I would like to suggest a slight change to User Mapping
section in this doc:
The externalId
in Bitwarden should match to an immutable ID in AzureAD, in case of AzureAD, that would be the ObjectId
attribute, not the attribute.mailNickname
This would help in case of name or email address changes.
The Group Mapping
section rightly recognizes that, however.