Misc (#807)

* tip - export format when uploading to a new account * update on premise - cron example * note on failed pin attempts * strike email requirement for self-host licensing * FAQ item on changing sp entity id, acs, callback path, etc. * tips on --apikey for CLI in SSO required organizations * issue 804
2025-12-06 00:03:30 +00:00 · 2021-11-17 10:50:42 -05:00
parent 4cb068e949
commit f32f7507d7
8 changed files with 43 additions and 7 deletions
--- a/_articles/account/export-your-data.md
+++ b/_articles/account/export-your-data.md
@@ -55,6 +55,8 @@ To export your personal Vault data from the Web Vault:
 1. Select **Tools** from the top navigation bar.
 2. Select **Export Vault** from the left-hand Tools menu.
 3. On the Vault Export page, choose a **File Format** (`.json`, `.csv`, or `.json (Encrypted)`).
+
+   {% callout success %}If you need to import this data into a new Bitwarden account, choose the regular `.json` format (**not** `.json (Encrypted)`).{% endcallout %}
 4. Enter your **Master Password** and select the **Export Vault** button.

 {% endcapture %}
@@ -70,6 +72,8 @@ To export your personal Vault data from a Browser Extension:
 1. Open the {% icon fa-cogs %} **Settings** tab.
 2. Scroll down to the **Tools** section and select the **Export Vault** option.
 3. On the Export Vault view, choose a **File Format** (`.json`, `.csv`, or `.json (Encrypted)`).
+
+   {% callout success %}If you need to import this data into a new Bitwarden account, choose the regular `.json` format (**not** `.json (Encrypted)`).{% endcallout %}
 4. Enter your **Master Password** and select **Submit**.

 {% callout info %}
@@ -90,6 +94,8 @@ To export your personal Vault data from a Desktop app:

 1. From the menu bar, navigate to **File** &rarr; **Export Vault**.
 2. In the Export Vault window, choose a **File Format** (`.json`, `.csv`, or `.json (Encryped)`).
+
+   {% callout success %}If you need to import this data into a new Bitwarden account, choose the regular `.json` format (**not** `.json (Encrypted)`).{% endcallout %}
 3. Enter your **Master Password** and select the {% icon fa-download %} **Download** button.

 {% endcapture %}
@@ -105,6 +111,8 @@ To export your personal Vault data from a Mobile app:
 1. Tap the {% icon fa-cogs %} **Settings** tab.
 2. Scroll down to the **Tools** section and tap the **Export Vault** option.
 3. On the Export Vault view, choose a **File Format** (`.json`, `.csv`, or `.json (Encrypted)`).
+
+   {% callout success %}If you need to import this data into a new Bitwarden account, choose the regular `.json` format (**not** `.json (Encrypted)`).{% endcallout %} 
 4. Enter your **Master Password** and tap the **Export Vault** button.

 {% endcapture %}
--- a/_articles/account/forgot-master-password.md
+++ b/_articles/account/forgot-master-password.md
@@ -11,7 +11,7 @@ description: "This article explains what to do if you forgot your master passwor

 As described in the [Your Master Password]({{site.baseurl}}/article/master-password/) article, Bitwarden has no knowledge of, way to retrieve, or way to reset your Master Password.

-If you've already lost your Master Password, there is unfortunately no way for anyone to recover the account or the data stored in your Personal Vault unless you're enrolled in [Organization Master Password Reset]({{site.baseurl}}/article/admin-reset/). You will need to delete your account and start a new one.
+If you've already lost your Master Password, there is unfortunately no way for anyone to recover the account or the data stored in your Personal Vault unless you're enrolled in [Organization Master Password Reset]({{site.baseurl}}/article/admin-reset/) or have a designated [trusted emergency contact]({{site.baseurl}}/article/emergency-access). You will need to delete your account and start a new one.

 {% callout success %}
 Before deleting your account:
@@ -20,7 +20,7 @@ Before deleting your account:

 **Second**, if you're having issues logging in with a Bitwarden client application, try logging in using another type of client, or on another device.

-**Third**, if you have a designated Trusted Emergency Contact established using [Emergency Access]({{site.baseurl}}/article/emergency-access/), get in contact with them to regain Read or Takeover access to your account.
+**Third**, if you have a designated Trusted Emergency Contact established using [Emergency Access]({{site.baseurl}}/article/emergency-access/), get in contact with them to regain Read or Takeover access to your account. Or, if your Organization uses [Admin Password Reset]({{site.baseurl}}/article/admin-reset/), reach out to an administrator.

 **Lastly**, if you're using any Bitwarden client applications (Mobile Apps, Browser Extensions, etc.), you should check whether any of these sessions are still logged in prior to deleting your account. If a client application is still logged in, you should manually catalogue your Vault items to preserve your data.
 {% endcallout %}
--- a/_articles/account/master-password.md
+++ b/_articles/account/master-password.md
@@ -56,7 +56,7 @@ Other logged-in client applications (Mobile Apps, Browser Extensions, etc.) may

 As described in the [About Your Master Password](#about-your-master-password) section, Bitwarden has no knowledge of, way to retrieve, or way to reset your Master Password.

-If you've already lost your Master Password, there is unfortunately no way for the team to recover the account or the data therein. You will need to delete your account and start a new one.
+If you've already lost your Master Password, there is unfortunately no way for anyone to recover the account or the data stored in your Personal Vault unless you're enrolled in [Organization Master Password Reset]({{site.baseurl}}/article/admin-reset/) or have a designated [trusted emergency contact]({{site.baseurl}}/article/emergency-access). You will need to delete your account and start a new one.

