Release Documentation (#653)

* Stage (#636)

* Initial Draft. To do: "How it Works" + Event Logs, User Types, Plans & Pricing, Release Notes.

* whoops, missed one

* Merge latest into working (#616)

* Update proof-of-concept.md (#607)

The "Download Bitwarden" link was going to the Apple Store (https://get.bitwarden.com/) rather than the "Downloads" page (https://bitwarden.com/download/).

* Update proof-of-concept.md (#610)

* Create enterprise-feature-list.md (#611)

* Azure SSO HiFi Documentation (#584)

* azure HiFi documentation

* finalize azure

* typo fixes

* Google Workspace HiFi SSO Documentation (#605)

* Duo HiFi documentation (#598)

* Buncha Stuff (#612)

* clarification on where to find legacy mac .dmg

* tip for update email address

* code vetting security faq

* /managing-items/ refactor

* two-step login 'remember me' duration

* small updates, including denoting purpose of the globe icon

* additional tip for deleting users in a self-host org!

* uri component pieces

* encryption key edit

* importing cleanup

* notes re: importing on file attachements

* Removes custom Safari shortcut docs (#499)

Bitwarden 1.25.0 on MacOS with Safari seems to use the standard MacOS shortcut for autofill (`Cmd + Shift + L`) and the custom Safari shortcuts no longer work (`Cmd + \ or Cmd + 8 or Cmd + Shift + P`).

* Update Microsoft Store Installation path (#614)

* Correct path for Microsoft Store app (#615)

Co-authored-by: Andrea Lebron <78605241+alebr-on@users.noreply.github.com>
Co-authored-by: baylorrandolph <70168800+baylorrandolph@users.noreply.github.com>
Co-authored-by: Charles Renwick <crenwick@users.noreply.github.com>
Co-authored-by: Alex <abanay@bitwarden.com>

* mpwr event logging

* mpwr user permissions

* admin pw reset 2nd draft

* final(ish) draft

* password reprompt

* initial bwdc updates (to do: update cli login procedure)

* update personal api key article to better distingush from org api key

* refactors bwdc desktop app article

* clearer instructions for getting api key

* bwdc cli login scheme

* Bulk Org User Actions

* export event logs

* cli get notes

* send cli --maxAccessCount

* autofill on page load enhancements

* onpageload TOTP copy

* release notes & typo

Co-authored-by: Andrea Lebron <78605241+alebr-on@users.noreply.github.com>
Co-authored-by: baylorrandolph <70168800+baylorrandolph@users.noreply.github.com>
Co-authored-by: Charles Renwick <crenwick@users.noreply.github.com>
Co-authored-by: Alex <abanay@bitwarden.com>

* typo fix

* fix

* fix

* fix

* mpwr final

* mpw reprompt - better gif

* finalize event logs

* fixes to autofill o.p.l. & better screenshot

* directory connector large sync

* reorder rn

* edits from cscharf

* fix date

* mp re-prompt warning

* mobile re-prompt notes

* downcase it

* semi-vague timeline tweak

Co-authored-by: Andrea Lebron <78605241+alebr-on@users.noreply.github.com>
Co-authored-by: baylorrandolph <70168800+baylorrandolph@users.noreply.github.com>
Co-authored-by: Charles Renwick <crenwick@users.noreply.github.com>
Co-authored-by: Alex <abanay@bitwarden.com>

_articles/account/managing-items.md

@@ -161,6 +161,23 @@ In the Trash, you can **Restore** an item to your Vault or **Permanently Delete*
 
 {% image /manage-items/item-trash-restore-delete.png The Trash %}
 
+### Protect Individual Items
+
+For any given Vault item, you can activate the **Master password re-prompt** option from the Add/Edit screen to require verification of your Master Password to access or auto-fill the Hidden fields of that item (e.g. Password, Credit Card Number):
+
+{% callout info %}
+**Master password re-prompt** will temporarily not be available for mobile apps, as we are releasing mobile updates in the near future. Please be aware of the following:
+
+- The Android/iOS app **will not re-prompt** for your master password when viewing, editing, or auto-filling a reprompt-enabled Vault item.
+- Editing a reprompt-enabled Vault item on Android/iOS **will disable** your re-prompt settings for that item.
+{% endcallout %}
+
+{% callout warning %}
+Master password re-prompt **is not** an encryption mechanism. This feature is an interface-only guardrail that a sophisticated user may find ways to work around. We recommend **never** leaving your Vault unlocked when unattended or on a shared workstation.
+{% endcallout %}
+
+{% image /manage-items/reprompt.gif Master Password Reprompt %}
+
 ## Share Vault Items
 
 If you're a member of an [Organization]({{site.baseurl}}/article/about-organizations/), you can share Vault items with other members of your Organization. Learn more about [Organizations]({{site.baseurl}}/article/about-organizations/), [Collections]({{site.baseurl}}/article/about-collections), and [Sharing]({{site.baseurl}}/article/share-to-a-collection/).

_articles/directory-connector/azure-active-directory.md

@@ -92,6 +92,7 @@ Complete the following steps to configure the settings used when syncing using D
 |Interval|Time between automatic sync checks (in minutes).|
 |Remove disabled users during sync|Check this box to remove users from the Bitwarden Organization that have been disabled in your directory.|
 |Overwrite existing organization users based on current sync settings|Check this box to always perform a full sync and remove any users from the Bitwarden Organization if they are not in the synced user set.|
+|More than 2000 users or groups are expected to sync.|Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups.|
 |Sync users|Check this box to sync users to your Organization.<br><br>Checking this box will allow you to specify **User Filters**.|
 |User Filter|See [Specify Sync Filters](#specify-sync-filters).|
 |Sync Groups|Check this box to sync groups to your Organization. Checking this box will allow you to specify **Group Filters**.|

_articles/directory-connector/directory-sync-cli.md

@@ -12,7 +12,7 @@ The Directory Connector CLI is suited toward work in environments where a deskto
 
 ## Getting Started
 
-Complete the following steps to get started with the Bitwarden Directory Connector CLI:
+To get started using the Bitwarden Directory Connector CLI:
 
 1. Download the CLI from one of the following links:
    - [{% icon fa-windows %} Windows CLI](https://vault.bitwarden.com/download/?app=connector&platform=windows&variant=cli-zip)
@@ -48,28 +48,32 @@ Complete the following steps to get started with the Bitwarden Directory Connect
 
 ### login
 
-Use the `login` command to login to Directory Connector with your Bitwarden Account. You must be an Admin or Owner for your Organization to use Directory Connector (for more information, see [User Types and Access Controls]({% link _articles/organizations/user-types-access-control.md %})).
-```
-bwdc login [options] [email] [password]
-```
+Use the `login` command to login to Directory Connector with your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication).  If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/). There are a few ways to use the `login` command:
 
-Options include:
-- `--method`: Use this options to specify the [Two-step Login method]({% link _articles/two-step-login/setup-two-step-login.md %}) to use.
-   - `0` = Authenticator App
-   - `1` = Email
-   - `3` =  YubiKey
-- `--code`: Use this option to specify the [Two-step Login]({% link _articles/two-step-login/setup-two-step-login.md %}) code for the specified `method`.
-- `--sso`: Use this option to [Login with SSO]({% link _articles/login-with-sso/about-sso.md %}). Selecting this option will open the SSO Login Flow in your Web Browser. For more information, see [Access your Vault Using SSO]({% link _articles/login-with-sso/sso-access-your-vault.md %}).
+- By itself:
 
