Hi @RyanL , good to see that you are working on it. Sad that a bug exists already …
Most users are onboarded already, so I can’t judge if it works. I just had three users how needed re-approval of the already approved Browser the last 5 days. So there seems to be a Bug and the new feature won’t help. Also our users are used already to use “Admin Approval” and requested that instead of trying it with any App.
By the way we don’t allow the Bitwarden mobile App. We are waiting for remote wipe features and the like or Intune support there.
As I was going over this with my colleague today to make the documentation, we realized that trusted device is only good for logging in to your account and not actually unlocking your account.
So after step 4 in your workflow that you listed in this post in December of 2024, what is the proper way to unlock the browser extension or desktop app? I believe we had to use our master password to unlock it. I’ll have to test again tomorrow. I was really hoping for to do SSO login, and then after authentication our vaults would be unlocked.
When you say approved browser, do you mean into the web app (vault.bitwarden.com) or for the browser extension? If the former, if they used a private window or cleared cookies/cache, that would trigger it. If the latter, we should report that as a bug.
You can choose your settings here. When the vault is locked, it is re-encrypted locally on your device, so to unlock it, you need to provide something that can can be used to unencrypt it. The master password is the default.