diff --git a/_articles/account/basic-auth-autofill.md b/_articles/account/basic-auth-autofill.md index f6b92323..c721f62d 100644 --- a/_articles/account/basic-auth-autofill.md +++ b/_articles/account/basic-auth-autofill.md @@ -6,7 +6,7 @@ featured: true popular: true hidden: false tags: [] -order: "07" +order: "08" --- Login prompts like the one pictured below, called "basic" or "native" authentication prompts, will be automatically auto-filled by the Bitwarden Browser Extension **if there is only 1 Login item with a** [**matching URI**]({{site.baseurl}}/article/uri-match-detection/). You can also use the Browser Extension's {% icon fa-share-square %} **Launch** button to automatically open and log in to a basic auth-protected resource. diff --git a/_articles/account/biometrics.md b/_articles/account/biometrics.md index ea38abbb..a105597a 100644 --- a/_articles/account/biometrics.md +++ b/_articles/account/biometrics.md @@ -110,7 +110,7 @@ Unlock with Biometrics is supported for Extensions on **Chromium-based** browser To enable Unlock with Biometrics for your Browser Extension: -{% callout success %}Biometrics (Windows Hello or Touch Id) must be enabled in your Desktop App before proceeding. IIf you don't see the Windows Hello option in your Desktop app, you may need to [install the Microsoft Visual C++ Redistributable.](https://support.microsoft.com/en-us/topic/the-latest-supported-visual-c-downloads-2647da03-1eea-4433-9aff-95f26a218cc0){:target="\_blank} Additionally, **if you're using Safari**, you can skip straight to **Step 4**.{% endcallout %} +{% callout success %}Biometrics (Windows Hello or Touch Id) must be enabled in your Desktop App before proceeding. If you don't see the Windows Hello option in your Desktop app, you may need to [install the Microsoft Visual C++ Redistributable.](https://support.microsoft.com/en-us/topic/the-latest-supported-visual-c-downloads-2647da03-1eea-4433-9aff-95f26a218cc0){:target="\_blank} Additionally, **if you're using Safari**, you can skip straight to **Step 4**.{% endcallout %} 1. In your Bitwarden Desktop app, navigate to Settings (on Windows, **File** → **Settings**) (on macOS, **Bitwarden** → **Preferences**). 2. Scroll down to the Options section, and check the **Enable Browser Integration** box. @@ -126,8 +126,11 @@ To enable Unlock with Biometrics for your Browser Extension: {% callout success %}You may be prompted at this stage to allow Bitwarden to `communicate with cooperating native applications`. This permission is safe, but **optional** and solely enables the Browser Extension to communicate with Desktop as described above.{% endcallout %} You should be prompted by your Desktop app to input your biometric. Doing so will complete the initial setup procedure. If you've opted to require verification (**Step 2**), you'll need to approve a fingerprint validation check. +6. If you want the Browser Extension to automatically prompt for your biometric input when launched, make sure the **Do not prompt for biometrics on launch** option is not checked: -Once enabled, a new button will be presented on the Unlock screen: + {% image biometrics/extension-launch.png Biometrics Options %} + +Browser Extension will automatically prompt for your biometric when you open it. If you disable the no-prompt option (**Step 6**), use the **Unlock with biometrics** button on the Unlock screen: {% image biometrics/be-bio-unlock.png Unlock with Biometrics %} diff --git a/_articles/account/vault-timeout.md b/_articles/account/vault-timeout.md index 4e76892b..a0f936ae 100644 --- a/_articles/account/vault-timeout.md +++ b/_articles/account/vault-timeout.md @@ -8,40 +8,36 @@ tags: [account, vault, timeout, 2FA, two-step] order: "14" --- -Vault Timeout behavior will determine how your Vault will behave after a customizable period of inactivity. Timeout is configured individually from and for each Bitwarden client application that you use (Mobile, Web, Desktop, Browser Extension, etc.). +Vault Timeout determines how your Vault will behave after a specified period of inactivity. Timeout is configured individually for each Bitwarden Client application (Web Vault, Browser Extension, Mobile, Desktop). Vault Timeout can be configured from the **Settings** menu of any Bitwarden app. When configuring your Vault Timeout settings, you can set both the **Vault Timeout** (time-constraint) and **Vault Timeout Action**: -{% callout warning %} -Regardless of Vault Timeout settings, **closing the Browser or Browser Tab will end your Web Vault or Browser Extension session**, meaning you'll be required to log in to access your Vault. +## Vault Timeout +This option determines how long the Bitwarden app can be inactive before timing out. "Inactivity" is determined by time since interacting with Bitwarden, not system idle time. Each app will have standardized options (e.g. 1 minute, 15 minutes, 1 hour) as well as options specific to certain apps (e.g. On System Idle) and a Custom time input. + +{% callout info %} +Enterprise Organizations can implement a maximum allowable Timeout option using an [Enterprise Policy]({{site.baseurl}}/article/policies/). +{% endcallout %} + +### Web and Browser Extension Timeouts + +Due to the Web Vault and Browser Extension depending on your Web Browser, unique "timeout" scenarios to take into account: + +1. **If you refresh your browser** (`CMD/CTRL + R`), your Web Vault will lock. Refreshing will not affect a Browser Extension. +2. **If you close your browser tab**, you will be logged out of your Web Vault. Closing a single tab will not affect a Browser Extension. +3. **If you close your browser**, you will be logged out of both your Web Vault and Browser Extension. + +{% callout success %} If you're using a Browser Extension, you can bypass this by enabling the **Unlock with PIN** option and unchecking the **Lock with master password on browser restart** checkbox. {% endcallout %} -## Options +## Vault Timeout Action -You can configure the following options from the **Settings** menu of any Bitwarden client application: +This option determines what Bitwarden will do once the [Vault Timeout](#vault-timeout) is reached. Options include: -### Vault Timeout (time-constraint) +- **Lock** (default) -Configuring this option will dictate how long Bitwarden can be inactive before timing-out. "Inactivity" is determined by the time since interacting with Bitwarden, not system idle time. + Locking your Vault will maintain Vault data on the device, so unlocking your Vault can be done offline. You'll only be required to enter your [Master Password]({{site.baseurl}}/article/master-password/) to decrypt your Vault data, **not** any active Two-step Login methods. -Each client application will have unique options (e.g. On System Idle, or On App Restart), however all applications include standard time-based options (e.g. 1 minute, 15 minutes, 1 hour). +- **Log Out** -### Vault Timeout Action - -Configuring this option will dictate what Bitwarden will do once the Vault Timeout time-constraint has lapsed. Bitwarden can either: - -- **Lock** (*default*). - - Locking your Vault will maintain Vault data on the device. You will only be prompted to enter your Master Password to decrypt your Vault, however no [Two-step Login]({{site.baseurl}}/article/setup-two-step-login/) method will be required to unlock your Vault. - - Bitwarden client applications don't need to be online to unlock. - -{% callout warning %} -Due to the storage and reference of your decryption keys within the Web Vault, using the Browser refresh button on the Web Vault will cause it to lock. -{% endcallout %} - -- **Log Out**. - - Logging Out of your Vault completely removes all Vault data from your device, and will therefore require you to re-authenticate to access your Vault. You will be required to enter your Email Address, Master Password, and any enabled [Two-step Login]({{site.baseurl}}/article/setup-two-step-login/) method in order to access your Vault. - - Bitwarden client applications must be online to log in. + Logging out of your Vault completely removes all Vault data from your device. Logging back in will require you to re-authenticate your identity, so logging in can only be done when online. You'll be required to enter your [Master Password]({{site.baseurl}}/article/master-password/) and any active [Two-step Login]({{site.baseurl}}/article/setup-two-step-login/) method. diff --git a/_articles/faqs/autofill-faqs.md b/_articles/faqs/autofill-faqs.md index 6f9a1943..e3d4d7cd 100644 --- a/_articles/faqs/autofill-faqs.md +++ b/_articles/faqs/autofill-faqs.md @@ -6,7 +6,7 @@ featured: true popular: true hidden: false tags: [] -order: "10" +order: "11" --- ### Q: Can I auto-fill on a split login-workflow? diff --git a/_articles/faqs/billing-faqs.md b/_articles/faqs/billing-faqs.md index f10de636..2a0e1a84 100644 --- a/_articles/faqs/billing-faqs.md +++ b/_articles/faqs/billing-faqs.md @@ -36,11 +36,11 @@ For help selecting the right Bitwarden plan for you, refer to [What Plan is Righ ### Q: How do I add or remove a user seat from my Organization? -**A:** Login to your [Web Vault]({{site.baseurl}}/article/getting-started-webvault) and open your Organization. In your Organization's **Settings** tab, select the **Subscription** from the left menu: +**A:** For Teams