to set your master password."
+    },
+    "launchWebVault": {
+        "message": "Launch Web Vault"
    }
 }
--- a/src/main.ts
+++ b/src/main.ts
@@ -1,4 +1,4 @@
-import { app, BrowserWindow } from 'electron';
+import { app } from 'electron';
 import * as path from 'path';

 import { MenuMain } from './main/menu.main';
@@ -50,9 +50,10 @@ export class Main {

        this.logService = new ElectronLogService(null, app.getPath('userData'));
        this.i18nService = new I18nService('en', './locales/');
-        this.storageService = new ElectronStorageService();
+        this.storageService = new ElectronStorageService(app.getPath('userData'));

-        this.windowMain = new WindowMain(this.storageService, 800, 600);
+        this.windowMain = new WindowMain(this.storageService, false, 800, 600,
+            (arg) => this.processDeepLink(arg));
        this.menuMain = new MenuMain(this);
        this.updaterMain = new UpdaterMain(this.i18nService, this.windowMain, 'directory-connector', () => {
            this.messagingService.send('checkingForUpdate');
@@ -60,7 +61,7 @@ export class Main {
            this.messagingService.send('doneCheckingForUpdate');
        }, () => {
            this.messagingService.send('doneCheckingForUpdate');
-        });
+        }, 'bitwardenDirectoryConnector');
        this.trayMain = new TrayMain(this.windowMain, this.i18nService, this.storageService);
        this.messagingMain = new MessagingMain(this.windowMain, this.menuMain, this.updaterMain, this.trayMain);
        this.messagingService = new ElectronMainMessagingService(this.windowMain, (message) => {
@@ -78,11 +79,32 @@ export class Main {
            this.messagingMain.init();
            await this.updaterMain.init();
            await this.trayMain.init(this.i18nService.t('bitwardenDirectoryConnector'));
+
+            if (!app.isDefaultProtocolClient('bwdc')) {
+                app.setAsDefaultProtocolClient('bwdc');
+            }
+
+            // Process protocol for macOS
+            app.on('open-url', (event, url) => {
+                event.preventDefault();
+                this.processDeepLink([url]);
+            });
        }, (e: any) => {
            // tslint:disable-next-line
            console.error(e);
        });
    }
+
+    private processDeepLink(argv: string[]): void {
+        argv.filter((s) => s.indexOf('bwdc://') === 0).forEach((s) => {
+            const url = new URL(s);
+            const code = url.searchParams.get('code');
+            const receivedState = url.searchParams.get('state');
+            if (code != null && receivedState != null) {
+                this.messagingService.send('ssoCallback', { code: code, state: receivedState });
+            }
+        });
+    }
 }

 const main = new Main();
--- a/src/main/menu.main.ts
+++ b/src/main/menu.main.ts
@@ -48,11 +48,19 @@ export class MenuMain extends BaseMenu {
            template[template.length - 1].submenu = this.macWindowSubmenuOptions;
        }

-        (template[template.length - 1].submenu as MenuItemConstructorOptions[]).splice(1, 0, {
-            label: this.main.i18nService.t('hideToTray'),
-            click: () => this.main.messagingService.send('hideToTray'),
-            accelerator: 'CmdOrCtrl+Shift+M',
-        });
+        (template[template.length - 1].submenu as MenuItemConstructorOptions[]).splice(1, 0,
+            {
+                label: this.main.i18nService.t(process.platform === 'darwin' ? 'hideToMenuBar' : 'hideToTray'),
+                click: () => this.main.messagingService.send('hideToTray'),
+                accelerator: 'CmdOrCtrl+Shift+M',
+            },
+            {
+                type: 'checkbox',
+                label: this.main.i18nService.t('alwaysOnTop'),
+                checked: this.windowMain.win.isAlwaysOnTop(),
+                click: () => this.main.windowMain.toggleAlwaysOnTop(),
+                accelerator: 'CmdOrCtrl+Shift+T',
+            });