-For example:
+  ```
+  bwdc login
+  ```
 
-{% callout warning %}
-Contrary to the following example, it's generally not recommended to enter your password inline, as this will save it to the history of the shell. Leaving the password out of the initial command will cause Bitwarden to prompt for it, which will not save it.
-{% endcallout %}
+  Passing `bwdc login` by itself will prompt you to subsequently enter `client_id` and `client_secret`.
+- With parameters:
 
-```
-bwdc login bwuser@gmail.com mystrongpassword --method 0 --code 204678
-```
+  ```
+  bwdc login organization.b5351047-89b6-820f-ad21016b6222 yUMB4trbqV1bavhEHGqbuGpz4AlHm9
+  ```
+- With saved environment variables:
+
+  ```
+  BW_CLIENTID="organization.b5351047-89b6-820f-ad21016b6222"
+  BW_CLIENTSECRET="yUMB4trbqV1bavhEHGqbuGpz4AlHm9"
+
+  bwdc login
+  ```
+
+  Saving the environment variables `BW_CLIENTID` and `BW_CLIENTSECRET` allows you to login to Directory Connector using only `bwdc login`, which will check for those variables and use them if present.
+
+  If these environment variables aren't present, you will be prompted to enter your `client_id` and `client_secret`.
 
 ### logout
 
@@ -135,7 +139,9 @@ Options include:
 - `okta.token <token>`
 - `onelogin.secret <secret>`
 
+{% callout success %}
 `ldap.password`, `azure.key`, `gsuite.key`, `okta.token`, and `onelogin.secret` can **only** be modified from the CLI using `bwdc config`, or from the [Desktop Application]({% link _articles/directory-connector/directory-sync-desktop.md %}).
+{% endcallout %}
 
 ### data-file
 

_articles/directory-connector/directory-sync-desktop.md

@@ -8,53 +8,30 @@ tags: []
 order: 02
 ---
 
-Download the latest version of the Directory Connector Desktop App from our [GitHub releases page](https://github.com/bitwarden/directory-connector/releases){:target="_blank"} or by using one of the following official links:
+The Directory Connector Desktop App is a standalone desktop application that can be used to sync users, groups, and group associations from a selection of directory services.
 
-- [{% icon fa-windows %} Windows Installer (.exe)](https://vault.bitwarden.com/download/?app=connector&platform=windows)
-- [{% icon fa-windows %} Windows Portable (.exe)](https://vault.bitwarden.com/download/?app=connector&platform=windows&variant=portable)
-- [{% icon fa-apple %} macOS (.dmg)](https://vault.bitwarden.com/download/?app=connector&platform=macos)
-- [{% icon fa-linux %} Linux (.AppImage)](https://vault.bitwarden.com/download/?app=connector&platform=linux)
+{% image directory-connector/app.png Directory Connector Desktop App %}
 
-## Setup
+Directory Connector is also available as a [CLI Tool]({{site.baseurl}}/article/directory-sync-cli). The Desktop App and CLI [share a database and configurations]({% link _articles/directory-connector/directory-sync-shared.md %}), so you may choose to use both, however simultaneous use is not recommended.
 
-Directory Connector configuration will vary based on the directory type in use. Use one of the following articles for instruction:
+## Getting Started
 
-- [Sync with Active Directory or LDAP]({% link _articles/directory-connector/ldap-directory.md %})
-- [Sync with Azure Active Directory]({% link _articles/directory-connector/azure-active-directory.md %})
-- [Sync with G Suite (Google)]({% link _articles/directory-connector/gsuite-directory.md %})
-- [Sync with Okta]({% link _articles/directory-connector/okta-directory.md %})
-- [Sync with OneLogin]({% link _articles/directory-connector/onelogin-directory.md %})
+To get started using the Directory Connector Desktop App:
 
-{% callout info %}
-**If you're using a self-hosted version of Bitwarden**, you must change the Server URL used by the Directory Connector application:
+1. Download the latest version of the app from our [GitHub releases page](https://github.com/bitwarden/directory-connector/releases){:target="_blank"} or by using one of the following official links:
 
-1. Log out of Directory Connector.
-2. On the Login screen, select the **Settings** button.
-3. In the **Server URL** field, enter the domain name for your self-hosted instance with `https://`. For example, `https://bitwarden.example.com`.
-4. Select the **Save** button.
-{% endcallout %}
+   - [{% icon fa-windows %} Windows Installer (.exe)](https://vault.bitwarden.com/download/?app=connector&platform=windows)
+   - [{% icon fa-windows %} Windows Portable (.exe)](https://vault.bitwarden.com/download/?app=connector&platform=windows&variant=portable)
+   - [{% icon fa-apple %} macOS (.dmg)](https://vault.bitwarden.com/download/?app=connector&platform=macos)
+   - [{% icon fa-linux %} Linux (.AppImage)](https://vault.bitwarden.com/download/?app=connector&platform=linux)
 
-## Using Directory Connector
+2. **If you're using a self-hosted version of Bitwarden**, change the Server URL used by Directory Connector before logging in:
 
-The following sections will walk you through typical actions taken with the Desktop App.
-
-In all cases, log in with a Bitwarden user account that is an Admin or Owner for the relevant Organization(s). For more information, see [User Types and Access Control]({% link _articles/organizations/user-types-access-control.md %}).
-
-### Connect to a Bitwarden Organization
-
-Complete the following steps to specify which Bitwarden Organization to sync to:
-
-1. Open the Directory Connector application.
-2. Navigate to the **Settings** tab.
-3. In the **Account** section, select your Organization from the dropdown.
-
-### Configure Sync Options
-
-Complete the following steps to configure options for your sync:
-
-1. Open the Directory Connector application.
-2. Navigate to the **Settings** tab.
-3. In the **Sync** section, configure the available options as desired. Available **Sync Options** depend on the directory type in use, so refer to one of the following articles for a list of options available to you:
+   1. On the Login screen, select **Settings**.
+   2. In the **Server URL** field, enter the domain name for your self-hosted instance with `https://`. For example, `https://your.domain.bitwarden.com`.
+   3. Select **Save**.
+3. Log in to Directory Connector using your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/).
+4. On the {% icon fa-cogs %} **Settings** tab, connect to your directory and configure [sync options]({{site.baseurl}}/article/user-group-filters/). This procedure will vary based on the directory in use, so refer to one of the following articles for instruction:
 
    - [Sync with Active Directory or LDAP]({% link _articles/directory-connector/ldap-directory.md %})
    - [Sync with Azure Active Directory]({% link _articles/directory-connector/azure-active-directory.md %})
@@ -62,36 +39,27 @@ Complete the following steps to configure options for your sync:
    - [Sync with Okta]({% link _articles/directory-connector/okta-directory.md %})
    - [Sync with OneLogin]({% link _articles/directory-connector/onelogin-directory.md %})
 
-{% callout success %}
-When you're finished configuring, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations. For more information, see [Clear Sync Cache]({% link _articles/directory-connector/clear-sync-cache.md %}).
-{% endcallout %}
+   {% callout success %}If you're re-configuring sync options, rather than setting them for the first time, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations ([learn more]({{site.baseurl}}/article/clear-sync-cache/)).{% endcallout %}
+5. On the {% icon fa-cogs %} **Settings** tab, select you Organization from the Organization dropdown.
+6. **Perform a Test Sync**. To check that your directory connection and sync options are successfully configured and working as expected:
 
-### Perform a Sync Test
+   1. Open the {% icon fa-dashboard %} **Dashboard** tab.
+   2. Select the **Test Now** button.
 
