I would like to suggest a slight change to User Mapping section in this doc:
The externalId in Bitwarden should match to an immutable ID in AzureAD, in case of AzureAD, that would be the ObjectId attribute, not the mailNickname
This would help in case of name or email address changes.
The Group Mapping section rightly recognizes that, however.