        this.menu = Menu.buildFromTemplate(template);
        Menu.setApplicationMenu(this.menu);
--- a/src/models/ldapConfiguration.ts
+++ b/src/models/ldapConfiguration.ts
@@ -1,7 +1,11 @@
-import { DirectoryType } from '../enums/directoryType';
-
 export class LdapConfiguration {
    ssl = false;
+    startTls = false;
+    tlsCaPath: string;
+    sslAllowUnauthorized = false;
+    sslCertPath: string;
+    sslKeyPath: string;
+    sslCaPath: string;
    hostname: string;
    port = 389;
    domain: string;
@@ -10,4 +14,5 @@ export class LdapConfiguration {
    username: string;
    password: string;
    ad = true;
+    pagedSearch = true;
 }
--- a/src/models/oneLoginConfiguration.ts
+++ b/src/models/oneLoginConfiguration.ts
@@ -0,0 +1,5 @@
+export class OneLoginConfiguration {
+    clientId: string;
+    clientSecret: string;
+    region = 'us';
+}
--- a/src/models/response/groupResponse.ts
+++ b/src/models/response/groupResponse.ts
@@ -0,0 +1,13 @@
+import { GroupEntry } from '../groupEntry';
+
+export class GroupResponse {
+    externalId: string;
+    displayName: string;
+    userIds: string[];
+
+    constructor(g: GroupEntry) {
+        this.externalId = g.externalId;
+        this.displayName = g.displayName;
+        this.userIds = Array.from(g.userMemberExternalIds);
+    }
+}
--- a/src/models/response/testResponse.ts
+++ b/src/models/response/testResponse.ts
@@ -0,0 +1,22 @@
+import { GroupResponse } from './groupResponse';
+import { UserResponse } from './userResponse';
+
+import { SimResult } from '../simResult';
+
+import { BaseResponse } from 'jslib/cli/models/response/baseResponse';
+
+export class TestResponse implements BaseResponse {
+    object: string;
+    groups: GroupResponse[] = [];
+    enabledUsers: UserResponse[] = [];
+    disabledUsers: UserResponse[] = [];
+    deletedUsers: UserResponse[] = [];
+
+    constructor(result: SimResult) {
+        this.object = 'test';
+        this.groups = result.groups != null ? result.groups.map((g) => new GroupResponse(g)) : [];
+        this.enabledUsers = result.enabledUsers != null ? result.enabledUsers.map((u) => new UserResponse(u)) : [];
+        this.disabledUsers = result.disabledUsers != null ? result.disabledUsers.map((u) => new UserResponse(u)) : [];
+        this.deletedUsers = result.deletedUsers != null ? result.deletedUsers.map((u) => new UserResponse(u)) : [];
+    }
+}
--- a/src/models/response/userResponse.ts
+++ b/src/models/response/userResponse.ts
@@ -0,0 +1,11 @@
+import { UserEntry } from '../userEntry';
+
+export class UserResponse {
+    externalId: string;
+    displayName: string;
+
+    constructor(u: UserEntry) {
+        this.externalId = u.externalId;
+        this.displayName = u.displayName;
+    }
+}
--- a/src/models/simResult.ts
+++ b/src/models/simResult.ts
@@ -0,0 +1,10 @@
+import { GroupEntry } from './groupEntry';
+import { UserEntry } from './userEntry';
+
+export class SimResult {
+    groups: GroupEntry[] = [];
+    users: UserEntry[] = [];
+    enabledUsers: UserEntry[] = [];
+    disabledUsers: UserEntry[] = [];
+    deletedUsers: UserEntry[] = [];
+}
--- a/src/models/syncConfiguration.ts
+++ b/src/models/syncConfiguration.ts
@@ -5,6 +5,7 @@ export class SyncConfiguration {
    userFilter: string;
    groupFilter: string;
    removeDisabled = false;
+    overwriteExisting = false;
    // Ldap properties
    groupObjectClass: string;
    userObjectClass: string;
--- a/src/package-lock.json
+++ b/src/package-lock.json
@@ -1,303 +0,0 @@
-{
-  "name": "bitwarden",
-  "version": "1.0.0",
-  "lockfileVersion": 1,
-  "requires": true,
-  "dependencies": {
-    "argparse": {
-      "version": "1.0.10",
-      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
-      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
-      "requires": {
-        "sprintf-js": "1.0.3"
-      }
-    },
-    "bluebird": {
-      "version": "3.5.1",
-      "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.1.tgz",
-      "integrity": "sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA=="
-    },
-    "bluebird-lst": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/bluebird-lst/-/bluebird-lst-1.0.5.tgz",
-      "integrity": "sha512-Ey0bDNys5qpYPhZ/oQ9vOEvD0TYQDTILMXWP2iGfvMg7rSDde+oV4aQQgqRH+CvBFNz2BSDQnPGMUl6LKBUUQA==",
-      "requires": {
-        "bluebird": "3.5.1"
-      }
-    },
-    "builder-util-runtime": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/builder-util-runtime/-/builder-util-runtime-4.2.0.tgz",
-      "integrity": "sha512-cROCExnJOJvRD58HHcnrrgyRAoDHGZT0hKox0op7vTuuuRC/1JKMXvSR+Hxy7KWy/aEmKu0HfSqMd4znDEqQsA==",
-      "requires": {
-        "bluebird-lst": "1.0.5",
-        "debug": "3.1.0",
-        "fs-extra-p": "4.5.2",
-        "sax": "1.2.4"
-      }
-    },
-    "conf": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/conf/-/conf-1.4.0.tgz",
-      "integrity": "sha512-bzlVWS2THbMetHqXKB8ypsXN4DQ/1qopGwNJi1eYbpwesJcd86FBjFciCQX/YwAhp9bM7NVnPFqZ5LpV7gP0Dg==",
-      "requires": {
-        "dot-prop": "4.2.0",
-        "env-paths": "1.0.0",
-        "make-dir": "1.2.0",
-        "pkg-up": "2.0.0",
-        "write-file-atomic": "2.3.0"
-      }
-    },
-    "debug": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
-      "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
-      "requires": {
-        "ms": "2.0.0"
-      }
-    },
-    "dot-prop": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz",
-      "integrity": "sha512-tUMXrxlExSW6U2EXiiKGSBVdYgtV8qlHL+C10TsW4PURY/ic+eaysnSkwB4kA/mBlCyy/IKDJ+Lc3wbWeaXtuQ==",
-      "requires": {
-        "is-obj": "1.0.1"
-      }
-    },
-    "electron-is-dev": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/electron-is-dev/-/electron-is-dev-0.3.0.tgz",
-      "integrity": "sha1-FOb9pcaOnk7L7/nM8DfL18BcWv4="
-    },
-    "electron-log": {
-      "version": "2.2.14",
-      "resolved": "https://registry.npmjs.org/electron-log/-/electron-log-2.2.14.tgz",
-      "integrity": "sha512-Rj+XyK4nShe/nv9v1Uks4KEfjtQ6N+eSnx5CLpAjG6rlyUdAflyFHoybcHSLoq9l9pGavclULWS5IXgk8umc2g=="
-    },
-    "electron-store": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/electron-store/-/electron-store-1.3.0.tgz",
-      "integrity": "sha512-r1Pdl5MwpiCxgbsl0qnwv/GABO5+J/JTO16+KyqL+bOITIk9o3cq3Sw69uO9NgPkpfcKeEwxtJFbtbiBlGTiDA==",
-      "requires": {
-        "conf": "1.4.0"
-      }
-    },
-    "electron-updater": {
-      "version": "2.21.4",
-      "resolved": "https://registry.npmjs.org/electron-updater/-/electron-updater-2.21.4.tgz",
-      "integrity": "sha512-x6QSbyxgGR3szIOBtFoCJH0TfgB55AWHaXmilNgorfvpnCdEMQEATxEzLOW0JCzzcB5y3vBrawvmMUEdXwutmA==",
-      "requires": {
-        "bluebird-lst": "1.0.5",
-        "builder-util-runtime": "4.2.0",
-        "electron-is-dev": "0.3.0",
-        "fs-extra-p": "4.5.2",
-        "js-yaml": "3.11.0",
-        "lazy-val": "1.0.3",
-        "lodash.isequal": "4.5.0",
-        "semver": "5.5.0",
-        "source-map-support": "0.5.4"
-      }
-    },
-    "env-paths": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-1.0.0.tgz",
-      "integrity": "sha1-QWgTO0K7BcOKNbGuQ5fIKYqzaeA="
-    },
-    "esprima": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.0.tgz",
-      "integrity": "sha512-oftTcaMu/EGrEIu904mWteKIv8vMuOgGYo7EhVJJN00R/EED9DCua/xxHRdYnKtcECzVg7xOWhflvJMnqcFZjw=="
-    },
-    "find-up": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
-      "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
-      "requires": {
-        "locate-path": "2.0.0"
-      }
-    },
-    "fs-extra": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-5.0.0.tgz",
-      "integrity": "sha512-66Pm4RYbjzdyeuqudYqhFiNBbCIuI9kgRqLPSHIlXHidW8NIQtVdkM1yeZ4lXwuhbTETv3EUGMNHAAw6hiundQ==",
-      "requires": {
-        "graceful-fs": "4.1.11",
-        "jsonfile": "4.0.0",
-        "universalify": "0.1.1"
-      }
-    },
-    "fs-extra-p": {
-      "version": "4.5.2",
-      "resolved": "https://registry.npmjs.org/fs-extra-p/-/fs-extra-p-4.5.2.tgz",
-      "integrity": "sha512-ZYqFpBdy9w7PsK+vB30j+TnHOyWHm/CJbUq1qqoE8tb71m6qgk5Wa7gp3MYQdlGFxb9vfznF+yD4jcl8l+y91A==",
-      "requires": {
-        "bluebird-lst": "1.0.5",
-        "fs-extra": "5.0.0"
-      }
-    },
-    "graceful-fs": {
-      "version": "4.1.11",
-      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.11.tgz",
-      "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg="
-    },
-    "imurmurhash": {
-      "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
-      "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o="
-    },
-    "is-obj": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz",
-      "integrity": "sha1-PkcprB9f3gJc19g6iW2rn09n2w8="
-    },
-    "js-yaml": {
-      "version": "3.11.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.11.0.tgz",
-      "integrity": "sha512-saJstZWv7oNeOyBh3+Dx1qWzhW0+e6/8eDzo7p5rDFqxntSztloLtuKu+Ejhtq82jsilwOIZYsCz+lIjthg1Hw==",
-      "requires": {
-        "argparse": "1.0.10",
-        "esprima": "4.0.0"
-      }
-    },
-    "jsonfile": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz",
-      "integrity": "sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=",
-      "requires": {
-        "graceful-fs": "4.1.11"
-      }
-    },
-    "keytar": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/keytar/-/keytar-4.1.0.tgz",
-      "integrity": "sha512-L3KqiSMtpVitlug4uuI+K5XLne9SAVEFWE8SCQIhQiH0IA/CTbon5v5prVLKK0Ken54o2O8V9HceKagpwJum+Q==",
-      "requires": {
-        "nan": "2.5.1"
-      }
-    },
-    "lazy-val": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/lazy-val/-/lazy-val-1.0.3.tgz",
-      "integrity": "sha512-pjCf3BYk+uv3ZcPzEVM0BFvO9Uw58TmlrU0oG5tTrr9Kcid3+kdKxapH8CjdYmVa2nO5wOoZn2rdvZx2PKj/xg=="
-    },
-    "locate-path": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-2.0.0.tgz",
-      "integrity": "sha1-K1aLJl7slExtnA3pw9u7ygNUzY4=",
-      "requires": {
-        "p-locate": "2.0.0",
-        "path-exists": "3.0.0"
-      }
-    },
-    "lodash.isequal": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
-      "integrity": "sha1-QVxEePK8wwEgwizhDtMib30+GOA="
-    },
-    "make-dir": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-1.2.0.tgz",
-      "integrity": "sha512-aNUAa4UMg/UougV25bbrU4ZaaKNjJ/3/xnvg/twpmKROPdKZPZ9wGgI0opdZzO8q/zUFawoUuixuOv33eZ61Iw==",
-      "requires": {
-        "pify": "3.0.0"
-      }
-    },
-    "ms": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
-      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
-    },
-    "nan": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.5.1.tgz",
-      "integrity": "sha1-1bAWkSUzJql6K77p5hxV2NYDUeI="
-    },
-    "p-limit": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.2.0.tgz",
-      "integrity": "sha512-Y/OtIaXtUPr4/YpMv1pCL5L5ed0rumAaAeBSj12F+bSlMdys7i8oQF/GUJmfpTS/QoaRrS/k6pma29haJpsMng==",
-      "requires": {
-        "p-try": "1.0.0"
-      }
-    },
-    "p-locate": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-2.0.0.tgz",
-      "integrity": "sha1-IKAQOyIqcMj9OcwuWAaA893l7EM=",
-      "requires": {
-        "p-limit": "1.2.0"
-      }
-    },
-    "p-try": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz",
-      "integrity": "sha1-y8ec26+P1CKOE/Yh8rGiN8GyB7M="
-    },
-    "path-exists": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz",
-      "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU="
-    },
-    "pify": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz",
-      "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY="
-    },
-    "pkg-up": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/pkg-up/-/pkg-up-2.0.0.tgz",
-      "integrity": "sha1-yBmscoBZpGHKscOImivjxJoATX8=",
-      "requires": {
-        "find-up": "2.1.0"
-      }
-    },
-    "sax": {
-      "version": "1.2.4",
-      "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
-      "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
-    },
-    "semver": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-5.5.0.tgz",
-      "integrity": "sha512-4SJ3dm0WAwWy/NVeioZh5AntkdJoWKxHxcmyP622fOkgHa4z3R0TdBJICINyaSDE6uNwVc8gZr+ZinwZAH4xIA=="
-    },
-    "signal-exit": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz",
-      "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0="
-    },
-    "source-map": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
-      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="
-    },
-    "source-map-support": {
-      "version": "0.5.4",
-      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.4.tgz",
-      "integrity": "sha512-PETSPG6BjY1AHs2t64vS2aqAgu6dMIMXJULWFBGbh2Gr8nVLbCFDo6i/RMMvviIQ2h1Z8+5gQhVKSn2je9nmdg==",
-      "requires": {
-        "source-map": "0.6.1"
-      }
-    },
-    "sprintf-js": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
-      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw="
-    },
-    "universalify": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.1.tgz",
-      "integrity": "sha1-+nG63UQ3r0wUiEHjs7Fl+enlkLc="
-    },
-    "write-file-atomic": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-2.3.0.tgz",
-      "integrity": "sha512-xuPeK4OdjWqtfi59ylvVL0Yn35SF3zgcAcv7rBPFHVaEapaDr4GdGgm3j7ckTwH9wHL7fGmgfAnb0+THrHb8tA==",
-      "requires": {
-        "graceful-fs": "4.1.11",
-        "imurmurhash": "0.1.4",
-        "signal-exit": "3.0.2"
-      }
-    }
-  }
-}
--- a/src/package.json
+++ b/src/package.json
@@ -2,19 +2,19 @@
  "name": "bitwarden-directory-connector",
  "productName": "Bitwarden Directory Connector",
  "description": "Sync your user directory to your Bitwarden organization.",
-  "version": "2.0.1",
-  "author": "8bit Solutions LLC <hello@bitwarden.com> (https://bitwarden.com)",
+  "version": "2.8.2",
+  "author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
  "homepage": "https://bitwarden.com",
  "license": "GPL-3.0",
  "main": "main.js",
  "repository": {
    "type": "git",
-    "url": "https://github.com/bitwarden/desktop"
+    "url": "https://github.com/bitwarden/directory-connector"
  },
  "dependencies": {
-    "electron-log": "2.2.14",
+    "electron-log": "2.2.17",
    "electron-store": "1.3.0",
-    "electron-updater": "2.21.4",
-    "keytar": "4.1.0"
+    "electron-updater": "4.2.0",
+    "keytar": "4.13.0"
  }
 }
--- a/src/program.ts
+++ b/src/program.ts
@@ -0,0 +1,276 @@
+import * as chk from 'chalk';
+import * as program from 'commander';
+import * as path from 'path';
+
+import { Main } from './bwdc';
+
+import { ClearCacheCommand } from './commands/clearCache.command';
+import { ConfigCommand } from './commands/config.command';
+import { LastSyncCommand } from './commands/lastSync.command';
+import { SyncCommand } from './commands/sync.command';
+import { TestCommand } from './commands/test.command';
+
+import { LoginCommand } from 'jslib/cli/commands/login.command';
+import { LogoutCommand } from 'jslib/cli/commands/logout.command';
+import { UpdateCommand } from 'jslib/cli/commands/update.command';
+
+import { BaseProgram } from 'jslib/cli/baseProgram';
+
+import { Response } from 'jslib/cli/models/response';
+import { StringResponse } from 'jslib/cli/models/response/stringResponse';
+
+const chalk = chk.default;
+const writeLn = (s: string, finalLine: boolean = false, error: boolean = false) => {
+    const stream = error ? process.stderr : process.stdout;
+    if (finalLine && process.platform === 'win32') {
+        stream.write(s);
+    } else {
+        stream.write(s + '\n');
+    }
+};
+
+export class Program extends BaseProgram {
+    constructor(private main: Main) {
+        super(main.userService, writeLn);
+    }
+
+    run() {
+        program
+            .option('--pretty', 'Format output. JSON is tabbed with two spaces.')
+            .option('--raw', 'Return raw output instead of a descriptive message.')
+            .option('--response', 'Return a JSON formatted version of response output.')
+            .option('--quiet', 'Don\'t return anything to stdout.')
+            .option('--nointeraction', 'Do not prompt for interactive user input.')
+            .version(this.main.platformUtilsService.getApplicationVersion(), '-v, --version');
+
+        program.on('option:pretty', () => {
+            process.env.BW_PRETTY = 'true';
+        });
+
+        program.on('option:raw', () => {
+            process.env.BW_RAW = 'true';
+        });
+
+        program.on('option:quiet', () => {
+            process.env.BW_QUIET = 'true';
+        });
+
+        program.on('option:response', () => {
+            process.env.BW_RESPONSE = 'true';
+        });
+
+        program.on('option:nointeraction', () => {
+            process.env.BW_NOINTERACTION = 'true';
+        });
+
+        program.on('command:*', () => {
+            writeLn(chalk.redBright('Invalid command: ' + program.args.join(' ')), false, true);
+            writeLn('See --help for a list of available commands.', true, true);
+            process.exitCode = 1;
+        });
+
+        program.on('--help', () => {
+            writeLn('\n  Examples:');
+            writeLn('');
+            writeLn('    bwdc login');
+            writeLn('    bwdc test');
+            writeLn('    bwdc sync');
+            writeLn('    bwdc last-sync');
+            writeLn('    bwdc config server https://bw.company.com');
+            writeLn('    bwdc update');
+            writeLn('', true);
+        });
+
+        program
+            .command('login [email] [password]')
+            .description('Log into a user account.')
+            .option('--method <method>', 'Two-step login method.')
+            .option('--code <code>', 'Two-step login code.')
+            .option('--sso', 'Log in with Single-Sign On.')
+            .on('--help', () => {
+                writeLn('\n  Notes:');
+                writeLn('');
+                writeLn('    See docs for valid `method` enum values.');
+                writeLn('');
+                writeLn('  Examples:');
+                writeLn('');
+                writeLn('    bw login');
+                writeLn('    bw login john@example.com myPassword321');
+                writeLn('    bw login john@example.com myPassword321 --method 1 --code 249213');
+                writeLn('    bw login --sso');
+                writeLn('', true);
+            })
+            .action(async (email: string, password: string, cmd: program.Command) => {
+                await this.exitIfAuthed();
+                const command = new LoginCommand(this.main.authService, this.main.apiService, this.main.i18nService,
+                    this.main.environmentService, this.main.passwordGenerationService, this.main.cryptoFunctionService,
+                    this.main.platformUtilsService, 'connector');
+                const response = await command.run(email, password, cmd);
+                this.processResponse(response);
+            });
+
+        program
+            .command('logout')
+            .description('Log out of the current user account.')
+            .on('--help', () => {
+                writeLn('\n  Examples:');
+                writeLn('');
+                writeLn('    bw logout');
+                writeLn('', true);
+            })
+            .action(async (cmd) => {
+                await this.exitIfNotAuthed();
+                const command = new LogoutCommand(this.main.authService, this.main.i18nService,
+                    async () => await this.main.logout());
+                const response = await command.run(cmd);
+                this.processResponse(response);
+            });
+
+        program
+            .command('test')
+            .description('Test a simulated sync.')
+            .option('-l, --last', 'Since the last successful sync.')
+            .on('--help', () => {
+                writeLn('\n  Examples:');
+                writeLn('');
+                writeLn('    bwdc test');
+                writeLn('    bwdc test --last');
+                writeLn('', true);
+            })
+            .action(async (cmd) => {
+                await this.exitIfNotAuthed();
+                const command = new TestCommand(this.main.syncService, this.main.i18nService);
+                const response = await command.run(cmd);
+                this.processResponse(response);
+            });
+
+        program
+            .command('sync')
+            .description('Sync the directory.')
+            .on('--help', () => {
+                writeLn('\n  Examples:');
+                writeLn('');
+                writeLn('    bwdc sync');
+                writeLn('', true);
+            })
+            .action(async (cmd) => {
+                await this.exitIfNotAuthed();
+                const command = new SyncCommand(this.main.syncService, this.main.i18nService);
+                const response = await command.run(cmd);
+                this.processResponse(response);
+            });
+
+        program
+            .command('last-sync <object>')
+            .description('Get the last successful sync date.')
+            .on('--help', () => {
+                writeLn('\n  Notes:');
+                writeLn('');
+                writeLn('    Returns empty response if no sync has been performed for the given object.');
+                writeLn('');
+                writeLn('  Examples:');
+                writeLn('');
+                writeLn('    bwdc last-sync groups');
+                writeLn('    bwdc last-sync users');
+                writeLn('', true);
+            })
+            .action(async (object: string, cmd: program.Command) => {
+                await this.exitIfNotAuthed();
+                const command = new LastSyncCommand(this.main.configurationService);
+                const response = await command.run(object, cmd);
+                this.processResponse(response);
+            });
+
+        program
+            .command('config <setting> <value>')
+            .description('Configure settings.')
+            .on('--help', () => {
+                writeLn('\n  Settings:');
+                writeLn('');
+                writeLn('    server - On-premise hosted installation URL.');
+                writeLn('    directory - The type of directory to use.');
+                writeLn('    ldap.password - The password for connection to this LDAP server.');
+                writeLn('    azure.key - The Azure AD secret key.');
+                writeLn('    gsuite.key - The G Suite private key.');
+                writeLn('    okta.token - The Okta token.');
+                writeLn('    onelogin.secret - The OneLogin client secret.');
+                writeLn('');
+                writeLn('  Examples:');
+                writeLn('');
+                writeLn('    bwdc config server https://bw.company.com');
+                writeLn('    bwdc config server bitwarden.com');
+                writeLn('    bwdc config directory 1');
+                writeLn('    bwdc config ldap.password <password>');
+                writeLn('    bwdc config azure.key <key>');
+                writeLn('    bwdc config gsuite.key <key>');
+                writeLn('    bwdc config okta.token <token>');
+                writeLn('    bwdc config onelogin.secret <secret>');
+                writeLn('', true);
+            })
+            .action(async (setting, value, cmd) => {
+                const command = new ConfigCommand(this.main.environmentService, this.main.i18nService,
+                    this.main.configurationService);
+                const response = await command.run(setting, value, cmd);
+                this.processResponse(response);
+            });
+
+        program
+            .command('data-file')
+            .description('Path to data.json database file.')
+            .on('--help', () => {
+                writeLn('\n  Examples:');
+                writeLn('');
+                writeLn('    bwdc data-file');
+                writeLn('', true);
+            })
+            .action(() => {
+                this.processResponse(
+                    Response.success(new StringResponse(path.join(this.main.dataFilePath, 'data.json'))));
+            });
+
+        program
+            .command('clear-cache')
+            .description('Clear the sync cache.')
+            .on('--help', () => {
+                writeLn('\n  Examples:');
+                writeLn('');
+                writeLn('    bwdc clear-cache');
+                writeLn('', true);
+            })
+            .action(async (cmd) => {
+                const command = new ClearCacheCommand(this.main.configurationService, this.main.i18nService);
+                const response = await command.run(cmd);
+                this.processResponse(response);
+            });
+
+        program
+            .command('update')
+            .description('Check for updates.')
+            .on('--help', () => {
+                writeLn('\n  Notes:');
+                writeLn('');
+                writeLn('    Returns the URL to download the newest version of this CLI tool.');
+                writeLn('');
+                writeLn('    Use the `--raw` option to return only the download URL for the update.');
+                writeLn('');
+                writeLn('  Examples:');
+                writeLn('');
+                writeLn('    bwdc update');
+                writeLn('    bwdc update --raw');
+                writeLn('', true);
+            })
+            .action(async (cmd) => {
+                const command = new UpdateCommand(this.main.platformUtilsService, this.main.i18nService,
+                    'directory-connector', 'bwdc', false);
+                const response = await command.run(cmd);
+                this.processResponse(response);
+            });
+
+        program
+            .parse(process.argv);
+
+        if (process.argv.slice(2).length === 0) {
+            program.outputHelp();
+        }
+    }
+}
--- a/src/scss/bootstrap.scss
+++ b/src/scss/bootstrap.scss
@@ -1,4 +1,4 @@
-$theme-colors: ( "primary": #3c8dbc, "primary-accent": #286090, "danger": #dd4b39, "success": #00a65a, "info": #555555, "warning": #bf7e16);
+$theme-colors: ( "primary": #175DDC, "primary-accent": #1252A3, "danger": #dd4b39, "success": #00a65a, "info": #555555, "warning": #bf7e16, "secondary": #ced4da, "secondary-alt": #1A3B66);
 $font-family-sans-serif: 'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';

