Users within an enterprise organization should be required to go through proper channels to set up their Bitwarden account. The feature will allow enterprise admins to have knowledge of, and control over accounts created under their domains.
Enterprise organizations should have an additional section in settings for domain federation. Admins, Owners, and custom users with the “domains” role would be able to prove ownership of their company’s websites by, for example, updating a DNS record temporarily. Once verified, provide the option to “federate” the domain. This will block creation of new accounts made with addresses at that domain.
If an admin decides to federate a domain, they must either be able to merge existing accounts under that domain into their organization, delete the accounts outside of the domain, or force those users to change the email address associated with their accounts.
When inviting new users to an organization with at least one federated domain, provide a graphical menu to allow the admin to select the domain they’d like to send an invite under. For example, the admin could choose “gmail.com” and then just type out the username before the @. By enterprise policy, optionally restrict inviting users outside of the federated domains.
JIT-provisioning via SSO, SCIM, or the Directory Connector would be the only other methods to create an account in a federated environment.
Domain-federated accounts will also be subject to two changes:
- The option to change email will be disabled.
- Admins will have the ability to not only revoke access or remove them from the organization, but also to fully delete accounts. This would be similar to the recover-delete function, but would require admin verification instead of the direct user’s consent.