and Enterprise Organizations, user seats will be automatically added as you invite new users. You can [specify a limit]({{site.baseurl}}/article/managing-users/#set-a-seat-limit) to prevent your seat count from exceeding a specific number. -{% image organizations/org-subscription-screen-overlay-addseats.png Add or Remove seats %} +To remove user seats, navigate to your Organization's **Settings** → **Subscription** screen and use the **Subscription Seats** input to remove seats ([learn more]({{site.baseurl}}/article/managing-users/#manually-add-or-remove-seats)). -You can add or remove seats from your Organization at any time. The cost will be automatically pro-rated and debited or credited accordingly. +Adding and removing user seats will adjust your future billing totals. Adding seats will immediately charge your payment method on file at an adjusted rate so that **you’ll only pay for the remainder of the billing cycle** (month/year). Removing seats will cause your next charge to be adjusted so that you’re **credited for time not used** by the already-paid-for seat. ### Q: How do I pay for Premium on a self-hosted instance? diff --git a/_articles/faqs/sso-faqs.md b/_articles/faqs/sso-faqs.md index cc4f8341..fd32d097 100644 --- a/_articles/faqs/sso-faqs.md +++ b/_articles/faqs/sso-faqs.md @@ -10,12 +10,25 @@ order: "07" --- This article contains Frequently Asked Questions (FAQs) regarding **Login with SSO**. -For more high-level information about **Login with SSO**, refer to the following articles: -- [Getting Started with Login with SSO]({{site.baseurl}}/article/getting-started-with-sso/) -- [About the Business Portal]({{site.baseurl}}/article/about-business-portal/) +For more high-level information about **Login with SSO**, refer to [About Login with SSO]({{site.baseurl}}/article/about-sso/) ## Using Login with SSO +### Q: Why does Login with SSO require my Master Password? + +**A:** Today’s employees are surrounded by software-as-a-service (SaaS) applications. As a result, many companies are leveraging Single Sign-On (SSO) as a way to unify employees’ access to increasingly large numbers of accounts. + +Some applications don’t have SSO integrations yet; and even for those that do, it’s still mission critical to protect sensitive information and practice good security habits - the perfect job for a password manager, like Bitwarden. + +Bitwarden, recognizing the importance of SSO to today’s enterprises, has an SSO integration of its own; allowing your employees to use your existing Identity Provider (IdP) to **authenticate** their identities (i.e. prove they are who they say they are). + +What makes the Bitwarden SSO implementation unique compared to other tools is that it retains our end-to-end zero-knowledge encryption model. Nobody at Bitwarden should have access to your Vault data and, importantly, **neither should your Identity Provider**. + +That’s why the Bitwarden Login with SSO offering **decouples authentication and decryption**. Your IdP can confirm that Alice is, in fact, Alice, but cannot and should not have the tools to decrypt Alice’s Vault. Only Alice can have that tool and, conveniently, it’s her Master Password! + +In practice, that means that anytime an employee logs in to Bitwarden using SSO, they’ll need to use their Master Password to decrypt their Vault, protecting your businesses’ critical credentials and secrets. + + ### Q: Will changing my SSO password affect my Bitwarden Master Password? **A:** No. Your Master Password will remain the same and will still be used to decrypt your Vault data. diff --git a/_articles/features/auto-fill-custom-fields.md b/_articles/features/auto-fill-custom-fields.md new file mode 100644 index 00000000..3dc390c4 --- /dev/null +++ b/_articles/features/auto-fill-custom-fields.md @@ -0,0 +1,42 @@ +--- +layout: article +title: Auto-fill Custom Fields +categories: [auto-fill] +order: "05" +featured: true +popular: false +tags: [browser, autofill, auto-fill, custom fields, form fill] +--- + +Bitwarden can do more than just [auto-fill your usernames and passwords]({{site.baseurl}}/article/auto-fill-browser/)! **Bitwarden Browser Extensions** can auto-fill [custom fields]({{site.baseurl}}/article/custom-fields) to simplify fill-in of security questions, PINS, and more using the [unique Tab view](({{site.baseurl}}/article/auto-fill-browser/)). + +## Auto-fill Custom Fields + +{% callout success %} +It's important to name the custom field correctly in order for auto-fill to work. [Learn how to name custom fields]({{site.baseurl}}/article/custom-fields/#custom-field-names). +{% endcallout %} + +To auto-fill custom fields: + +1. Open the Browser Extension or, if your Browser Extension is already open, navigate to the {% icon fa-folder %} **Tab** view. + + The Tab view automatically detects the URI (e.g. myverizon.com) of the page displayed in the open tab and surfaces any Vault items with corresponding URIs. +2. Select the item that contains the custom field you want to auto-fill: + + {% image autofill/auto-fill-custom-field.png Item with a Custom Field %} + +The Browser Extension will find any fields that match the [custom field name]({{site.baseurl}}/article/custom-fields/custom-field-names) and auto-fill that field's value. + +## Special Auto-fill Scenarios + +### HTML `` Elements + +Typically custom fields are auto-filled in HTML `
` or `` elements, however Bitwarden Browser Extensions can auto-fill custom field values into the `innerText` of HTML `` elements as well. + +In order to auto-fill into a `` element, the opening tag must have the `data-bwautofill` attribute. So, in the following scenario: + +``` +Bitwarden is great. +``` + +A custom field with **name:** `myspan` will replace `Bitwarden is great` with whatever is saved in the custom field's **value**. diff --git a/_articles/features/blacklisting-uris.md b/_articles/features/blacklisting-uris.md index 53871bd6..e4135816 100644 --- a/_articles/features/blacklisting-uris.md +++ b/_articles/features/blacklisting-uris.md @@ -4,7 +4,7 @@ title: Blacklisting URIs categories: [auto-fill] featured: false popular: false -order: "06" +order: "07" tags: [android, autofill, auto-fill] --- diff --git a/_articles/features/custom-fields.md b/_articles/features/custom-fields.md index 43ad943e..c6a1c76e 100644 --- a/_articles/features/custom-fields.md +++ b/_articles/features/custom-fields.md @@ -30,12 +30,14 @@ Custom fields can be added to a Vault item from any Bitwarden client using the * ### Custom Field Names -The specified **Name** is important to get right in order to successfully auto-fill a custom field. Using the Browser Extension, you can quickly get the correct field name using the **Copy Custom Field Name** option in the context menu (in most cases, by right-clicking on the form element): +The specified **Name** is important to get right in order to successfully [auto-fill a custom field]({{site.baseurl}}/article/auto-fill-custom-fields/). Using the Browser Extension, you can quickly get the correct field name using the **Copy Custom Field Name** option in the context menu (in most cases, by right-clicking on the form element): {% image features/custom-fields-contextmenu.png %} Selecting this context menu option will copy the form element's `id`, `name`, `aria-label`, or `placeholder` value (**in that order of preference**). +Once you've saved a custom field, you can [auto-fill it from the Browser Extension]({{site.baseurl}}/article/auto-fill-custom-fields/). + #### Find Custom Field Names Manually If you don't use the Browser Extension, the best way to find a field name is to use your web browser's developer tools, as in the following example: @@ -53,6 +55,8 @@ If you don't use the Browser Extension, the best way to find a field name is to {% image features/custom-fields/custom-field-eg.png Custom field example %} 6. Save the Vault item. +Once you've saved a custom field, you can [auto-fill it from the Browser Extension]({{site.baseurl}}/article/auto-fill-custom-fields/). + ### More About Custom Field Names #### Order of Preference diff --git a/_articles/features/disable-browser-autofill.md b/_articles/features/disable-browser-autofill.md index 5b8c3879..54bd2945 100644 --- a/_articles/features/disable-browser-autofill.md +++ b/_articles/features/disable-browser-autofill.md @@ -6,7 +6,7 @@ featured: true popular: true hidden: false tags: [] -order: "08" +order: "09" --- If you're new to Bitwarden, it's likely that the web browser you use has been saving and auto-filling your passwords. Most web browsers enable this by default, but experts generally agree that [built-in password managers are more vulnerable](https://www.wired.com/2016/08/browser-password-manager-probably-isnt-enough/){:target="\_blank"} than dedicated solutions like Bitwarden. diff --git a/_articles/features/uri-match-detection.md b/_articles/features/uri-match-detection.md index 171207f3..a9c8a2ac 100644 --- a/_articles/features/uri-match-detection.md +++ b/_articles/features/uri-match-detection.md @@ -5,7 +5,7 @@ categories: [auto-fill] featured: false popular: false tags: [uri, match detection, autofill] -order: "05" +order: "06" --- Any Login item in your Vault can be created with or edited to include one or more URI (Uniform Resource Identifier). A URI can be a website address (i.e. a URL), a Server IP Address, a Mobile App Package ID, and more. diff --git a/_articles/getting-started/releasenotes.md b/_articles/getting-started/releasenotes.md index 895f68fd..5ffb781d 100644 --- a/_articles/getting-started/releasenotes.md +++ b/_articles/getting-started/releasenotes.md @@ -45,6 +45,24 @@ Want Release Announcements delivered straight to your inbox? Or subscribe to the [Bitwarden Status RSS Feed](https://status.bitwarden.com/){:target="\_blank"}. {% endcallout %} +## 2021-10-26 + +The Bitwarden team is pleased to release a set of features and updates continuing our mission of making password management easy and accessible for individuals and businesses: + +{% callout info %} +**Deprecation Announcement**: The Business Portal has been deprecated. Enterprise Organizations can configure [Policies]({{site.baseurl}}/article/policies) and [Login with SSO]({{site.baseurl}}/article/about-sso) from the Organization **Manage** tab. +{% endcallout %} + +- **Vault Timeout Policy**: The Vault Timeout policy will apply a maximum [Vault timeout duration]({{site.baseurl}}/article/vault-timeout/#vault-timeout-time-constraint) for all members of your Organization (see [here]({{site.baseurl}}/article/policies/#vault-timeout) for details). +- **Disable Personal Vault Export Policy**: The Disable Personal Vault Export policy will prohibit non-Owner/non-Admin members of your Organization from exporting private Vault data (see [here]({{site.baseurl}}/article/policies/#disable-personal-vault-export) for details). +- **Auto-scale Organization Seats**: Teams and Enterprise Organizations will automatically scale up user seats as new users are invited. Organizations can set a limit on scaling to prevent the seat count from exceeding a specified number (see [here]({{site.baseurl}}/article/managing-users) for details). +- **Custom Role - Improved Collection Permissions**: Collection-management permissions for the Custom role have been expanded to include granular controls over whether the user can create, edit, or delete assigned or all Collections (see [here]({{site.baseurl}}/article/user-types-access-control/#custom-role) for details). +- **Admin Password Reset - Update Password after Reset**: Passwords reset by an Admin must now be updated by the user they belong to immediately when they log in to Bitwarden (see [here]({{site.baseurl}}/article/admin-reset/#after-a-password-reset) for details). +- **Browser Extension - Autofill Span Elements**: The Browser Extension can now auto-fill [custom fields]({{site.baseurl}}/article/custom-fields) in the innerText of HTML `` elements (see [here]({{site.baseurl}}/article/auto-fill-custom-fields/#html-span-elements) for details). +- **Browser Extension - Automatic Biometrics Prompt**: The Browser Extension can now automatically prompt for your biometric input when opened. You can toggle this behavior from the {% icon fa-cogs %} **Settings** menu (see [here]({{site.baseurl}}/article/biometrics/) for details). +- **Web Vault - Dark Mode**: The Web Vault now has dark mode (see [here]({{site.baseurl}}/article/change-theme/) for details)! +- **CLI - `generate` Passphrase Options**: The `bw generate --passphrase` command now includes the options `--capitalize` and `--includeNumber` (see [here]({{site.baseurl}}/article/cli/#generate) for details). + ## 2021-09-21 The latest release of Bitwarden focuses on often requested improvements to existing functionality: diff --git a/_articles/importing/lastpass-enterprise-migration-guide.md b/_articles/importing/lastpass-enterprise-migration-guide.md index b47fba09..99c199e5 100644 --- a/_articles/importing/lastpass-enterprise-migration-guide.md +++ b/_articles/importing/lastpass-enterprise-migration-guide.md @@ -67,7 +67,7 @@ Self-hosting is available for Enterprise plans. Bitwarden Enterprise plans support Login with Single-Sign-On using either SAML 2.0 or OpenID Connect (OIDC). -Each Bitwarden Organization can configure one SSO provider. Configuration for this is located in the [Business Portal]({{site.baseurl}}/article/about-business-portal/), accessible from the Web Vault by Organization Owners and Administrators. +Each Bitwarden Organization can configure one SSO provider. Configuration for this is accessible in the Web Vault by Organization Owners and Administrators. For more details on Login with SSO configurations and examples of Identity Provider (IdP) settings and naming conventions, please visit [these help articles]({{site.baseurl}}/article/about-sso/). diff --git a/_articles/importing/teams-enterprise-migration-guide.md b/_articles/importing/teams-enterprise-migration-guide.md index e34b76c0..f924dbea 100644 --- a/_articles/importing/teams-enterprise-migration-guide.md +++ b/_articles/importing/teams-enterprise-migration-guide.md @@ -60,7 +60,7 @@ It's important that you create your Organization first and [import data to it di {% callout info %}To self-host Bitwarden, create an Organization on the Bitwarden cloud, generate a [license key](https://bitwarden.com/host/), and use the key to [unlock Organizations]({{site.baseurl}}/article/licensing-on-premise/#organization-license) on your server.{% endcallout %} 2. **Onboard Administrative Users**. With your Organization created, further setup procedures can be made easier by onboarding some [administrative users]({{site.baseurl}}/article/user-types-access-control/). It's important that you **do not begin end-user onboarding** at this point, as there are a few steps left to prepare your Organization. Learn how to invite admins [here]({{site.baseurl}}/article/managing-users/#onboard-users). -3. **Configure Identity Services**. Bitwarden Enterprise Organizations support [Login with Single-Sign-On]({{site.baseurl}}/article/about-sso/) using either SAML 2.0 or OpenID Connect (OIDC). To configure SSO, navigate to the [Business Portal]({{site.baseurl}}/article/about-business-portal/), accessible from the Web Vault by [Organization Owners and Administrators]({{site.baseurl}}/article/user-types-access-control/). +3. **Configure Identity Services**. Bitwarden Enterprise Organizations support [Login with Single-Sign-On]({{site.baseurl}}/article/about-sso/) using either SAML 2.0 or OpenID Connect (OIDC). To configure SSO, open the Organization's **Manage** → **Single Sign-On** screen,, accessible by [Organization Owners and Administrators]({{site.baseurl}}/article/user-types-access-control/). 4. **Enable Enterprise Policies**. [Enterprise Policies]({{site.baseurl}}/article/policies/) enable Enterprise Organizations to implement roles for users, for example requiring use of Two-step Login. It is highly recommended that you configure Policies before onboarding users. diff --git a/_articles/login-with-sso/about-sso.md b/_articles/login-with-sso/about-sso.md index 5fec4df9..f333e4a8 100644 --- a/_articles/login-with-sso/about-sso.md +++ b/_articles/login-with-sso/about-sso.md @@ -18,7 +18,7 @@ Login with SSO currently supports SAML 2.0 and OpenID Connect authentication for Users of Bitwarden authenticate into their vaults using the **Enterprise Single Sign-On** button located on the login screen of any Bitwarden client application. For more information, see [Using Login with SSO]({{site.baseurl}}/article/using-sso/). -Administrators can configure Login with SSO in the Business Portal. For more information, see [About the Business Portal]({{site.baseurl}}/article/about-business-portal/). +Administrators can configure Login with SSO from the Organization **Manage** screen. {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} diff --git a/_articles/login-with-sso/configure-sso-oidc.md b/_articles/login-with-sso/configure-sso-oidc.md index 213b1c27..edbde8dc 100644 --- a/_articles/login-with-sso/configure-sso-oidc.md +++ b/_articles/login-with-sso/configure-sso-oidc.md @@ -5,7 +5,7 @@ categories: [login-with-sso] featured: false popular: false tags: [sso, oidc, openid, idp, identity] -order: "04" +order: "03" --- ## Step 1: Set an Organization Identifier @@ -26,14 +26,10 @@ You'll need to share this value with users once the configuration is ready to be Once you have your Organization Identifier, you can proceed to enabling and configuring your integration. To enable Login with SSO: -1. From your Organization Vault, navigate to the **Business Portal**: +1. From the Organization Vault, navigate to the **Manage** tab and select **Single Sign-On** from the left-hand menu: - {% image organizations/business-portal-button-overlay.png Business Portal %} - -2. From the Business Portal menu bar, check that the correct Organization is listed and select the **Single Sign-On** button: - -{% image sso/sso-bp-1.png Business Portal Menu%} -3. Check the **Enabled** checkbox. + {% image sso/manage-sso.png Enable SSO %} +2. On the Single Sign-On Screen, check the **Enabled** checkbox. 