Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement: Zero Trust Private Network Access Support #1070

Closed
haneef95 opened this issue Jan 4, 2021 · 3 comments
Closed

Enhancement: Zero Trust Private Network Access Support #1070

haneef95 opened this issue Jan 4, 2021 · 3 comments

Comments

@haneef95
Copy link
Contributor

haneef95 commented Jan 4, 2021

Hi,

It would be very good from a security standpoint to support the use of these types of services, example includes:

Benefits

Some of the benefits of these products include:

  • Application firewall with authentication.
  • Bot/Crawler protection for the origin/bitwarden server.
  • Attackers would've to pass through robust security even before sending/receiving a byte from the origin/bitwarden server, let alone attempting to login or register.
  • No need to expose Inbound ports on the origin/Bitwarden server.
  • For legitimate users, it should just be a single additional click to authenticate with their SSO IdP, which they'll be doing in Bitwarden as well anyway.
  • Mostly no additional cost for the users/businesses. Small entities could use Cloudflare Access for free. Large entities most likely already have at least one of the above products.
  • None of the above services are known to charge for bandwidth

These products are used by small entities and corporations alike. Especially given that Cloudflare Access is currently free for 50 users, and AADAP is included in P1 licenses.

Potential solution

The above services should already work well with Bitwarden Web Vault.

However, the other Bitwarden client applications would need to be modified to facilitate such services.

  • The client applications might have to add support for web-based authentication as opposed to what currently seems to be form-based authentication only,
  • or OAuth 2.0 authentication support.
@Greenderella
Copy link
Member

Hi @haneef95

We use GitHub issues as a place to track bugs and other development related issues. The Bitwarden Community Forums has a section for submitting, voting for, and discussing product feature requests like this one.

Please sign up on our forums and search to see if this request already exists. If so, you can vote for it and contribute to any discussions about it. If not, you can re-create the request there so that it can be properly tracked.

@haneef95
Copy link
Contributor Author

haneef95 commented Jan 4, 2021

Added: https://community.bitwarden.com/t/enhancement-zero-trust-private-network-access-support/16443

@cscharf
Copy link
Contributor

cscharf commented Jan 4, 2021

thanks @haneef95 , closing this issue on Github now.

@cscharf cscharf closed this as completed Jan 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants