Automate Device Approvals

bellewga · January 3, 2024, 4:33pm

Hi Bitwarden Community,

My department has been using Bitwarden for the past few months, and we have begun pushing it out to other departments, slowly but surely.

We decided to utilize the trusted devices features, which allows us to bypass the need for a master password. I really like this feature, but the one thing that gets in the way is the need to approve devices as they’re requested. Working in an organization that has over 3000 employees, it will create a lot of work to continuously approve devices.

I understand that it’s necessary for security reasons to approve devices manually, but it’s simply impractical within the scale I’m working. We are controlling user access with groups in Microsoft Entra ID (AAD). Obviously, the main concern here is users adding public/shared devices as trusted devices.

I’ve looked through API and CLI documentation, and I can’t seem to find anything on this–maybe I’m missing something. Is anyone aware of a way to automate device approvals? I should mention we are not self-hosting.

Thanks in advance!

go12 · January 4, 2024, 12:33am

Hi @bellewga and welcome to the Bitwarden community! The team is looking at many ways to streamline device approvals and there are planned enhancements. Stay tuned for more details.

gtran · January 23, 2024, 10:40pm

Hi @bellewga! The team is looking at expanding the CLI so organizations can automate device approvals (similar to automating user confirmation) as a top priority this quarter. When there’s more clarity on timing, more updates will be shared. Later in the year, Bitwarden also plans on introducing device management in the web app so that users can approve and manage their own devices. Thank you for your support!

mikelelevate · February 21, 2024, 1:13am

Giving end-users the ability to approve other devices via the Web Vault will help immensely. The email invite guides them through signing up via the Web Vault, so this is where they end up first and subsequent devices then need to be approved.

Is there a rough ETA on this? E.g by end of Q2

d0m · May 22, 2024, 1:00pm

Any update to the automation via CLI?

hb12345 · May 23, 2024, 10:12am

yes, this ‘feature’ is really slowing uptake across my org - frankly it’s stupid behaviour for orgs that have SSO etc enabled, but even worse when it can’t be automated.

Also, there is this feature request: Send email to admins for Device Approval Request - #16 by Until0842 that is being worked on.

Until0842 · May 23, 2024, 12:00pm

Thanks for adding me to this thread. Posting here as well for any info on the status of device approval automated notifications to admins. Thanks!

hb12345 · June 4, 2024, 3:06pm

@gtran hi Gina, any idea when this feature will be available in the CLI/API?

Micah_Edelblut · June 5, 2024, 6:56am

The team is actively working on this feature and it should be available in the CLI soon.

hb12345 · June 20, 2024, 9:55am

Hi Micah,

I see the PR has been merged Do you know if that means that the July build of the CLI will have this functionality, or is there anything else that needs to happen first?

Until0842 · July 5, 2024, 7:19pm

Hello, I see in the Bitwarden release notes for versions 2024.6.0 - 2024.6.3 that bulk approval requests for trusted devices has been made available so that is great to see.

Any updates on the notifications to admins when a device approval has been requested by a user? Thanks!