So my situation is looking like this:
I installed bitwarden on premise and configured it for SAML login via Azure. Users could login just fine with their microsoft login combined with the master password. After contacting support I went through with the key-connector setup and got it working with my own DB and my own (self signed) cert stored locally on the filesystem, because I’m still waiting (since friday) for a reply from support regarding OS cert store solution which I couldn’t get to work with the provided docu. Since I’m already more than two weeks in trying to get the key-connector to work as recommended, I decided to just go with my cert stored on the filesystem which works without any problems.
So now users can login with SSO and after login get the options to remove the master password and this works just as expected. BUT there were some users that I was testing this feature with, and as troubleshooting measurements I removed them from the organization and invited them again. In retrospect I wouldn’t do this again as it caused the following issue:
- Users can be invited but can not join the organization (already part of organization)
- Those users are not listed in the organization’s user list
- They are stuck in limbo, me not being able to remove them compeletely
When they try to register or accept the invite they get the following error message:
User, has already been invited to this organizatio. Accept the invite in order to log in with SSO.
So my last resort would be to remove them directly from the database, but I would need some assistance in doing so. I suppose support is in contact with the engineer team, trying to fix existing issues with the key connector as I was not informed, that I did something wrong on my side. But I can’t wait any longer, so I’m trying my luck here in the official forums.
So the question remains: Where are those deleted users stored and how can I completely remove them so they are able to join the organization again?
EDIT: So just after typing this little wall of text I thought like “hey, let’s see what the admin url has to offer” and boom, there they are… the deleted users! How ironic… I will test again and report back.