Organization Policies - Force Vault timeout action

Feature name

  • Organization Policies - Force Vault timeout action

Feature function

  • It should be possible for a company to set the Force Vault timeout action for its employees.
  • Background is, we as a company can force TOTP, as well as the maximum vault timeout, but not the timeout action. We would like that after the vault timeout the logout is triggered and the TOTP must be entered again.


1 Like

I was just about to post this exact thing when I came across this one. On top of being able to enforce mfa for each login as the OP mentioned, having this option would also make event logs much more useful for organizations. Currently if a user is only interacting with the extension, and the extension is only ever set to “Lock” instead of “Log out”, then there is no way for us to audit the most recent time a user interacted with Bitwarden since a “login” event is not recorded when unlocking the extension Without this there is no way to hold our users accountable for using their password manager.

Edit - Came across this post on Reddit from 6 months ago. Implementing this change as they described it would be even better.

We recently looked at this and a quick search pulled up this Feature Request, thanks to previous posters.

I agree that the ability to have separate global settings for an organisation, so it can have control over vault time out actions is really required.

For example, we would want to have say 15 minutes for lock and then x hour(s) for force log out.

This would mean we could be sure that users were all following same controls.

From an organisation and business security model, this change would greatly assist in the overall management of Bitwarden.

It definitely needs more votes.

This is actually something already that the team has been working on and a new feature that has been recently merged into the main, should be included in a future release.


That is good news.