Automatically provision, update and deprovision users and groups in Bitwarden from JumpCloud using the Identity Management (SCIM) integration. Leverage this integration to centralize user lifecycle, user identity, and group management in JumpCloud for Bitwarden. Save time and avoid mistakes, as well as potential security risks, related to manually creating users.
Read this article to learn how to setup the Bitwarden integration.
Prerequisites
- A JumpCloud administrator account.
- An updated Bitwarden account.
- A Bitwarden user account with administrator permissions.
- Bitwarden SCIM API is based on version 2.0 of the SCIM standard.
- When you unbind a user from a group, the user will be in a revoked state in the Bitwarden portal.
- StartIndex and count are mandatory. Without passing these GET /Users doesn’t return anything.
- Groups are supported. If Management of User Groups and Group Membership is enabled, there are a few things to consider:
- Empty user groups will not sync.
- Groups must have at least 1 user in them to sync.
- There can be a delay of a few minutes when syncing.
Pre-existing Users and Groups
Organizations with users and groups that were onboarded before activating SCIM, either manually or using Directory Connector, should note the following:
Exists in the IdP
- Pre-existing User:
- Will not be duplicated.
- Will not be forced to re-join the Organization.
- Will not be removed from groups they’re already a member of.
- Pre-existing Group:
- Will not be duplicated.
- Will have members added according to the IdP.
- Will not have pre-existing members removed.
Does not exist in the IdP
- Pre-existing User:
- Will not be removed from the Organization.
- Will not have group memberships added or removed.
- Pre-existing Group:
- Will not be removed from the Organization.
- Will not have members added or removed.
Attribute Considerations
- A default set of attributes are managed for users. See the Attribute Mappings section for more details.
- Bitwarden does not populate displayName, firstName and lastName in the portal.
Group Management Important Considerations
Enabling Group Management
You must select the Enable management of User Groups and Group Membership in this application option to manage groups and group membership in the application from JumpCloud.
Group Provisioning and Syncing
- Empty groups are not created.
- JumpCloud takes over management of existing groups in the application when the user group name in JumpCloud matches the name of the group in the application.
- All user groups associated with the application in JumpCloud are synced. Syncing occurs whenever there is a membership or group change event.
- Group renaming is supported.
- If a user group is disassociated from the application in JumpCloud, syncing immediately stops and the group is left as-is in the application. All members of that user group are deactivated in the application unless they are associated with another active application group that is managed from JumpCloud.
Group Deletion
- Managed groups deleted in JumpCloud are deleted in the application.
- All members of the deleted group are deactivated in the application, unless they are associated with another active application group that is managed from JumpCloud.
Disabling Group Management
- You can disable group and group membership management by unchecking the Enable management of User Groups and Group Membership in this application option.
- The managed groups and group membership are left as-is in the application.
- JumpCloud stops sending group membership information for the user, but the user’s identity will continue to be managed from JumpCloud.
Creating a new JumpCloud Application Integration
- Log in to the JumpCloud Admin Portal.
- Go to USER AUTHENTICATION > SSO Applications.
- Click + Add New Application.
- Type the name of the application in the Search field and select it.
- Click Next.
- In the Display Label, type your name for the application. Optionally, you can enter a Description, adjust the User Portal Image and choose to hide or Show in User Portal.
- If this is a Bookmark application, enter its URL in the Bookmark URL field.
- Click Save Application.
- If successful, click:
- Configure Application and go to the next section.
- Close to configure your new connector at a later time.
Configuring the Identity Management Integration
To configure Bitwarden
- Open your organization’s Settings > SCIM Provisioning page.
- Select the Enable SCIM checkbox.
- Copy both your SCIM URL and SCIM API Key.
To configure JumpCloud
- Create a new application or select it from the Configured Applications list.
- Select the Identity Management tab.
- Select the Enable management of User Groups and Group Membership in this application checkbox if you want to provision, manage, and sync groups in Bitwarden from JumpCloud.
- Click Configure.
- You’re presented with two fields:
- *Base URL: Enter the SCIM URL for Bitwarden. (e.g., https://scim.bitwarden.com/v2/{tenant_id})
- Token Key: Paste the SCIM API Key you generated/copied when configuring Bitwarden.
- Click Activate.
- You will receive a confirmation that the Identity Management integration has been successfully verified.
- Click save.
Attribute Mappings
The following table lists attributes that JumpCloud sends to the application. See Attribute Considerations for more information regarding attribute mapping considerations.
Learn about JumpCloud Properties and how they work with system users in our API.
Bitwarden User Attributes
JumpCloud Property | JumpCloud UI Field Name | SCIM v2 Mapping | Bitwarden Value |
---|---|---|---|
username | Username | userName | userName |
Company Email | emails: value | emails | |
active | Status | active | active |
displayName | Display Name | displayName | displayName |
employeeIdentifier | Employee ID | externalId |
Removing the IdM Integration
To deactivate the IdM Integration
- Log in to the JumpCloud Admin Portal.
- Go to USER AUTHENTICATION > SSO.
- Search for the application that you’d like to deactivate and click to open its details panel.
- Under the company name and logo on the left hand panel, click the Deactivate IdM connection link.
- Click confirm.
- If successful, you will receive a confirmation message.
- You can now delete the application.
To delete the application
- Log in to the JumpCloud Admin Portal.
- Go to USER AUTHENTICATION > SSO Applications.
- Search for the application that you’d like to delete and click to open its details panel.
- Check the box for the application.
- Click Delete.
- Enter the number of the applications you are deleting
- Click Delete Application.
- If successful, you will see an application deletion confirmation notification.