Remove Individual Vault - Browser Extension doesn't prompt to save/update - Enterprise Policy

Hi, Our company is looking to move away from Lastpass so we started a trial with Bitwarden. We have an enterprise account with enterprise policies, but we’ve been running into some hurdles that need to figure out.

When we invite someone to our Bitwarden organization, we ask that they use their email address to create their company vault. This gets them into BW successfully and it creates an individual vault for the employee. This is good because individual employees have individual credentials for sites that they need to access. This is what we would expect. The problem is that Bitwarden doesn’t see that as a company account, BW sees that as a normal account and is disconnected from the company. (The user has an account to BW, but it is linked to the company. It is not a company account. BW expects that the employee maintains access to this account after they leave the company.) This is also a problem when using reports such as the ‘weak passwords.’ Since BW see this individual ‘personal’ vault (that was created for an employee to store their work related credentials) as not part of the organization, the organization reports don’t report on these individual vaults. (such as the organizational weak password report.) The organization also loses the ability to manage these individual vaults.

In BW’s help website, there is a section talking about the “Remove individual Vault” policy that enterprise customers can use and force saving to individual collections. One of the problems here is that when you turn that policy on, browser extensions no longer prompts to update/save passwords. Is this a bug? Any plans on fixing this?

When an employee leaves the company, it is not expected that they maintain access to their individual vault that could store company secrets (passwords/cards/notes) when it was created use by the employee of the company. I understand that there is an Organizational vault, but users cannot save to that unless they save to a collection. How do employees create their own vault to be used for company items (not personal items), that show up in enterprise vault health reports and stay with the company if the employee leaves? It is difficult to gain compliance where employees save to an individual collection and not personal vaults, especially because for the browser extension work and prompt to save new passwords, a company cannot disable individual vaults as the help docs suggest.

We are still early in our trial but I’ve been through the help docs and I’ve got to be missing something because I don’t see a way to keep company items from being mixed with the personal ‘individual vault’.

Is there any enterprise users who can shed light on these issues?

Thanks for the feedback, the team is working on an update that will allow the save bar to work when individual vault disabled :+1:

I have the same problem here too, save bar doesn’t show when a member is a user or admin. Just rolled it out today and noticed it wasn’t working for our users.

Is there a GitHub post for this to follow along with?

Looks like it might be GitHub Clients Repo PR #4760

1 Like

Is this fix mostly tied to the client side (as per the git location bitwarden/clients) or will it have to apply to server side as well?

@Gerardv514 I’d say this will be only client-side (browser extension) as the policies were present before and the exception to skip the save prompt when this policy is active, is/was inside the browser extension.

This and other enhancements have been combined into [EC-475] Auto-save password prompt enhancements by eliykat · Pull Request #4808 · bitwarden/clients · GitHub and have been passed onto QA for review.

Kind regards,

I’ve noticed this has been fixed for the browser.

Earlier tonight we tried to save on iOS browser (safari) and used the share sheet, clicked on BW app to save a login and. It gets stuck on saving. I noticed it didn’t ask what collection to add it too, therefore has this not been rolled out to the mobile apps yet?

What about the other issue @Matt2971 mentions? the fact that they are forced to save to a shared collection and can’t save on the organization in a way that is not shared.

I know i can set a collection for every user where only the same user has access but that’s less than ideal.

Would appreciate a response to this as well.

Bumping this again. We cannot save an entry when using the iOS browser share sheet. We have no way of choosing which collection to save the entry to.

@djsmith85 can you assist me with determining if this is all related?

Possibly the 2nd related issue listed here on April 2022 at GitHub?