diff --git a/.gitignore b/.gitignore
index d360737031..4b798f3b74 100644
--- a/.gitignore
+++ b/.gitignore
@@ -225,3 +225,4 @@ src/Identity/Identity.zip
src/Notifications/Notifications.zip
bitwarden_license/src/Portal/Portal.zip
bitwarden_license/src/Sso/Sso.zip
+src/Api/flags.json
diff --git a/src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs b/src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs
index c5b57eb381..a1a50ed3f6 100644
--- a/src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs
+++ b/src/Api/Auth/Models/Request/OrganizationSsoRequestModel.cs
@@ -41,8 +41,14 @@ public class SsoConfigurationDataRequest : IValidatableObject
[Required]
public SsoType ConfigType { get; set; }
+ public MemberDecryptionType MemberDecryptionType { get; set; }
- public bool KeyConnectorEnabled { get; set; }
+ [Obsolete("Use MemberDecryptionType instead")]
+ public bool KeyConnectorEnabled
+ {
+ // Setter is kept for backwards compatibility with older clients that still use this property.
+ set { MemberDecryptionType = value ? MemberDecryptionType.KeyConnector : MemberDecryptionType.MasterPassword; }
+ }
public string KeyConnectorUrl { get; set; }
// OIDC
@@ -166,7 +172,7 @@ public class SsoConfigurationDataRequest : IValidatableObject
return new SsoConfigurationData
{
ConfigType = ConfigType,
- KeyConnectorEnabled = KeyConnectorEnabled,
+ MemberDecryptionType = MemberDecryptionType,
KeyConnectorUrl = KeyConnectorUrl,
Authority = Authority,
ClientId = ClientId,
diff --git a/src/Api/Controllers/OrganizationsController.cs b/src/Api/Controllers/OrganizationsController.cs
index 7a59ceef1c..36fdd2a99a 100644
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@@ -8,6 +8,8 @@ using Bit.Api.Models.Request.Organizations;
using Bit.Api.Models.Response;
using Bit.Api.Models.Response.Organizations;
using Bit.Api.SecretsManager;
+using Bit.Core;
+using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Repositories;
using Bit.Core.Auth.Services;
using Bit.Core.Context;
@@ -46,6 +48,7 @@ public class OrganizationsController : Controller
private readonly IOrganizationApiKeyRepository _organizationApiKeyRepository;
private readonly IUpdateOrganizationLicenseCommand _updateOrganizationLicenseCommand;
private readonly ICloudGetOrganizationLicenseQuery _cloudGetOrganizationLicenseQuery;
+ private readonly IFeatureService _featureService;
private readonly GlobalSettings _globalSettings;
public OrganizationsController(
@@ -65,6 +68,7 @@ public class OrganizationsController : Controller
IOrganizationApiKeyRepository organizationApiKeyRepository,
IUpdateOrganizationLicenseCommand updateOrganizationLicenseCommand,
ICloudGetOrganizationLicenseQuery cloudGetOrganizationLicenseQuery,
+ IFeatureService featureService,
GlobalSettings globalSettings)
{
_organizationRepository = organizationRepository;
@@ -83,6 +87,7 @@ public class OrganizationsController : Controller
_organizationApiKeyRepository = organizationApiKeyRepository;
_updateOrganizationLicenseCommand = updateOrganizationLicenseCommand;
_cloudGetOrganizationLicenseQuery = cloudGetOrganizationLicenseQuery;
+ _featureService = featureService;
_globalSettings = globalSettings;
}
@@ -391,8 +396,7 @@ public class OrganizationsController : Controller
var user = await _userService.GetUserByPrincipalAsync(User);
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(orgGuidId);
- if (ssoConfig?.GetData()?.KeyConnectorEnabled == true &&
- user.UsesKeyConnector)
+ if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector && user.UsesKeyConnector)
{
throw new BadRequestException("Your organization's Single Sign-On settings prevent you from leaving.");
}
@@ -678,6 +682,12 @@ public class OrganizationsController : Controller
throw new NotFoundException();
}
+ if (model.Data.MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption &&
+ !_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext))
+ {
+ throw new BadRequestException(nameof(model.Data.MemberDecryptionType), "Invalid member decryption type.");
+ }
+
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(id);
ssoConfig = ssoConfig == null ? model.ToSsoConfig(id) : model.ToSsoConfig(ssoConfig);
organization.Identifier = model.Identifier;
diff --git a/src/Api/Models/Response/ProfileOrganizationResponseModel.cs b/src/Api/Models/Response/ProfileOrganizationResponseModel.cs
index 20737bb67b..215fc7a23a 100644
--- a/src/Api/Models/Response/ProfileOrganizationResponseModel.cs
+++ b/src/Api/Models/Response/ProfileOrganizationResponseModel.cs
@@ -1,4 +1,5 @@
-using Bit.Core.Auth.Models.Data;
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Data;
using Bit.Core.Enums;
using Bit.Core.Enums.Provider;
using Bit.Core.Models.Api;
@@ -62,7 +63,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
if (organization.SsoConfig != null)
{
var ssoConfigData = SsoConfigurationData.Deserialize(organization.SsoConfig);
- KeyConnectorEnabled = ssoConfigData.KeyConnectorEnabled && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
+ KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
KeyConnectorUrl = ssoConfigData.KeyConnectorUrl;
}
}
diff --git a/src/Core/Auth/Enums/MemberDecryptionType.cs b/src/Core/Auth/Enums/MemberDecryptionType.cs
new file mode 100644
index 0000000000..ac302d6cde
--- /dev/null
+++ b/src/Core/Auth/Enums/MemberDecryptionType.cs
@@ -0,0 +1,8 @@
+namespace Bit.Core.Auth.Enums;
+
+public enum MemberDecryptionType
+{
+ MasterPassword = 0,
+ KeyConnector = 1,
+ TrustedDeviceEncryption = 2
+}
diff --git a/src/Core/Auth/Models/Data/SsoConfigurationData.cs b/src/Core/Auth/Models/Data/SsoConfigurationData.cs
index ad51896324..d434661af6 100644
--- a/src/Core/Auth/Models/Data/SsoConfigurationData.cs
+++ b/src/Core/Auth/Models/Data/SsoConfigurationData.cs
@@ -22,7 +22,25 @@ public class SsoConfigurationData
public SsoType ConfigType { get; set; }
- public bool KeyConnectorEnabled { get; set; }
+ public MemberDecryptionType MemberDecryptionType { get; set; }
+
+ ///
+ /// Legacy property to determine if KeyConnector was enabled.
