As a business, it’s important to control some options within an application. Bitwarden offers some good minimal policies but lacks when it comes to managing the applications users are free to use. The example I am thinking of right now is if you are not using SSO or you are using SSO but lack the licensing for conditional access, a user can have almost indefinite access to passwords stored in their “personal” vault.
Ideally, the organization owner/admin should be able to specify some default/unchangeable settings for the browser extension and desktop app such as the default timeout action. Currently, it’s set to lock but locking doesn’t stop a terminated employee from unlocking and doing whatever they want with the passwords.
Global setting is: “Never” to lock out - which is bad for data-security - I can hardly enforce my users to set the timeout individually, therefore the Vault does not lock!
→ please set globally the timeout for each user at least to 15 minutes.
1.1 Maybe, use this feature-request via Global Policies
If 2FA is enabled, I would prefer to automatically Log out all users. This needs to be done globally!
meanwhile you are implementing the function could you set the sae Vault Timeouts as you did for the Vault also in the add ins for all kinds of browsers? also for the windows version it would be great to set the same timeout values.
That’s good to know. It’s the feature I’ve been waiting for before rolling out BitWarden to the majority of our company. I don’t trust the majority of our users to update the timeout time, and it’s just too unsecure otherwise. Hoping this is actually going to happen.