We’ve implemented ‘require two-step logon’ as a policy in our organization and set up Duo two-factor authentication to work with the Bitwarden app. I get asked for a second factor when I log onto Duo by browsing to vault.bitwarden.com, but not when I log into the Chrome extension. Is this something that can be resolved by removing the extension and re-adding it or is there a policy configuration I ought to change or…?
Thanks!
Most likely either you are not actually logging in but instead unlocking your extension. Otherwise, when logged in you may have also selected the Remember Me option which will not require 2FA for 30 days.
You can find more about Duo for Orgs including using Duo, the 30 day Remember Me option, as well as detail on log out vs lock behavior Two-step Login via Duo | Bitwarden Help Center
Though if you do find that the issue is with the vault timeout options being to lock rather than log out you can also set the newly added in 2023.4.0 enterprise policy for Vault timeout action
… d’oh. It appears that my browser was set to use the vault timeout action when I close the browser- and that the Vault Timeout Action was set to Lock rather than Logout. Thanks!