Merge branch 'main' into billing/PM-24964/msp-unable-verfy-bank-account

2025-12-29 14:43:39 +00:00 · 2025-09-05 08:46:39 -05:00
parent 2ed7acf966 2c0c113420
commit 8d22653835
73 changed files with 494 additions and 103 deletions
--- a/src/Api/AdminConsole/Authorization/OrganizationClaimsExtensions.cs
+++ b/src/Api/AdminConsole/Authorization/OrganizationClaimsExtensions.cs
@@ -1,9 +1,9 @@
 #nullable enable

 using System.Security.Claims;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Context;
 using Bit.Core.Enums;
-using Bit.Core.Identity;
 using Bit.Core.Models.Data;

 namespace Bit.Api.AdminConsole.Authorization;
--- a/src/Api/AdminConsole/Controllers/OrganizationsController.cs
+++ b/src/Api/AdminConsole/Controllers/OrganizationsController.cs
@@ -554,18 +554,12 @@ public class OrganizationsController : Controller
    [HttpPut("{id}/collection-management")]
    public async Task<OrganizationResponseModel> PutCollectionManagement(Guid id, [FromBody] OrganizationCollectionManagementUpdateRequestModel model)
    {
-        var organization = await _organizationRepository.GetByIdAsync(id);
-        if (organization == null)
-        {
-            throw new NotFoundException();
-        }
-
        if (!await _currentContext.OrganizationOwner(id))
        {
            throw new NotFoundException();
        }

-        await _organizationService.UpdateAsync(model.ToOrganization(organization, _featureService), eventType: EventType.Organization_CollectionManagement_Updated);
+        var organization = await _organizationService.UpdateCollectionManagementSettingsAsync(id, model.ToSettings());
        var plan = await _pricingClient.GetPlan(organization.PlanType);
        return new OrganizationResponseModel(organization, plan);
    }
--- a/src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
@@ -78,12 +78,14 @@ public class ProfileOrganizationResponseModel : ResponseModel
        UseRiskInsights = organization.UseRiskInsights;
        UseOrganizationDomains = organization.UseOrganizationDomains;
        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
+        SsoEnabled = organization.SsoEnabled ?? false;

        if (organization.SsoConfig != null)
        {
            var ssoConfigData = SsoConfigurationData.Deserialize(organization.SsoConfig);
            KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
            KeyConnectorUrl = ssoConfigData.KeyConnectorUrl;
+            SsoMemberDecryptionType = ssoConfigData.MemberDecryptionType;
        }
    }

@@ -160,4 +162,6 @@ public class ProfileOrganizationResponseModel : ResponseModel
    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
    public bool IsAdminInitiated { get; set; }
+    public bool SsoEnabled { get; set; }
+    public MemberDecryptionType? SsoMemberDecryptionType { get; set; }
 }
--- a/src/Api/Models/Request/Organizations/OrganizationCollectionManagementUpdateRequestModel.cs
+++ b/src/Api/Models/Request/Organizations/OrganizationCollectionManagementUpdateRequestModel.cs
@@ -1,5 +1,4 @@
-using Bit.Core.AdminConsole.Entities;
-using Bit.Core.Services;
+using Bit.Core.AdminConsole.Models.Business;

 namespace Bit.Api.Models.Request.Organizations;

@@ -10,12 +9,11 @@ public class OrganizationCollectionManagementUpdateRequestModel
    public bool LimitItemDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }

