The Bitwarden Blog

Get the most from your directory services with Bitwarden

TG
著者:Trey Greer
投稿した:
Link Copied!
  1. ブログ
  2. Get the most from your directory services with Bitwarden

What is Bitwarden Directory Connector?

Bitwarden Directory Connector is a standalone application that allows you to synchronize your Users and Groups from your LDAP directory to your Bitwarden Organization.

Bitwarden Directory Connector works with a variety of directory services such as:

  • Active Directory

  • Azure Active Directory

  • Google Workspace / G-Suite

  • Okta

  • OneLogin

How does Directory Connector compare to SCIM?

System for cross-domain identity management (SCIM) is available to Bitwarden Enterprise plans, and can be used to automatically provision members and groups in your Bitwarden organization by integrating with your identity provider (IdP). Changes made to the IdP will be reflected automatically in Bitwarden. Learn more in Help: About SCIM

Meanwhile, Directory Connecter is a standalone application that queries your directory service and then builds your Bitwarden organization based on the structure of your directory and is available to both Teams and Enterprise plans.

Linking with a directory service (LDAP) is a great way to streamline user onboarding, organizing, and sharing. Deploying the Directory Connector application allows the current employee or team member onboarding processes to remain mostly unchanged, and preserves the existing organizational structure.

Onboarding

The Directory Connector tool also enables easy onboarding for new Bitwarden users. This is great for organizations of all sizes, who benefit by allowing Users added to a directory to receive an invitation to a Bitwarden Organization as soon as Directory Connector synchronization is run.

Most LDAP services are supported. For a complete list of those, along with examples, check out our help article.

A commonly asked question is whether or not this tool allows users to log in or authenticate with their LDAP credentials. The short answer is no, Directory Connector is simply a way to make sure that Users and Groups that are in your Organization’s directory are synchronized to your Bitwarden Organization.

To enable users to log in with their LDAP or SSO credentials, you’ll need an Enterprise Plan and to enable Login with SSO and configure a few items as a best practice.

Working in Groups

Bitwarden Directory Connector also supports the synchronization of LDAP Groups. This is important because sharing through Bitwarden Collections is the most powerful and scalable when paired with user groups.

Assigning groups to specified Collections allow Administrators to understand the scope of sharing on a business-unit or functional level, instead of needing to perform individual audits for access.

The diagram below displays a general overview of a Bitwarden Organization and sharing best practices.

General overview of a Bitwarden Organization and sharing best practices diagram

Synchronizing filters

Large Organizations and those who may leverage extra Users and Grouping mechanisms in their LDAP directories can specify the Users and Groups that are synchronized into the Bitwarden Organization.

Users and Groups are related inside an LDAP directory, however, the user and group objects themselves are separate and are collected by the Directory Connector application independently.

This means that you can use filtering options to pull all LDAP Groups, except a group with component X.

However, this does not prevent Users in an LDAP Group with component X from being synchronized into Bitwarden; the group will simply not be added into Bitwarden, and those users will not be assigned to that group within the Bitwarden Organization.

The same principle applies to User synchronization. Synchronizing an LDAP Group with Bitwarden also allows excluding specific Users from that Group as well, based on the provided parameters.

Flexibility is key in User and Group management, as well as continuity of workflows. Bitwarden Directory Connector allows for maximum configuration.

User succession

When users are removed or disabled from your directory, this will trigger Bitwarden to remove them from your Organization and also remove access to any organizational data.

Applications

The Directory Connector application is available with a graphical interface for those who prefer to configure their apps on desktop machines, and a CLI variant for headless or desktop-less options.

Directory Connector currently supports the following platforms:

  • Windows

  • Mac

  • Linux

The synchronization for Users and Groups can be scheduled to run at a specified interval in the GUI application, or via cron in Linux, or a scheduled task for Windows using the CLI.

Resources

For full instructions on how to implement Bitwarden Directory Connector for your Organization and additional migration information, check out the following resources:

Focused on open source

Check out our work and community contributions to Directory Connector on GitHub!

Editor's Note

This blog was originally posted on January 1st, 2021 and updated on February 8th, 2024 to include information about SCIM.

DeploymentBusinessPassword Manager
Link Copied!
ブログ一覧に戻る

Get started with Bitwarden today.

あなたの無料アカウントを作成してください

あなたのサイバーセキュリティの知識をレベルアップさせましょう。

ニュースレターを購読してください。


© 2024 Bitwarden, Inc. 利用規約 プライバシー クッキーの設定 サイトマップ

このサイトは日本語でご利用いただけます。
Go to EnglishStay Here