Claimed Domains on self-hosted - is the signup policy enforced across cloud too, or just on self-hosted?

Ask the Community Password Manager
, ,
1

The Bitwarden Claimed Domains article says that after claiming a domain, the following policy can be enabled:

Turn on a policy to prevent email accounts with matching domains from creating Bitwarden accounts outside the organization. When the policy on, email accounts with matching domains can only be used to create Bitwarden accounts by being invited to join the organization.

I have a question I am wondering if anyone on self-hosted enterprise might be able to answer, as the article does not detail this at all..

Does ā€˜outside the organizationā€™ here mean ā€˜other organizations on the same Bitwarden instanceā€™ (if self-hosted) or does it mean ā€˜everywhere else, including Cloudā€™?

In other words:
If we purchase Bitwarden enterprise and choose the self-hosted option, will claiming a domain in our self-hosted instanceā€™s admin settings area and activating the policy, prevent users from attempting to sign upto Bitwarden Cloud with their claimed corporate email address? Or does this policy only enforce on Bitwarden Cloud if a domain is claimed in another Bitwarden Cloud org?

We would very much like to go with Enterprise self-hosted but we want to ensure that our organizationā€™s users, when accessing for Bitwarden for the first time, do not get confused and mistakenly try to sign up to vault.bitwarden.com with a personal account instead of logging in via our organizationā€™s custom Bitwarden URL on our self-hosted enterprise instance.

2

Link to the article I am referring to: Claimed Domains | Bitwarden

(it wouldnā€™t let me add more than one link per post)

3

Hi @danielwallace ! Iā€™m excited to hear youā€™re interested in using Bitwarden for your business. ā€œOutside the organizationā€ does mean ā€œOutside the organization on the same Bitwarden instance/serverā€ in this case, so when you get set up, you will want your domain claimed and the policy turned on in your cloud account. (More information on why you need a cloud account here.)

Doing so will make sure that you are able to block users from accidentally creating an account vault.bitwarden.com rather than your self-hosted instance. :+1:

I hope this helps!

4

Got it. Ok that makes sense, didnā€™t realise that. Thank you!