-    public virtual Organization ToOrganization(Organization existingOrganization, IFeatureService featureService)
+    public OrganizationCollectionManagementSettings ToSettings() => new()
    {
-        existingOrganization.LimitCollectionCreation = LimitCollectionCreation;
-        existingOrganization.LimitCollectionDeletion = LimitCollectionDeletion;
-        existingOrganization.LimitItemDeletion = LimitItemDeletion;
-        existingOrganization.AllowAdminAccessToAllCollectionItems = AllowAdminAccessToAllCollectionItems;
-        return existingOrganization;
-    }
+        LimitCollectionCreation = LimitCollectionCreation,
+        LimitCollectionDeletion = LimitCollectionDeletion,
+        LimitItemDeletion = LimitItemDeletion,
+        AllowAdminAccessToAllCollectionItems = AllowAdminAccessToAllCollectionItems
+    };
 }
--- a/src/Api/SecretsManager/Controllers/ProjectsController.cs
+++ b/src/Api/SecretsManager/Controllers/ProjectsController.cs
@@ -4,10 +4,10 @@
 using Bit.Api.Models.Response;
 using Bit.Api.SecretsManager.Models.Request;
 using Bit.Api.SecretsManager.Models.Response;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.Identity;
 using Bit.Core.SecretsManager.AuthorizationRequirements;
 using Bit.Core.SecretsManager.Commands.Projects.Interfaces;
 using Bit.Core.SecretsManager.Entities;
--- a/src/Api/SecretsManager/Controllers/SecretsController.cs
+++ b/src/Api/SecretsManager/Controllers/SecretsController.cs
@@ -4,10 +4,10 @@
 using Bit.Api.Models.Response;
 using Bit.Api.SecretsManager.Models.Request;
 using Bit.Api.SecretsManager.Models.Response;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.Identity;
 using Bit.Core.SecretsManager.AuthorizationRequirements;
 using Bit.Core.SecretsManager.Commands.Secrets.Interfaces;
 using Bit.Core.SecretsManager.Entities;
--- a/src/Api/SecretsManager/Controllers/SecretsTrashController.cs
+++ b/src/Api/SecretsManager/Controllers/SecretsTrashController.cs
@@ -1,8 +1,8 @@
 using Bit.Api.SecretsManager.Models.Response;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.Identity;
 using Bit.Core.SecretsManager.Commands.Trash.Interfaces;
 using Bit.Core.SecretsManager.Entities;
 using Bit.Core.SecretsManager.Repositories;
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -13,7 +13,6 @@ using Bit.Api.KeyManagement.Validators;
 using Bit.Api.Tools.Models.Request;
 using Bit.Api.Vault.Models.Request;
 using Bit.Core.Auth.Entities;
-using Bit.Core.IdentityServer;
 using Bit.SharedWeb.Health;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.OpenApi.Models;
@@ -33,6 +32,8 @@ using Bit.Core.Tools.ImportFeatures;
 using Bit.Core.Auth.Models.Api.Request;
 using Bit.Core.Dirt.Reports.ReportFeatures;
 using Bit.Core.Tools.SendFeatures;
+using Bit.Core.Auth.IdentityServer;
+

 #if !OSS
 using Bit.Commercial.Core.SecretsManager;
--- a/src/Api/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Api/Utilities/ServiceCollectionExtensions.cs
@@ -2,7 +2,7 @@
 using Bit.Api.Tools.Authorization;
 using Bit.Api.Vault.AuthorizationHandlers.Collections;
 using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Authorization;
-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.IdentityServer;
 using Bit.Core.PhishingDomainFeatures;
 using Bit.Core.PhishingDomainFeatures.Interfaces;
 using Bit.Core.Repositories;
--- a/src/Billing/Controllers/FreshdeskController.cs
+++ b/src/Billing/Controllers/FreshdeskController.cs
@@ -152,6 +152,12 @@ public class FreshdeskController : Controller
            return new BadRequestResult();
        }

+        // if there is no description, then we don't send anything to onyx
+        if (string.IsNullOrEmpty(model.TicketDescriptionText.Trim()))
+        {
+            return Ok();
+        }
+
        // create the onyx `answer-with-citation` request
        var onyxRequestModel = new OnyxAnswerWithCitationRequestModel(model.TicketDescriptionText, _billingSettings.Onyx.PersonaId);
        var onyxRequest = new HttpRequestMessage(HttpMethod.Post,
@@ -164,9 +170,12 @@ public class FreshdeskController : Controller
        // the CallOnyxApi will return a null if we have an error response
        if (onyxJsonResponse?.Answer == null || !string.IsNullOrEmpty(onyxJsonResponse?.ErrorMsg))
        {
-            return BadRequest(
-                string.Format("Failed to get a valid response from Onyx API. Response: {0}",
-                            JsonSerializer.Serialize(onyxJsonResponse ?? new OnyxAnswerWithCitationResponseModel())));
+            _logger.LogWarning("Error getting answer from Onyx AI. Freshdesk model: {model}\r\n Onyx query {query}\r\nresponse: {response}. ",
+                    JsonSerializer.Serialize(model),
+                    JsonSerializer.Serialize(onyxRequestModel),
+                    JsonSerializer.Serialize(onyxJsonResponse));
+
+            return Ok(); // return ok so we don't retry
        }

