Allow Whitelisting IPs for access

Whitelist IP’s that can access an organisation

  • We would like to use BitWarden, but we would like to be able to limit what IPs are able to log in to our organisation. So we would have X users, and those users would have to connect to our company VPN before being able to log into Bitwarden.
  • This whitelist would apply to a user or role, not the organisation as a whole. IE Non Admins can only access from a whitelist of X addresses, but Admins can access from Y Addresses.

Feature function

  • Limit where users can log in from.
  • Allow us extra security in that not one of our office staff should be logging into our company account from anywhere but the office, we don’t have remote staff and don’t need to allow them.

Related topics + references

  • There is a similar feature request for locking down what countries can access the account, but we only want to allow specific IPs, at our disgression,
  • LastPass, Zoho, ManageEngine all have this feature already, it’s fairly common security practice to limit what IPs can access a resource.

Hi Brad - welcome!

I see you have identified this request for a self-hosted instance of Bitwarden. Why not just firewall the server hosting BW?

1 Like

Excuse my poor tagging, I tagged for the project:website, which I assumed was the cloud version, and then figured if you were adding a whitelist to groups or users, it would be added to self-hosted as well.

We wanted to use the Cloud version, but without being able to lock down IPs it just isn’t an option.
And, we have different categories of passwords. Core networking devices I’d want to say only people on the VPN can access, however resources such as logging into an online retailer might not need any specific IP to view, for instance.

I can think of a fair few ways of executing this, but it would be something the cloud users would benefit the most from. A really basic example, in my opinion, is only letting staff access passwords for servers when at the office, since I can’t think of a good reason to do that when out and about.

1 Like

Ah, OK - understood.

I would try contacting the Bitwarden team to see if there are any existing solutions available to your organization:

1 Like

Thanks for the heads up David.

I have just emailed them to see if it is possible, and excuse my ignorance, but if the feature didn’t exist, isn’t this the right place to request it?

Always happy to speak directly with the company, but assuming they don’t have the feature, wouldn’t it be likely they would refer me to these forums. Or are they likely to do something custom for us?

1 Like

Yes, this is the place for feature requests, but generally the requests here are more about software development and improvements. Your request isn’t about the software, per se, but rather how it is delivered to organizations, which might be treated differently. It never hurts to ask!

1 Like