Organization Policies - Force Vault timeout action
It should be possible for a company to set the Force Vault timeout action for its employees.
Background is, we as a company can force TOTP, as well as the maximum vault timeout, but not the timeout action. We would like that after the vault timeout the logout is triggered and the TOTP must be entered again.
I was just about to post this exact thing when I came across this one. On top of being able to enforce mfa for each login as the OP mentioned, having this option would also make event logs much more useful for organizations. Currently if a user is only interacting with the extension, and the extension is only ever set to “Lock” instead of “Log out”, then there is no way for us to audit the most recent time a user interacted with Bitwarden since a “login” event is not recorded when unlocking the extension Without this there is no way to hold our users accountable for using their password manager.
Edit - Came across this post on Reddit from 6 months ago. Implementing this change as they described it would be even better.