        // add the answer as a note to the ticket
--- a/src/Core/AdminConsole/Enums/EventType.cs
+++ b/src/Core/AdminConsole/Enums/EventType.cs
@@ -70,7 +70,16 @@ public enum EventType : int
    Organization_EnabledKeyConnector = 1606,
    Organization_DisabledKeyConnector = 1607,
    Organization_SponsorshipsSynced = 1608,
-    Organization_CollectionManagement_Updated = 1609,
+    [Obsolete("Use other specific Organization_CollectionManagement events instead")]
+    Organization_CollectionManagement_Updated = 1609, // TODO: Will be removed in PM-25315
+    Organization_CollectionManagement_LimitCollectionCreationEnabled = 1610,
+    Organization_CollectionManagement_LimitCollectionCreationDisabled = 1611,
+    Organization_CollectionManagement_LimitCollectionDeletionEnabled = 1612,
+    Organization_CollectionManagement_LimitCollectionDeletionDisabled = 1613,
+    Organization_CollectionManagement_LimitItemDeletionEnabled = 1614,
+    Organization_CollectionManagement_LimitItemDeletionDisabled = 1615,
+    Organization_CollectionManagement_AllowAdminAccessToAllCollectionItemsEnabled = 1616,
+    Organization_CollectionManagement_AllowAdminAccessToAllCollectionItemsDisabled = 1617,

    Policy_Updated = 1700,

--- a/src/Core/AdminConsole/Models/Business/OrganizationCollectionManagementSettings.cs
+++ b/src/Core/AdminConsole/Models/Business/OrganizationCollectionManagementSettings.cs
@@ -0,0 +1,9 @@
+namespace Bit.Core.AdminConsole.Models.Business;
+
+public record OrganizationCollectionManagementSettings
+{
+    public bool LimitCollectionCreation { get; set; }
+    public bool LimitCollectionDeletion { get; set; }
+    public bool LimitItemDeletion { get; set; }
+    public bool AllowAdminAccessToAllCollectionItems { get; set; }
+}
--- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
@@ -49,6 +49,7 @@ public class OrganizationUserOrganizationDetails
    public string ProviderName { get; set; }
    public ProviderType? ProviderType { get; set; }
    public string FamilySponsorshipFriendlyName { get; set; }
+    public bool? SsoEnabled { get; set; }
    public string SsoConfig { get; set; }
    public DateTime? FamilySponsorshipLastSyncDate { get; set; }
    public DateTime? FamilySponsorshipValidUntil { get; set; }
--- a/src/Core/AdminConsole/Models/Data/Permissions.cs
+++ b/src/Core/AdminConsole/Models/Data/Permissions.cs
@@ -1,5 +1,5 @@
 using System.Text.Json.Serialization;
-using Bit.Core.Identity;
+using Bit.Core.Auth.Identity;

 namespace Bit.Core.Models.Data;

--- a/src/Core/AdminConsole/Services/IOrganizationService.cs
+++ b/src/Core/AdminConsole/Services/IOrganizationService.cs
@@ -2,6 +2,7 @@
 #nullable disable

 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
@@ -19,7 +20,8 @@ public interface IOrganizationService
    Task<string> AdjustSeatsAsync(Guid organizationId, int seatAdjustment);
    Task VerifyBankAsync(Guid organizationId, int amount1, int amount2);
    Task UpdateExpirationDateAsync(Guid organizationId, DateTime? expirationDate);
-    Task UpdateAsync(Organization organization, bool updateBilling = false, EventType eventType = EventType.Organization_Updated);
+    Task UpdateAsync(Organization organization, bool updateBilling = false);
+    Task<Organization> UpdateCollectionManagementSettingsAsync(Guid organizationId, OrganizationCollectionManagementSettings settings);
    Task UpdateTwoFactorProviderAsync(Organization organization, TwoFactorProviderType type);
    Task DisableTwoFactorProviderAsync(Organization organization, TwoFactorProviderType type);
    Task<OrganizationUser> InviteUserAsync(Guid organizationId, Guid? invitingUserId, EventSystemUser? systemUser,
--- a/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
+++ b/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
@@ -5,6 +5,7 @@ using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Enums.Provider;
+using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
@@ -378,8 +379,7 @@ public class OrganizationService : IOrganizationService
        }
    }

-    public async Task UpdateAsync(Organization organization, bool updateBilling = false,
-        EventType eventType = EventType.Organization_Updated)
+    public async Task UpdateAsync(Organization organization, bool updateBilling = false)
    {
        if (organization.Id == default(Guid))
        {
@@ -395,7 +395,7 @@ public class OrganizationService : IOrganizationService
            }
        }

-        await ReplaceAndUpdateCacheAsync(organization, eventType);
+        await ReplaceAndUpdateCacheAsync(organization, EventType.Organization_Updated);

        if (updateBilling && !string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
        {
@@ -420,11 +420,35 @@ public class OrganizationService : IOrganizationService
                    },
                });
        }
+    }

-        if (eventType == EventType.Organization_CollectionManagement_Updated)
+    public async Task<Organization> UpdateCollectionManagementSettingsAsync(Guid organizationId, OrganizationCollectionManagementSettings settings)
+    {
+        var existingOrganization = await _organizationRepository.GetByIdAsync(organizationId);
+        if (existingOrganization == null)
        {
-            await _pushNotificationService.PushSyncOrganizationCollectionManagementSettingsAsync(organization);
+            throw new NotFoundException();
        }
+
+        // Create logging actions based on what will change
+        var loggingActions = CreateCollectionManagementLoggingActions(existingOrganization, settings);
+
+        existingOrganization.LimitCollectionCreation = settings.LimitCollectionCreation;
+        existingOrganization.LimitCollectionDeletion = settings.LimitCollectionDeletion;
+        existingOrganization.LimitItemDeletion = settings.LimitItemDeletion;
+        existingOrganization.AllowAdminAccessToAllCollectionItems = settings.AllowAdminAccessToAllCollectionItems;
+        existingOrganization.RevisionDate = DateTime.UtcNow;
+
+        await ReplaceAndUpdateCacheAsync(existingOrganization);
+
+        if (loggingActions.Any())
+        {
+            await Task.WhenAll(loggingActions.Select(action => action()));
+        }
+
+        await _pushNotificationService.PushSyncOrganizationCollectionManagementSettingsAsync(existingOrganization);
+
+        return existingOrganization;
    }

    public async Task UpdateTwoFactorProviderAsync(Organization organization, TwoFactorProviderType type)
@@ -1214,4 +1238,44 @@ public class OrganizationService : IOrganizationService

        return status;
    }
+
+    private List<Func<Task>> CreateCollectionManagementLoggingActions(
+        Organization existingOrganization, OrganizationCollectionManagementSettings settings)
+    {
+        var loggingActions = new List<Func<Task>>();
+
+        if (existingOrganization.LimitCollectionCreation != settings.LimitCollectionCreation)
+        {
+            var eventType = settings.LimitCollectionCreation
+                ? EventType.Organization_CollectionManagement_LimitCollectionCreationEnabled
+                : EventType.Organization_CollectionManagement_LimitCollectionCreationDisabled;
+            loggingActions.Add(() => _eventService.LogOrganizationEventAsync(existingOrganization, eventType));
+        }
+
+        if (existingOrganization.LimitCollectionDeletion != settings.LimitCollectionDeletion)
+        {
+            var eventType = settings.LimitCollectionDeletion
+                ? EventType.Organization_CollectionManagement_LimitCollectionDeletionEnabled
+                : EventType.Organization_CollectionManagement_LimitCollectionDeletionDisabled;
+            loggingActions.Add(() => _eventService.LogOrganizationEventAsync(existingOrganization, eventType));
+        }
+
+        if (existingOrganization.LimitItemDeletion != settings.LimitItemDeletion)
+        {
+            var eventType = settings.LimitItemDeletion
+                ? EventType.Organization_CollectionManagement_LimitItemDeletionEnabled
+                : EventType.Organization_CollectionManagement_LimitItemDeletionDisabled;
+            loggingActions.Add(() => _eventService.LogOrganizationEventAsync(existingOrganization, eventType));
+        }
+
+        if (existingOrganization.AllowAdminAccessToAllCollectionItems != settings.AllowAdminAccessToAllCollectionItems)
+        {
+            var eventType = settings.AllowAdminAccessToAllCollectionItems
+                ? EventType.Organization_CollectionManagement_AllowAdminAccessToAllCollectionItemsEnabled
+                : EventType.Organization_CollectionManagement_AllowAdminAccessToAllCollectionItemsDisabled;
+            loggingActions.Add(() => _eventService.LogOrganizationEventAsync(existingOrganization, eventType));
+        }
+
+        return loggingActions;
+    }
 }
--- a/src/Core/Auth/Identity/Claims.cs
+++ b/src/Core/Auth/Identity/Claims.cs
@@ -1,4 +1,4 @@
-namespace Bit.Core.Identity;
+namespace Bit.Core.Auth.Identity;