 $h1-font-size: 2rem;
@@ -8,4 +8,13 @@ $h4-font-size: 1rem;
 $h5-font-size: 1rem;
 $h6-font-size: 1rem;

+$primary: map_get($theme-colors, 'primary'); 
+$primary-accent: map_get($theme-colors, 'primary-accent'); 
+$success: map_get($theme-colors, 'success'); 
+$info: map_get($theme-colors, 'info'); 
+$warning: map_get($theme-colors, 'warning'); 
+$danger: map_get($theme-colors, 'danger'); 
+$secondary: map_get($theme-colors, 'secondary'); 
+$secondary-alt: map_get($theme-colors, 'secondary-alt'); 
+
@import "~bootstrap/scss/bootstrap.scss";
--- a/src/scss/misc.scss
+++ b/src/scss/misc.scss
@@ -53,3 +53,68 @@ ul.testing-list {
        text-decoration: line-through;
    }
 }
+
+.callout {
+    padding: 10px;
+    margin-bottom: 10px;
+    border: 1px solid #000000;
+    border-left-width: 5px;
+    border-radius: 3px;
+    border-color: #ddd;
+    background-color: white;
+
+    .callout-heading {
+        margin-top: 0;
+    }
+
+    h3.callout-heading {
+        font-weight: bold;
+        text-transform: uppercase;
+    }
+
+    &.callout-primary {
+        border-left-color: $primary;
+
+        .callout-heading {
+            color: $primary;
+        }
+    }
+
+    &.callout-info {
+        border-left-color: $info;
+
+        .callout-heading {
+            color: $info; 
+        }
+    }
+
+    &.callout-danger {
+        border-left-color: $danger;
+
+        .callout-heading {
+            color: $danger;
+        }
+    }
+
+    &.callout-success {
+        border-left-color: $success;
+
+        .callout-heading {
+            color: $success;
+        }
+    }
+
+    &.callout-warning {
+        border-left-color: $warning;
+
+        .callout-heading {
+            color: $warning;
+        }
+    }
+
+    ul {
+        padding-left: 40px;
+        margin: 0;
+    }
+}
+
--- a/src/scss/plugins.scss
+++ b/src/scss/plugins.scss
@@ -35,6 +35,16 @@ $fa-font-path: "~font-awesome/fonts";
            display: none;
        }

+        .toast-message {
+            p {
+                margin-bottom: 0.5rem;
+
+                &:last-child {
+                    margin-bottom: 0;
+                }
+            }
+        }
+
        &.toast-danger, &.toast-error {
            background-image: none !important;
            background-color: $danger;
--- a/src/scss/styles.scss
+++ b/src/scss/styles.scss
@@ -1,4 +1,5 @@
-@import "bootstrap.scss";
+@import "../css/webfonts.css";
+@import "bootstrap.scss";
@import "pages.scss";
@import "misc.scss";
@import "plugins.scss";
--- a/src/services/azure-directory.service.ts
+++ b/src/services/azure-directory.service.ts
@@ -20,6 +20,14 @@ import { LogService } from 'jslib/abstractions/log.service';
 const NextLink = '@odata.nextLink';
 const DeltaLink = '@odata.deltaLink';
 const ObjectType = '@odata.type';
+const UserSelectParams = '?$select=id,mail,userPrincipalName,displayName,accountEnabled';
+
+enum UserSetType {
+    IncludeUser,
+    ExcludeUser,
+    IncludeGroup,
+    ExcludeGroup,
+}

 export class AzureDirectoryService extends BaseDirectoryService implements DirectoryService {
    private client: graph.Client;
@@ -53,20 +61,62 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc

        let users: UserEntry[];
        if (this.syncConfig.users) {
-            users = await this.getUsers(force, !test);
+            users = await this.getCurrentUsers();
+            const deletedUsers = await this.getDeletedUsers(force, !test);
+            users = users.concat(deletedUsers);
        }

        let groups: GroupEntry[];
        if (this.syncConfig.groups) {
            const setFilter = this.createCustomSet(this.syncConfig.groupFilter);
-            groups = await this.getGroups(this.forceGroup(force, users), !test, setFilter);
-            users = this.filterUsersFromGroupsSet(users, groups, setFilter);
+            groups = await this.getGroups(setFilter);
+            users = this.filterUsersFromGroupsSet(users, groups, setFilter, this.syncConfig);
        }

        return [groups, users];
    }

-    private async getUsers(force: boolean, saveDelta: boolean): Promise<UserEntry[]> {
+    private async getCurrentUsers(): Promise<UserEntry[]> {
+        const entryIds = new Set<string>();
+        const entries: UserEntry[] = [];
+        const userReq = this.client.api('/users' + UserSelectParams);
+        let res = await userReq.get();
+        const setFilter = this.createCustomUserSet(this.syncConfig.userFilter);
+        while (true) {
+            const users: graphType.User[] = res.value;
+            if (users != null) {
+                for (const user of users) {
+                    if (user.id == null || entryIds.has(user.id)) {
+                        continue;
+                    }
+                    const entry = this.buildUser(user);
+                    if (await this.filterOutUserResult(setFilter, entry)) {
+                        continue;
+                    }
+
+                    if (!entry.disabled && !entry.deleted &&
+                        (entry.email == null || entry.email.indexOf('#') > -1)) {
+                        continue;
+                    }
+
+                    entries.push(entry);
+                    entryIds.add(user.id);
+                }
+            }
+
+            if (res[NextLink] == null) {
+                break;
+            } else {
+                const nextReq = this.client.api(res[NextLink]);
+                res = await nextReq.get();
+            }
+        }
+
+        return entries;
+    }
+
+    private async getDeletedUsers(force: boolean, saveDelta: boolean): Promise<UserEntry[]> {
+        const entryIds = new Set<string>();
        const entries: UserEntry[] = [];

        let res: any = null;
@@ -81,26 +131,28 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc
        }

        if (res == null) {
-            const userReq = this.client.api('/users/delta');
+            const userReq = this.client.api('/users/delta' + UserSelectParams);
            res = await userReq.get();
        }

-        const setFilter = this.createCustomSet(this.syncConfig.userFilter);
+        const setFilter = this.createCustomUserSet(this.syncConfig.userFilter);
        while (true) {
            const users: graphType.User[] = res.value;
            if (users != null) {
                for (const user of users) {
-                    const entry = this.buildUser(user);
-                    if (this.filterOutResult(setFilter, entry.email)) {
+                    if (user.id == null || entryIds.has(user.id)) {
                        continue;
                    }
-
-                    if (!entry.disabled && !entry.deleted &&
-                        (entry.email == null || entry.email.indexOf('#') > -1)) {
+                    const entry = this.buildUser(user);
+                    if (!entry.disabled && !entry.deleted) {
+                        continue;
+                    }
+                    if (await this.filterOutUserResult(setFilter, entry)) {
                        continue;
                    }

                    entries.push(entry);
+                    entryIds.add(user.id);
                }
            }

@@ -118,11 +170,93 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc
        return entries;
    }

+    private createCustomUserSet(filter: string): [UserSetType, Set<string>] {
+        if (filter == null || filter === '') {
+            return null;
+        }
+
+        const mainParts = filter.split('|');
+        if (mainParts.length < 1 || mainParts[0] == null || mainParts[0].trim() === '') {
+            return null;
+        }
+
+        const parts = mainParts[0].split(':');
+        if (parts.length !== 2) {
+            return null;
+        }
+
+        const keyword = parts[0].trim().toLowerCase();
+        let userSetType = UserSetType.IncludeUser;
+        if (keyword === 'include') {
+            userSetType = UserSetType.IncludeUser;
+        } else if (keyword === 'exclude') {
+            userSetType = UserSetType.ExcludeUser;
+        } else if (keyword === 'includegroup') {
+            userSetType = UserSetType.IncludeGroup;
+        } else if (keyword === 'excludegroup') {
+            userSetType = UserSetType.ExcludeGroup;
+        } else {
+            return null;
+        }
+
+        const set = new Set<string>();
+        const pieces = parts[1].split(',');
+        for (const p of pieces) {
+            set.add(p.trim().toLowerCase());
+        }
+
+        return [userSetType, set];
+    }
+
+    private async filterOutUserResult(setFilter: [UserSetType, Set<string>], user: UserEntry): Promise<boolean> {
+        if (setFilter == null) {
+            return false;
+        }
+
+        let userSetTypeExclude = null;
+        if (setFilter[0] === UserSetType.IncludeUser) {
+            userSetTypeExclude = false;
+        } else if (setFilter[0] === UserSetType.ExcludeUser) {
+            userSetTypeExclude = true;
+        }
+
+        if (userSetTypeExclude != null) {
+            return this.filterOutResult([userSetTypeExclude, setFilter[1]], user.email);
+        }
+
+        try {
+            const memberGroups = await this.client.api(`/users/${user.externalId}/checkMemberGroups`).post({
+                groupIds: Array.from(setFilter[1]),
+            });
+            if (memberGroups.value.length > 0 && setFilter[0] === UserSetType.IncludeGroup) {
+                return false;
+            } else if (memberGroups.value.length > 0 && setFilter[0] === UserSetType.ExcludeGroup) {
+                return true;
+            } else if (memberGroups.value.length === 0 && setFilter[0] === UserSetType.IncludeGroup) {
+                return true;
+            } else if (memberGroups.value.length === 0 && setFilter[0] === UserSetType.ExcludeGroup) {
+                return false;
+            }
+        } catch { }
+
+        return false;
+    }
+
    private buildUser(user: graphType.User): UserEntry {
        const entry = new UserEntry();
        entry.referenceId = user.id;
        entry.externalId = user.id;
-        entry.email = user.mail || user.userPrincipalName;
+        entry.email = user.mail;
+
+        if (user.userPrincipalName && (entry.email == null || entry.email === '' ||
+            entry.email.indexOf('onmicrosoft.com') > -1)) {
+            entry.email = user.userPrincipalName;
+        }
+
+        if (entry.email != null) {
+            entry.email = entry.email.trim().toLowerCase();
+        }
+
        entry.disabled = user.accountEnabled == null ? false : !user.accountEnabled;

        if ((user as any)['@removed'] != null && (user as any)['@removed'].reason === 'changed') {
@@ -132,77 +266,25 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc
        return entry;
    }

