Organization Policy to remove "Never" from Vault Timeout Options

The Org Policies around Vault Timeout options are very lacking.

If you set a max timeout, you lose the incredibly insecure option of “Never”, but you also lose very valuable options such as “On Browser Restart”. Since we use Citrix, this option is extremely valuable as people get a new session every day.

If we have the vault timeout policy turned off, users get the option to set the vault timeout to Never. This is incredibly insecure for this to be available to the standard user, who will not care about the warning that is posted when selecting this option.

As an admin, we should have more flexibility with the vault timeout. Options to select custom time intervals would be helpful as well. Ideally, admins would have full control over which options are visible to users.

The Policy should allow customization, such as selecting specific vaults to be locked instead of locking the entire account. This is particularly important for organizational accounts that include both personal and shared Organization Vaults. Additionally, it should offer more settings to choose from. Currently, the Policy locks the whole account, which makes Autofill from the Personal Vault impractical. I had to create a new personal account to work around this issue. Furthermore, Bitwarden should add Vault Prioritization for Autofill, allowing users to prioritize which vaults are used for autofill.

Perhaps two separate browser profiles, one for personal and one for business each with its own account/vault would address your need.