 public static class Claims
 {
--- a/src/Core/Auth/Identity/CustomIdentityServiceCollectionExtensions.cs
+++ b/src/Core/Auth/Identity/CustomIdentityServiceCollectionExtensions.cs
--- a/src/Core/Auth/Identity/IdentityClientType.cs
+++ b/src/Core/Auth/Identity/IdentityClientType.cs
@@ -1,4 +1,4 @@
-namespace Bit.Core.Identity;
+namespace Bit.Core.Auth.Identity;

 public enum IdentityClientType : byte
 {
--- a/src/Core/Auth/IdentityServer/ApiScopes.cs
+++ b/src/Core/Auth/IdentityServer/ApiScopes.cs
@@ -1,6 +1,6 @@
 using Duende.IdentityServer.Models;

-namespace Bit.Core.IdentityServer;
+namespace Bit.Core.Auth.IdentityServer;

 public static class ApiScopes
 {
--- a/src/Core/Auth/IdentityServer/ConfigureOpenIdConnectDistributedOptions.cs
+++ b/src/Core/Auth/IdentityServer/ConfigureOpenIdConnectDistributedOptions.cs
@@ -8,7 +8,7 @@ using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;

-namespace Bit.Core.IdentityServer;
+namespace Bit.Core.Auth.IdentityServer;

 public class ConfigureOpenIdConnectDistributedOptions : IPostConfigureOptions<CookieAuthenticationOptions>
 {
--- a/src/Core/Auth/IdentityServer/DistributedCacheCookieManager.cs
+++ b/src/Core/Auth/IdentityServer/DistributedCacheCookieManager.cs
@@ -7,7 +7,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.DependencyInjection;

-namespace Bit.Core.IdentityServer;
+namespace Bit.Core.Auth.IdentityServer;

 public class DistributedCacheCookieManager : ICookieManager
 {
--- a/src/Core/Auth/IdentityServer/DistributedCacheTicketDataFormatter.cs
+++ b/src/Core/Auth/IdentityServer/DistributedCacheTicketDataFormatter.cs
@@ -5,7 +5,7 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.Caching.Distributed;

-namespace Bit.Core.IdentityServer;
+namespace Bit.Core.Auth.IdentityServer;

 public class DistributedCacheTicketDataFormatter : ISecureDataFormat<AuthenticationTicket>
 {
--- a/src/Core/Auth/IdentityServer/DistributedCacheTicketStore.cs
+++ b/src/Core/Auth/IdentityServer/DistributedCacheTicketStore.cs
@@ -5,7 +5,7 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.Caching.Distributed;

-namespace Bit.Core.IdentityServer;
+namespace Bit.Core.Auth.IdentityServer;

 public class DistributedCacheTicketStore : ITicketStore
 {
--- a/src/Core/Auth/UserFeatures/SendAccess/SendAccessClaimsPrincipalExtensions.cs
+++ b/src/Core/Auth/UserFeatures/SendAccess/SendAccessClaimsPrincipalExtensions.cs
@@ -1,5 +1,5 @@
 using System.Security.Claims;
-using Bit.Core.Identity;
+using Bit.Core.Auth.Identity;

 namespace Bit.Core.Auth.UserFeatures.SendAccess;

--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -128,6 +128,7 @@ public static class FeatureFlagKeys
    public const string CreateDefaultLocation = "pm-19467-create-default-location";
    public const string DirectoryConnectorPreventUserRemoval = "pm-24592-directory-connector-prevent-user-removal";
    public const string CipherRepositoryBulkResourceCreation = "pm-24951-cipher-repository-bulk-resource-creation-service";
+    public const string CollectionVaultRefactor = "pm-25030-resolve-ts-upgrade-errors";

