Skip to main content

System Management Portal

Portal naming

This documentation refers to the deployment of the Admin application in our server repository. To disambiguate this application from others in the Bitwarden landscape, we refer to it as follows:

  • For Cloud-Hosted Instances (internal to Bitwarden) → Bitwarden Portal
  • For Self-Hosted Instances → System Management Portal

Setup

  1. Navigate to the server/src/admin directory.

  2. Restore nuget packages:

    dotnet restore
  3. Install npm packages:

    npm ci
  4. Build the admin project:

    dotnet build
  5. Build out the wwwroot directory with the necessary stylesheets and libraries:

    npx gulp build
  6. Start the server:

    dotnet run
  7. Confirm it's working by using your favorite browser to navigate to the portal URL. By default, this is http://localhost:62911.

Configuring access

Authentication

Portal authentication is done entirely through a passwordless flow, using a link sent through email. The email address must be listed in the adminSettings:admins user secret to be authorized.

If you’ve followed the Server Setup Guide this should already be configured, with the following accounts having access:

  • owner@localhost
  • admin@localhost
  • cs@localhost
  • billing@localhost
  • sales@localhost

If not, please go back and configure it now.

tip

See User Secrets for how to configure your user secrets.

Authorization

The Bitwarden Portal uses role-based access control to restrict access to application functionality. In order to have access to the features within the Bitwarden Portal, you will need to assign your account to a role. This is in addition to the authentication setup above.

Role membership is defined in the adminSettings:role section of the server application configuration. Each role's members are represented as a comma-delimited list of account email addresses. For local development, your user secrets will be defined with the following account in each role:

RoleSettingDefault secrets.json Value
OwneradminSettings:role:ownerowner@localhost
AdminadminSettings:role:adminadmin@localhost
Customer SuccessadminSettings:role:cscs@localhost
BillingadminSettings:role:billingbilling@localhost
SalesadminSettings:role:salessales@localhost

If you wish to change the membership for any role, you can edit your user secrets to specify the desired value.

info

Role-based access control is only enforced on cloud-hosted instances. There is no role-based access control on self-hosted deployments.

Logging in

  1. Navigate to your portal URL. By default, this is http://localhost:62911.
  2. Enter admin@localhost as the email (or whatever email you’ve configured in your user secrets)
  3. Open MailCatcher (default is http://localhost:1080) and click the login link.