Allow Admin to Delete User (including personal vault)

When a user is offboarded, it’s a pain to remove their account completely. Revoking from the Org is one thing, deleting their personal vault is another.
Either I need to redirect their email to a mailbox I have or I need to know their master password. Neither is a good idea.

My request is to provide an option that an admin can delete an account WITHOUT needing a verification email. Limit it to just accounts in the org with revoked permissions.

Hi @martin.tig,

According to this comment from a Bitwarden team member on another post, it appears this may be covered in an upcoming planned roadmap feature labeled under Account management and deprovisioning.

Hi @cksapp
I did review that topic before posting this one - you can see my reply in there - but that has to do with automated offboarding and this request has to do with an administrator being able to trigger it on demand.

That post specifically is regarding automation of User management with the directory connector yes, though this simply makes calls to the Public API for adding/removing those users from the Organization.

So if some type of improvements and features are added for better corporate account management and deprovisioning I would also expect them to be prevalent in the web-vault as well most likely.

I guess we’ll just have to wait and see what the future holds :wink:, the additions may take care of your request here but no telling until they are added and released.
Possibly this topic can be revisited once those features go live.

I agree we will just have to wait and see what the future holds. Hopefully you are correct and the additions mentioned there will directly resolve this request as well.

This is rather risky though, if the personal vault is still maintained by the user. For example, I have my personal vault and I joined an organization for my company’s plan. I certainly wouldn’t want the company to be able to delete my personal vault.

1 Like

Ahh, this really isn’t ideal and IMHO where there should be an enterprise policy (whether an organization uses it or not would be up to them) to allow for a simple domain allow-list and restrict users’ account email.

Bitwarden does not recommend you combine work and personal credentials as this is considered unsafe.
Best practice would be to have a work Bitwarden account associated with your work email for any of those logins.

Any personal items can be stored in a Bitwarden account tied to your personal email, and can easily be facilitated with the use of account switching currently.
Bitwarden offers an actually useable and wonderful free plan, or if available you can take advantage of the Enterprise Families Plan Sponsorship by redeeming this to your personal email.

Regardless of what they consider safe, most people will want to use one password vault. The ability to invite users to join an Organization isolates that particular vault from the personal one. I’ve already gotten confused looks from people as I explain the difference between their personal vaults and the organization vault.

Account switching is not easily done and it’s a time-consuming process (especially with MFA enabled). With LastPass, you were able to share passwords with another user fairly simply (even without exposing the password itself). That is not the case with Bitwarden, so having two or three Bitwarden accounts adds overhead and complexity to users who are just trying to maintain their passwords.

The problem is that it’s not hard to save work related information in the personal vault, regardless of if it’s intentional or not. So when a user is offboarded we need to be sure they no longer have access to the company information, regardless of where it’s stored.

You shouldn’t be doing anything personal in work - unrelated to Bitwarden - so this shouldn’t be an issue. In fact, in many companies, it’s against the acceptable use policy to use the company equipment for personal use. So this really shouldn’t be an issue to start with and for the few companies that allow personal use for company equipment, they won’t delete the vault. They will let the user have it and away they go. But for Enterprise customers we should have some way of ensuring that data is gone and can no longer pose a risk to the business.

As a business, I don’t care what makes my employees personal lives easier (I personally do, I’m speaking here as the business, not myself). They shouldn’t be using their PC for personal use. Work is for work and personal stuff needs to handled outside of work. Honestly there should be a policy that prevents signing into the Bitwarden personal account on a PC managed by the org. Some sort of setting I can push in the chrome/edge extension that says “this is a business account, here are the allowed domains, block all others”.

That is true, and in an ideal world, it would be fine, but in a small business environment with remote work-from-home situations, not everyone can afford to manage all of that.

Alternatively, you could enable the policy to disable the individual vault:

image

For the companies who are not ready to manage all that, they can just not delete the personal vault when offboarding a user.

The only issues with turning off personal vault is that then you need to make a collection for each user and an owner can see the contents.

