For the companies who are not ready to manage all that, they can just not delete the personal vault when offboarding a user.
The only issues with turning off personal vault is that then you need to make a collection for each user and an owner can see the contents.
We want to provide a “zero admin knowledge” place to store passwords for each user. So a collection per user, which also introduces a massive amount of work, doesn’t work. Nor does enabling admin password resets, because an admin can then just reset and see inside the personal vault.
But at the same time we need to provide a way to remove that data when the user is offboarded. As of right now all we can do is the “delete via email verification” option which doesn’t cover 2 cases:
- The users mailbox is gone (in which case we either need to re-create it or redirect that email to another mailbox).
- The user changes the email associated with Bitwarden to a personal one.
Option 1 is a massive pain to handle and this request is to make it easier. I’ll open a second feature request if I can’t find one to have a policy to disallow email changes for enterprise accounts to handle #2.