-Perform a sync test to check that all configured settings are in-place and working as expected. Sync tests will query the directory server and print the results to the Directory Connector **Dashboard**.
+Sync testing will query the directory server and print the results to the dashboard. If the printed results match your expectations, you're ready to [start syncing](#sync-with-directory-connector).
 
-1. Open the Directory Connector application.
-2. Navigate to the **Dashboard** tab.
-3. In the **Testing** section, select the **Test Now** button.
+## Sync with Directory Connector
 
-### Perform a Manual Sync
+Directory Connector can be used to run a one-time [manual sync](#manual-sync) or [automatic sync polling](#automatic-sync):
 
-Complete the following steps to run a one-time manual sync between your directory and your Bitwarden Organization:
+### Manual Sync
 
-1. Open the Directory Connector application.
-2. Navigate to the **Dashboard** tab.
-3. In the **Sync** section, select the the **Sync Now** button.
+To run a one-time manual sync from your directory to your Bitwarden Organization, open the {% icon fa-dashboard %} **Dashboard** tab and select the {% icon fa-refresh %} **Sync Now** button.
 
-Your synced users and groups will be immediately available in your Bitwarden Organization. Added users will receive an email invite to your Organization.
+Synced users will be invited to your Organization, and groups will be immediately created.
 
-### Start Automatic Sync
+### Automatic Sync
 
-Complete the following steps to start automatic sync polling with Directory Connector:
+Automatic syncing will poll your directory based on the **Interval** specified in your [sync options]({{site.baseurl}}/article/user-group-filters/) as long as the application is open. If you exit or close the application, automatic sync polling will stop.
 
-1. Open the Directory Connector application.
-2. Navigate to the **Dashboard** tab.
-3. In the **Sync** section, select the **Start Sync** button.
-
-Directory Connector will begin polling your directory based on the **Interval** specified in your **Sync Options**.
-
-If you exit or close the application, automatic sync will stop. To keep Directory Connector running in the background, minimize the application or hide it to the system tray.
+To start automatic sync polling with Directory Connector, open the {% icon fa-dashboard %} **Dashboard** tab and select the {% icon fa-play %} **Start Sync** button.

_articles/directory-connector/directory-sync.md

@@ -12,10 +12,10 @@ order: 01
 
 The Bitwarden Directory Connector application syncs users and groups to a Bitwarden Organization from a selection of directory services. Directory Connector **will automatically provision and de-provision users, groups, and group associations** from the source directory.
 
-Directory Connector will issue invitations to synced users, however it will not automatically construct Bitwarden credentials based on any credentials stored in the source directory. Invited users will be required to follow the normal Organization onboarding procedure (see [Add or Remove Users](https://bitwarden.com/help/article/managing-users/#invited-users)) and log in with the created Bitwarden Master Password. 
+Directory Connector will issue invitations to synced users, however it will not automatically construct Bitwarden credentials based on any credentials stored in the source directory. Invited users will be required to follow the normal Organization [onboarding procedure]({{site.baseurl}}/article/managing-users/#onboard-users) and log in with the created Bitwarden Master Password.
 
 {% callout info %}
-Directory Connector functionality is available to **Teams** and **Enterprise** organizations. To use Directory Connector, you must be an Organization Admin or Owner (for more information, see [User Types and Access Control]({% link _articles/organizations/user-types-access-control.md %})).
+Directory Connector functionality is available to **Teams** and **Enterprise** Organizations. To use Directory Connector, you must have access to your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) which can only be retrieved by an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/) and securely shared using [Bitwarden Send]({{site.baseurl}}/article/about-send/).
 {% endcallout %}
 
 {% image /directory-connector/dc-diagram.png %}
@@ -41,7 +41,20 @@ Directory Connector is available as a cross-platform [Desktop Application]({% li
 
 Use the following links to download Directory Connector:
 
-#### Download the Desktop App
+<ul class="nav nav-tabs" id="myTab" role="tablist">
+  <li class="nav-item" role="presentation">
+    <a class="nav-link active" id="desktab" data-bs-toggle="tab" data-target="#desk" role="tab" aria-controls="desk" aria-selected="true">Desktop App</a>
+  </li>
+  <li class="nav-item" role="presentation">
+    <a class="nav-link" id="clitab" data-bs-toggle="tab" data-target="#cli" role="tab" aria-controls="cli" aria-selected="false">CLI</a>
+  </li>
+</ul>
+
+<div class="tab-content" id="clientsContent">
+  <div class="tab-pane show active" id="desk" role="tabpanel" aria-labelledby="desktab">
+{% capture desktop %}
+
+#### Download Desktop App
 
 Download the latest version of the Directory Connector Desktop App from our [GitHub releases page](https://github.com/bitwarden/directory-connector/releases){:target="_blank"} or by using one of the following official links:
 
@@ -50,7 +63,13 @@ Download the latest version of the Directory Connector Desktop App from our [Git
 - [{% icon fa-apple %} macOS (.dmg)](https://vault.bitwarden.com/download/?app=connector&platform=macos)
 - [{% icon fa-linux %} Linux (.AppImage)](https://vault.bitwarden.com/download/?app=connector&platform=linux)
 
-#### Download the CLI Tool
+{% endcapture %}
+{{ desktop | markdownify }}
+  </div>
+  <div class="tab-pane" id="cli" role="tabpanel" aria-labelledby="clitab">
+{% capture commandline %}
+
+#### Download CLI Tool
 
 Download the latest version of the Directory Connector CLI from one of the following links:
 
@@ -58,6 +77,11 @@ Download the latest version of the Directory Connector CLI from one of the follo
 - [{% icon fa-apple %} macOS CLI](https://vault.bitwarden.com/download/?app=connector&platform=macos&variant=cli-zip)
 - [{% icon fa-linux %} Linux CLI](https://vault.bitwarden.com/download/?app=connector&platform=linux&variant=cli-zip)
 
+{% endcapture %}
+{{ commandline | markdownify }}
+  </div>
+</div>
+
 ## Source code
 
 As with everything at Bitwarden, the Directory Connector is open source and hosted on GitHub at [github.com/bitwarden/directory-connector](https://github.com/bitwarden/directory-connector).