4. From the **Type** dropdown menu, select the **OpenID Connect** option. If you intend to use SAML instead, switch over the the [SAML Configuration Guide]({{site.baseurl}}/article/configure-sso-saml/). ## Step 3: Configuration @@ -47,7 +43,7 @@ From this point on, **implementation will vary provider-to-provider**. Jump to o ### Configuration Reference Materials -The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal/), agnostic of which IdP you're integrating with. Fields that must be configured will be marked (**Required**). +The following sections will define fields configured on the Single Sign-On configuration screen, agnostic of which IdP you're integration with. Fields that must be configured will be marked (**Required**). {% callout success %} **Unless you're comfortable with OpenID Connect**, we recommend using one of the [above Implementation Guides](#step-3-configuration) instead of the following generic material. diff --git a/_articles/login-with-sso/configure-sso-saml.md b/_articles/login-with-sso/configure-sso-saml.md index 64127959..40017c65 100644 --- a/_articles/login-with-sso/configure-sso-saml.md +++ b/_articles/login-with-sso/configure-sso-saml.md @@ -5,7 +5,7 @@ categories: [login-with-sso] featured: false popular: false tags: [sso, saml, saml2.0, idp, identity] -order: "03" +order: "02" --- ## Step 1: Set an Organization Identifier @@ -26,13 +26,10 @@ You'll need to share this value with users once the configuration is ready to be Once you have your Organization Identifier, you can proceed to enabling and configuring your integration. To enable Login with SSO: -1. From the Organization Vault, navigate to the **Business Portal**: +1. From the Organization Vault, navigate to the **Manage** tab and select **Single Sign-On** from the left-hand menu: - {% image organizations/business-portal-button-overlay.png Business Portal %} -2. From the Business Portal menu bar, check that the correct Organization is listed and select the **Single Sign-On** button: - - {% image sso/sso-bp-1.png Business Portal Menu %} -3. Check the **Enabled** checkbox. + {% image sso/manage-sso.png Enable SSO %} +2. On the Single Sign-On Screen, check the **Enabled** checkbox. 4. From the **Type** dropdown menu, select the **SAML 2.0** option. If you intend to use OIDC instead, switch over to the [OIDC Configuration Guide]({{site.baseurl}}/article/configure-sso-oidc/). ## Step 3: Configuration @@ -55,13 +52,13 @@ From this point on, **implementation will vary provider-to-provider**. Jump to o ### Configuration Reference Materials -The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal/), agnostic of which IdP you're integration with. Fields that must be configured will be marked (**Required**). +The following sections will define fields configured on the Single Sign-On configuration screen, agnostic of which IdP you're integration with. Fields that must be configured will be marked (**Required**). {% callout success %} **Unless you're comfortable with SAML 2.0**, we recommend using one of the [above Implementation Guides](#step-3-configuration) instead of the following generic material. {% endcallout %} -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/oidc-azure.md b/_articles/login-with-sso/oidc-azure.md index 9a87a66c..c4541455 100644 --- a/_articles/login-with-sso/oidc-azure.md +++ b/_articles/login-with-sso/oidc-azure.md @@ -11,13 +11,13 @@ order: This article contains **Azure-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Azure via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/) or [Azure SAML Implementation]({{site.baseurl}}/article/saml-azure/). -Configuration involves working simultaneously within the Bitwarden [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden Web Vault and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/article/configure-sso-oidc/) and return to this guide. +If you're coming straight from [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-oidc/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. -Open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-oidc1.png OIDC Configuration %} @@ -51,11 +51,9 @@ Select **Certificates & secrets** from the navigation, and select the **New clie Give the certificate a Bitwarden-specific name, and choose an expiration timeframe. +## Back to the Web Vault - -## Bitwarden Business Portal Configuration - -At this point, you've configured everything you need within the context of the Azure Portal. Jump back over to the Bitwarden Business Portal to configure the following fields: +At this point, you've configured everything you need within the context of the Azure Portal. Jump back over to the Bitwarden Web Vault to configure the following fields: |Field|Description| |-----|-----------| diff --git a/_articles/login-with-sso/oidc-okta.md b/_articles/login-with-sso/oidc-okta.md index 81217b7a..5dfad2a4 100644 --- a/_articles/login-with-sso/oidc-okta.md +++ b/_articles/login-with-sso/oidc-okta.md @@ -10,13 +10,13 @@ order: --- This article contains **Okta-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Okta via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/) or [Okta SAML Implementation]({{site.baseurl}}/article/saml-okta/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documentated. +Configuration involves working simultaneously within the Bitwarden Web Vault and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documentated. -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/article/configure-sso-oidc/) and return to this document. +If you're coming straight from [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-oidc/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. -Open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-oidc1.png OIDC Configuration %} @@ -46,7 +46,7 @@ On the Application screen, copy the **Client ID** and **Client secret** for the {% image sso/cheatsheets/oidc-okta/okta-clientcredentials.png App Client Credentials %} -You'll need to use both values [during a later step](#bitwarden-business-portal-configuration). +You'll need to use both values [during a later step](#back-to-the-web-vault). ### Get Authorization Server Information @@ -54,11 +54,11 @@ Select **Security** → **API** from the navigation. From the **Authorization {% image sso/cheatsheets/oidc-okta/okta-authserver.png Okta Authorization Server Settings %} -You'll need to use both values [during the next step](#bitwarden-business-portal-configuration). +You'll need to use both values [during the next step](#back-to-the-web-vault). -## Bitwarden Business Portal Configuration +## Back to the Web Vault -At this point, you've configured everything you need within the context of the Okta Admin Portal. Jump back over to the Bitwarden Business Portal to configure the following fields: +At this point, you've configured everything you need within the context of the Okta Admin Portal. Jump back over to the Bitwarden Web Vault to configure the following fields: |Field|Description| |-----|-----------| diff --git a/_articles/login-with-sso/saml-adfs.md b/_articles/login-with-sso/saml-adfs.md index 3a225c23..352f002b 100644 --- a/_articles/login-with-sso/saml-adfs.md +++ b/_articles/login-with-sso/saml-adfs.md @@ -10,7 +10,7 @@ order: --- This article contains **Active Directory Federation Services (AD FS)-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the AD FS Server Manager. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden Web Vault and the AD FS Server Manager. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -18,9 +18,11 @@ Configuration involves working simultaneously within the Bitwarden [Business Por [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-adfs-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, refer to that article to create an Organization ID and open your Business Portal to the SSO Configuration section: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -122,11 +124,11 @@ In the left-hand file navigator, select **AD FS** and from the right-hand option You will need this identifier [during a later step](#identity-provider-configuration). -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the AD FS Server Manager. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the AD FS Server Manager. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-auth0.md b/_articles/login-with-sso/saml-auth0.md index 5c29992b..48915a18 100644 --- a/_articles/login-with-sso/saml-auth0.md +++ b/_articles/login-with-sso/saml-auth0.md @@ -10,7 +10,7 @@ order: --- This article contains **Auth0-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Auth0 Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden Web Vault and the Auth0 Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -18,9 +18,11 @@ Configuration involves working simultaneously within the Bitwarden [Business Por [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-auth0-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -32,7 +34,7 @@ In the Auth0 Portal, use the Applications menu to create a **Regular Web Applica {% image sso/cheatsheets/saml-auth0/auth0-createapp.png Auth0 Create Application %} -Click the **Settings** tab and configure the following information, some of which you'll need to retrieve from the Bitwarden Business Portal: +Click the **Settings** tab and configure the following information, some of which you'll need to retrieve from the Bitwarden Single Sign-On screen: {% image sso/cheatsheets/saml-auth0/auth0-appsettings.png Auth0 Settings %} @@ -95,11 +97,11 @@ function (user, context, callback) { } ``` -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the Auth0 Portal. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the Auth0 Portal. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-aws.md b/_articles/login-with-sso/saml-aws.md index b89ece28..c2ca6aa2 100644 --- a/_articles/login-with-sso/saml-aws.md +++ b/_articles/login-with-sso/saml-aws.md @@ -11,7 +11,7 @@ order: This article contains **AWS-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the AWS Console. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden Web Vault and the AWS Console. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -19,10 +19,11 @@ Configuration involves working simultaneously within the Bitwarden [Business Por [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-aws-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your -[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -86,11 +87,11 @@ Navigate to the **Assigned users** tab and select the **Assign users** button: You can assign users to the application on an individual level, or by Group. -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the AWS Console. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the AWS Console. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-azure.md b/_articles/login-with-sso/saml-azure.md index 69e00fc8..b27b96fa 100644 --- a/_articles/login-with-sso/saml-azure.md +++ b/_articles/login-with-sso/saml-azure.md @@ -11,7 +11,7 @@ order: This article contains **Azure-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously with the Bitwarden Web Vault and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -19,10 +19,11 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-azure-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your -[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -92,11 +93,11 @@ Select **Users and groups** from the navigation: Select the **Add user/group** button to assign access to the Login with SSO application on a user or group-level. -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the Azure Portal. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the Azure Portal. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-duo.md b/_articles/login-with-sso/saml-duo.md index 3dee70f1..73a39617 100644 --- a/_articles/login-with-sso/saml-duo.md +++ b/_articles/login-with-sso/saml-duo.md @@ -10,7 +10,7 @@ order: --- This article contains **Duo-specific** help for configuring Login with SSO via SAML 2.0 For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously between the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Duo Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously between the Bitwarden Web Vault and the Duo Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -18,24 +18,20 @@ Configuration involves working simultaneously between the Bitwarden [Business Po [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-duo-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault {% callout info %} This article assumes that you have already set up Duo with an Identity Provider. If you haven't, see [Duo's documentation](https://duo.com/docs/sso#saml){:target="\_blank"} for details. {% endcallout %} -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} You don't need to edit anything on this screen yet, but keep it open for easy reference. -{% comment %} -add authenticaiton source? - -{% image sso/cheatsheets/saml-duo/saml-duo1.png %} -{% endcomment %} - ## Protect an Application In the Duo Admin Portal, navigate to the **Applications** screen and select the **Protect an Application** button: @@ -46,7 +42,7 @@ In the search bar, type `generic service provider` and select **Generic Service {% image sso/cheatsheets/saml-duo/duo-search.png Generic Service Provider %} -Complete the following steps and configurations on the Application configuration screen, some of which you'll need to retrieve from the Bitwarden Business Portal: +Complete the following steps and configurations on the Application configuration screen, some of which you'll need to retrieve from the Bitwarden Single Sign-On screen: {% image sso/cheatsheets/saml-duo/duo-appconfig.png Configuration Screen %} @@ -82,11 +78,11 @@ Select the **Download certificate** button to download your X.509 Certificate, a Once you've finished configuring these fields, **Save** your changes. -## Back to the Business Portal +## Back to the Web Vault -At this point, you’ve configured everything you need within the context of the DUO Portal. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you’ve configured everything you need within the context of the Duo Portal. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-google.md b/_articles/login-with-sso/saml-google.md index 31cfa04f..ab2a098a 100644 --- a/_articles/login-with-sso/saml-google.md +++ b/_articles/login-with-sso/saml-google.md @@ -11,7 +11,7 @@ order: This article contains **Google Workspace-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Google Workspace Admin console. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously with the Bitwarden Web Vault and the Google Workspace Admin console. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -19,9 +19,11 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-google-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -78,11 +80,11 @@ By default, Workspace SAML apps will be **OFF for everyone**. Open the User Acce **Save** your changes. -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the Google Workspace Admin console. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the Google Workspace Admin console. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-jumpcloud.md b/_articles/login-with-sso/saml-jumpcloud.md index f1b132d1..426fac85 100644 --- a/_articles/login-with-sso/saml-jumpcloud.md +++ b/_articles/login-with-sso/saml-jumpcloud.md @@ -11,7 +11,7 @@ order: This article contains **JumpCloud-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the JumpCloud Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden Web Vault and the JumpCloud Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -19,9 +19,11 @@ Configuration involves working simultaneously within the Bitwarden [Business Por [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-jumpcloud-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -101,11 +103,11 @@ Either create a Bitwarden-specific User Group, or open the All Users default Use Alternatively, you can bind access to User Groups directly from the **SSO** → **Bitwarden Application** screen. {% endcallout %} -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the JumpCloud Portal. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the JumpCloud Portal. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-keycloak.md b/_articles/login-with-sso/saml-keycloak.md index ea02870c..2940ee33 100644 --- a/_articles/login-with-sso/saml-keycloak.md +++ b/_articles/login-with-sso/saml-keycloak.md @@ -10,7 +10,7 @@ order: --- This article contains **Keycloak-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Keycloak Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously with the Bitwarden Web Vault and the Keycloak Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -18,10 +18,11 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-keycloak-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your -[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -145,11 +146,11 @@ From the navigation, select **Realm Settings** → **Keys** and get your cert Copy the certificate for use in a [later step](#identity-provider-configuration). -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the Keycloak Portal. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the Keycloak Portal. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-okta.md b/_articles/login-with-sso/saml-okta.md index 0e0e5f90..13dca93e 100644 --- a/_articles/login-with-sso/saml-okta.md +++ b/_articles/login-with-sso/saml-okta.md @@ -11,7 +11,7 @@ order: This article contains **Okta-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden Web Vault and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -19,10 +19,11 @@ Configuration involves working simultaneously within the Bitwarden [Business Por [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-okta-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your -[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -98,11 +99,11 @@ Navigate to the **Assignments** tab and select the **Assign** button: You can assign access to the application on a user-by-user basis using the **Assign to People** option, or in-bulk using the **Assign to Groups** option. -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the Okta Admin Portal. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the Okta Admin Portal. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-onelogin.md b/_articles/login-with-sso/saml-onelogin.md index 1f060454..f2ebd10b 100644 --- a/_articles/login-with-sso/saml-onelogin.md +++ b/_articles/login-with-sso/saml-onelogin.md @@ -10,7 +10,7 @@ order: --- This article contains **OneLogin-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the OneLogin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden Web Vault and the OneLogin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -18,9 +18,11 @@ Configuration involves working simultaneously within the Bitwarden [Business Por [{% icon fa-download %} Download Sample]({{site.baseurl}}/files/saml-onelogin-sample.zip) {% endcallout %} -## Open the Business Portal +## Open SSO in the Web Vault -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso). If you don't refer to that article to create an Organization ID for SSO. + +Navigate to your Organization's **Manage** → **Single Sign-On** screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -40,7 +42,7 @@ Give your application a Bitwarden-specific **Display Name** and select the **Sav ### Configuration -Select **Configuration** from the left-hand navigation and configure the following information, some of which you'll need to retreive from the Bitwarden Business Portal: +Select **Configuration** from the left-hand navigation and configure the following information, some of which you'll need to retrieve from the Single Sign-On screen: {% image sso/cheatsheets/saml-onelogin/ol-appconfig.png %} @@ -86,11 +88,11 @@ Select **Access** from the left-hand navigation. In the **Roles** section, assig {% image sso/cheatsheets/saml-onelogin/ol-roles.png Role Assignment %} -## Back to the Business Portal +## Back to the Web Vault -At this point, you've configured everything you need within the context of the OneLogin Portal. Jump back over to the Bitwarden Business Portal to complete configuration. +At this point, you've configured everything you need within the context of the OneLogin Portal. Jump back over to the Bitwarden Web Vault to complete configuration. -The Business Portal separates configuration into two sections: +The Single Sign-On screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. diff --git a/_articles/login-with-sso/saml-pingfederate.md b/_articles/login-with-sso/saml-pingfederate.md index 542e9a83..985535f9 100644 --- a/_articles/login-with-sso/saml-pingfederate.md +++ b/_articles/login-with-sso/saml-pingfederate.md @@ -19,8 +19,8 @@ The following is a sample SAML 2.0 implementation with Bitwarden in the PingFede {% image sso/cheatsheets/saml-pingfederate/saml-pingfederate.png %} -## Bitwarden Business Portal +## Bitwarden SSO Screen -The following is a sample SAML 2.0 implementation with PingFederate in the Bitwarden Business Portal: +The following is a sample SAML 2.0 implementation with PingFederate in the Bitwarden Single Sign-On screen: {% image sso/cheatsheets/saml-pingfederate/saml-pingfederate-bitwarden.png %} diff --git a/_articles/login-with-sso/using-sso.md b/_articles/login-with-sso/using-sso.md index d2a068f7..359646f4 100644 --- a/_articles/login-with-sso/using-sso.md +++ b/_articles/login-with-sso/using-sso.md @@ -5,7 +5,7 @@ categories: [login-with-sso] featured: false popular: false tags: [sso] -order: 04 +order: "04" redirect_from: - /article/link-to-sso/ - /article/sso-access-your-vault/ diff --git a/_articles/miscellaneous/auto-fill-android-troubleshooting.md b/_articles/miscellaneous/auto-fill-android-troubleshooting.md index 351c2a8b..6f978ae9 100644 --- a/_articles/miscellaneous/auto-fill-android-troubleshooting.md +++ b/_articles/miscellaneous/auto-fill-android-troubleshooting.md @@ -2,7 +2,7 @@ layout: article title: Troubleshooting Android Auto-fill categories: [auto-fill] -order: "09" +order: "10" featured: false popular: false tags: [android, autofill, auto-fill] diff --git a/_articles/miscellaneous/change-theme.md b/_articles/miscellaneous/change-theme.md index 6050511e..14ef246f 100644 --- a/_articles/miscellaneous/change-theme.md +++ b/_articles/miscellaneous/change-theme.md @@ -7,11 +7,14 @@ popular: false tags: [] --- -Bitwarden Browser Extensions, Desktop Apps, and Mobile apps come packed with stylish themes: +The Bitwarden Web Vault, Browser Extensions, Desktop Apps, and Mobile apps come packed with stylish themes:
-
+
+{% capture web_vault %} +#### Web Vault + +To change the theme of your Web Vault: + +1. Select **Settings** from the navigation. +2. From the left-hand Settings menu, select **Options**. +3. From the **Theme** dropdown, select your favorite theme! + + {% image features/theme-webvault.png Change Theme %} + +{% endcapture %} +{{ web_vault | markdownify}} +
+
{% capture browser_extension %} #### Browser Extension diff --git a/_articles/miscellaneous/cli.md b/_articles/miscellaneous/cli.md index e18c4a33..b79a6194 100644 --- a/_articles/miscellaneous/cli.md +++ b/_articles/miscellaneous/cli.md @@ -663,6 +663,8 @@ You can generate a complex passphrase using the options available to the command - `--words ` (number of words) - `--separator ` (separator character) +- `--capitalize, -c` (include to title-case the passphrase) +- `--includeNumber` (include numbers in the passphrase) ### update diff --git a/_articles/organizations/about-business-portal.md b/_articles/organizations/about-business-portal.md deleted file mode 100644 index 6ea510c6..00000000 --- a/_articles/organizations/about-business-portal.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -layout: article -title: Business Portal -categories: [login-with-sso] -featured: false -popular: false -tags: [organizations, business portal, sso, policies] -order: "06" ---- -## What is the Business Portal? - -The Bitwarden Business Portal is a dedicated space for administrators to configure **Single Sign-On** for their Organization. Users with the User Type **Admin** or higher can access the Business Portal by selecting the **Business Portal** button from their Organization screen. - -{% image organizations/business-portal-button-overlay.png Business Portal button %} diff --git a/_articles/organizations/about-organizations.md b/_articles/organizations/about-organizations.md index 213a8537..8bf07085 100644 --- a/_articles/organizations/about-organizations.md +++ b/_articles/organizations/about-organizations.md @@ -58,7 +58,7 @@ Organizations are created and managed from the [Web Vault]({{site.baseurl}}/arti 4. If you chose a **Free Organization**, you're all set! If you chose one of our paid Organizations, - **Families/Teams/Enterprise:** Your plan comes with 1GB of encrypted [storage for attachments]({{site.baseurl}}/article/attachments/). Add **Additional Storage (GB)** for $0.33 per GB per month. - - **Teams/Enterprise:** Specify the number of **User Seats** you need for your Organization. You can always add more seats later. + - **Teams/Enterprise:** Specify the number of **User Seats** you need for your Organization. Seats will be added if you exceed this number, unless you [specify a limit]({{site.baseurl}}/article/managing-users/#set-a-seat-limit). - **Teams/Enterprise:** Choose whether you'd like to be billed **Annually** or **Monthly**. Families Organizations can only be billed annually. 5. Once you're happy with your Organization, enter your **Payment Information** and select **Submit**. diff --git a/_articles/organizations/admin-reset.md b/_articles/organizations/admin-reset.md index 793f0103..fd4d78b8 100644 --- a/_articles/organizations/admin-reset.md +++ b/_articles/organizations/admin-reset.md @@ -117,4 +117,8 @@ To reset a Master Password for a member of your Enterprise Organization: When your Master Password is reset, you will receive an email from Bitwarden to inform you of this. On receiving this email, contact your Organization administrator to obtain your new Master Password through a secure channel like [Bitwarden Send]({{site.baseurl}}/article/create-send/). -Once you have regained access to your Vault using the new Master Password, you should immediately change your Master Password to something **strong** and **memorable**. Changing your Master Password after a reset will help to protect your privacy. +Once you have regained access to your Vault using the new Master Password, you'll be prompted to update your Master Password again: + +{% image organizations/pwreset-temporary.png Update your Master Password %} + +You're required to update your Master Password after a reset because a Master Password should be **strong**, **memorable**, and something **only you** know. diff --git a/_articles/organizations/managing-users.md b/_articles/organizations/managing-users.md index 4251c406..5fdc2c51 100644 --- a/_articles/organizations/managing-users.md +++ b/_articles/organizations/managing-users.md @@ -10,33 +10,46 @@ redirect_from: - /article/user-seats/ --- -## Manage User Seats +## User Seats -Bitwarden [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations) allow you to add or remove user seats on-the-fly to best fit your business's needs. Only an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/#user-types) or [Provider Service User]({{site.baseurl}}/article/provider-users/#provider-user-types) can add and remove seats, as this directly affects billing. +Bitwarden [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations) will **automatically scale up** user seats as you [invite](#invite) new users. You can set a [seat limit](#seat-limit) on scaling to prevent your seat count from exceeding a specified number, or [manually add seats](#manually-add-or-remove-seats) as desired. Regardless of how you choose to add seats, you will need to [manually remove](#manually-add-or-remove-seats) seats you're no longer using. + +Adding and removing user seats will adjust your future billing totals. Adding seats will immediately charge your payment method on file at an adjusted rate so that **you'll only pay for the remainder of the billing cycle** (month/year). Removing seats will cause your next charge to be adjusted so that you're **credited for time not used** by the already-paid-for seat. {% callout info %} -If you have a [Free or Families Organization]({{site.baseurl}}/article/about-organizations/#types-of-organizations), your user seats are pre-loaded and fixed at 2 and 6, respectively. +Only an an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/#user-types) or [Provider Service User]({{site.baseurl}}/article/provider-users/#provider-user-types) can add or remove seats, as this directly affects billing. {% endcallout %} -### Add Seats +### Set a Seat Limit -To add seats to your Organization: +To set a limit on the number of seats your Organization can scale up to: 1. Log in to your [Web Vault]({{site.baseurl}}/article/getting-started-webvault) and open your Organization. 