    /* Auth Team */
    public const string TwoFactorExtensionDataPersistence = "pm-9115-two-factor-extension-data-persistence";
@@ -160,7 +161,6 @@ public static class FeatureFlagKeys
    public const string TrialPayment = "PM-8163-trial-payment";
    public const string PM17772_AdminInitiatedSponsorships = "pm-17772-admin-initiated-sponsorships";
    public const string UsePricingService = "use-pricing-service";
-    public const string PM12276Breadcrumbing = "pm-12276-breadcrumbing-for-business-features";
    public const string PM19422_AllowAutomaticTaxUpdates = "pm-19422-allow-automatic-tax-updates";
    public const string UseOrganizationWarningsService = "use-organization-warnings-service";
    public const string PM21881_ManagePaymentDetailsOutsideCheckout = "pm-21881-manage-payment-details-outside-checkout";
--- a/src/Core/Context/CurrentContext.cs
+++ b/src/Core/Context/CurrentContext.cs
@@ -6,10 +6,10 @@ using Bit.Core.AdminConsole.Context;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Models.Data.Provider;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
-using Bit.Core.Identity;
 using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
--- a/src/Core/Context/ICurrentContext.cs
+++ b/src/Core/Context/ICurrentContext.cs
@@ -3,9 +3,9 @@
 using System.Security.Claims;
 using Bit.Core.AdminConsole.Context;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
-using Bit.Core.Identity;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
 using Microsoft.AspNetCore.Http;
--- a/src/Core/Enums/AccessClientType.cs
+++ b/src/Core/Enums/AccessClientType.cs
@@ -1,4 +1,4 @@
-using Bit.Core.Identity;
+using Bit.Core.Auth.Identity;

 namespace Bit.Core.Enums;

--- a/src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SelfHosted/SelfHostedSyncSponsorshipsCommand.cs
+++ b/src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SelfHosted/SelfHostedSyncSponsorshipsCommand.cs
@@ -1,9 +1,9 @@
 // FIXME: Update this file to be null safe and then delete the line below
 #nullable disable

+using Bit.Core.Auth.IdentityServer;
 using Bit.Core.Entities;
 using Bit.Core.Exceptions;
-using Bit.Core.IdentityServer;
 using Bit.Core.Models.Api.Request.OrganizationSponsorships;
 using Bit.Core.Models.Api.Response.OrganizationSponsorships;
 using Bit.Core.Models.Data.Organizations.OrganizationSponsorships;
--- a/src/Core/Platform/Push/Engines/RelayPushEngine.cs
+++ b/src/Core/Platform/Push/Engines/RelayPushEngine.cs
@@ -1,6 +1,6 @@
-using Bit.Core.Context;
+using Bit.Core.Auth.IdentityServer;
+using Bit.Core.Context;
 using Bit.Core.Enums;
-using Bit.Core.IdentityServer;
 using Bit.Core.Models;
 using Bit.Core.Models.Api;
 using Bit.Core.Repositories;
--- a/src/Core/Platform/PushRegistration/RelayPushRegistrationService.cs
+++ b/src/Core/Platform/PushRegistration/RelayPushRegistrationService.cs
@@ -1,5 +1,5 @@
-using Bit.Core.Enums;
-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.IdentityServer;
+using Bit.Core.Enums;
 using Bit.Core.Models.Api;
 using Bit.Core.Platform.Push;
 using Bit.Core.Services;
--- a/src/Core/SecretsManager/Commands/Projects/Interfaces/ICreateProjectCommand.cs
+++ b/src/Core/SecretsManager/Commands/Projects/Interfaces/ICreateProjectCommand.cs
@@ -1,4 +1,4 @@
-using Bit.Core.Identity;
+using Bit.Core.Auth.Identity;
 using Bit.Core.SecretsManager.Entities;

 namespace Bit.Core.SecretsManager.Commands.Projects.Interfaces;
--- a/src/Core/Services/Implementations/LaunchDarklyFeatureService.cs
+++ b/src/Core/Services/Implementations/LaunchDarklyFeatureService.cs
@@ -1,8 +1,8 @@
 // FIXME: Update this file to be null safe and then delete the line below
 #nullable disable

+using Bit.Core.Auth.Identity;
 using Bit.Core.Context;
-using Bit.Core.Identity;
 using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using LaunchDarkly.Logging;
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@@ -16,10 +16,10 @@ using Azure.Storage.Queues.Models;
 using Bit.Core.AdminConsole.Context;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Context;
 using Bit.Core.Entities;
-using Bit.Core.Identity;
 using Bit.Core.Settings;
 using Duende.IdentityModel;
 using Microsoft.AspNetCore.DataProtection;
--- a/src/Events/Startup.cs
+++ b/src/Events/Startup.cs
@@ -1,6 +1,6 @@
 using System.Globalization;
+using Bit.Core.Auth.IdentityServer;
 using Bit.Core.Context;
-using Bit.Core.IdentityServer;
 using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Utilities;
--- a/src/Identity/IdentityServer/ApiResources.cs
+++ b/src/Identity/IdentityServer/ApiResources.cs
@@ -1,5 +1,5 @@
-using Bit.Core.Identity;
-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.Identity;
+using Bit.Core.Auth.IdentityServer;
 using Duende.IdentityModel;
 using Duende.IdentityServer.Models;

--- a/src/Identity/IdentityServer/ClientProviders/InstallationClientProvider.cs
+++ b/src/Identity/IdentityServer/ClientProviders/InstallationClientProvider.cs
@@ -1,7 +1,7 @@
 // FIXME: Update this file to be null safe and then delete the line below
 #nullable disable

-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.IdentityServer;
 using Bit.Core.Platform.Installations;
 using Duende.IdentityModel;
 using Duende.IdentityServer.Models;
--- a/src/Identity/IdentityServer/ClientProviders/InternalClientProvider.cs
+++ b/src/Identity/IdentityServer/ClientProviders/InternalClientProvider.cs
@@ -1,7 +1,7 @@
 #nullable enable

 using System.Diagnostics;
-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.IdentityServer;
 using Bit.Core.Settings;
 using Duende.IdentityModel;
 using Duende.IdentityServer.Models;
--- a/src/Identity/IdentityServer/ClientProviders/OrganizationClientProvider.cs
+++ b/src/Identity/IdentityServer/ClientProviders/OrganizationClientProvider.cs
@@ -1,9 +1,9 @@
 // FIXME: Update this file to be null safe and then delete the line below
 #nullable disable

+using Bit.Core.Auth.Identity;
+using Bit.Core.Auth.IdentityServer;
 using Bit.Core.Enums;
-using Bit.Core.Identity;
-using Bit.Core.IdentityServer;
 using Bit.Core.Repositories;
 using Duende.IdentityModel;
 using Duende.IdentityServer.Models;
--- a/src/Identity/IdentityServer/ClientProviders/SecretsManagerApiKeyProvider.cs
+++ b/src/Identity/IdentityServer/ClientProviders/SecretsManagerApiKeyProvider.cs
@@ -1,7 +1,7 @@
 // FIXME: Update this file to be null safe and then delete the line below
 #nullable disable

