Now I’m curious and this comes from my job history is working at mostly small disorganized companies and then moving to one very large company where I work with other very large enterprises so I have no experience with mid size companies.
Say I work for a large company where everything is gated via an SSO - email, Slack, internal apps, ADP for payroll, my brokerage account containing my 401K information (of course I do have a separate non SSO password for this since it is my account), and Bitwarden (I see it does support SAML).
If I leave my very large organization, it’s easy enough for a manager to disable my SSO and be mostly assured that I don’t have access to anything I shouldn’t. Because “security is job 0” (How do you say where you work without saying where you work /s).
Now let’s say that BitWarden stores 10 passwords to external services and I had access to those passwords through Bitwarden. Does someone then have to go in and manually change passwords to those 10 services every time someone leaves?
> Now let’s say that BitWarden stores 10 passwords to external services and I had access to those passwords through Bitwarden. Does someone then have to go in and manually change passwords to those 10 services every time someone leaves?
To reframe this: Companies use both SSO and BitWarden, but because a typical company utilizes so many differing services with differing auth coverage (supports SSO? supports roles, permissions, etc.?) BitWarden fills the gap. BitWarden wouldn't be used for your ADP, and 401K. It may be used for your company's payment processor under one main username / password. It may be used for your root AWS account username and password. It may be used for your DNS management. Production API keys for Stripe may be stored there in plain text, but encrypted in your secret store of choice. Those are the typical use cases I see. The list of things you keep in BitWarden are small(er), but they're business critical. Whereas before they were held by the CTO of the early stage startup, now they're centralized, secured, have an audit trail, can be easily shared with others, etc. etc.
In the company I used BitWarden with, these passwords were rotated manually when an employee who had access to that password left and the new value updated in BitWarden. Maybe that's easier now?
Say I work for a large company where everything is gated via an SSO - email, Slack, internal apps, ADP for payroll, my brokerage account containing my 401K information (of course I do have a separate non SSO password for this since it is my account), and Bitwarden (I see it does support SAML).
If I leave my very large organization, it’s easy enough for a manager to disable my SSO and be mostly assured that I don’t have access to anything I shouldn’t. Because “security is job 0” (How do you say where you work without saying where you work /s).
Now let’s say that BitWarden stores 10 passwords to external services and I had access to those passwords through Bitwarden. Does someone then have to go in and manually change passwords to those 10 services every time someone leaves?