Initial Configuration
Instance Settings
Access the Admin Portal
The System Administrator Portal for your instance is available at https://your.domain.com/admin
.
Settings to be aware about
If you are the main admin of the instance, it is good to be aware that there are a couple of settings that we do NOT set by default that you may wish to change. In order of appearance...
Allow new signups
This may seem counter-intuitive until you realize that we set up the initial user based on this availability. This also lets us easily onboard any additional users onto the instance. However, it is worth looking into as an option to set when creating the instance. However, it does not cause a major attack vector, especially when additional restrictions are introduced. Also, it enables zero data-leakage, as it simply allows an additional account to be enabled on the system.
Set attachment limits
Setting attachment limits avoids the really large attack vector from leaving account registrations open, which is to run an instance out of space by uploading very large attachments. This can be set from the instance setup, and from the admin page.
SMTP Email Settings
Like most services offered, because there is currently no bundled SMTP service, this is left blank. However, this can be connected to any email service that you have setup.
Email signup limitations
Implementing the above allows setting the below limitations on signups
This means that you can require signup emails to be verified for signups, but only to whitelisted domains. This works great if you work in an organization that uses their own domain addresses.
Client Settings
Common Settings
Vault Locking
There are two common settings - when to timeout, and what to do when it gets timed out. The above should be self-explanatory. The settings are different for the Browser Add-On which allows for the timeout to be the screenlock and/or a computer restart. The mobile app allows for an App Restart timeout.
Change Master Password
There are options on the other clients to do this, but they redirect to the web vault.
Web App
Display layout
This allows the web vault to display using the whole width of your screen. Just a nice QOL improvement.
Browser Add-On & Mobile Client
Server URL
Your URL should include the `/bitwarden` path at the end of the domain.
Unlock with Biometrics/PIN Code
This allows you to log in using a PIN or biometrics (fingerprint reader on mobile, etc.). This is much more convenient after setting up a device than having to re-type your master password over and over again.
Dark Theme
The only sane choice.
Auto-Fill
The explanations are above, but I would suggest setting these the way that seems best to you.
Note that if you don't have the URI saved for a site, but are using Bitwarden anyways, it will prompt you to add it to a new entry instead of the existing one.
Sync
This is to manually sync the clients. However, the clients sync any time there is a change as described in https://bitwarden.com/blog/post/live-sync/