We want to provide a “zero admin knowledge” place to store passwords for each user. So a collection per user, which also introduces a massive amount of work, doesn’t work. Nor does enabling admin password resets, because an admin can then just reset and see inside the personal vault.

But at the same time we need to provide a way to remove that data when the user is offboarded. As of right now all we can do is the “delete via email verification” option which doesn’t cover 2 cases:

  1. The users mailbox is gone (in which case we either need to re-create it or redirect that email to another mailbox).
  2. The user changes the email associated with Bitwarden to a personal one.

Option 1 is a massive pain to handle and this request is to make it easier. I’ll open a second feature request if I can’t find one to have a policy to disallow email changes for enterprise accounts to handle #2.

Hi, i know this is an old topic but i’m in the same exactly @martin.tig situation. It’s really a problem to keep personal vault enabled and then deleting the account when offboarded. It is not ideal to receive emails from the ex-employee’s inbox to delete his account. Is there any news regarding any deprovisioning functionality that allows you to do delete accounts with your org domain?
Thanks.

Hi, for those admins that have access to the user’s email (e.g. after they have left the organisation) I found this workaround:
To delete a Bitwarden account without logging in:

  1. Open Bitwarden Web Vault in a web browser.
  2. Enter the Email Address associated with the account to issue a deletion confirmation email.
  3. In your inbox, open the email and verify you want to delete this Bitwarden account.
  4. Once the account has been deleted, the user can be re-invited to join the Organization.

Hope this may help.

Yes, I mentioned that in my post 2 comments above yours (see: “…As of right now all we can do is the “delete via email verification” option which doesn’t cover 2 cases:…”)

As I mentioned there, that doesn’t always work for several reasons.

Yes you did. Full credit😊

My organization has just started to use Bitwarden (transitioning from breach-prone LastPass). We are in the process of getting it ready to deploy to our users and, of course, in that process, began testing onboarding and offboarding (and re-onboarding users as we do have staff that leave and return periodically) only to find out that the administrator of the organization cannot delete user accounts. HUGE, HUGE, HUGE FAIL!!! As one person mentioned, I don’t care about the user’s personal vault and personal accounts. The only vault that matters is the corporate vault, and users (when we were with LastPass) had it drilled into them constantly that if they use your corporate email with LastPass and store personal passwords for you or their family in your personal, corporate vault, then as soon as you’re terminated, you will lose that data. So DON’T DO IT! This is basic common sense. For Bitwarden to not have a full deletion capability by the admin is ridiculous, and had we seen that during our sales talks, it would have steered us away. Please add this functionality! When staff are terminated, our policy is to disable their accounts, delete mailboxes, and ultimately delete those accounts within 10 days. However, being the great IT dept we are, that typically happens on day 1. So, the whole process of sending an email to the user’s email deletion does not work, and we have a strict policy that once deleted, it is always deleted, with no exceptions. No one will ever get that email. Now, we have to make this 1 exception for the software meant to help make us more secure. Again, FAIL!

Hi all - @cksapp nailed it as this is covered as part of account management and deprovisioning, which the team will be starting soon as they wrap up the work around collection permissions. We will update this thread once it has been started.

The way this is designed is that organizations will need to verify their domain to own and have the permission to delete these accounts.

In the interim, organizations can use account recovery to delete these accounts.

I ran through the process of recovering the account of an offboarded user via password so I could delete it just the other day…

  1. We use SCIM, so first I had to re-enable the account that SCIM deactivated (correctly).
  2. We use SSO, so next I had to disable the mandatory SSO policy since the account is gone from the IDP.
  3. Then I had to reset the password
  4. Then I had to bypass the SSO check (we use Duo so bypass mode).
  5. And then, I was finally able to delete the account.
  6. Then I had to remove the SSO bypass
  7. And then re-enable the mandatory SSO policy

Maybe via email is a little easier, but not by much

  1. Reactivate the mailbox and ensure mailflow happens
  2. Generate the delete request on the bitwarden site
  3. Delete the account via the email message
  4. Remove the reactivate mailbox

We have got to get a better way to handle this.