Default URI match settings - Work accounts

Based on my (amd a couple of others) great experience with using Bitwarden personally for a few years, we bought Bitwarden Enterprise for my 28 user work team. Another team that we work closely with also bought Bitwarden for their 45 user team. The overall organization is large, so it’s possible it will end up more places as well. We were previously using Lastpass at work, but all the security problems with Lastpass became untenable for us to keep using it, at least for our security focused team. We didn’t trust it anymore.

Unfortunately, using Bitwarden at work has not been a great experience. It’s just not very good at URL/URI matching when you have a ton of internal websites to use, due to SSL requirements, all having a FQDN ending in “appname.organizationname.tld”. I almost always have to go looking searching for my passwords rather than it just showing up at the top of the list. This makes it more difficult to use. I don’t have this problem with my personal Bitwarden because almost every URL is completely different.

I have experimented some with the URI settings but it hasn’t really resolved my issue. Is there a way to force exact FQDN matching on all (existing) passwords? Keep in mind we have large numbers of passwords that have been imported from Lastpass, so going back and changing them all to “Exact” manually would involve touching thousands of entries, which is just not practical for doing manually for my entire work team.

In your browser extension, go to Settings > Auto-fill, where you will find Default URI Match Detection. This will affect all URIs that have their match detection method set to “Default” (which, by default, is the case for all URIs for which you have not manually configured a different match detection method).

Do I need to reload the browser extension after doing that? I set it to Exact as per the above and I still have 107 passwords shown for a site that tested on, many that don’t match the FQDN.

For me, the change is immediate (as far as what accounts are shown on the Tab page), although the badge counter is not updated until after I switch to a different browser tab and switch back (or after locking the unlocking the vault).

If you’re still having trouble, can you please share the form of the full URIs (obfuscated if necessary, but please don’t leave out any parts of the path) for a representative set of login items that come up on your browser extension Tab page (including those that “don’t match the FQDN”)?

I think what I write now, you already made sure of, but anyway here some basics I would check also:

  • Is every FQDN really only associated with one vault item?
  • Are there vault items with more than one URI-entry?
  • When you changed the URI default mode now to “exact”, is every URI-entry for every vault item set to “default” (so that the changed default ‘exact’ can work)?


The setting under the autofill for the exact match wasn’t sticking. I went back several times until I was sure that it stuck. Now it appears to be working as I want it to.

That is odd. What browser/OS are you using? What did you do between changing the setting and checking it? Did you just close the “Auto-fill” settings screen (using the < Back button) and re-click the “Auto-fill” link, or did you close the Settings, close the browser extension, or close the browser itself?