-    private async getGroups(force: boolean, saveDelta: boolean,
-        setFilter: [boolean, Set<string>]): Promise<GroupEntry[]> {
+    private async getGroups(setFilter: [boolean, Set<string>]): Promise<GroupEntry[]> {
+        const entryIds = new Set<string>();
        const entries: GroupEntry[] = [];
-        const changedGroupIds: string[] = [];
-        const token = await this.configurationService.getGroupDeltaToken();
-        const getFullResults = token == null || force;
-        let res: any = null;
-        let errored = false;
-
-        try {
-            if (!getFullResults) {
-                try {
-                    const deltaReq = this.client.api(token);
-                    res = await deltaReq.get();
-                } catch {
-                    res = null;
-                }
-            }
-
-            if (res == null) {
-                const groupReq = this.client.api('/groups/delta');
-                res = await groupReq.get();
-            }
-
-            while (true) {
-                const groups: graphType.Group[] = res.value;
-                if (groups != null) {
-                    for (const group of groups) {
-                        if (getFullResults) {
-                            if (this.filterOutResult(setFilter, group.displayName)) {
-                                continue;
-                            }
-
-                            const entry = await this.buildGroup(group);
-                            entries.push(entry);
-                        } else {
-                            changedGroupIds.push(group.id);
-                        }
-                    }
-                }
-
-                if (res[NextLink] == null) {
-                    if (res[DeltaLink] != null && saveDelta) {
-                        await this.configurationService.saveGroupDeltaToken(res[DeltaLink]);
-                    }
-                    break;
-                } else {
-                    const nextReq = this.client.api(res[NextLink]);
-                    res = await nextReq.get();
-                }
-            }
-        } catch {
-            errored = true;
-        }
-
-        if (!errored && (getFullResults || changedGroupIds.length === 0)) {
-            return entries;
-        }
-
-        const allGroupsReq = this.client.api('/groups');
-        res = await allGroupsReq.get();
+        const groupsReq = this.client.api('/groups');
+        let res = await groupsReq.get();
        while (true) {
-            const allGroups: graphType.Group[] = res.value;
-            if (allGroups != null) {
-                for (const group of allGroups) {
+            const groups: graphType.Group[] = res.value;
+            if (groups != null) {
+                for (const group of groups) {
+                    if (group.id == null || entryIds.has(group.id)) {
+                        continue;
+                    }
                    if (this.filterOutResult(setFilter, group.displayName)) {
                        continue;
                    }

                    const entry = await this.buildGroup(group);
                    entries.push(entry);
+                    entryIds.add(group.id);
                }
            }

@@ -224,16 +306,24 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc
        entry.name = group.displayName;

        const memReq = this.client.api('/groups/' + group.id + '/members');
-        const memRes = await memReq.get();
-        const members: any = memRes.value;
-        if (members != null) {
-            for (const member of members) {
-                if (member[ObjectType] === '#microsoft.graph.group') {
-                    entry.groupMemberReferenceIds.add((member as graphType.Group).id);
-                } else if (member[ObjectType] === '#microsoft.graph.user') {
-                    entry.userMemberExternalIds.add((member as graphType.User).id);
+        let memRes = await memReq.get();
+        while (true) {
+            const members: any = memRes.value;
+            if (members != null) {
+                for (const member of members) {
+                    if (member[ObjectType] === '#microsoft.graph.group') {
+                        entry.groupMemberReferenceIds.add((member as graphType.Group).id);
+                    } else if (member[ObjectType] === '#microsoft.graph.user') {
+                        entry.userMemberExternalIds.add((member as graphType.User).id);
+                    }
                }
            }
+            if (memRes[NextLink] == null) {
+                break;
+            } else {
+                const nextMemReq = this.client.api(memRes[NextLink]);
+                memRes = await nextMemReq.get();
+            }
        }

        return entry;
--- a/src/services/baseDirectory.service.ts
+++ b/src/services/baseDirectory.service.ts
@@ -1,3 +1,5 @@
+import { SyncConfiguration } from '../models/syncConfiguration';
+
 import { GroupEntry } from '../models/groupEntry';
 import { UserEntry } from '../models/userEntry';

@@ -51,13 +53,13 @@ export abstract class BaseDirectoryService {

    protected filterOutResult(setFilter: [boolean, Set<string>], result: string) {
        if (setFilter != null) {
-            result = result.trim().toLowerCase();
+            const cleanResult = result != null ? result.trim().toLowerCase() : '--';
            const excluded = setFilter[0];
            const set = setFilter[1];

-            if (excluded && set.has(result)) {
+            if (excluded && set.has(cleanResult)) {
                return true;
-            } else if (!excluded && !set.has(result)) {
+            } else if (!excluded && !set.has(cleanResult)) {
                return true;
            }
        }
@@ -66,13 +68,16 @@ export abstract class BaseDirectoryService {
    }

    protected filterUsersFromGroupsSet(users: UserEntry[], groups: GroupEntry[],
-        setFilter: [boolean, Set<string>]): UserEntry[] {
+        setFilter: [boolean, Set<string>], syncConfig: SyncConfiguration): UserEntry[] {
        if (setFilter == null || users == null) {
            return users;
        }

        return users.filter((u) => {
-            if (u.disabled || u.deleted) {
+            if (u.deleted) {
+                return true;
+            }
+            if (u.disabled && syncConfig.removeDisabled) {
                return true;
            }

--- a/src/services/configuration.service.ts
+++ b/src/services/configuration.service.ts
@@ -5,6 +5,7 @@ import { AzureConfiguration } from '../models/azureConfiguration';
 import { GSuiteConfiguration } from '../models/gsuiteConfiguration';
 import { LdapConfiguration } from '../models/ldapConfiguration';
 import { OktaConfiguration } from '../models/oktaConfiguration';
+import { OneLoginConfiguration } from '../models/oneLoginConfiguration';
 import { SyncConfiguration } from '../models/syncConfiguration';

 const StoredSecurely = '[STORED SECURELY]';
@@ -13,6 +14,7 @@ const Keys = {
    gsuite: 'gsuitePrivateKey',
    azure: 'azureKey',
    okta: 'oktaToken',
+    oneLogin: 'oneLoginClientSecret',
    directoryConfigPrefix: 'directoryConfig_',
    sync: 'syncConfig',
    directoryType: 'directoryType',
@@ -25,7 +27,8 @@ const Keys = {
 };

 export class ConfigurationService {
-    constructor(private storageService: StorageService, private secureStorageService: StorageService) { }
+    constructor(private storageService: StorageService, private secureStorageService: StorageService,
+        private useSecureStorageForSecrets = true) { }

    async getDirectory<T>(type: DirectoryType): Promise<T> {
        const config = await this.storageService.get<T>(Keys.directoryConfigPrefix + type);
@@ -33,61 +36,77 @@ export class ConfigurationService {
            return config;
        }

-        switch (type) {
-            case DirectoryType.Ldap:
-                (config as any).password = await this.secureStorageService.get<string>(Keys.ldap);
-                break;
-            case DirectoryType.AzureActiveDirectory:
-                (config as any).key = await this.secureStorageService.get<string>(Keys.azure);
-                break;
-            case DirectoryType.Okta:
-                (config as any).token = await this.secureStorageService.get<string>(Keys.okta);
-                break;
-            case DirectoryType.GSuite:
-                (config as any).privateKey = await this.secureStorageService.get<string>(Keys.gsuite);
-                break;
+        if (this.useSecureStorageForSecrets) {
+            switch (type) {
+                case DirectoryType.Ldap:
+                    (config as any).password = await this.secureStorageService.get<string>(Keys.ldap);
+                    break;
+                case DirectoryType.AzureActiveDirectory:
+                    (config as any).key = await this.secureStorageService.get<string>(Keys.azure);
+                    break;
+                case DirectoryType.Okta:
+                    (config as any).token = await this.secureStorageService.get<string>(Keys.okta);
+                    break;
+                case DirectoryType.GSuite:
+                    (config as any).privateKey = await this.secureStorageService.get<string>(Keys.gsuite);
+                    break;
+                case DirectoryType.OneLogin:
+                    (config as any).clientSecret = await this.secureStorageService.get<string>(Keys.oneLogin);
+                    break;
+            }
        }
        return config;
    }

    async saveDirectory(type: DirectoryType,
-        config: LdapConfiguration | GSuiteConfiguration | AzureConfiguration | OktaConfiguration): Promise<any> {
+        config: LdapConfiguration | GSuiteConfiguration | AzureConfiguration | OktaConfiguration |
+            OneLoginConfiguration): Promise<any> {
        const savedConfig: any = Object.assign({}, config);
-        switch (type) {
-            case DirectoryType.Ldap:
-                if (savedConfig.password == null) {
-                    await this.secureStorageService.remove(Keys.ldap);
-                } else {
-                    await this.secureStorageService.save(Keys.ldap, savedConfig.password);
-                    savedConfig.password = StoredSecurely;
-                }
-                break;
-            case DirectoryType.AzureActiveDirectory:
-                if (savedConfig.key == null) {
-                    await this.secureStorageService.remove(Keys.azure);
-                } else {
-                    await this.secureStorageService.save(Keys.azure, savedConfig.key);
-                    savedConfig.key = StoredSecurely;
-                }
-                break;
-            case DirectoryType.Okta:
-                if (savedConfig.token == null) {
-                    await this.secureStorageService.remove(Keys.okta);
-                } else {
-                    await this.secureStorageService.save(Keys.okta, savedConfig.token);
-                    savedConfig.token = StoredSecurely;
-                }
-                break;
-            case DirectoryType.GSuite:
-                if (savedConfig.privateKey == null) {
-                    await this.secureStorageService.remove(Keys.gsuite);
-                } else {
-                    (config as GSuiteConfiguration).privateKey = savedConfig.privateKey =
-                        savedConfig.privateKey.replace(/\\n/g, '\n');
-                    await this.secureStorageService.save(Keys.gsuite, savedConfig.privateKey);
-                    savedConfig.privateKey = StoredSecurely;
-                }
-                break;
+        if (this.useSecureStorageForSecrets) {
+            switch (type) {
+                case DirectoryType.Ldap:
+                    if (savedConfig.password == null) {
+                        await this.secureStorageService.remove(Keys.ldap);
+                    } else {
+                        await this.secureStorageService.save(Keys.ldap, savedConfig.password);
+                        savedConfig.password = StoredSecurely;
+                    }
+                    break;
+                case DirectoryType.AzureActiveDirectory:
+                    if (savedConfig.key == null) {
+                        await this.secureStorageService.remove(Keys.azure);
+                    } else {
+                        await this.secureStorageService.save(Keys.azure, savedConfig.key);
+                        savedConfig.key = StoredSecurely;
+                    }
+                    break;
+                case DirectoryType.Okta:
+                    if (savedConfig.token == null) {
+                        await this.secureStorageService.remove(Keys.okta);
+                    } else {
+                        await this.secureStorageService.save(Keys.okta, savedConfig.token);
+                        savedConfig.token = StoredSecurely;
+                    }
+                    break;
+                case DirectoryType.GSuite:
+                    if (savedConfig.privateKey == null) {
+                        await this.secureStorageService.remove(Keys.gsuite);
+                    } else {
+                        (config as GSuiteConfiguration).privateKey = savedConfig.privateKey =
+                            savedConfig.privateKey.replace(/\\n/g, '\n');
+                        await this.secureStorageService.save(Keys.gsuite, savedConfig.privateKey);
+                        savedConfig.privateKey = StoredSecurely;
+                    }
+                    break;
+                case DirectoryType.OneLogin:
+                    if (savedConfig.clientSecret == null) {
+                        await this.secureStorageService.remove(Keys.oneLogin);
+                    } else {
+                        await this.secureStorageService.save(Keys.oneLogin, savedConfig.clientSecret);
+                        savedConfig.clientSecret = StoredSecurely;
+                    }
+                    break;
+            }
        }
        await this.storageService.save(Keys.directoryConfigPrefix + type, savedConfig);
    }
--- a/src/services/gsuite-directory.service.ts
+++ b/src/services/gsuite-directory.service.ts
@@ -1,13 +1,8 @@
 import { JWT } from 'google-auth-library';
 import {
+    admin_directory_v1,
    google,
-    GoogleApis,
 } from 'googleapis';
-import {
-    Admin,
-    Schema$Group,
-    Schema$User,
-} from 'googleapis/build/src/apis/admin/directory_v1';

 import { DirectoryType } from '../enums/directoryType';