_articles/directory-connector/gsuite-directory.md

@@ -106,6 +106,7 @@ Complete the following steps to configure the setting used when syncing using Di
 |Interval|Time between automatic sync checks (in minutes).|
 |Remove disabled users during sync|Check this box to remove users from the Bitwarden Organization that have been disabled in your directory.|
 |Overwrite existing organization users based on current sync settings|Check this box to always perform a full sync and remove any users from the Bitwarden Organization if they are not in the synced user set.|
+|More than 2000 users or groups are expected to sync.|Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups.|
 |Sync users|Check this box to sync users to your Organization.<br><br> Checking this box will allow you to specify a **User Filter**.|
 |User Filter|See [Specify Sync Filters](#specify-sync-filters).|
 |Sync groups|Check this box to sync groups to your Organization.<br><br>Checking this box will allow you to specify a **Group Filter**.|

_articles/directory-connector/ldap-directory.md

@@ -65,6 +65,7 @@ If you are using Active Directory, many of these settings are predetermined for
 |Interval|Time between automatic sync check (in minutes).|
 |Remove disabled users during sync|Check this box to remove users from the Bitwarden Organization that have been disabled in your Organization.|
 |Overwrite existing organization users based on current sync settings|Check this box to fully overwrite the user set on each sync, including removing users from your Organization when they're absent from the directory user set.<br><br>**If for any reason an empty sync is run when this options is enabled, Directory Connector will remove all users.** Always run a [Test Sync](#test-a-sync) prior to syncing after enabling this option.|
+|More than 2000 users or groups are expected to sync.|Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups.|
 |Member Attribute|Name of the attribute used by the directory to define a group's membership (e.g. `uniqueMember`).|
 |Creation Data Attribute|Name of the attribute used by the directory to specify when an entry was created (e.g. `whenCreated`).|
 |Revision Date Attribute|Name of the attribute used by the directory to specify when an entry was last changed (e.g. `whenChanged`).|

_articles/directory-connector/okta-directory.md

@@ -51,6 +51,7 @@ Complete the following steps to configure the settings used when syncing using D
 |Interval|Time between automatic sync checks (in minutes).|
 |Remove disabled users during sync|Check this box to remove users from the Bitwarden Organization that have been disabled in your directory.|
 |Overwrite existing organization users based on current sync settings|Check this box to always perform a full sync and remove any users from the Bitwarden Organization if they are not in the synced user set.|
+|More than 2000 users or groups are expected to sync.|Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups.|
 |Sync users|Check this box to sync users to your Organization.<br><br>Checking this box will allow you to specify **User Filters**.|
 |User Filter|See [Specify Sync Filters](#specify-sync-filters).|
 |Sync Groups|Check this box to sync groups to your Organization.<br><br>Checking this box will allow you to specify **Group Filters**.|

_articles/directory-connector/onelogin-directory.md

@@ -50,6 +50,7 @@ Complete the following steps to configure the settings used when syncing using D
 |Interval|Time between automatic sync checks (in minutes).|
 |Remove disabled users during sync|Check this box to remove users from the Bitwarden Organization that have been disabled in your directory.|
 |Overwrite existing organization users based on current sync settings|Check this box to always perform a full sync and remove any users from the Bitwarden Organization if they are not in the synced user set.<br><br>**Recommended for OneLogin directories.**|
+|More than 2000 users or groups are expected to sync.|Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups.|
 |If a user has no email address, combine a username prefix with a suffix value to form an email|Check this box to form valid email options for users that do not have an email address. **Users without real or formed email addresses will be skipped by Directory Connector.**<br><br>Formed Email = `username` + **Email Suffix**|
 |Email Suffix|A string (`@example.com`) used to create a suffix for formed email addresses.|
 |Sync users|Check this box to sync users to your Organization.<br><br>Checking this box will allow you to specify **User Filters**.|

_articles/directory-connector/user-group-filters.md

@@ -22,3 +22,24 @@ Available Sync Options and Filter syntaxes are different for each directory serv
 {% callout success%}
 If you're using the Directory Connector CLI, see [Directory Connector File Storage]({% link _articles/directory-connector/directory-sync-shared.md %}) for help editing your `data.json` configuration file.
 {% endcallout %}
+
+## Large Syncs
+
+Regardless of which directory you're syncing from, enable the **More than 2000 users or groups are expected to sync.** option to signal to Directory Connector that you're expecting a large number of users or groups:
+
+{% image directory-connector/largesync.png Signal a Large Sync%}
+
+You may also enable this option directly in the Directory Connector [configuration file]({{site.baseurl}}/article/directory-sync-shared/#config-file) (`data.json`) by setting `"largeImport": true`:
+
+```
+"syncConfig": {
+  ...,
+  ...,
+  ...,
+  "largeImport": true
+  },"
+```
+
+{% callout info %}
+If you don't enable this option, Directory Connector will limit a sync to 2000 users or groups.
+{% endcallout %}

_articles/faqs/security-faqs.md

@@ -80,7 +80,7 @@ Bitwarden takes user security and privacy seriously. Bitwarden maintains secure,
 
 ### Q: How does Bitwarden vet code changes?
 
-**A:** Confidence in the security of our systems is of utmost important to Bitwarden. All proposed code changes are reviewed by one or more non-author members of the team before they can be merged into any codebase. All code goes through multiple test and QA environments prior to production. Bitwarden has implemented a SOC2 report to audit and validate our internal procedures. As mentioned in the report, our team is subject to rigorous background check and thorough interview processes. Bitwarden, being an open-source product, also welcomes peer-review of our code at any point. The team at Bitwarden strives to do everything we can to keep our users comfortable, and keeping their data secure.
+**A:** Confidence in the security of our systems is of utmost important to Bitwarden. All proposed code changes are reviewed by one or more non-author members of the team before they can be merged into any codebase. All code goes through multiple test and QA environments prior to production. Bitwarden has implemented a SOC2 report to audit and validate our internal procedures. As mentioned in the report, our team is subject to rigorous background check and thorough interview processes. Bitwarden, being an open-source product, also welcomes peer-review of our code at any point. The team at Bitwarden strives to do everything we can to keep our users comfortable, and keeping their data secure. 
 
 ### Q: How long does Bitwarden cache session information?
 

_articles/features/auto-fill-browser.md

@@ -71,11 +71,24 @@ Some browsers, including **Safari** and legacy **Edge** do not currently support
 
 ## On Page Load
 
-Auto-fill on Page Load is an **experimental and opt-in** feature offered by Bitwarden Browser Extensions. When enabled, Bitwarden will auto-fill login information when a web page corresponding to a Login item's URI value loads.
+Auto-fill on Page Load is an **experimental and opt-in** feature offered by Bitwarden Browser Extensions. Auto-fill on page load will auto-fill login information when a web page corresponding to a Login item's URI value loads. Once enabled, you can set the default behavior (i.e. on for all Vault items or off for Vault items).
 
+To enable this feature, navigate to **Settings** → **Options** in your Browser Extension, select the **Enable Auto-fill On Page Load** option, and choose your default behavior. Once enabled and the default behavior is set, you can additionally specify auto-fill on page load behavior for each individual Vault item:
+
+{% image autofill/onpageloadfull.png %}
+
+Using this convention, you can setup your Browser extension to, for example:
+
+- Auto-fill on page load for a only select few items (i.e. **off by default** for all Vault items and **manually turned on** for select items).
+- Auto-fill on page for all but a select few items (i.e. **on by default** for all Vault items and **manually turned off** for select items).
+
+{% callout info %}
 If there are multiple Login items with the detected URI, the last-used login will be used for the auto-fill operation.
+{% endcallout %}
 
-To enable this feature, navigate to **Settings** → **Options** in your Browser Extension, and select the **Enable Auto-fill On Page Load** option.
+### TOTP Copy
+
+If you use [Bitwarden Authenticator]({{site.baseurl}}/article/authenticator-keys/), you can enable the **Copy TOTP to clipboard after auto-fill** option to automatically copy a TOTP code to the clipboard when a Login is autofilled.
 
