Ability to set a policy for the options available to users of Bitwarden Send.
Our current written policy is:
Bitwarden Send has a few options which you should set to ensure safe transfer
• You must always set expiry and deletion setting, these can be no more than 1 week.
• You must set the access count to 1 to ensure only the intended recipient can view the secret
• You must add a password and provide that password to the recipient via a separate communication channel (e.g. send the Send link over email, password over slack/text message)
We’d like the ability to enforce these at an organisational level so that users don’t run the risk of either not knowing the policy or forgetting to set one of the options.
Currently when sharing an item using the Send functionality, the default is not to password protect it and to have it live for 7 days before deletion. These options are also not immediately visible to the user as the “Options” buttons needs clicking to bring them into view so the defaults are less likely to be changed.
For organisations that require different defaults it would be useful if an admin option existed that enforced that:
For the Bitwarden Send feature for Organizations, more security controls are required. Currently, if you enable the Send option, you have to allow text (password) and files. This has created a security hole for us where any files can be shared out, without security controls, to anyone. That Link can be passed on to anyone who can access that same shared file undetected.
Provide availability to disable sharing of files (without disabling sharing of text)
For file sharing option, that event should be logged
A Policy with more options is appreciated.
I would like to turn off File Sharing for all or some users.
Maybe we can have different Policys on a user/group basis?
Group A can have Text & File enabled
Group B can only have Text enabled
A comprehensive policy configuration with the points already listed would also be very helpful to us. Activating the send feature is not possible under any circumstances due to file sharing, for reasons already mentioned. We are reluctant to pay for another or different service for the secure sharing of information.
Perhaps a configuration via a custom user role would be possible?
I am also implementing Bitwarden for a customer and he would like to allow the use of “Send” only for some users. Unfortunately the policies may only be turned off or on for every user except Admins. Or did I miss something?
Similarly, I’d love to allow people to install Bitwarden, but can’t while Send is an option for them. If I can use policies or another method to prevent use of Send from corporate machines, they’d still be able to use the feature from personal machines while being able to use Bitwarden across machines.
