Initial Configuration

Instance Settings

Access the Admin Portal

The System Administrator Portal for your instance is available at https://your.domain.com/admin

Settings to be aware about

If you are the main admin of the instance, it is good to be aware that there are a couple of settings that we do NOT set by default that you may wish to change. In order of appearance...

Allow new signups

2021-08-10-21-52-10-Vaultwarden Admin Panel.png

This may seem counter-intuitive until you realize that we set up the initial user based on this availability. This also lets us easily onboard any additional users onto the instance. However, it is worth looking into as an option to set when creating the instance. However, it does not cause a major attack vector, especially when additional restrictions are introduced. Also, it enables zero data-leakage, as it simply allows an additional account to be enabled on the system.

Set attachment limits

2021-08-10-21-51-51-Vaultwarden Admin Panel.png

Setting attachment limits avoids the really large attack vector from leaving account registrations open, which is to run an instance out of space by uploading very large attachments. This can be set from the instance setup, and from the admin page.

SMTP Email Settings

2021-08-10-21-53-26-Vaultwarden Admin Panel.png

Like most services offered, because there is currently no bundled SMTP service,  this is left blank. However, this can be connected to any email service that you have setup.

Email signup limitations

Implementing the above allows setting the below limitations on signups

image-1628647614573.png

This means that you can require signup emails to be verified for signups, but only to whitelisted domains. This works great if you work in an organization that uses their own domain addresses.

Client Settings

Common Settings

Vault Locking

image-1628648629131.png

There are two common settings - when to timeout, and what to do when it gets timed out. The above should be self-explanatory. The settings are different for the Browser Add-On which allows for the timeout to be the screenlock and/or a computer restart. The mobile app allows for an App Restart timeout.

Change Master Password

image-1628649375635.png

There are options on the other clients to do this, but they redirect to the web vault. 

Web App

Display layout

image-1628648758593.png

This allows the web vault to display using the whole width of your screen. Just a nice QOL improvement.

 

Browser Add-On & Mobile Client

Server URL

image-1628650161881.pngimage-1628650070161.png

Your URL should include the `/bitwarden` path at the end of the domain.

 

Unlock with Biometrics/PIN Code

image-1628651168664.png

This allows you to log in using a PIN or biometrics (fingerprint reader on mobile, etc.). This is much more convenient after setting up a device than having to re-type your master password over and over again.

Dark Theme

image-1628650366381.png

The only sane choice.

Auto-Fill

image-1628651550976.png

The explanations are above, but I would suggest setting these the way that seems best to you.

Note that if you don't have the URI saved for a site, but are using Bitwarden anyways, it will prompt you to add it to a new entry instead of the existing one.

Sync

 

image-1628650519668.png

image-1628650467049.png

This is to manually sync the clients. However, the clients sync any time there is a change as described in https://bitwarden.com/blog/post/live-sync/ 

Desktop Client

CLI