Looking to migrate an enterprise to BW from LastPass. I have a feature I that I wanted in Lastpass that doesn’t exist, and I want to know if something like it exists in BW. Bare with me.
In the old days we would take the administrator password for our AD and put it in an envelope locked in a vault and sealed in such a way that you would know if the envelope was opened (and it was difficult to duplicate, however, not impossible). This was the only way to deal with systems that had a top of system access privilege that we needed to use from time to time, but didn’t need to use often. The way it would work is if you had an emergency and needed it, you got it, used it, changed it and put a new envelope in the vault.
Does anything like this exist in BitWarden? A password that I can let a group of trusted admin access, but as soon as they access it, I (or someone) is notified that it has been used so we know to reset?
The only feature I’m aware of that you might be able to use for this purpose would be Emergency Access. You’d need a premium account that will store the AD administrator password, and the email address associated with that account should be a distribution list or forwarding address that sends message copies to the individuals that need to be notified. Then grant emergency read (“view-only”) access to everybody in your group of trusted admins, with a 1-day waiting period. Unfortunately, there is no delay period shorter than 1 day, so the only way to get access sooner is for the account owner to log in and grant access in response to an emergency access request.
Depending on how urgent your “emergency” situation is, or how responsive the account owner is to emergency access requests, this approach may or may not work for you.
The process is described in the “Use Emergency Access” section of the documentation linked below. Click on the “Manage Access” tab to see the procedure for approving emergency access prior to the end of the wait period.