Add trusted device approval to custom user permissions list

Feature Requests Password Manager
,
1

Hi there,

Our organization really likes the new trusted device approval option that was added to the latest version of BitWarden. The only issue that is preventing us from enabling this is it would create a lot of administrative overhead for our administrators to always be checking for device approvals as there are hundreds of people within our organization, many of whom have multiple devices or don’t have a dedicated workstation. We are currently at the beginning of our deployment, so there would be a massive amount of approvals that we’d need to be constantly monitoring when more users are enrolled.

A feature that we would find to be very useful is to create an “Admin Permission” under the “Custom” member role when editing a user. For instance, if we have helpdeskuser1@contoso.com, we would like to be able to edit the member, change the member role to “Custom”, then click on “Manage device approvals” to allow the helpdesk user to manage “Device approvals” under settings. This would allow for faster response times and allow our helpdesk employees to be able to authorize new devices.

Here’s a visual example of what I am describing:
Organizations → Members → Member Role

TrustedDeviceApproval-Request
TrustedDeviceApproval-Request635×887 50 KB

Thanks!

1 Like
2

Welcome to the community @Retriever4730 - and what a great way to introduce yourself! We appreciate the suggestion and I’ll submit it for review!

3

+1 for this request. It would be nice to have technicians onboarding users and trusted devices without having to over provision permissions or involve more highly privileged users

1 Like
4

Totally agree on this point, not wanting to give full admin rights is a bit of a pain. Having the option to make some more junior staff device approvers would be excellent addition.

5

We would also love to have this permission as an option. Granting a user full keys to the kingdom just to be able to approve devices takes up valuable time for admins for something that should not require a full admin to perform. This often increases the amount of time it takes our users to get back up and running when they must auth a new device.