I would like to suggest a slight change to
User Mapping section in this doc:
externalId in Bitwarden should match to an immutable ID in AzureAD, in case of AzureAD, that would be the
ObjectId attribute, not the
This would help in case of name or email address changes.
Group Mapping section rightly recognizes that, however.