 ## Manually Auto-fill
 

_articles/getting-started/getting-started-organizations.md

@@ -112,18 +112,18 @@ Invitations expire after 5 days. Make sure you accept the invitation within that
 
 ### Confirm
 
-As the Organization Owner, confirm an accepted invitation to complete the loop:
+Confirm accepted Organization to complete the loop:
 
-1. In your Organization Vault, open the **Manage** tab and select **People**.
-2. Hover over the `Accepted` user and select the {% icon fa-cog %} gear dropdown:
+1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
+2. Open the **Manage** tab and select **People** from the left-hand menu.
+3. Select any `Accepted` users and use the {% icon fa-cog %} gear dropdown to {% icon fa-check %} **Confirm Selected**:
 
    {% image organizations/org-people-options-overlay.png Confirm an Accepted user %}
-3. Select {% icon fa-check %} **Confirm**.
-4. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** → **My Account**:
+3. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** → **My Account**:
 
    {% image fingerprint-phrase.png Sample Fingerprint Phrase %}
 
-   Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select **Submit**.
+Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select **Submit**.
 
 ## Get to know your Vault
 

_articles/getting-started/releasenotes.md

@@ -25,6 +25,22 @@ Bitwarden believes source code transparency is an absolute requirement for secur
 
 To be notified of Release Announcements, subscribe to the [Bitwarden Status RSS Feed](https://status.bitwarden.com/){:target="\_blank"}.
 
+## 2021-06-29
+
+The Bitwarden team is happy to announce the rollout of Admin Password Reset, the latest feature purpose-built to help enterprises seeking to ensure password security at scale. This release includes:
+
+- **Admin Password Reset**: Enterprise Organizations can enroll in Admin Password Reset to allow designated administrators to reset the Master Password of Organization users (see [here]({{site.baseurl}}/article/admin-reset/) for details).
+- **Master Password Re-prompt**: Use the new Master Password re-prompt option to require verification of your Master Password to view the sensitive fields of individual Vault items (see [here]({{site.baseurl}}/article/managing-items/#protect-individual-items) for details).
+
+   {% callout info %}**Master Password Re-prompt** will temporarily not be available for mobile apps, as we are releasing mobile updates in the near future. Please be aware of the following:<br><br>- The Android/iOS app **will not re-prompt** for your master password when viewing, editing, or auto-filling a reprompt-enabled Vault item.<br>- Editing a reprompt-enabled Vault item on Android/iOS **will disable** your re-prompt settings for that item.{% endcallout %}
+- **Bulk User Management**: Organization Owners and Admins can now re-send invitations, confirm accepted users, and remove users from an Organization in-bulk (see [here]({{site.baseurl}}/article/managing-users/#onboard-users) for details).
+- **Event Log Export**: Export event logs directly from the Web Vault (see [here]({{site.baseurl}}/article/event-logs/#export-events) for details).
+- **Directory Connector API Key Authentication**: Starting with this release, users of Directory Connector will need to use the [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) to login.
+- **Directory Connector Sync Limit Increase**: Directory Connector can now sync an unlimited number of users or groups, where previously the limit was set at 2000 of either. To sync more than 2000 users or groups, toggle the new Sync Option (see [here]({{site.baseurl}}/article/user-group-filters/#large-syncs) for details).
+- **Autofill On Page Load Enhancements**: The Browser Extension's Auto-fill on page load feature has been upgraded to more flexibly fit users' unique needs (see [here]({{site.baseurl}}/article/auto-fill-browser/#on-page-load) for details).
+- **More CLI Options**: We've added a few new CLI options, including easy retrieval of Vault item notes (`bw get notes <id>`) and the ability to set maximum access count for Sends (`bw send create --maxAccessCount <#>`).
+- **Web Developer Autofill Exclusion**: Web Development contributors can now prevent the Browser Extension from auto-filling a given form element by adding a `data-bwignore` attribute (e.g. `data-bwignore="true"`) to an `<input>` element.
+
 ## 2021-05-11
 
 The Bitwarden team is pleased to release a set of features and updates continuing our mission of making password management easy and accessible for individuals and businesses:

_articles/miscellaneous/cli.md

@@ -317,6 +317,20 @@ bw get attachment photo.png --itemid 99ee88d2-6046-4ea7-92c2-acac464b1412 --outp
 When using `--output`, the path **must** end a forward slash (`/`) to specify a directory or a filename (`/Users/myaccount/Pictures/photo.png`).
 {% endcallout %}
 
+#### get notes
+
+The `get notes` command retrieves the note for any Vault item:
+
+```
+bw get notes <id>
+```
+
+`get notes` takes an exact item `id` or string. If you use a string (i.e. anything other than an exact `id`), `getnotes` will search your Vault objects for one with a value that matches. For example, the following command would return a Github note:
+
+```
+bw get notes Github
+```
+
 #### get template
 
 The `get template` command returns the expected JSON formatting for an object (`item`, `item.field`, `item.login`, etc.):

_articles/miscellaneous/personal-api-key.md

@@ -10,14 +10,9 @@ tags: [api key, cli]
 Your Bitwarden Personal API Key can be used as an alternative method for authenticating into the Command Line Interface (CLI).
 
 {% callout info %}
-Your Personal API Key is not the same as the API Key used to access the Bitwarden Public API for organization management. Personal API Keys will have a `client_id` with format `"user.clientId"`, while Organization API Keys will have a `client_id` with format `"organization.ClientId"`.
+Your Personal API Key is **not the same** as the [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) used to access the [Bitwarden Public API]({{site.baseurl}}/article/public-api/) or [Directory Connector]({{site.baseurl}}/article/directory-sync/). Personal API Keys will have a `client_id` with format `"user.clientId"`, while Organization API Keys will have a `client_id` with format `"organization.ClientId"`.
 {% endcallout %}
 
-### In This Article
-- [Get your Personal API Key](#get-your-personal-api-key)
-  - [Rotate Your API Key](#rotate-your-api-key)
-- [Authenticate using Your API Key](#authenticate-using-your-api-key)
-
 ## Get Your Personal API Key
 
 Complete the following steps to get your Personal API Key:

