Enforcing 2fa for all users from the Admin side.
Enforcing 2fa with every login even if the user selects “remember me”.
Enforcing 2fa when a user logs out/back in.
Thansk!
2 Likes
Hi @phatpuckz and welcome to the community,
Currently the best way to enforce 2FA requirements across user logins can be solved with the use of conditional access policies with your IDP of choice and the use of Login with SSO on the Bitwarden side.
2FA authentication is the handled by your IDP and all policies, restrictions, or exceptions can be made as your security team sees fit. Once the user authenticates their identity they can then decrypt their vault, either with the use of the master password or the self-hosted key connector.
Though I can see where this could be a good addition for easy management within the Bitwarden ecosystem itself. Maybe others will agree and add their vote to your request. 
It also means if your IDP is hacked all your passwords in Bitwarden are going to go down with the rest of the house of cards.
For example Microsoft has a pretty mediocre security track record with Azure ID.
I’d rather not hook up Bitwarden to our IDP. So I can atleast reduce some of the blast radius of an IDP hack.
1 Like