You already email admins when there is a pending user to confirm… why do you not email admins when there is a pending device request?
Seems like something that should have been included in the initial release of Trusted Devices.
Hi @Greyson, Welcome to the Bitwarden community! The team is working on ways to make the addition of trusted devices more self service for users. There is also work to identify the right way to incorporate notifications given that the volume of devices could be far larger than the volume of users.
Thank you @go12 … At the recommendation of our Bitwarden account team, we enabled Trusted Devices… and to be honest, I’m disappointed with the way that Bitwarden implemented it. It seems like a real rush-job.
- Inconsistency between users with Master Passwords and those without… and no way to tell which is which. So very confusion to educate users on how to add additional devices when SOME can do so via master password and others can’t.
- Lack of admin notification emails when there are pending device approvals.
- Lack of consistency about what qualifies as a “new device”… the web vault, the desktop app and browser plugin are all considered separate devices so must be approved.
- When new users get added to BW, they are obviously going to join via the web vault - since the email says to just click on a link… so they then authorize the browser… but are stopped by waiting for admin approval to setup their desktop app and/or browser plugin.
1 Like
Thank you @Greyson. The team is aware of the situations you have outlined and has plans to address them. Your feedback is appreciated.
Agreed – we need an admin notification email for pending device approvals at a minimum here. Seems likely a very simple QoL improvement.
A policy for setting ‘Use this device to approve login requests’ as default would also go a long way.
Hi @mikelelevate and @Greyson - thank you for your input.
The team is looking at introducing a way to automate device approvals via the CLI - would you still prefer the product to notify admins for individual device approvals? This was not initially introduced so that admins would not get overwhelmed by emails, given that devices outnumber users so would appreciate your thoughts on if the CLI automations would solve the need.
Hey Gina,
In my own MSP and across our customer base we would prefer the product to notify admins for individual device approvals. Our customers have a dedicated ‘Bitwarden Champion’ that is in charge of this – they’re not technical so CLI is of no use to them.
Outright automating the approvals via CLI somewhat defeats the security puprose of this feature. However, I have full faith in the security of SSO via M365 and our conditional access policies so maybe this would work if it was exposed as a setting you could toggle on/off per organization.
1 Like
Hey @gtran,
Great to hear you’re working on it! I want to also add my support for email notifications as a must have for this feature. Since CLI automations are not possible within my company by the people managing it. And now they have to look into Bitwarden every morning to know if people made Device Approval requests or the user itself needs to message them.
Next to that, I have two suggestions that will improve the UX of this feature:
- If there are worries about spamming admin’s then please make a toggle in the Bitwarden UI that allows the user to disable the email notifications for admin’s.
- If it’s expected by you that people create automatic device approval’s via the CLI tooling, then maybe it will be a good idea to also allow it as a feature for everyone. E.g. having a toggle within the Bitwarden UI to automatically approve Devices.
Is there a way to see the timeline of this feature improvement?
I totally agree! I also have full faith in the security of SSO via M365. A toggle on/off per organization so that we can decide about that ourselves would be great.
The more so as we can’t have the synchronous communication needed to validate requested devices are valid. So we mainly decide by gut feeling anyway…
An update: the team will be starting on enabling an endpoint on the CLI to bulk approve devices as well as within the UI. This is targeted for sometime in May/June. The team will also be looking at building an email to owners and administrators when there are pending device approvals. More to come!
1 Like
Great update - we’re extremely interested in this feature too!
One tiny request - can we also have an API endpoint so we can hit it from python etc? I’m assuming your CLI tooling uses it anyway 
1 Like
Added my vote for this. Would love to see device approval request notifications sent to admins. Otherwise, admins need to manually check the admin console frequently to check for any pending requests from users, especially as we start a rollout period with our organization. This would be a big time saver to have this notification feature added.
Hi @Until0842 and welcome to the Bitwarden community! As @gtran shared a couple of messages earlier, more is planned.
Thanks! Looking forward to an update on this topic in the May/June timeframe