@@ -25,7 +20,7 @@ import { LogService } from 'jslib/abstractions/log.service';

 export class GSuiteDirectoryService extends BaseDirectoryService implements DirectoryService {
    private client: JWT;
-    private service: Admin;
+    private service: admin_directory_v1.Admin;
    private authParams: any;
    private dirConfig: GSuiteConfiguration;
    private syncConfig: SyncConfiguration;
@@ -33,7 +28,7 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements Dire
    constructor(private configurationService: ConfigurationService, private logService: LogService,
        private i18nService: I18nService) {
        super();
-        this.service = google.admin<Admin>('directory_v1');
+        this.service = google.admin('directory_v1');
    }

    async getEntries(force: boolean, test: boolean): Promise<[GroupEntry[], UserEntry[]]> {
@@ -54,7 +49,7 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements Dire

        await this.auth();

-        let users: UserEntry[];
+        let users: UserEntry[] = [];
        if (this.syncConfig.users) {
            users = await this.getUsers();
        }
@@ -62,8 +57,8 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements Dire
        let groups: GroupEntry[];
        if (this.syncConfig.groups) {
            const setFilter = this.createCustomSet(this.syncConfig.groupFilter);
-            groups = await this.getGroups(setFilter);
-            users = this.filterUsersFromGroupsSet(users, groups, setFilter);
+            groups = await this.getGroups(setFilter, users);
+            users = this.filterUsersFromGroupsSet(users, groups, setFilter, this.syncConfig);
        }

        return [groups, users];
@@ -72,52 +67,66 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements Dire
    private async getUsers(): Promise<UserEntry[]> {
        const entries: UserEntry[] = [];
        const query = this.createDirectoryQuery(this.syncConfig.userFilter);
-
-        this.logService.info('Querying users.');
-        let p = Object.assign({ query: query }, this.authParams);
-        const res = await this.service.users.list(p);
-        if (res.status !== 200) {
-            throw new Error('User list API failed: ' + res.statusText);
-        }
+        let nextPageToken: string = null;

        const filter = this.createCustomSet(this.syncConfig.userFilter);
-        if (res.data.users != null) {
-            for (const user of res.data.users) {
-                if (this.filterOutResult(filter, user.primaryEmail)) {
-                    continue;
-                }
+        while (true) {
+            this.logService.info('Querying users - nextPageToken:' + nextPageToken);
+            const p = Object.assign({ query: query, pageToken: nextPageToken }, this.authParams);
+            const res = await this.service.users.list(p);
+            if (res.status !== 200) {
+                throw new Error('User list API failed: ' + res.statusText);
+            }

-                const entry = this.buildUser(user, false);
-                if (entry != null) {
-                    entries.push(entry);
+            nextPageToken = res.data.nextPageToken;
+            if (res.data.users != null) {
+                for (const user of res.data.users) {
+                    if (this.filterOutResult(filter, user.primaryEmail)) {
+                        continue;
+                    }
+                    const entry = this.buildUser(user, false);
+                    if (entry != null) {
+                        entries.push(entry);
+                    }
                }
            }
+
+            if (nextPageToken == null) {
+                break;
+            }
        }

-        this.logService.info('Querying deleted users.');
-        p = Object.assign({ showDeleted: true, query: query }, this.authParams);
-        const delRes = await this.service.users.list(p);
-        if (delRes.status !== 200) {
-            throw new Error('Deleted user list API failed: ' + delRes.statusText);
-        }
+        nextPageToken = null;
+        while (true) {
+            this.logService.info('Querying deleted users - nextPageToken:' + nextPageToken);
+            const p = Object.assign({ showDeleted: true, query: query, pageToken: nextPageToken }, this.authParams);
+            const delRes = await this.service.users.list(p);
+            if (delRes.status !== 200) {
+                throw new Error('Deleted user list API failed: ' + delRes.statusText);
+            }

-        if (delRes.data.users != null) {
-            for (const user of delRes.data.users) {
-                if (this.filterOutResult(filter, user.primaryEmail)) {
-                    continue;
+            nextPageToken = delRes.data.nextPageToken;
+            if (delRes.data.users != null) {
+                for (const user of delRes.data.users) {
+                    if (this.filterOutResult(filter, user.primaryEmail)) {
+                        continue;
+                    }
+                    const entry = this.buildUser(user, true);
+                    if (entry != null) {
+                        entries.push(entry);
+                    }
                }
+            }

-                const entry = this.buildUser(user, true);
-                if (entry != null) {
-                    entries.push(entry);
-                }
+            if (nextPageToken == null) {
+                break;
            }
        }

        return entries;
    }

-    private buildUser(user: Schema$User, deleted: boolean) {
+    private buildUser(user: admin_directory_v1.Schema$User, deleted: boolean) {
        if ((user.emails == null || user.emails === '') && !deleted) {
            return null;
        }
@@ -125,59 +134,82 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements Dire
        const entry = new UserEntry();
        entry.referenceId = user.id;
        entry.externalId = user.id;
-        entry.email = user.primaryEmail;
+        entry.email = user.primaryEmail != null ? user.primaryEmail.trim().toLowerCase() : null;
        entry.disabled = user.suspended || false;
        entry.deleted = deleted;
        return entry;
    }

-    private async getGroups(setFilter: [boolean, Set<string>]): Promise<GroupEntry[]> {
+    private async getGroups(setFilter: [boolean, Set<string>], users: UserEntry[]): Promise<GroupEntry[]> {
        const entries: GroupEntry[] = [];
+        let nextPageToken: string = null;

-        this.logService.info('Querying groups.');
-        const res = await this.service.groups.list(this.authParams);
-        if (res.status !== 200) {
-            throw new Error('Group list API failed: ' + res.statusText);
-        }
-        if (res.data.groups != null) {
-            for (const group of res.data.groups) {
-                if (!this.filterOutResult(setFilter, group.name)) {
-                    const entry = await this.buildGroup(group);
-                    entries.push(entry);
+        while (true) {
+            this.logService.info('Querying groups - nextPageToken:' + nextPageToken);
+            const p = Object.assign({ pageToken: nextPageToken }, this.authParams);
+            const res = await this.service.groups.list(p);
+            if (res.status !== 200) {
+                throw new Error('Group list API failed: ' + res.statusText);
+            }
+
+            nextPageToken = res.data.nextPageToken;
+            if (res.data.groups != null) {
+                for (const group of res.data.groups) {
+                    if (!this.filterOutResult(setFilter, group.name)) {
+                        const entry = await this.buildGroup(group, users);
+                        entries.push(entry);
+                    }
                }
            }
+
+            if (nextPageToken == null) {
+                break;
+            }
        }

        return entries;
    }

-    private async buildGroup(group: Schema$Group) {
+    private async buildGroup(group: admin_directory_v1.Schema$Group, users: UserEntry[]) {
+        let nextPageToken: string = null;
+
        const entry = new GroupEntry();
        entry.referenceId = group.id;
        entry.externalId = group.id;
        entry.name = group.name;

-        const p = Object.assign({ groupKey: group.id }, this.authParams);
-        const memRes = await this.service.members.list(p);
-        if (memRes.status !== 200) {
-            this.logService.warning('Group member list API failed: ' + memRes.statusText);
-            return entry;
-        }
+        while (true) {
+            const p = Object.assign({ groupKey: group.id, pageToken: nextPageToken }, this.authParams);
+            const memRes = await this.service.members.list(p);
+            if (memRes.status !== 200) {
+                this.logService.warning('Group member list API failed: ' + memRes.statusText);
+                return entry;
+            }

-        if (memRes.data.members != null) {
-            for (const member of memRes.data.members) {
-                if (member.role.toLowerCase() !== 'member') {
-                    continue;
-                }
-                if (member.status.toLowerCase() !== 'active') {
-                    continue;
+            nextPageToken = memRes.data.nextPageToken;
+            if (memRes.data.members != null) {
+                for (const member of memRes.data.members) {
+                    if (member.type == null) {
+                        continue;
+                    }
+                    const type = member.type.toLowerCase();
+                    if (type === 'user') {
+                        if (member.status == null || member.status.toLowerCase() !== 'active') {
+                            continue;
+                        }
+                        entry.userMemberExternalIds.add(member.id);
+                    } else if (type === 'group') {
+                        entry.groupMemberReferenceIds.add(member.id);
+                    } else if (type === 'customer') {
+                        for (const user of users) {
+                            entry.userMemberExternalIds.add(user.externalId);
+                        }
+                    }
                }
+            }

-                if (member.type.toLowerCase() === 'user') {
-                    entry.userMemberExternalIds.add(member.id);
-                } else if (member.type.toLowerCase() === 'group') {
-                    entry.groupMemberReferenceIds.add(member.id);
-                }
+            if (nextPageToken == null) {
+                break;
            }
        }

@@ -192,7 +224,7 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements Dire

        this.client = new google.auth.JWT({
            email: this.dirConfig.clientEmail,
-            key: this.dirConfig.privateKey,
+            key: this.dirConfig.privateKey != null ? this.dirConfig.privateKey.trimLeft() : null,
            subject: this.dirConfig.adminUser,
            scopes: [
                'https://www.googleapis.com/auth/admin.directory.user.readonly',
@@ -205,9 +237,11 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements Dire

        this.authParams = {
            auth: this.client,
-            domain: this.dirConfig.domain,
        };
-        if (this.dirConfig.customer != null) {
+        if (this.dirConfig.domain != null && this.dirConfig.domain.trim() !== '') {
+            this.authParams.domain = this.dirConfig.domain;
+        }
+        if (this.dirConfig.customer != null && this.dirConfig.customer.trim() !== '') {
            this.authParams.customer = this.dirConfig.customer;
        }
    }
--- a/src/services/keytarSecureStorage.service.ts
+++ b/src/services/keytarSecureStorage.service.ts
@@ -0,0 +1,25 @@
+import {
+    deletePassword,
+    getPassword,
+    setPassword,
+} from 'keytar';
+
+import { StorageService } from 'jslib/abstractions/storage.service';
+
+export class KeytarSecureStorageService implements StorageService {
+    constructor(private serviceName: string) { }
+
+    get<T>(key: string): Promise<T> {
+        return getPassword(this.serviceName, key).then((val) => {
+            return JSON.parse(val) as T;
+        });
+    }
+
+    save(key: string, obj: any): Promise<any> {
+        return setPassword(this.serviceName, key, JSON.stringify(obj));
+    }
+
+    remove(key: string): Promise<any> {
+        return deletePassword(this.serviceName, key);
+    }
+}
--- a/src/services/ldap-directory.service.ts
+++ b/src/services/ldap-directory.service.ts
@@ -1,3 +1,4 @@
+import * as fs from 'fs';
 import * as ldap from 'ldapjs';

 import { DirectoryType } from '../enums/directoryType';
@@ -108,10 +109,14 @@ export class LdapDirectoryService implements DirectoryService {
            this.syncConfig.emailPrefixAttribute != null && this.syncConfig.emailSuffix != null) {
            const prefixAttr = this.getAttr(searchEntry, this.syncConfig.emailPrefixAttribute);
            if (prefixAttr != null) {
-                user.email = (prefixAttr + this.syncConfig.emailSuffix).toLowerCase();
+                user.email = prefixAttr + this.syncConfig.emailSuffix;
            }
        }

+        if (user.email != null) {
+            user.email = user.email.trim().toLowerCase();
+        }
+
        if (!user.deleted && (user.email == null || user.email.trim() === '')) {
            return null;
        }
@@ -226,6 +231,9 @@ export class LdapDirectoryService implements DirectoryService {
    }

    private makeSearchPath(pathPrefix: string) {
+        if (this.dirConfig.rootPath.toLowerCase().indexOf('dc=') === -1) {
+            return pathPrefix;
+        }
        if (this.dirConfig.rootPath != null && this.dirConfig.rootPath.trim() !== '') {
            const trimmedRootPath = this.dirConfig.rootPath.trim().toLowerCase();
            let path = trimmedRootPath.substr(trimmedRootPath.indexOf('dc='));
@@ -285,7 +293,7 @@ export class LdapDirectoryService implements DirectoryService {
        const options: ldap.SearchOptions = {
            filter: filter,
            scope: 'sub',
-            paged: true,
+            paged: this.dirConfig.pagedSearch,
        };
        const entries: T[] = [];
        return new Promise<T[]>((resolve, reject) => {
@@ -319,13 +327,44 @@ export class LdapDirectoryService implements DirectoryService {
                reject(this.i18nService.t('dirConfigIncomplete'));
                return;
            }
-
-            const url = 'ldap' + (this.dirConfig.ssl ? 's' : '') + '://' + this.dirConfig.hostname +
+            const protocol = 'ldap' + (this.dirConfig.ssl && !this.dirConfig.startTls ? 's' : '');
+            const url = protocol + '://' + this.dirConfig.hostname +
                ':' + this.dirConfig.port;
+            const options: ldap.ClientOptions = {
+                url: url.trim().toLowerCase(),
+            };