 {% callout success %}
 If you're using any Bitwarden client applications (Mobile Apps, Browser Extensions, etc.) you should check whether any of these sessions are still logged in prior to deleting your account. If a client application is still logged in, you should manually catalogue your Vault items to preserve your data.
--- a/_articles/account/unlock-with-pin.md
+++ b/_articles/account/unlock-with-pin.md
@@ -13,6 +13,10 @@ Bitwarden can be configured to accept a Personal Identification Number (PIN) as

 PINs can **only be used to unlock** your Vault, you will still be required to use your Master Password and any enabled [Two-step Login method]({{site.baseurl}}/article/setup-two-step-login/) when you **log in**. If you're not sure of the difference, scroll down to [Understanding Unlock vs. Log In](#understanding-unlock-vs-log-in).

+{% callout info %}
+After 5 failed PIN attempts, the Bitwarden app will automatically log out of your account.
+{% endcallout %}
+
 ## Enable Unlock with PIN

 Unlock with PIN can be enabled for Bitwarden Browser Extensions, Desktop, and Mobile:
--- a/_articles/faqs/sso-faqs.md
+++ b/_articles/faqs/sso-faqs.md
@@ -57,6 +57,10 @@ In practice, that means that anytime an employee logs in to Bitwarden using SSO,
  - `https://vault.bitwarden.com/#/sso?identifier=your-org-id` for Cloud-hosted instances
  - `https://your.domain.com/#/sso?identifier=your-org-id` for Self-hosted instances

+### Q: How do I change pre-generated SSO configuration values?
+
+**A:** Pre-generated SSO configuration values including **SP Entity ID**, **SAML 2.0 Metadata URL**, **ACS URL**, and **Callback Path** can be changed in self-hosted environments by changing the `url:` value in `.bwdata/config.yml` and running the `./bitwarden.sh rebuild` command to apply your change.
+
 ## Security

 ### Q: How does Login with SSO work with the zero-knowledge model?
--- a/_articles/hosting/licensing-on-premise.md
+++ b/_articles/hosting/licensing-on-premise.md
@@ -48,13 +48,13 @@ You must be an [Organization Owner]({{site.baseurl}}/article/user-types-access-c
 1. In the Cloud [Web Vault]({{site.baseurl}}/article/getting-started-webvault), open your Organization.
 2. Select the Organization **Settings** tab and select **Subscription** from the left menu.
 3. Select the **Download License** button.
-4. When prompted, enter the installation id that was used to install your self-hosted server and select **Submit**.
+4. When prompted, enter the installation ID that was used to install your self-hosted server and select **Submit**.

-   If you don't know the installation id off-hand, you can retrieve it from `./bwdata/env/global.override.env`.
+   If you don't know the installation ID off-hand, you can retrieve it from `./bwdata/env/global.override.env`.

 #### Apply your License

-1. Log in to your self-hosted Web Vault with an email address that matches the Cloud-hosted account from which you downloaded the license.
+1. Log in to your self-hosted Web Vault.
 2. Start a new Organization by selecting the {% icon fa-plus %} **Add Organization** button.
 3. When prompted, upload the Organization license file and select **Submit**.

--- a/_articles/hosting/updating-on-premise.md
+++ b/_articles/hosting/updating-on-premise.md
@@ -36,5 +36,17 @@ Update your Bitwarden instance using the same Bash (Linux or macOS) or Powershel
 Your Bitwarden installation should now be fully up to date and running.

 {% callout success %}
-We recommend creating a cronjob or scheduled task to run these update commands weekly, or even nightly. This will automatically keep your instance up to date.
+We recommend creating a cronjob or scheduled task to run these update commands weekly, or even nightly, to keep your instance up to date. For example, the following cron job would check for an update every Sunday at 2:00 and turn off email output for the job:
+
+```
+0 2 * * 0 /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1
+```
+
+In the above example, `updatebw.sh` is a script you must save manually that contains:
+
+```
+#!/bin/bash
+./bitwarden.sh updateself
+./bitwarden.sh update
+```
 {% endcallout %}
--- a/_articles/miscellaneous/cli.md
+++ b/_articles/miscellaneous/cli.md
@@ -175,6 +175,10 @@ bw login --apikey

 This will initiate a prompt for your personal `client_id` and `client_secret`. Once your session is authenticated using these values, you can use the `unlock` command ([learn more](#unlock)).

+{% callout success %}
+If your Organization [requires SSO]({{site.baseurl}}/article/policies/#single-sign-on-authentication), you can still use `--apikey` to log in to the CLI.
+{% endcallout %}
+
 #### Using API Key Environment Variables

 In scenarios where automated work is being done with the Bitwarden CLI, you can save environment variables to prevent the need for manual intervention at authentication.
@@ -194,6 +198,10 @@ bw login --sso

 This will initiate the [SSO authentication flow]({{site.baseurl}}/article/using-sso/#login-using-sso) in your web browser. Once your session is authenticated, you can use the `unlock` command ([learn more](#unlock)).

+{% callout success %}
+If your Organization [requires SSO]({{site.baseurl}}/article/policies/#single-sign-on-authentication), you may alternatively use `--apikey` to log in to the CLI.
+{% endcallout %}
+
 ## Unlock

 [Using an API Key](#using-an-api-key) or [SSO](#using-sso) to log in will require you to follow-up the `login` command with an explicit `bw unlock` if you will be working with Vault data directly.