_articles/organizations/admin-reset.md

@@ -0,0 +1,114 @@
+---
+layout: article
+title: Admin Password Reset
+categories: [organizations]
+featured: true
+popular: false
+tags: [master password, reset, administrator, owner]
+order: 15
+---
+
+{% callout info %}
+Admin Password Reset is available for **Enterprise Organizations** on a current plan. Like Login with SSO, Password Reset is not available to [Classic 2019 Enterprise Organizations]({{site.baseurl}}/article/2020-plan-updates).
+{% endcallout %}
+
+## What is Admin Password Reset?
+
+Admin Password Reset allows [designated administrators](#permissions) to recover Enterprise Organization user accounts and restore access in the event that an employee forgets their [Master Password]({{site.baseurl}}/article/master-password/). Admin Password Reset can be activated for an Organization by [enabling the Admin Password Reset Policy](#activate-admin-password-reset).
+
+Individual users must be enrolled (either through [self-enrollment](#self-enroll-in-password-reset) or using the [automatic enrollment policy option](#automatic-enrollment)) to be eligible for password reset, as enrollment triggers the key exchange that makes Admin Password Reset secure.
+
+**Admin Password Reset does not bypass Two-step Login or Login with SSO**. If a [Two-step Login method]({{site.baseurl}}/article/setup-two-step-login/) is enabled for the account or if your Organization [requires SSO Authentication]({{site.baseurl}}/article/policies/#single-sign-on-authentication), you will still be required to use that method to access your Vault after password reset.
+
+### Encryption
+
+{% callout info %}
+**2021-06-01:** The release of Admin Password Reset introduces a new RSA public/private key pair for all Organizations. The private key is further encrypted with the Organization's pre-existing symmetric key before being stored.
+
+The key pair is generated and encrypted client-side upon creation of a new Organization, or for an existing Organization upon:
+
+- Navigation to the **Manage** → **People** screen.
+- Updates to anything on the **Settings** → **My Organization** screen.
+- Upgrades from one Organization type to another.
+{% endcallout %}
+
+When a member of the Organization [enrolls](#automatic-enrollment) in Admin Password Reset, that user's [encryption key]({{site.baseurl}}/article/account-encryption-key) is encrypted with the Organization's public key. The result is stored as the **Password Reset Key**.
+
+When an Admin Password Reset action is taken:
+
+1. The Organization private key is decrypted with the Organization symmetric key.
+2. The user's **Reset Password Key** is decrypted with the decrypted Organization private key, resulting in the users's [encryption key]({{site.baseurl}}/article/account-encryption-key).
+3. The user's encryption key and Master Password hash are replaced with a *new* encryption key and *new* Master Password hash, seeded from a new Master Password.
+4. The user's new encryption key is encrypted with the Organization's public key, replacing the previous **Password Reset Key** with a new one.
+
+**At no point** will anyone, including the administrator who executes the reset, be able to see the old Master Password.
+
+### Permissions
+
+Admin Password Reset can be executed by [Owners, Admins, and permitted Custom users]({{site.baseurl}}/article/user-types-access-control/). Admin Password Reset uses a hierarchical permission structure to determine who can reset whose Master Password, meaning:
+- Any Owner, Admin, or permitted Custom user can reset a **User**, **Manager**, or **Custom User**'s Master Password.
+- Only an Admin or Owner can reset an **Admin**'s Master Password.
+- Only an Owner can reset another **Owner**'s Master Password.
+
+### Event Logging
+
+[Events]({{site.baseurl}}/article/event-logs/) are logged when:
+- A Master Password is reset.
+- A user enrolls in Admin Password Reset.
+- A user withdraws from Admin Password Reset.
+
+## Activate Admin Password Reset
+
+To activate Master Password Reset for your Enterprise Organization, navigate to the [Business Portal]({{site.baseurl}}/article/about-business-portal/) and enable the [Master Password Reset Policy]({{site.baseurl}}/article/policies/#master-password-reset). Users will need to [self-enroll](#self-enroll-in-password-reset) or [be auto-enrolled](#automatic-enrollment) in Password Reset before their Master Password can be reset.
+
+### Automatic Enrollment
+
+Enabling the Automatic Enrollment policy option will automatically enroll new users in Admin Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/article/managing-users/#accept). Users already in the Organization will not be retroactively enrolled in Admin Password Reset, and will be required to [self-enroll](#self-enroll-in-password-reset).
+
+{% callout success %}
+If you're automatically enrolling Organization members in Admin Password Reset, we **highly recommend notifying them of this feature**. Many Bitwarden Organization users store personal credentials in their Personal Vault, and should be made aware that Admin Password Reset could allow an administrator to access their Personal Vault.
+{% endcallout %}
+
+### Self-enroll in Password Reset
+
+To enroll in Password Reset, navigate to **Settings** → **Organizations** in the [Web Vault](https://vault.bitwarden.com/){:target="\_blank"}:
+
+{% image /organizations/pwreset-enroll.png Enroll in Password Reset %}
+
+Hover over the Organization you wish to enroll in Password Reset for, select the {% icon fa-cog %} gear dropdown, and choose **Enroll in Password Reset**. When you're enrolled in Password Reset, the Organization listing will display a {% icon fa-key %} key icon. You can enroll in Admin Password Reset for multiple Organizations, if you choose.
+
+### Withdraw Enrollment
+
+Once enrolled, you can **Withdraw** from Password Reset from the same dropdown used to enroll:
+
+{% image /organizations/pwreset-withdraw.png Withdraw from Password Reset %}
+
+Manually changing your Master Password or [rotating your encryption key]({{site.baseurl}}/article/account-encryption-key/) **will not** withdraw you from Admin Password Reset.
+
+## Reset a Master Password
+
+{% callout info %}
+You must be a [Owner, Admin, or permitted Custom user](#permissions) to reset a Master Password. Check the [Permissions](#permissions) section of this article to see whose Master Password you are allowed to reset.
+{% endcallout %}
+
+To reset a Master Password for a member of your Enterprise Organization:
+
+1. In your [Web Vault](https://vault.bitwarden.com){:target="\_blank"}, open your Organization.
+2. Open the **Manage** tab and navigate to the **People** section.
+3. Hover over the user whose Master Password you want to reset, select the {% icon fa-cog %} gear dropdown, and choose {% icon fa-key %} **Reset Password**:
+
+   {% image /organizations/pwreset-reset.png Reset Password %}
+
+4. On the Reset Password window, create a **New Password** for the user. If your Organization has enabled the [Master Password Policy]({{site.baseurl}}/article/policies/#master-password), you will need to create a password that meets the implemented requirements (e.g. min 8 characters, contains numbers):
+
+   {% image /organizations/pwreset-newpw.png Create a New Password %}
+
+   Copy the new Master Password and contact the user to coordinate secure communication of it, for example using [Bitwarden Send]({{site.baseurl}}/article/create-send/).
+
+5. Select **Save** to execute the Password Reset. Doing so will log the user out of their current sessions.  Active sessions on some client applications, like Mobile Apps, may remain active for up to one hour.
+
+### After a Password Reset
+
+When your Master Password is reset, you will receive an email from Bitwarden to inform you of this. On receiving this email, contact your Organization administrator to obtain your new Master Password through a secure channel like [Bitwarden Send]({{site.baseurl}}/article/create-send/).
+
+Once you have regained access to your Vault using the new Master Password, you should immediately change your Master Password to something **strong** and **memorable**. Changing your Master Password after a reset will help to protect your privacy.

_articles/organizations/event-logs.md

@@ -14,7 +14,7 @@ Event Logs are timestamped records of everything that occurs within your Organiz
 
 {% image /organizations/event-logs-updated.png Event Logs %}
 
-Events Logs are also accessible from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/).
+Events Logs are [exportable](#export-events) and accessible from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/).
 