2. Open the **Settings** tab and select **Subscription** from the left-hand menu. -3. Select the **Add Seats** button. +3. Check the **Limit Subscription (Optional)** checkbox: -Adding user seats will adjust your future billing totals and immediately charge your payment method on file. That immediate charge will be pro-rated such that you'll only pay for the remainder of the billing cycle (month/year). + {% image organizations/user-seats.png Set a Seat Limit %} +4. In the **Maximum Seat Limit (Optional)** input, specify a seat limit. +5. Select **Save**. -### Remove Seats +{% callout info %} +Once the specified limit is reached, you will not be able to invite new users unless you increase the limit. +{% endcallout %} -To remove seats from your Organization: +### Manually Add or Remove Seats + +To manually add or remove seats to your Organization: 1. Log in to your [Web Vault]({{site.baseurl}}/article/getting-started-webvault) and open your Organization. 2. Open the **Settings** tab and select **Subscription** from the left-hand menu. -3. Select the **Add Seats** button. +3. In the **Subscription Seats** input, add or remove seats using the hover-over arrows: -Removing user seats will adjust your future billing totals. The next charge will be pro-rated such that you are credited back for time not used by the already-paid-for seat. + {% image organizations/user-seats-add-remove.png Add or Remove Users Seats %} +4. Select **Save**. + +{% callout info %} +If you're increasing your **Subscription Seats** above a specified **Maximum Seat Limit**, you must also increase the seat limit so that it is equal to or greater than the desired subscription seat count. +{% endcallout %} ## Onboard Users diff --git a/_articles/organizations/policies.md b/_articles/organizations/policies.md index 56a58f89..13e9c5e5 100644 --- a/_articles/organizations/policies.md +++ b/_articles/organizations/policies.md @@ -71,7 +71,7 @@ Enabling the **Password Generator** policy will enforce a configurable set of mi {% callout warning %} Existing non-compliant passwords **will not** be changed when this policy is enabled, nor will the items be removed from the Organization. When changing or generating a password after this policy is enabled, configured policy rules will be enforced. -A banner is displayed to users on the Password Generator screen to indicate that a policy will affect their generator settings. +A banner is displayed to users on the Password Generator screen to indicate that a policy is affecting their generator settings. {% endcallout %} ### Single Organization @@ -98,7 +98,7 @@ As a result, you must disable the **Single Sign-On Authentication** policy befor Enabling the **Personal Ownership** policy will require non-Owner/non-Admin users to save Vault Items to an Organization by disabling personal ownership of Vault items for organization users. -A banner is displayed to users on the Add Item screen indicating that a policy will affect their ownership options. +A banner is displayed to users on the Add Item screen indicating that a policy is affecting their ownership options. {% callout info %} Vault Items that were created prior to the implementation of this policy or prior to joining the Organization will remain in the user's personal Vault. @@ -129,3 +129,21 @@ Enabling the **Automatic Enrollment** option will automatically enroll new users {% callout info %} Users already in the Organization will not be retroactively enrolled in Password Reset, and will be required to [self-enroll]({{site.baseurl}}/article/admin-reset/#self-enroll-in-password-reset). {% endcallout %} + +### Vault Timeout + +Enabling the **Vault Timeout** policy will implement a maximum [Vault Timeout]({{site.baseurl}}/article/vault-timeout/#vault-timeout-time-constraint) duration for all members of your Organization. This policy applies the timeout restriction to all client applications (Mobile, Desktop, Browser Extension, etc.). + +A banner is displayed to users during Vault Timeout configuration indicating that a policy is affecting their options. + +{% callout info %} +The **Single Organization** policy must be enabled before activating this policy. + +As a result, you must disable the **Vault Timeout** policy before you can disable the **Single Organization** policy. +{% endcallout %} + +### Disable Personal Vault Export + +Enabling the **Disable Personal Vault Export** policy will prohibit non-Owner/non-Admin members of your Organization from [exporting their private Vault data]({{site.baseurl}}/article/export-your-data/#export-a-personal-vault). + +In the Web Vault and CLI, a message is displayed to users indicating that a policy is affecting their options. In other clients, the option will simply be disabled. diff --git a/_articles/organizations/user-types-access-control.md b/_articles/organizations/user-types-access-control.md index f9974dff..c593fe27 100644 --- a/_articles/organizations/user-types-access-control.md +++ b/_articles/organizations/user-types-access-control.md @@ -32,12 +32,16 @@ User Type determines the permissions a user will have within your Organization. Selecting the **Custom** role for a user allows for granular control of permissions on a user-by-user basis. A Custom role user can have a configurable selection of Manager and Admin capabilities, including: -- Manage Assigned collections -- Access Business Portal +- Manage Assigned Collections (provides the following 2 options) + - Edit Assigned Collections + - Delete Assigned Collections - Access Event Logs - Access Import/Export - Access Reports -- Manage All Collections +- Manage All Collections (provides the following 3 options) + - Create New Collections + - Edit Any Collection + - Delete Any Collection - Manage Groups - Manage SSO - Manage Policies @@ -45,8 +49,8 @@ Selecting the **Custom** role for a user allows for granular control of permissi - Manage Password Reset {% callout success %} -As an example, the Custom role allows for the creation of a user that can fully manage a User-Group-Collection relationship, without the ability to see anything in a Collection to which they are not assigned. This scenario would involve selecting only the following boxes for this Custom user: -- Manage Assigned Collections +As an example, the Custom role allows for the creation of a user that can manage a User-Group-Collection relationship, without the ability to see anything in a Collection to which they are not assigned or delete any Collection. This scenario would involve selecting only the following boxes for this Custom user: +- Manage Assigned Collections → Edit Assigned Collections - Manage Groups - Manage Users {% endcallout %} diff --git a/_articles/plans-and-pricing/enterprise-free-trial.md b/_articles/plans-and-pricing/enterprise-free-trial.md index f836a5e7..d363bd33 100644 --- a/_articles/plans-and-pricing/enterprise-free-trial.md +++ b/_articles/plans-and-pricing/enterprise-free-trial.md @@ -34,7 +34,7 @@ If you already have a Bitwarden account, complete the following steps to start y - Check the **This account is owned by a business** checkbox. - Provide your **Business Name**. 5. Select the **Enterprise** plan option. Doing so will trigger additional enterprise-oriented fields to be displayed. -6. In the **Users** section, enter the number of **User Seats** you need. You can add additional seats later if required. +6. In the **Users** section, enter the number of **User Seats** you need. Seats will be added if you exceed this number, unless you [specify a limit]({{site.baseurl}}/article/managing-users/#set-a-seat-limit). 7. In the **Addons** section, enter the amount of **Additional Storage (GB)** you need. Your plan comes with 1 GB of shared encrypted file attachments, and you can add additional storage later if required. 8. In the **Summary** section, select whether you'd like to be billed **Annually** or **Monthly**. 