-            this.client = ldap.createClient({
-                url: url.toLowerCase(),
-            });
+            const tlsOptions: any = {};
+            if (this.dirConfig.ssl) {
+                if (this.dirConfig.sslAllowUnauthorized) {
+                    tlsOptions.rejectUnauthorized = !this.dirConfig.sslAllowUnauthorized;
+                }
+                if (!this.dirConfig.startTls) {
+                    if (this.dirConfig.sslCaPath != null && this.dirConfig.sslCaPath !== '' &&
+                        fs.existsSync(this.dirConfig.sslCaPath)) {
+                        tlsOptions.ca = [fs.readFileSync(this.dirConfig.sslCaPath)];
+                    }
+                    if (this.dirConfig.sslCertPath != null && this.dirConfig.sslCertPath !== '' &&
+                        fs.existsSync(this.dirConfig.sslCertPath)) {
+                        tlsOptions.cert = fs.readFileSync(this.dirConfig.sslCertPath);
+                    }
+                    if (this.dirConfig.sslKeyPath != null && this.dirConfig.sslKeyPath !== '' &&
+                        fs.existsSync(this.dirConfig.sslKeyPath)) {
+                        tlsOptions.key = fs.readFileSync(this.dirConfig.sslKeyPath);
+                    }
+                } else {
+                    if (this.dirConfig.tlsCaPath != null && this.dirConfig.tlsCaPath !== '' &&
+                        fs.existsSync(this.dirConfig.tlsCaPath)) {
+                        tlsOptions.ca = [fs.readFileSync(this.dirConfig.tlsCaPath)];
+                    }
+                }
+            }
+
+            if (Object.keys(tlsOptions).length > 0) {
+                options.tlsOptions = tlsOptions;
+            }
+
+            this.client = ldap.createClient(options);

            const user = this.dirConfig.username == null || this.dirConfig.username.trim() === '' ? null :
                this.dirConfig.username;
@@ -337,13 +376,29 @@ export class LdapDirectoryService implements DirectoryService {
                return;
            }

-            this.client.bind(user, pass, (err) => {
-                if (err != null) {
-                    reject(err.message);
-                } else {
-                    resolve();
-                }
-            });
+            if (this.dirConfig.startTls && this.dirConfig.ssl) {
+                this.client.starttls(options.tlsOptions, undefined, (err, res) => {
+                    if (err != null) {
+                        reject(err.message);
+                    } else {
+                        this.client.bind(user, pass, (err2) => {
+                            if (err2 != null) {
+                                reject(err2.message);
+                            } else {
+                                resolve();
+                            }
+                        });
+                    }
+                });
+            } else {
+                this.client.bind(user, pass, (err) => {
+                    if (err != null) {
+                        reject(err.message);
+                    } else {
+                        resolve();
+                    }
+                });
+            }
        });
    }

--- a/src/services/okta-directory.service.ts
+++ b/src/services/okta-directory.service.ts
@@ -12,13 +12,11 @@ import { DirectoryService } from './directory.service';
 import { I18nService } from 'jslib/abstractions/i18n.service';
 import { LogService } from 'jslib/abstractions/log.service';

-// tslint:disable-next-line
-const okta = require('@okta/okta-sdk-nodejs');
+import * as https from 'https';

 export class OktaDirectoryService extends BaseDirectoryService implements DirectoryService {
    private dirConfig: OktaConfiguration;
    private syncConfig: SyncConfiguration;
-    private client: any;

    constructor(private configurationService: ConfigurationService, private logService: LogService,
        private i18nService: I18nService) {
@@ -45,11 +43,6 @@ export class OktaDirectoryService extends BaseDirectoryService implements Direct
            throw new Error(this.i18nService.t('dirConfigIncomplete'));
        }

-        this.client = new okta.Client({
-            orgUrl: this.dirConfig.orgUrl,
-            token: this.dirConfig.token,
-        });
-
        let users: UserEntry[];
        if (this.syncConfig.users) {
            users = await this.getUsers(force);
@@ -59,7 +52,7 @@ export class OktaDirectoryService extends BaseDirectoryService implements Direct
        if (this.syncConfig.groups) {
            const setFilter = this.createCustomSet(this.syncConfig.groupFilter);
            groups = await this.getGroups(this.forceGroup(force, users), setFilter);
-            users = this.filterUsersFromGroupsSet(users, groups, setFilter);
+            users = this.filterUsersFromGroupsSet(users, groups, setFilter, this.syncConfig);
        }

        return [groups, users];
@@ -72,12 +65,15 @@ export class OktaDirectoryService extends BaseDirectoryService implements Direct
        const setFilter = this.createCustomSet(this.syncConfig.userFilter);

        this.logService.info('Querying users.');
-        const usersPromise = this.client.listUsers({ filter: oktaFilter }).each((user: any) => {
-            const entry = this.buildUser(user);
-            if (entry != null && !this.filterOutResult(setFilter, entry.email)) {
-                entries.push(entry);
-            }
-        });
+        const usersPromise = this.apiGetMany('users?filter=' + this.encodeUrlParameter(oktaFilter))
+            .then((users: any[]) => {
+                for (const user of users) {
+                    const entry = this.buildUser(user);
+                    if (entry != null && !this.filterOutResult(setFilter, entry.email)) {
+                        entries.push(entry);
+                    }
+                }
+            });

        // Deactivated users have to be queried for separately, only when no filter is provided in the first query
        let deactUsersPromise: any;
@@ -86,12 +82,15 @@ export class OktaDirectoryService extends BaseDirectoryService implements Direct
            if (oktaFilter != null) {
                deactOktaFilter = '(' + oktaFilter + ') and ' + deactOktaFilter;
            }
-            deactUsersPromise = this.client.listUsers({ filter: deactOktaFilter }).each((user: any) => {
-                const entry = this.buildUser(user);
-                if (entry != null && !this.filterOutResult(setFilter, entry.email)) {
-                    entries.push(entry);
-                }
-            });
+            deactUsersPromise = this.apiGetMany('users?filter=' + this.encodeUrlParameter(deactOktaFilter))
+                .then((users: any[]) => {
+                    for (const user of users) {
+                        const entry = this.buildUser(user);
+                        if (entry != null && !this.filterOutResult(setFilter, entry.email)) {
+                            entries.push(entry);
+                        }
+                    }
+                });
        } else {
            deactUsersPromise = Promise.resolve();
        }
@@ -104,7 +103,7 @@ export class OktaDirectoryService extends BaseDirectoryService implements Direct
        const entry = new UserEntry();
        entry.externalId = user.id;
        entry.referenceId = user.id;
-        entry.email = user.profile.email;
+        entry.email = user.profile.email != null ? user.profile.email.trim().toLowerCase() : null;
        entry.deleted = user.status === 'DEPROVISIONED';
        entry.disabled = user.status === 'SUSPENDED';
        return entry;
@@ -116,10 +115,14 @@ export class OktaDirectoryService extends BaseDirectoryService implements Direct
        const oktaFilter = this.buildOktaFilter(this.syncConfig.groupFilter, force, lastSync);

        this.logService.info('Querying groups.');
-        await this.client.listGroups({ filter: oktaFilter }).each(async (group: any) => {
-            const entry = await this.buildGroup(group);
-            if (entry != null && !this.filterOutResult(setFilter, entry.name)) {
-                entries.push(entry);
+        await this.apiGetMany('groups?filter=' + this.encodeUrlParameter(oktaFilter)).then(async (groups: any[]) => {
+            for (const group of groups) {
+                const entry = await this.buildGroup(group);
+                if (entry != null && !this.filterOutResult(setFilter, entry.name)) {
+                    entries.push(entry);
+                }
+                // throttle some to avoid rate limiting
+                await new Promise((resolve) => setTimeout(resolve, 500));
            }
        });
        return entries;
@@ -131,8 +134,10 @@ export class OktaDirectoryService extends BaseDirectoryService implements Direct
        entry.referenceId = group.id;
        entry.name = group.profile.name;

-        await this.client.listGroupUsers(group.id).each((user: any) => {
-            entry.userMemberExternalIds.add(user.id);
+        await this.apiGetMany('groups/' + group.id + '/users').then((users: any[]) => {
+            for (const user of users) {
+                entry.userMemberExternalIds.add(user.id);
+            }
        });

        return entry;
@@ -152,4 +157,88 @@ export class OktaDirectoryService extends BaseDirectoryService implements Direct