 ## Events
 
@@ -72,6 +72,9 @@ All Event types are listed below, with their corresponding type codes:
 - Removed user *user-identifier*. (`1503`)
 - Edited groups for user *user-identifier*. (`1504`)
 - Unlinked SSO. (`1505`)
+- *user-identifier* enrolled in Master Password Reset. (`1506`)
+- *user-identifier* withdrew from Master Password Reset. (`1507`)
+- Master Password was reset for *user-identifier*. (`1508`)
 - Edited organization settings. (`1600`)
 - Purged organization vault. (`1601`)
 - Updated a Policy. (`1700`)
@@ -83,6 +86,21 @@ https://github.com/bitwarden/web/blob/master/src/app/services/event.service.ts
 https://github.com/bitwarden/web/blob/master/src/locales/en/messages.json
 {% endcomment %}
 
+## Export Events
+
+Exporting event logs will create a `.csv` of all events within the specified date range:
+
+{% image /organizations/event-logs-export.png Export Event Logs %}
+
+For example:
+
+```
+message,appIcon,appName,userId,userName,userEmail,date,ip,type
+Logged in.,fa-globe,Web Vault - Chrome,1234abcd-56de-78ef-91gh-abcdef123456,Alice,alice@bitwarden.com,2021-06-14T14:22:23.331751Z,111.11.111.111,User_LoggedIn
+Invited user zyxw9876.,fa-globe,Unknown,1234abcd-56de-78ef-91gh-abcdef123456,Alice,alice@bitwarden.com,2021-06-14T14:14:44.7566667Z,111.11.111.111,OrganizationUser_Invited
+Edited organization settings.,fa-globe,Web Vault - Chrome,9876dcba-65ed-87fe-19hg-654321fedcba,Bob,bob@bitwarden.com,2021-06-07T17:57:08.1866667Z,222.22.222.222,Organization_Updated
+```
+
 ## API Responses
 
 Accessing Event Logs from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/) will return a JSON response like the following:
@@ -111,9 +129,7 @@ Accessing Event Logs from the `/events` endpoint of the [Bitwarden Public API](h
 
 ## SIEM and External Systems Integrations
 
-When exporting data from Bitwarden into other systems, a combination of data from the API and CLI may be used to gather data.
-
-For example, using Bitwarden RESTful APIs gather data around the structure of the organization:
+When exporting data from Bitwarden into other systems, a combination of data from the Exports, API and CLI may be used to gather data. For example, using Bitwarden RESTful APIs to gather data around the structure of the organization:
 
 - GET /public/members returns the Members, Ids, and assigned groupIds
 - GET /public/groups returns all the Groups, Ids, assigned Collections, and their permissions

_articles/organizations/managing-users.md

@@ -64,28 +64,29 @@ To invite users to your Organization:
    - Select the **Access Control** to be applied to new users. [Access Control]({{site.baseurl}}/article/user-types-access-control/#access-control) will determine which Collections these users will have access to, and what level of access within those Collections.  
 5. Click **Save** to invite the designated users to your Organization.
 
+{% callout info %}
+**Invitations expire after 5 days**, at which point the user will need to be re-invited. Re-invite users in bulk by selecting each user and using the {% icon fa-cog %} gear dropdown to **Resend Invitations**:
+
+{% image /organizations/org-people-reinvite.png Bulk Reinvite %}
+
+If you're self-hosting Bitwarden, you can configure the invitation expiration period [using an environment variable]({{site.baseurl}}/article/environment-variables/).
+{% endcallout %}  
 ### Accept
 
 Invited users will receive an email from Bitwarden inviting them to join the Organization. Clicking the link in the email will open a Bitwarden Client invitation window. **Log In** with an existing Bitwarden or **Create Account** to accept the invitation:
 
 {% image organizations/user-accept-updated.png Invitation Window %}
 
-{% callout warning %}
-Invitations will expire after 5 days, at which point the user will need to be [re-invited](#invite). If you're self-hosting Bitwarden, you can configure the invitation expiration period [using an environment variable]({{site.baseurl}}/article/environment-variables/).
-{% endcallout %}
-
 ### Confirm
 
 To confirm accepted invitations into your Organization:
 
-
 1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
 2. Open the **Manage** tab and select **People** from the left-hand menu.
-3. Hover over the `Accepted` user and select the {% icon fa-cog %} gear dropdown:
+3. Select any `Accepted` users and use the {% icon fa-cog %} gear dropdown to {% icon fa-check %} **Confirm Selected**:
 
    {% image organizations/org-people-options-overlay.png Confirm an Accepted user %}
-3. Select {% icon fa-check %} **Confirm**.
-4. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** → **My Account**:
+3. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** → **My Account**:
 
    {% image fingerprint-phrase.png Sample Fingerprint Phrase %}
 
@@ -97,10 +98,9 @@ To remove users from your Organization:
 
 1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
 2. In your Organization, open the **Manage** tab and select **People** from the left menu.
-3. On the **People** screen, hover over the user you want to remove and select the gear dropdown.
-4. From the gear dropdown, select the **Remove** option.
+3. Select the users you want to remove from the Organization and use the {% icon fa-cog %} gear dropdown to {% icon fa-times %} **Remove**:
 
-{% image organizations/org-people-options-updated-overlay.png Remove a user %}
+{% image organizations/org-people-bulkremove.png Remove Users %}
 
 ### Deleting User Accounts
 

_articles/organizations/policies.md

@@ -118,3 +118,15 @@ Enabling the **Send Options** policy will allow Owners and Admins to specify opt
 |Option|Description|
 |------|-----------|
 |Do not allow users to hide their email address|Enabling this option disables the [Hide Email option]({{site.baseurl}}/article/send-privacy/#hide-email), meaning that all [received Sends]({{site.baseurl}}/article/receive-send) will include whom they are sent from.|
+
+### Master Password Reset
+
+Enabling the **Master Password Reset** policy will allow Owners and Admins to use [Password Reset]({{site.baseurl}}/article/admin-reset/) to reset the master password of enrolled users. By default, users will need to [self-enroll in Password Reset]({{site.baseurl}}/article/admin-reset/#self-enroll-in-password-reset), however the [Automatic Enrollment](#automatic-enrollment) option can be used to automatically enroll invited users:
+
+#### Automatic Enrollment
+
+Enabling the **Automatic Enrollment** option will automatically enroll new users in Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/article/managing-users/#accept).
+
+{% callout info %}
+Users already in the Organization will not be retroactively enrolled in Password Reset, and will be required to [self-enroll]({{site.baseurl}}/article/admin-reset/#self-enroll-in-password-reset).
+{% endcallout %}

_articles/organizations/public-api.md

@@ -5,7 +5,7 @@ categories: [organizations]
 featured: true
 popular: false
 tags: [public api, oas, organizations]
-order: 15
+order: 16
 ---
 
 The Bitwarden Public API provides Organizations a suite of tools for managing members, collections, groups, event logs, and policies.
@@ -36,9 +36,13 @@ For Self-hosted, `https://your.domain.com/identity/connect/token`.
 
 ## Authentication
 
-The API uses bearer access tokens to authenticate with protected API endpoints. Bitwarden uses an [OAuth2 Client Credentials](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/){:target="_blank"} application request flow to grant bearer access tokens from the endpoint.
+The API uses bearer access tokens to authenticate with protected API endpoints. Bitwarden uses an [OAuth2 Client Credentials](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/){:target="_blank"} application request flow to grant bearer access tokens from the endpoint. Authentication requests take `client_id` and `client_secret` as required parameters.
 
-Authentication requests take `client_id` and `client_secret` as required parameters. `client_id` and `client_secret` can be obtained by an **Owner** from the Web Vault by navigating to the **Settings** tab → **My Organization** and scrolling down to the **API Key** section.
+The API Key `client_id` and `client_secret` can be obtained by an **Owner** from the Web Vault by navigating to Organization **Settings** → **My Organization** and scrolling down to the **API Key** section:
+
+{% image organizations/org-api-key.png Get Organization API Key %}
+
+If, as an owner, you want to share the API Key with an Admin or other user, use a secure communication method like [Bitwarden Send]({{site.baseurl}}/article/about-send/).
 