9. Enter your **Payment Information** and select **Submit**. diff --git a/_articles/plans-and-pricing/upgrade-from-individual-to-org.md b/_articles/plans-and-pricing/upgrade-from-individual-to-org.md index 97bcad0a..04bf2273 100644 --- a/_articles/plans-and-pricing/upgrade-from-individual-to-org.md +++ b/_articles/plans-and-pricing/upgrade-from-individual-to-org.md @@ -38,7 +38,7 @@ Complete the following steps to start your Organization: {% callout info %}Paid Organizations (Families, Teams, or Enterprise) include premium features for all enrolled users. For more information about Premium features, see [About Bitwarden Plans]({{site.baseurl}}/article/about-bitwarden-plans/#compare-the-plans/). {% endcallout %} 6. If you selected a Paid Organization, enter the following information: - - For **Teams** or **Enterprise**, enter the number of **User Seats** you need. You can add additional seats later if required. + - For **Teams** or **Enterprise**, enter the number of **User Seats** you need. Seats will be added if you exceed this number, unless you [specify a limit]({{site.baseurl}}/article/managing-users/#set-a-seat-limit). - For **Families**, **Teams**, or **Enterprise**, enter the amount of **Additional Storage (GB)** you need. You plan comes with 1 GB of shared encrypted file attachments, and you can add additional storage later if needed. - For **Teams** or **Enterprise**, select whether you'd like to be billed **Annually** or **Monthly**. Families Organizations may only be billed annually. - For any Paid Organization, enter your **Payment Information** diff --git a/_articles/providers/client-org-setup.md b/_articles/providers/client-org-setup.md index cf0941b9..3f5d93ed 100644 --- a/_articles/providers/client-org-setup.md +++ b/_articles/providers/client-org-setup.md @@ -30,7 +30,7 @@ To create a Client Organization you must be a [Provider Admin]({{site.baseurl}}/ {% callout success %}Teams and Enterprise Organizations include premium features for all enrolled users.{% endcallout %} 4. Set the following options for the Organization: - - **User Seats**: Specify the number of User Seats you need for the Client Organization. You can always add more seats later. + - **User Seats**: Specify the number of User Seats you need for the Client Organization. Seats will be added if you exceed this number, unless you [specify a limit]({{site.baseurl}}/article/managing-users/#set-a-seat-limit). - **Additional Storage (GB)**: Organizations come with 1GB of encrypted [storage for attachments]({{site.baseurl}}/article/attachments/). Add additional storage for $0.33 per GB per month. - **Billing Cadence**: Choose whether you'd like to be billed for this Organization Annually or Monthly. diff --git a/images/autofill/auto-fill-custom-field.png b/images/autofill/auto-fill-custom-field.png new file mode 100644 index 00000000..86bcde3d Binary files /dev/null and b/images/autofill/auto-fill-custom-field.png differ diff --git a/images/biometrics/extension-launch.png b/images/biometrics/extension-launch.png new file mode 100644 index 00000000..57fa6300 Binary files /dev/null and b/images/biometrics/extension-launch.png differ diff --git a/images/features/theme-webvault.png b/images/features/theme-webvault.png new file mode 100644 index 00000000..40f6d4c5 Binary files /dev/null and b/images/features/theme-webvault.png differ diff --git a/images/hosting/update-license.png b/images/hosting/update-license.png index ae0dfb5a..c7648229 100644 Binary files a/images/hosting/update-license.png and b/images/hosting/update-license.png differ diff --git a/images/importing/org-tools.png b/images/importing/org-tools.png index 0594cb2e..d109e1a2 100644 Binary files a/images/importing/org-tools.png and b/images/importing/org-tools.png differ diff --git a/images/organizations/clone-org-item.png b/images/organizations/clone-org-item.png index e8b7fc3e..469a7681 100644 Binary files a/images/organizations/clone-org-item.png and b/images/organizations/clone-org-item.png differ diff --git a/images/organizations/collection-delete.png b/images/organizations/collection-delete.png index 25f690e6..7644a214 100644 Binary files a/images/organizations/collection-delete.png and b/images/organizations/collection-delete.png differ diff --git a/images/organizations/collection-list-overlay.png b/images/organizations/collection-list-overlay.png index 3458b455..19276b3c 100644 Binary files a/images/organizations/collection-list-overlay.png and b/images/organizations/collection-list-overlay.png differ diff --git a/images/organizations/event-logs-export.png b/images/organizations/event-logs-export.png index ab190762..97a26cc7 100644 Binary files a/images/organizations/event-logs-export.png and b/images/organizations/event-logs-export.png differ diff --git a/images/organizations/event-logs-provider.png b/images/organizations/event-logs-provider.png index e2fd30e4..6a960254 100644 Binary files a/images/organizations/event-logs-provider.png and b/images/organizations/event-logs-provider.png differ diff --git a/images/organizations/event-logs-updated.png b/images/organizations/event-logs-updated.png index 137c65a2..eae57556 100644 Binary files a/images/organizations/event-logs-updated.png and b/images/organizations/event-logs-updated.png differ diff --git a/images/organizations/groups-newgroup.png b/images/organizations/groups-newgroup.png index 5dd32b02..dcceb39b 100644 Binary files a/images/organizations/groups-newgroup.png and b/images/organizations/groups-newgroup.png differ diff --git a/images/organizations/org-api-key.png b/images/organizations/org-api-key.png index fe853ae2..7e80236c 100644 Binary files a/images/organizations/org-api-key.png and b/images/organizations/org-api-key.png differ diff --git a/images/organizations/org-export.png b/images/organizations/org-export.png index b37bfd49..67e58196 100644 Binary files a/images/organizations/org-export.png and b/images/organizations/org-export.png differ diff --git a/images/organizations/org-people-bulkremove.png b/images/organizations/org-people-bulkremove.png index 18a69059..63639860 100644 Binary files a/images/organizations/org-people-bulkremove.png and b/images/organizations/org-people-bulkremove.png differ diff --git a/images/organizations/org-people-invite.png b/images/organizations/org-people-invite.png index c754ac4d..d2a2101a 100644 Binary files a/images/organizations/org-people-invite.png and b/images/organizations/org-people-invite.png differ diff --git a/images/organizations/org-people-options-overlay.png b/images/organizations/org-people-options-overlay.png index 4aaa482d..0615f2fe 100644 Binary files a/images/organizations/org-people-options-overlay.png and b/images/organizations/org-people-options-overlay.png differ diff --git a/images/organizations/org-people-options-updated-overlay.png b/images/organizations/org-people-options-updated-overlay.png index 5494a8f2..42c86cde 100644 Binary files a/images/organizations/org-people-options-updated-overlay.png and b/images/organizations/org-people-options-updated-overlay.png differ diff --git a/images/organizations/org-people-reinvite.png b/images/organizations/org-people-reinvite.png index b8f1c49d..62391102 100644 Binary files a/images/organizations/org-people-reinvite.png and b/images/organizations/org-people-reinvite.png differ diff --git a/images/organizations/org-vault-admin.png b/images/organizations/org-vault-admin.png index 4e3a30ed..253bc841 100644 Binary files a/images/organizations/org-vault-admin.png and b/images/organizations/org-vault-admin.png differ diff --git a/images/organizations/policies.png b/images/organizations/policies.png index 3d9c7943..a2c3558f 100644 Binary files a/images/organizations/policies.png and b/images/organizations/policies.png differ diff --git a/images/organizations/pwreset-reset.png b/images/organizations/pwreset-reset.png index 8cea050a..9e8e7907 100644 Binary files a/images/organizations/pwreset-reset.png and b/images/organizations/pwreset-reset.png differ diff --git a/images/organizations/pwreset-temporary.png b/images/organizations/pwreset-temporary.png index fe8c6ca0..4c05b1cb 100644 Binary files a/images/organizations/pwreset-temporary.png and b/images/organizations/pwreset-temporary.png differ diff --git a/images/organizations/user-seats-add-remove.png b/images/organizations/user-seats-add-remove.png new file mode 100644 index 00000000..e2910638 Binary files /dev/null and b/images/organizations/user-seats-add-remove.png differ diff --git a/images/organizations/user-seats.png b/images/organizations/user-seats.png index 85219b72..daaea191 100644 Binary files a/images/organizations/user-seats.png and b/images/organizations/user-seats.png differ diff --git a/images/sso/cheatsheets/saml-pingfederate/saml-pingfederate-bitwarden.png b/images/sso/cheatsheets/saml-pingfederate/saml-pingfederate-bitwarden.png index 1c27ab9f..de6adb73 100644 Binary files a/images/sso/cheatsheets/saml-pingfederate/saml-pingfederate-bitwarden.png and b/images/sso/cheatsheets/saml-pingfederate/saml-pingfederate-bitwarden.png differ diff --git a/images/sso/manage-sso.png b/images/sso/manage-sso.png new file mode 100644 index 00000000..abdde85b Binary files /dev/null and b/images/sso/manage-sso.png differ diff --git a/images/sso/org-id.png b/images/sso/org-id.png index 25a8e490..7d6fb61a 100644 Binary files a/images/sso/org-id.png and b/images/sso/org-id.png differ diff --git a/images/sso/sso-oidc1.png b/images/sso/sso-oidc1.png index ea207d84..7f0ccc7f 100644 Binary files a/images/sso/sso-oidc1.png and b/images/sso/sso-oidc1.png differ diff --git a/images/sso/sso-saml1.png b/images/sso/sso-saml1.png index af001d6b..80ea1db0 100644 Binary files a/images/sso/sso-saml1.png and b/images/sso/sso-saml1.png differ diff --git a/images/two-step/wv-orgsettingstab.png b/images/two-step/wv-orgsettingstab.png index 11b9b30a..a9988fd7 100644 Binary files a/images/two-step/wv-orgsettingstab.png and b/images/two-step/wv-orgsettingstab.png differ