        return '(' + baseFilter + ') and ' + updatedFilter;
    }
+
+    private encodeUrlParameter(filter: string): string {
+        return filter == null ? '' : encodeURIComponent(filter);
+    }
+
+    private async apiGetCall(url: string): Promise<[any, Map<string, string | string[]>]> {
+        const u = new URL(url);
+        return new Promise((resolve) => {
+            https.get({
+                hostname: u.hostname,
+                path: u.pathname + u.search,
+                port: 443,
+                headers: {
+                    Authorization: 'SSWS ' + this.dirConfig.token,
+                    Accept: 'application/json',
+                },
+            }, (res) => {
+                let body = '';
+
+                res.on('data', (chunk) => {
+                    body += chunk;
+                });
+
+                res.on('end', () => {
+                    if (res.statusCode !== 200) {
+                        resolve(null);
+                        return;
+                    }
+
+                    const responseJson = JSON.parse(body);
+                    if (res.headers != null) {
+                        const headersMap = new Map<string, string | string[]>();
+                        for (const key in res.headers) {
+                            if (res.headers.hasOwnProperty(key)) {
+                                const val = res.headers[key];
+                                headersMap.set(key.toLowerCase(), val);
+                            }
+                        }
+                        resolve([responseJson, headersMap]);
+                        return;
+                    }
+                    resolve([responseJson, null]);
+                });
+
+                res.on('error', () => {
+                    resolve(null);
+                });
+            });
+        });
+    }
+
+    private async apiGetMany(endpoint: string, currentData: any[] = []): Promise<any[]> {
+        const url = endpoint.indexOf('https://') === 0 ? endpoint : `${this.dirConfig.orgUrl}/api/v1/${endpoint}`;
+        const response = await this.apiGetCall(url);
+        if (response == null || response[0] == null || !Array.isArray(response[0])) {
+            throw new Error('API call failed.');
+        }
+        if (response[0].length === 0) {
+            return currentData;
+        }
+        currentData = currentData.concat(response[0]);
+        if (response[1] == null) {
+            return currentData;
+        }
+        const linkHeader = response[1].get('link');
+        if (linkHeader == null || Array.isArray(linkHeader)) {
+            return currentData;
+        }
+        let nextLink: string = null;
+        const linkHeaderParts = linkHeader.split(',');
+        for (const part of linkHeaderParts) {
+            if (part.indexOf('; rel="next"') > -1) {
+                const subParts = part.split(';');
+                if (subParts.length > 0 && subParts[0].indexOf('https://') > -1) {
+                    nextLink = subParts[0].replace('>', '').replace('<', '').trim();
+                    break;
+                }
+            }
+        }
+        if (nextLink == null) {
+            return currentData;
+        }
+        return this.apiGetMany(nextLink, currentData);
+    }
 }
--- a/src/services/onelogin-directory.service.ts
+++ b/src/services/onelogin-directory.service.ts
@@ -0,0 +1,195 @@
+import { DirectoryType } from '../enums/directoryType';
+
+import { GroupEntry } from '../models/groupEntry';
+import { OneLoginConfiguration } from '../models/oneLoginConfiguration';
+import { SyncConfiguration } from '../models/syncConfiguration';
+import { UserEntry } from '../models/userEntry';
+
+import { BaseDirectoryService } from './baseDirectory.service';
+import { ConfigurationService } from './configuration.service';
+import { DirectoryService } from './directory.service';
+
+import { I18nService } from 'jslib/abstractions/i18n.service';
+import { LogService } from 'jslib/abstractions/log.service';
+
+// Basic email validation: something@something.something
+const ValidEmailRegex = /^\S+@\S+\.\S+$/;
+
+export class OneLoginDirectoryService extends BaseDirectoryService implements DirectoryService {
+    private dirConfig: OneLoginConfiguration;
+    private syncConfig: SyncConfiguration;
+    private accessToken: string;
+    private allUsers: any[] = [];
+
+    constructor(private configurationService: ConfigurationService, private logService: LogService,
+        private i18nService: I18nService) {
+        super();
+    }
+
+    async getEntries(force: boolean, test: boolean): Promise<[GroupEntry[], UserEntry[]]> {
+        const type = await this.configurationService.getDirectoryType();
+        if (type !== DirectoryType.OneLogin) {
+            return;
+        }
+
+        this.dirConfig = await this.configurationService.getDirectory<OneLoginConfiguration>(DirectoryType.OneLogin);
+        if (this.dirConfig == null) {
+            return;
+        }
+
+        this.syncConfig = await this.configurationService.getSync();
+        if (this.syncConfig == null) {
+            return;
+        }
+
+        if (this.dirConfig.clientId == null || this.dirConfig.clientSecret == null) {
+            throw new Error(this.i18nService.t('dirConfigIncomplete'));
+        }
+
+        this.accessToken = await this.getAccessToken();
+        if (this.accessToken == null) {
+            throw new Error('Could not get access token');
+        }
+
+        let users: UserEntry[];
+        if (this.syncConfig.users) {
+            users = await this.getUsers(force);
+        }
+
+        let groups: GroupEntry[];
+        if (this.syncConfig.groups) {
+            const setFilter = this.createCustomSet(this.syncConfig.groupFilter);
+            groups = await this.getGroups(this.forceGroup(force, users), setFilter);
+            users = this.filterUsersFromGroupsSet(users, groups, setFilter, this.syncConfig);
+        }
+
+        return [groups, users];
+    }
+
+    private async getUsers(force: boolean): Promise<UserEntry[]> {
+        const entries: UserEntry[] = [];
+        const query = this.createDirectoryQuery(this.syncConfig.userFilter);
+        const setFilter = this.createCustomSet(this.syncConfig.userFilter);
+        this.logService.info('Querying users.');
+        this.allUsers = await this.apiGetMany('users' + (query != null ? '?' + query : ''));
+        this.allUsers.forEach((user) => {
+            const entry = this.buildUser(user);
+            if (entry != null && !this.filterOutResult(setFilter, entry.email)) {
+                entries.push(entry);
+            }
+        });
+        return Promise.resolve(entries);
+    }
+
+    private buildUser(user: any) {
+        const entry = new UserEntry();
+        entry.externalId = user.id;
+        entry.referenceId = user.id;
+        entry.deleted = false;
+        entry.disabled = user.status === 2;
+        entry.email = user.email;
+        if (!this.validEmailAddress(entry.email) && user.username != null && user.username !== '') {
+            if (this.validEmailAddress(user.username)) {
+                entry.email = user.username;
+            } else if (this.syncConfig.useEmailPrefixSuffix && this.syncConfig.emailSuffix != null) {
+                entry.email = user.username + this.syncConfig.emailSuffix;
+            }
+        }
+        if (entry.email != null) {
+            entry.email = entry.email.trim().toLowerCase();
+        }
+        if (!this.validEmailAddress(entry.email)) {
+            return null;
+        }
+        return entry;
+    }
+
+    private async getGroups(force: boolean, setFilter: [boolean, Set<string>]): Promise<GroupEntry[]> {
+        const entries: GroupEntry[] = [];
+        const query = this.createDirectoryQuery(this.syncConfig.groupFilter);
+        this.logService.info('Querying groups.');
+        const roles = await this.apiGetMany('roles' + (query != null ? '?' + query : ''));
+        roles.forEach((role) => {
+            const entry = this.buildGroup(role);
+            if (entry != null && !this.filterOutResult(setFilter, entry.name)) {
+                entries.push(entry);
+            }
+        });
+        return Promise.resolve(entries);
+    }
+
+    private buildGroup(group: any) {
+        const entry = new GroupEntry();
+        entry.externalId = group.id;
+        entry.referenceId = group.id;
+        entry.name = group.name;
+
+        if (this.allUsers != null) {
+            this.allUsers.forEach((user) => {
+                if (user.role_id != null && user.role_id.indexOf(entry.referenceId) > -1) {
+                    entry.userMemberExternalIds.add(user.id);
+                }
+            });
+        }
+
+        return entry;
+    }
+
+    private async getAccessToken() {
+        const response = await fetch(`https://api.${this.dirConfig.region}.onelogin.com/auth/oauth2/v2/token`, {
+            method: 'POST',
+            headers: new Headers({
+                'Authorization': 'Basic ' + btoa(this.dirConfig.clientId + ':' + this.dirConfig.clientSecret),
+                'Content-Type': 'application/json; charset=utf-8',
+                'Accept': 'application/json',
+            }),
+            body: JSON.stringify({
+                grant_type: 'client_credentials',
+            }),
+        });
+        if (response.status === 200) {
+            const responseJson = await response.json();
+            if (responseJson.access_token != null) {
+                return responseJson.access_token;
+            }
+        }
+        return null;
+    }
+
+    private async apiGetCall(url: string): Promise<any> {
+        const req: RequestInit = {
+            method: 'GET',
+            headers: new Headers({
+                Authorization: 'bearer:' + this.accessToken,
+                Accept: 'application/json',
+            }),
+        };
+        const response = await fetch(new Request(url, req));
+        if (response.status === 200) {
+            const responseJson = await response.json();
+            return responseJson;
+        }
+        return null;
+    }
+
+    private async apiGetMany(endpoint: string, currentData: any[] = []): Promise<any[]> {
+        const url = endpoint.indexOf('https://') === 0 ? endpoint :
+            `https://api.${this.dirConfig.region}.onelogin.com/api/1/${endpoint}`;
+        const response = await this.apiGetCall(url);
+        if (response == null || response.status == null || response.data == null) {
+            return currentData;
+        }
+        if (response.status.code !== 200) {
+            throw new Error('API call failed.');
+        }
+        currentData = currentData.concat(response.data);
+        if (response.pagination == null || response.pagination.next_link == null) {
+            return currentData;
+        }
+        return this.apiGetMany(response.pagination.next_link, currentData);
+    }
+
+    private validEmailAddress(email: string) {
+        return email != null && email !== '' && ValidEmailRegex.test(email);
+    }
+}
--- a/src/services/sync.service.ts
+++ b/src/services/sync.service.ts
@@ -13,7 +13,6 @@ import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service
 import { I18nService } from 'jslib/abstractions/i18n.service';
 import { LogService } from 'jslib/abstractions/log.service';
 import { MessagingService } from 'jslib/abstractions/messaging.service';
-import { StorageService } from 'jslib/abstractions/storage.service';

 import { Utils } from 'jslib/misc/utils';

@@ -23,9 +22,7 @@ import { DirectoryService } from './directory.service';
 import { GSuiteDirectoryService } from './gsuite-directory.service';
 import { LdapDirectoryService } from './ldap-directory.service';
 import { OktaDirectoryService } from './okta-directory.service';
-
-const Keys = {
-};
+import { OneLoginDirectoryService } from './onelogin-directory.service';

 export class SyncService {
    private dirType: DirectoryType;
@@ -52,9 +49,9 @@ export class SyncService {

        this.messagingService.send('dirSyncStarted');
        try {
-            const entries = await directoryService.getEntries(force, test);
+            const entries = await directoryService.getEntries(force || syncConfig.overwriteExisting, test);
            let groups = entries[0];
-            let users = entries[1];
+            let users = this.filterUnsupportedUsers(entries[1]);

            if (groups != null && groups.length > 0) {
                this.flattenUsersToGroups(groups, groups);
@@ -69,11 +66,11 @@ export class SyncService {
                return [groups, users];
            }

-            const req = this.buildRequest(groups, users, syncConfig.removeDisabled);
+            const req = this.buildRequest(groups, users, syncConfig.removeDisabled, syncConfig.overwriteExisting);
            const reqJson = JSON.stringify(req);

            let hash: string = null;
-            const hashBuf = await this.cryptoFunctionService.hash(this.apiService.baseUrl + reqJson, 'sha256');
+            const hashBuf = await this.cryptoFunctionService.hash(this.apiService.apiBaseUrl + reqJson, 'sha256');
            if (hashBuf != null) {
                hash = Utils.fromBufferToB64(hashBuf);
            }
@@ -85,7 +82,7 @@ export class SyncService {
                    throw new Error('Organization not set.');
                }

-                const res = await this.apiService.postImportDirectory(orgId, req);
+                await this.apiService.postImportDirectory(orgId, req);
                await this.configurationService.saveLastSyncHash(hash);
            } else {
                groups = null;
@@ -106,8 +103,15 @@ export class SyncService {
        }
    }

+    private filterUnsupportedUsers(users: UserEntry[]): UserEntry[] {
+        return users == null ? null : users.filter((u) => u.email == null || u.email.length <= 50);
+    }
+
    private flattenUsersToGroups(levelGroups: GroupEntry[], allGroups: GroupEntry[]): Set<string> {
        let allUsers = new Set<string>();
+        if (allGroups == null) {
+            return allUsers;
+        }
        for (const group of levelGroups) {
            const childGroups = allGroups.filter((g) => group.groupMemberReferenceIds.has(g.referenceId));
            const childUsers = this.flattenUsersToGroups(childGroups, allGroups);
@@ -127,13 +131,17 @@ export class SyncService {
                return new LdapDirectoryService(this.configurationService, this.logService, this.i18nService);
            case DirectoryType.Okta:
                return new OktaDirectoryService(this.configurationService, this.logService, this.i18nService);
+            case DirectoryType.OneLogin:
+                return new OneLoginDirectoryService(this.configurationService, this.logService, this.i18nService);
            default:
                return null;
        }
    }

-    private buildRequest(groups: GroupEntry[], users: UserEntry[], removeDisabled: boolean): ImportDirectoryRequest {
+    private buildRequest(groups: GroupEntry[], users: UserEntry[], removeDisabled: boolean,
+        overwriteExisting: boolean): ImportDirectoryRequest {
        const model = new ImportDirectoryRequest();
+        model.overwriteExisting = overwriteExisting;

