How do I disable “Change Email” in Bitwarden Enterprise? I don’t want our users to be able to redirect their vault to a personal email. Even though I have mandatory 2FA and it sends the email 2FA code to their work email, I’d prefer to remove that option so they don’t get itchy fingers to tie their Bitwarden to their personal email.
Welcome, @David_M!
There isn’t an option for this currently, but, if you’re on the Enterprise plan, you should be able to leverage our Login with SSO feature.
I have SSO set up and required, as well as the single organization policy. My IdP uses email as the NameID in the SAML flow instead of an employee ID constant. This feature request is important to stop users from potentially locking themselves out of their accounts. I have a few questions about policies and protections.
- When are users asked to sign in with SSO?
- If the user is already logged in on a device, are they required to authenticate with SSO each time they open the web vault or app?
- What are the admin or self-serve recovery options in the event a user can no longer access their account because the email doesn’t match the value returned by the IdP during SSO?