we are using bitwarden in a professional environment with ldap synchronisation. All users that get access to bitwarden are synchronised via an LDAP-Group and the self-registration is disabled in bitwarden directly (globalSettings__disableUserRegistration=true).
When a new user logs into bitwarden because of the registration mail that is sent, there is no access to the organization. The access to an organization must be manually confirmed.
Is it possible to disable or automate that step, so that all registered users are automatically added to the organization?
If I interpret this request correctly, there seems to be an undocumented API for the organization actions. While digging through the source code I found the the API definition in the OrganizationUsersController.cs file. The requests made with curl with the bearer token received in the web interface work with this API call, the bearer token received with the organization credentials don’t.
Can anybody point me out to the documentation of the /api/organization endpoint or tell me how to request the correct Bearer Token?
You’ll need to use a two-step approach. The API in the web vault can’t bit “hit” via a standard web request without being “inside” a vault.
So, to accomplish this, you’ll use the Bitwarden API to GET a list of users, which will return user info like so:
Using the status ( I believe they are 0 = invited, 1 = accepted, 2 = confirmed) - you’ll grab a list of users where status == 1, and then use the CLI tool to confirm them.
Sorry for the delay here - just trying to clarify what you’re asking for. You’d include the CLI commands in the script that you run as far as I understand.