 {% callout warning %}
 Your API key enables full access to your Organization. Keep your API key private. If you believe your API key has been compromised, select the **Rotate API Key** button on this screen. Active uses of your current API key will need to be reconfigured with the new key before use.

_articles/organizations/user-types-access-control.md

@@ -20,7 +20,7 @@ User Type determines the permissions a user will have within your Organization.
 |---------|-----------|
 |User|Access shared items in assigned Collections<br>Add, edit, or remove items from assigned Collections (unless **Read Only**)|
 |Manager|All of the above,<br>+ Assign Users to Collections<br>+ Assign User Groups to Collections<br>+ Create or delete Collections|
-|Admin|All of the above,<br>+ Assign Users to User Groups<br>+ Create or delete User Groups<br>+ Invite and confirm new Users<br>+ Manage Enterprise Policies<br>+ View Event Logs<br>+ Export Organization Vault data<br><br>**Admin Users automatically have access to all Collections.**|
+|Admin|All of the above,<br>+ Assign Users to User Groups<br>+ Create or delete User Groups<br>+ Invite and confirm new Users<br>+ Manage Enterprise Policies<br>+ View Event Logs<br>+ Export Organization Vault data<br>+ Manage Password Reset<br><br>**Admin Users automatically have access to all Collections.**|
 |Owner|All of the above,<br>+ Manage Billing, Subscription, and Integrations<br><br>**Owner Users automatically have access to all Collections.**|
 |Custom|Allows for granular control of user permissions on a user-by-user basis, see [Custom Role](#custom-role).|
 
@@ -42,6 +42,7 @@ Selecting the **Custom** role for a user allows for granular control of permissi
 - Manage SSO
 - Manage Policies
 - Manage Users
+- Manage Password Reset
 
 {% callout success %}
 As an example, the Custom role allows for the creation of a user that can fully manage a User-Group-Collection relationship, without the ability to see anything in a Collection to which they are not assigned. This scenario would involve selecting only the following boxes for this Custom user:

_articles/plans-and-pricing/enterprise-feature-list.md

@@ -73,11 +73,3 @@ order: 04
 |Temporary password sharing and generation| [https://bitwarden.com/help/article/authenticator-keys/](https://bitwarden.com/help/article/authenticator-keys/) |
 |Auto clear clipboard after copying a password| [https://bitwarden.com/help/article/security-faqs/](https://bitwarden.com/help/article/security-faqs/) |
 |Duplicate password detection| [https://bitwarden.com/help/article/reports/](https://bitwarden.com/help/article/reports/)| 
-
-
-
-
-
-
-
-

_articles/send/send-cli.md

@@ -38,6 +38,7 @@ will create a file Send object with the specified file at the specified `path` a
 
 - Use `-n <name>` or `--name <name>` to specify a name for the Send. If none is specified, name will default to the `id` for text Sends and file name for file Sends. For multi-word names, use quotations `"<name>"`.
 - Use `-d <days>` or `--deleteInDays <days>` to specify a [deletion date]({{site.baseurl}}/article/send-lifespan/#deletion-date) for the Send (defaults to 7 days if unspecified).
+- Use `--maxAccessCount` or `-a` to specify the [maximum access count]({{site.baseurl}}/article/send-lifespan/#maximum-access-count) for the Send.
 - Use `--hidden` to specify that a text Send require recipients to [toggle visibility]({{site.baseurl}}/article/send-privacy/#hide-text).
 - Use `--notes <notes>` to add private notes to the Send. For multi-word notes, use quotations `"<notes>"`.
 - Use `--fullObject` to output the full Send object as JSON rather than only the Send link (pair this option with the `--pretty` option for formatted JSON).

files/data.json

@@ -1,23 +1,24 @@
 {
-	"installedVersion": "2.8.2",
-	"mainWindowSize": {
-		"width": 738,
-		"height": 551,
-		"isMaximized": false,
-		"displayBounds": {
-			"x": 1440,
-			"y": 0,
-			"width": 1920,
-			"height": 1080
-		},
-		"x": 2601,
-		"y": 23
-	},
+	"installedVersion": "2.9.2",
 	"appId": "app-id-string",
 	"rememberEmail": true,
-	"rememberedEmail": "owner@bitwarden.com",
-	"directoryType": 0, <---Indicates which directoryConfig_x to use for sync
-	"directoryConfig_0": {  <---Config for LDAP/AD
+	"rememberedEmail": "username@email.com",
+	"mainWindowSize": {
+		"width": 1122,
+		"height": 733,
+		"isMaximized": false,
+		"displayBounds": {
+			"x": 0,
+			"y": 0,
+			"width": 1440,
+			"height": 900
+		},
+		"x": 89,
+		"y": 62
+	},
+	"organizationId": "your-organization-id",
+	"directoryType": 1,
+	"directoryConfig_0": {
 		"ssl": false,
 		"startTls": false,
 		"sslAllowUnauthorized": false,
@@ -25,31 +26,24 @@
 		"currentUser": false,
 		"ad": true,
 		"pagedSearch": true,
-		"password": "[STORED SECURELY]", <---Must be set from a BWDC Application
-		"rootPath": "dc=ldap,dc=company,dc=org",
-		"hostname": "ldap.company.org",
-		"username": "cn=bitwarden,cn=Users,dc=ldap,dc=company,dc=org"
+		"password": null
 	},
 	"directoryConfig_2": {
 		"privateKey": null
 	},
-	"directoryConfig_1": { <---Config for Azure AD
-		"key": "[STORED SECURELY]", <---Must be set from a BWDC Application
-		"tenant": "bwdc@test.onmicrosoft.com",
-		"applicationId": "application-id-string"
+	"directoryConfig_1": {
+		"key": null
 	},
-	"directoryConfig_3": { <---Config for Okta
-		"token": "[STORED SECURELY]", <---Must be set from a BWDC Application
-		"orgUrl": "https://bitwardentest.okta.com"
+	"directoryConfig_3": {
+		"token": null
 	},
-	"directoryConfig_4": { <---Config for OneLogin
+	"directoryConfig_4": {
 		"region": "us",
-		"clientSecret": "[STORED SECURELY]", <---Must be set from a BWDC Application
-		"clientId": "client-id-string"
+		"clientSecret": null
 	},
-	"syncConfig": { <---Sync Options
+	"syncConfig": {
 		"users": true,
-		"groups": false,
+		"groups": true,
 		"interval": 5,
 		"removeDisabled": false,
 		"overwriteExisting": false,
@@ -62,10 +56,16 @@
 		"groupObjectClass": "group",
 		"userEmailAttribute": "mail",
 		"groupNameAttribute": "name",
-		"groupPath": "",
-		"userPath": "",
-		"groupFilter": "",
-		"userFilter": "(ou=Test OU)"
+		"groupPath": "CN=Users",
+		"userPath": "CN=Users",
+		"largeImport": true
 	},
-	"organizationId": "organization-id-string" <---Your Organization GUID
+	"accessToken": "bearer-access-token",
+	"userEmail": "username@email.com",
+	"userId": "user-identifier",
+	"kdf": 0,
+	"kdfIterations": 100000,
+	"clientId": "organization-api-clientid",
+	"entityId": "organization-id-string",
+	"entityType": "organization"
 }