        if (groups != null) {
            for (const g of groups) {
@@ -149,6 +157,9 @@ export class SyncService {
            for (const u of users) {
                const iu = new ImportDirectoryRequestUser();
                iu.email = u.email;
+                if (iu.email != null) {
+                    iu.email = iu.email.trim().toLowerCase();
+                }
                iu.externalId = u.externalId;
                iu.deleted = u.deleted || (removeDisabled && u.disabled);
                model.users.push(iu);
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -0,0 +1,100 @@
+import { I18nService } from 'jslib/abstractions/i18n.service';
+
+import { SyncService } from './services/sync.service';
+
+import { Entry } from './models/entry';
+import { LdapConfiguration } from './models/ldapConfiguration';
+import { SimResult } from './models/simResult';
+import { SyncConfiguration } from './models/syncConfiguration';
+import { UserEntry } from './models/userEntry';
+
+export class ConnectorUtils {
+    static async simulate(syncService: SyncService, i18nService: I18nService, sinceLast: boolean): Promise<SimResult> {
+        return new Promise(async (resolve, reject) => {
+            const simResult = new SimResult();
+            try {
+                const result = await syncService.sync(!sinceLast, true);
+                if (result[0] != null) {
+                    simResult.groups = result[0];
+                }
+                if (result[1] != null) {
+                    simResult.users = result[1];
+                }
+            } catch (e) {
+                simResult.groups = null;
+                simResult.users = null;
+                reject(e || i18nService.t('syncError'));
+                return;
+            }
+
+            const userMap = new Map<string, UserEntry>();
+            this.sortEntries(simResult.users, i18nService);
+            for (const u of simResult.users) {
+                userMap.set(u.externalId, u);
+                if (u.deleted) {
+                    simResult.deletedUsers.push(u);
+                } else if (u.disabled) {
+                    simResult.disabledUsers.push(u);
+                } else {
+                    simResult.enabledUsers.push(u);
+                }
+            }
+
+            this.sortEntries(simResult.groups, i18nService);
+            for (const g of simResult.groups) {
+                if (g.userMemberExternalIds == null) {
+                    continue;
+                }
+
+                const anyG = (g as any);
+                anyG.users = [];
+                for (const uid of g.userMemberExternalIds) {
+                    if (userMap.has(uid)) {
+                        anyG.users.push(userMap.get(uid));
+                    } else {
+                        anyG.users.push({ displayName: uid });
+                    }
+                }
+
+                this.sortEntries(anyG.users, i18nService);
+            }
+
+            resolve(simResult);
+        });
+    }
+
+    static adjustConfigForSave(ldap: LdapConfiguration, sync: SyncConfiguration) {
+        if (ldap.ad) {
+            sync.creationDateAttribute = 'whenCreated';
+            sync.revisionDateAttribute = 'whenChanged';
+            sync.emailPrefixAttribute = 'sAMAccountName';
+            sync.memberAttribute = 'member';
+            sync.userObjectClass = 'person';
+            sync.groupObjectClass = 'group';
+            sync.userEmailAttribute = 'mail';
+            sync.groupNameAttribute = 'name';
+
+            if (sync.groupPath == null) {
+                sync.groupPath = 'CN=Users';
+            }
+            if (sync.userPath == null) {
+                sync.userPath = 'CN=Users';
+            }
+        }
+
+        if (sync.interval != null) {
+            if (sync.interval <= 0) {
+                sync.interval = null;
+            } else if (sync.interval < 5) {
+                sync.interval = 5;
+            }
+        }
+    }
+
+    private static sortEntries(arr: Entry[], i18nService: I18nService) {
+        arr.sort((a, b) => {
+            return i18nService.collator ? i18nService.collator.compare(a.displayName, b.displayName) :
+                a.displayName.localeCompare(b.displayName);
+        });
+    }
+}
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -11,22 +11,55 @@
    "types": [],
    "baseUrl": ".",
    "paths": {
-      "jslib/*": [ "jslib/src/*" ],
-      "@angular/*": [ "node_modules/@angular/*" ],
-      "angular2-toaster": [ "node_modules/angular2-toaster" ],
-      "angulartics2": [ "node_modules/angulartics2" ],
-      "electron": [ "node_modules/electron" ]
+      "tldjs": [
+        "jslib/src/misc/tldjs.noop"
+      ],
+      "jslib/*": [
+        "jslib/src/*"
+      ],
+      "@angular/*": [
+        "node_modules/@angular/*"
+      ],
+      "electron": [
+        "node_modules/electron"
+      ],
+      "node": [
+        "node_modules/@types/node"
+      ],
+      "duo_web_sdk": [
+        "node_modules/duo_web_sdk"
+      ]
    }
  },
+  "angularCompilerOptions": {
+    "preserveWhitespaces": true
+  },
  "exclude": [
    "node_modules",
    "jslib/node_modules",
+    "jslib/src/services/index.ts",
    "jslib/src/services/webCryptoFunction.service.ts",
    "jslib/src/services/search.service.ts",
+    "jslib/src/services/nodeApi.service.ts",
+    "jslib/src/services/lowdbStorage.service.ts",
+    "jslib/src/services/export.service.ts",
+    "jslib/src/services/notifications.service.ts",
+    "jslib/src/services/passwordGeneration.service.ts",
+    "jslib/src/abstractions/index.ts",
+    "jslib/src/abstractions/passwordGeneration.service.ts",
    "jslib/src/angular/components/export.component.ts",
+    "jslib/src/angular/components/register.component.ts",
+    "jslib/src/angular/components/add-edit.component.ts",
+    "jslib/src/angular/components/password-generator.component.ts",
+    "jslib/src/angular/components/password-generator-history.component.ts",
+    "jslib/src/angular/pipes/color-password.pipe.ts",
+    "jslib/src/angular/directives/select-copy.directive.ts",
+    "jslib/src/importers",
    "dist",
+    "dist-cli",
    "jslib/dist",
    "build",
+    "build-cli",
    "jslib/spec"
  ]
 }
--- a/tslint.json
+++ b/tslint.json
@@ -48,6 +48,7 @@
      "check-preblock",
      "check-separator",
      "check-type"
-    ]
+    ],
+    "max-classes-per-file": false
  }
 }
--- a/webfonts.list
+++ b/webfonts.list
@@ -0,0 +1 @@
+Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext
--- a/webpack.cli.js
+++ b/webpack.cli.js
@@ -0,0 +1,80 @@
+const path = require('path');
+const webpack = require('webpack');
+const CleanWebpackPlugin = require('clean-webpack-plugin');
+const CopyWebpackPlugin = require('copy-webpack-plugin');
+const nodeExternals = require('webpack-node-externals');
+
+if (process.env.NODE_ENV == null) {
+    process.env.NODE_ENV = 'development';
+}
+const ENV = process.env.ENV = process.env.NODE_ENV;
+
+const moduleRules = [
+    {
+        test: /\.ts$/,
+        enforce: 'pre',
+        loader: 'tslint-loader',
+    },
+    {
+        test: /\.ts$/,
+        loaders: ['ts-loader'],
+        exclude: path.resolve(__dirname, 'node_modules'),
+    },
+    {
+        test: /\.node$/,
+        loader: 'node-loader',
+    },
+];
+
+const plugins = [
+    new CleanWebpackPlugin([
+        path.resolve(__dirname, 'build-cli/*'),
+    ]),
+    new CopyWebpackPlugin([
+        { from: './src/locales', to: 'locales' },
+    ]),
+    new webpack.DefinePlugin({
+        'process.env.BWCLI_ENV': JSON.stringify(ENV),
+    }),
+    new webpack.BannerPlugin({
+        banner: '#!/usr/bin/env node',
+        raw: true
+    }),
+    new webpack.IgnorePlugin(/^encoding$/, /node-fetch/),
+];
+
+const config = {
+    mode: ENV,
+    target: 'node',
+    devtool: ENV === 'development' ? 'eval-source-map' : 'source-map',
+    node: {
+        __dirname: false,
+        __filename: false,
+    },
+    entry: {
+        'bwdc': './src/bwdc.ts',
+    },
+    optimization: {
+        minimize: false,
+    },
+    resolve: {
+        extensions: ['.ts', '.js', '.json'],
+        alias: {
+            jslib: path.join(__dirname, 'jslib/src'),
+            tldjs: path.join(__dirname, 'jslib/src/misc/tldjs.noop'),
+            // ref: https://github.com/bitinn/node-fetch/issues/493
+            'node-fetch$': 'node-fetch/lib/index.js',
+        },
+        symlinks: false,
+        modules: [path.resolve('node_modules')],
+    },
+    output: {
+        filename: '[name].js',
+        path: path.resolve(__dirname, 'build-cli'),
+    },
+    module: { rules: moduleRules },
+    plugins: plugins,
+    externals: [nodeExternals()],
+};
+
+module.exports = config;
--- a/webpack.main.js
+++ b/webpack.main.js
@@ -1,5 +1,4 @@
 const path = require('path');
-const webpack = require('webpack');
 const merge = require('webpack-merge');
 const CopyWebpackPlugin = require('copy-webpack-plugin');
 const CleanWebpackPlugin = require('clean-webpack-plugin');
@@ -11,48 +10,53 @@ const common = {
            {
                test: /\.ts$/,
                enforce: 'pre',
-                loader: 'tslint-loader'
+                loader: 'tslint-loader',
            },
            {
                test: /\.tsx?$/,
                use: 'ts-loader',
-                exclude: /node_modules\/(?!(@bitwarden)\/).*/
+                exclude: /node_modules\/(?!(@bitwarden)\/).*/,
            },
-        ]
+        ],
    },
    plugins: [],
    resolve: {
        extensions: ['.tsx', '.ts', '.js'],
        alias: {
-            jslib: path.join(__dirname, 'jslib/src')
-        }
+            jslib: path.join(__dirname, 'jslib/src'),
+            tldjs: path.join(__dirname, 'jslib/src/misc/tldjs.noop'),
+        },
    },
    output: {
        filename: '[name].js',
-        path: path.resolve(__dirname, 'build')
-    }
+        path: path.resolve(__dirname, 'build'),
+    },
 };

 const main = {
+    mode: 'production',
    target: 'electron-main',
    node: {
        __dirname: false,
-        __filename: false
+        __filename: false,
    },
    entry: {
-        'main': './src/main.ts'
+        'main': './src/main.ts',
+    },
+    optimization: {
+        minimize: false,
    },
    module: {
        rules: [
            {
                test: /\.node$/,
-                loader: 'node-loader'
+                loader: 'node-loader',
            },
-        ]
+        ],
    },
    plugins: [
        new CleanWebpackPlugin([
-            path.resolve(__dirname, 'build/*')
+            path.resolve(__dirname, 'build/*'),
        ]),
        new CopyWebpackPlugin([
            './src/package.json',
@@ -60,7 +64,7 @@ const main = {
            { from: './src/locales', to: 'locales' },
        ]),
    ],
-    externals: [nodeExternals()]
+    externals: [nodeExternals()],
 };

 module.exports = merge(common, main);
--- a/webpack.renderer.js
+++ b/webpack.renderer.js
@@ -2,34 +2,20 @@ const path = require('path');
 const webpack = require('webpack');
 const merge = require('webpack-merge');
 const HtmlWebpackPlugin = require('html-webpack-plugin');
-const GoogleFontsPlugin = require("google-fonts-webpack-plugin");
-const ExtractTextPlugin = require('extract-text-webpack-plugin');
+const MiniCssExtractPlugin = require('mini-css-extract-plugin');
 const AngularCompilerPlugin = require('@ngtools/webpack').AngularCompilerPlugin;

-const isVendorModule = (module) => {
-    if (!module.context) {
-        return false;
-    }
-    return module.context.indexOf('node_modules') !== -1;
-};
-
-const extractCss = new ExtractTextPlugin({
-    filename: '[name].css',
-    disable: false,
-    allChunks: true
-});
-
 const common = {
    module: {
        rules: [
            {
                test: /\.ts$/,
                enforce: 'pre',
-                loader: 'tslint-loader'
+                loader: 'tslint-loader',
            },
            {
                test: /(?:\.ngfactory\.js|\.ngstyle\.js|\.ts)$/,
-                loader: '@ngtools/webpack'
+                loader: '@ngtools/webpack',
            },
            {
                test: /\.(jpe?g|png|gif|svg)$/i,
@@ -39,39 +25,55 @@ const common = {
                    options: {
                        name: '[name].[ext]',
                        outputPath: 'images/',
-                    }
-                }]
-            }
-        ]
+                    },
+                }],
+            },
+        ],
    },
    plugins: [],
    resolve: {
        extensions: ['.tsx', '.ts', '.js', '.json'],
        alias: {
-            jslib: path.join(__dirname, 'jslib/src')
+            jslib: path.join(__dirname, 'jslib/src'),
        },
        symlinks: false,
-        modules: [path.resolve('node_modules')]
+        modules: [path.resolve('node_modules')],
    },
    output: {
        filename: '[name].js',
-        path: path.resolve(__dirname, 'build')
-    }
+        path: path.resolve(__dirname, 'build'),
+    },
 };

 const renderer = {
+    mode: 'production',
+    devtool: false,
    target: 'electron-renderer',
    node: {
-        __dirname: false
+        __dirname: false,
    },
    entry: {
-        'app/main': './src/app/main.ts'
+        'app/main': './src/app/main.ts',
+    },
+    optimization: {
+        minimize: false,
+        splitChunks: {
+            cacheGroups: {
+                commons: {
+                    test: /[\\/]node_modules[\\/]/,
+                    name: 'app/vendor',
+                    chunks: (chunk) => {
+                        return chunk.name === 'app/main';
+                    },
+                },
+            },
+        },
    },
    module: {
        rules: [
            {
                test: /\.(html)$/,
-                loader: 'html-loader'
+                loader: 'html-loader',
            },
            {
                test: /.(ttf|otf|eot|svg|woff(2)?)(\?[a-z0-9]+)?$/,
@@ -80,65 +82,53 @@ const renderer = {
                    loader: 'file-loader',
                    options: {
                        name: '[name].[ext]',
-                        outputPath: 'fonts/'
-                    }
-                }]
+                        outputPath: 'fonts/',
+                    },
+                }],
            },
            {
                test: /\.scss$/,
-                use: extractCss.extract({
-                    use: [
-                        {
-                            loader: 'css-loader',
+                use: [
+                    {
+                        loader: MiniCssExtractPlugin.loader,
+                        options: {
+                            publicPath: '../',
                        },
-                        {
-                            loader: 'sass-loader',
-                        }
-                    ],
-                    publicPath: '../'
-                })
+                    },
+                    'css-loader',
+                    'sass-loader',
+                ],
            },
-        ]
+            // Hide System.import warnings. ref: https://github.com/angular/angular/issues/21560
+            {
+                test: /[\/\\]@angular[\/\\].+\.js$/,
+                parser: { system: true },
+            },
+        ],
    },
    plugins: [
-        new GoogleFontsPlugin({
-            fonts: [
-                {
-                    family: 'Open Sans',
-                    variants: ['300', '300italic', '400', '400italic', '600', '600italic',
-                        '700', '700italic', '800', '800italic'],
-                    subsets: ['cyrillic', 'cyrillic-ext', 'greek', 'greek-ext', 'latin', 'latin-ext']
-                }
-            ],
-            formats: ['woff2'],
-            path: 'fonts/',
-            filename: 'css/fonts.css'
-        }),
        new AngularCompilerPlugin({
            tsConfigPath: 'tsconfig.json',
            entryModule: 'src/app/app.module#AppModule',
-            sourceMap: true
+            sourceMap: true,
        }),
        // ref: https://github.com/angular/angular/issues/20357
-        new webpack.ContextReplacementPlugin(/\@angular(\\|\/)core(\\|\/)esm5/,
+        new webpack.ContextReplacementPlugin(/\@angular(\\|\/)core(\\|\/)fesm5/,
            path.resolve(__dirname, './src')),
-        new webpack.optimize.CommonsChunkPlugin({
-            name: 'app/vendor',
-            chunks: ['app/main'],
-            minChunks: isVendorModule
-        }),
        new HtmlWebpackPlugin({
            template: './src/index.html',
            filename: 'index.html',
            chunks: ['app/vendor', 'app/main']
        }),
        new webpack.SourceMapDevToolPlugin({
-            filename: '[name].js.map',
            include: ['app/main.js']
        }),
        new webpack.DefinePlugin({ 'global.GENTLY': false }),
-        extractCss
-    ]
+        new MiniCssExtractPlugin({
+            filename: '[name].[hash].css',
+            chunkFilename: '[id].[hash].css',
+        }),
+    ],
 };

 module.exports = merge(common, renderer);
				`@@ -0,0 +1 @@`
				`Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext`