Configuring directory sync with Azure Active Directory

This article will cover how to connect the Bitwarden Directory Connector application to your Azure Active Directory.

Requirements

• Read through the following article: Syncing users and groups with a directory
• Install Bitwarden Directory Connector
• Using Directory Connector, log into your Bitwarden account and select your enterprise organization

Table of Contents

• Create a New Application Registration
• Grant Application Permissions
• Create Application Secret Key
• Get Your Application ID
• Get Your Tenant Hostname
• Configure Directory Connector
• Testing

Create a New Application Registration

1. Go to https://portal.azure.com
2. Select the Azure Active Directory resource
3. Navigate to App registrations and select New application registration
4. Name your application “Bitwarden”
5. Set the Application type to “Web app / API”
6. Set the Sign-on URL to any website value, such as “https://company.com”. This URL is not used in this setup process so it can be anything.
7. Click the Create button to create the application.

Grant Application Permissions

1. Select the Bitwarden application you created in the previous section.
2. Navigate to Settings and select Required Permissions.
3. Delete the existing Windows Azure Active Directory API permission set that is automatically created by default. It is not needed.
4. Select the Add button to create a new API permission set.
5. For step 1, Select an API for Microsoft Graph.
6. For step 2, Select Permissions for the following:
   • Application Permissions:
     • “Read all users’ full profiles”
     • “Read all groups”
   • Delegated Permissions:
     • “Read all groups”
     • “Read all users’ full profiles”
     • “Read all users basic profiles”
7. Click the Select button and then Done to add the Microsoft Graph API permissions.
8. Click the Grant Permissions button to grant the permissions to the application.

Create Application Secret Key

1. Go back to the Bitwarden application that you created.
2. Navigate to Settings and select Keys.
3. Add a new Password key by entering a Name and Duration. We recommend selecting “Never Expires” for the duration.
4. Click Save to create a new secret key.
5. Copy the key’s value to safe place. We will need to reference it later.

Get Your Application ID

1. Go back to the Bitwarden application that you created.
2. Copy the Application ID to a safe place. We will need to reference it later.

Get Your Tenant Hostname

1. Select the Directory and Subscription filter in the top right corner of the Azure Portal.
2. Note the hostname value that appears under your directory (ex. company.onmicrosoft.com). This is your Tenant hostname. Copy the Tenant hostname to a safe place. We will need to reference it later.

Configure Directory Connector

1. Launch the Directory Connector desktop application.
2. Go to the Settings tab.
3. Select Azure Active Directory as the directory type.
4. Enter the Tenant hostname that you copied from the steps above (ex. company.onmicrosoft.com).
5. Enter the Application ID that you copied from the steps above.
6. Enter the Application Secret Key that you copied from the steps above.

Congrats! You are done configuring Azure Active Directory with the Bitwarden Directory Connector.

Testing

Test your configuration by running a sync test. You should see your Azure Active Directory groups and/or users printed to the screen.