License and User management

Ask the Community Password Manager
,
1

Hello,
I am the admin of our Bitwarden Enterprise organization. I have two questions regarding user and license management:
First question: I will soon have 2 employees who will be on maternity leave for about 1 year and therefore will not need Bitwarden. Can I withdraw their licenses in the meantime and use them for other users? And if I withdraw the license, what exactly happens then? The user will be disabled and the user’s passwords will remain or will they be lost?

Second question: I would like to find out who in my organization is really actively using Bitwarden in order to possibly free up licenses. What would be the best way to proceed? What would be good indicators here, because I don’t think the login is meaningful enough once the browser add-on has been set up.

thanks a lot!

2

I would guess they will lose access to the organization collections but their individual vault data should remain unchanged.

If you do not use Enterprise SSO, I guess they should be able to continue accessing their account (not 100% sure about this).

If they have redeemed the free families organization the will be charged at some point after you have kicked them out from the organization.

Enterprise organizations have Event logs available in the admin console (under reporting).

Among other things, logins are logged. And also is every acction performed on any organization vault item.

You can export all those events as a CSV file.

3

Hello,
I have just tested it:

  1. We have Enterprise SSO active. If I remove the user from the Bitwarden AD group, i.e. revoke the license, and then sync with the Bitwarden Directory Connector, the user is removed from our Bitwarden Directory and the license is released. So far everything is OK. If I now add him back to the group, i.e. give him the license again and sync, he is invited to join the organization again. Now he has to log in once with his previous master password before the SSO login works again. This means that the user is actually converted into a “private” account when the enterprise lic is removed. My question now is: What do I do if the user no longer remembers his master password? Because in the admin, the user now only appears as Invited and I can’t reset the master password there. I’ve already looked here, I Forgot my Master Password | Bitwarden Help Center, but I don’t see how I or the user can reset the master password without deleting the user and losing the personal passwords

  2. I have checked the event logs, but I am relatively sure that not everything is displayed correctly there. My colleague from the IT department uses Bitwarden every day like I do and it shows me in the log that he has had just 50 activities in the last 3 months. Mine shows over 900 activities.

4

I think there is nothing you can do at this point (besides deleting the account and losing the individual vault).

Because at this point the account is no longer member of your enterprise organization, and, IINM, account recovery is limited to enterprise organization accounts.

I haven’t done extensive checking about what gets logged. I assumed only activity related to the organization vault items (besides general things like account login) was logged.

I think your questions might be a bit too specific for this forums, I’m guessing you could have more luck with support.

5

Ok, then it is probably best if I reset the master password of the user from whom I temporarily take the license and save it in my company-admin Bitwarden Safe. That way I can at least be sure that when I reactivate him again, he will have access again and no data will be lost.

thanks for your help. I will forward this threat to the support, see what they will answer here

6

FYI, Support replied instantly User Management | Bitwarden Help Center

Revoke also removes the lic. perfect for temporary leaves

7

That’s nice!

And good to know…

Thanks.