-using Bit.Core.Identity;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Repositories;
 using Bit.Core.SecretsManager.Models.Data;
 using Bit.Core.SecretsManager.Repositories;
--- a/src/Identity/IdentityServer/ClientProviders/UserClientProvider.cs
+++ b/src/Identity/IdentityServer/ClientProviders/UserClientProvider.cs
@@ -3,9 +3,9 @@
 using System.Collections.ObjectModel;
 using System.Security.Claims;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Billing.Services;
 using Bit.Core.Context;
-using Bit.Core.Identity;
 using Bit.Core.Repositories;
 using Bit.Core.Utilities;
 using Duende.IdentityModel;
--- a/src/Identity/IdentityServer/ProfileService.cs
+++ b/src/Identity/IdentityServer/ProfileService.cs
@@ -1,9 +1,9 @@
 using System.Security.Claims;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Billing.Services;
 using Bit.Core.Context;
 using Bit.Core.Enums;
-using Bit.Core.Identity;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
--- a/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs
@@ -8,12 +8,12 @@ using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Auth.Models.Api.Response;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
-using Bit.Core.Identity;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Api.Response;
 using Bit.Core.Repositories;
--- a/src/Identity/IdentityServer/RequestValidators/CustomTokenRequestValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/CustomTokenRequestValidator.cs
@@ -3,11 +3,11 @@ using System.Security.Claims;
 using Bit.Core;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.Services;
+using Bit.Core.Auth.IdentityServer;
 using Bit.Core.Auth.Models.Api.Response;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
-using Bit.Core.IdentityServer;
 using Bit.Core.Platform.Installations;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
--- a/src/Identity/IdentityServer/RequestValidators/SendAccess/SendAccessGrantValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/SendAccess/SendAccessGrantValidator.cs
@@ -1,6 +1,6 @@
 using System.Security.Claims;
 using Bit.Core;
-using Bit.Core.Identity;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Services;
 using Bit.Core.Tools.Models.Data;
 using Bit.Core.Tools.SendFeatures.Queries.Interfaces;
--- a/src/Identity/IdentityServer/RequestValidators/SendAccess/SendEmailOtpRequestValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/SendAccess/SendEmailOtpRequestValidator.cs
@@ -1,6 +1,6 @@
 using System.Security.Claims;
+using Bit.Core.Auth.Identity;
 using Bit.Core.Auth.Identity.TokenProviders;
-using Bit.Core.Identity;
 using Bit.Core.Services;
 using Bit.Core.Tools.Models.Data;
 using Bit.Identity.IdentityServer.Enums;
--- a/src/Identity/IdentityServer/RequestValidators/SendAccess/SendPasswordRequestValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/SendAccess/SendPasswordRequestValidator.cs
@@ -1,5 +1,5 @@
 using System.Security.Claims;
-using Bit.Core.Identity;
+using Bit.Core.Auth.Identity;
 using Bit.Core.KeyManagement.Sends;
 using Bit.Core.Tools.Models.Data;
 using Bit.Identity.IdentityServer.Enums;
--- a/src/Identity/IdentityServer/StaticClients/SendClientBuilder.cs
+++ b/src/Identity/IdentityServer/StaticClients/SendClientBuilder.cs
@@ -1,5 +1,5 @@
-using Bit.Core.Enums;
-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.IdentityServer;
+using Bit.Core.Enums;
 using Bit.Core.Settings;
 using Bit.Identity.IdentityServer.Enums;
 using Duende.IdentityServer.Models;
--- a/src/Identity/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Identity/Utilities/ServiceCollectionExtensions.cs
@@ -1,5 +1,5 @@
-using Bit.Core.Auth.Repositories;
-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.IdentityServer;
+using Bit.Core.Auth.Repositories;
 using Bit.Core.Settings;
 using Bit.Core.Tools.Models.Data;
 using Bit.Core.Utilities;
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserOrganizationDetailsViewQuery.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserOrganizationDetailsViewQuery.cs
@@ -56,6 +56,7 @@ public class OrganizationUserOrganizationDetailsViewQuery : IQuery<OrganizationU
                        ProviderId = p.Id,
                        ProviderName = p.Name,
                        ProviderType = p.Type,
+                        SsoEnabled = ss.Enabled,
                        SsoConfig = ss.Data,
                        FamilySponsorshipFriendlyName = os.FriendlyName,
                        FamilySponsorshipLastSyncDate = os.LastSyncDate,
--- a/src/Notifications/Startup.cs
+++ b/src/Notifications/Startup.cs
@@ -1,5 +1,5 @@
 using System.Globalization;
-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.IdentityServer;
 using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.SharedWeb.Utilities;
--- a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
+++ b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
@@ -30,8 +30,6 @@ using Bit.Core.Dirt.Reports.ReportFeatures;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.HostedServices;
-using Bit.Core.Identity;
-using Bit.Core.IdentityServer;
 using Bit.Core.KeyManagement;
 using Bit.Core.NotificationCenter;
 using Bit.Core.OrganizationFeatures;
--- a/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
@@ -37,6 +37,7 @@ SELECT
    PO.[ProviderId],
    P.[Name] ProviderName,
    P.[Type] ProviderType,
+    SS.[Enabled] SsoEnabled,
    SS.[Data] SsoConfig,
    OS.[FriendlyName] FamilySponsorshipFriendlyName,
    OS.[LastSyncDate] FamilySponsorshipLastSyncDate,