+ /// Kept for backwards compatibility with old configs that will not have
+ /// the new when deserialized from the database.
+ ///
+ [Obsolete("Use MemberDecryptionType instead")]
+ public bool KeyConnectorEnabled
+ {
+ get => MemberDecryptionType == MemberDecryptionType.KeyConnector;
+ set
+ {
+ if (value)
+ {
+ MemberDecryptionType = MemberDecryptionType.KeyConnector;
+ }
+ }
+ }
public string KeyConnectorUrl { get; set; }
// OIDC
diff --git a/src/Core/Auth/Services/Implementations/SsoConfigService.cs b/src/Core/Auth/Services/Implementations/SsoConfigService.cs
index 9bb05d2415..fb90d5d8d4 100644
--- a/src/Core/Auth/Services/Implementations/SsoConfigService.cs
+++ b/src/Core/Auth/Services/Implementations/SsoConfigService.cs
@@ -1,8 +1,10 @@
using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Repositories;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
+using Bit.Core.Models.Data.Organizations.Policies;
using Bit.Core.Repositories;
using Bit.Core.Services;
@@ -12,21 +14,30 @@ public class SsoConfigService : ISsoConfigService
{
private readonly ISsoConfigRepository _ssoConfigRepository;
private readonly IPolicyRepository _policyRepository;
+ private readonly IPolicyService _policyService;
private readonly IOrganizationRepository _organizationRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
+ private readonly IUserService _userService;
+ private readonly IOrganizationService _organizationService;
private readonly IEventService _eventService;
public SsoConfigService(
ISsoConfigRepository ssoConfigRepository,
IPolicyRepository policyRepository,
+ IPolicyService policyService,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
+ IUserService userService,
+ IOrganizationService organizationService,
IEventService eventService)
{
_ssoConfigRepository = ssoConfigRepository;
_policyRepository = policyRepository;
+ _policyService = policyService;
_organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository;
+ _userService = userService;
+ _organizationService = organizationService;
_eventService = eventService;
}
@@ -39,19 +50,31 @@ public class SsoConfigService : ISsoConfigService
config.CreationDate = now;
}
- var useKeyConnector = config.GetData().KeyConnectorEnabled;
+ var useKeyConnector = config.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector;
if (useKeyConnector)
{
await VerifyDependenciesAsync(config, organization);
}
var oldConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(config.OrganizationId);
- var disabledKeyConnector = oldConfig?.GetData()?.KeyConnectorEnabled == true && !useKeyConnector;
+ var disabledKeyConnector = oldConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector && !useKeyConnector;
if (disabledKeyConnector && await AnyOrgUserHasKeyConnectorEnabledAsync(config.OrganizationId))
{
throw new BadRequestException("Key Connector cannot be disabled at this moment.");
}
+ // Automatically enable reset password policy if trusted device encryption is selected
+ if (config.GetData().MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption)
+ {
+ var resetPolicy = await _policyRepository.GetByOrganizationIdTypeAsync(config.OrganizationId, PolicyType.ResetPassword) ??
+ new Policy { OrganizationId = config.OrganizationId, Type = PolicyType.ResetPassword, };
+
+ resetPolicy.Enabled = true;
+ resetPolicy.SetDataModel(new ResetPasswordDataModel { AutoEnrollEnabled = true });
+
+ await _policyService.SaveAsync(resetPolicy, _userService, _organizationService, null);
+ }
+
await LogEventsAsync(config, oldConfig);
await _ssoConfigRepository.UpsertAsync(config);
}
@@ -97,8 +120,9 @@ public class SsoConfigService : ISsoConfigService
await _eventService.LogOrganizationEventAsync(organization, e);
}
- var keyConnectorEnabled = config.GetData().KeyConnectorEnabled;
- if (oldConfig?.GetData()?.KeyConnectorEnabled != keyConnectorEnabled)
+ var keyConnectorEnabled = config.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector;
+ var oldKeyConnectorEnabled = oldConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector;
+ if (oldKeyConnectorEnabled != keyConnectorEnabled)
{
var e = keyConnectorEnabled
? EventType.Organization_EnabledKeyConnector
diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index 420edb403e..6e905ef7fe 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -30,6 +30,7 @@ public static class FeatureFlagKeys
public const string SecretsManager = "secrets-manager";
public const string DisplayEuEnvironment = "display-eu-environment";
public const string DisplayLowKdfIterationWarning = "display-kdf-iteration-warning";
+ public const string TrustedDeviceEncryption = "trusted-device-encryption";
public static List GetAllKeys()
{
diff --git a/src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs b/src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs
index b5c68bd3f5..b503476a1d 100644
--- a/src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs
+++ b/src/Core/Models/Data/Organizations/SelfHostedOrganizationDetails.cs
@@ -1,5 +1,6 @@
using Bit.Core.AdminConsole.Models.OrganizationConnectionConfigs;
using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Business;
@@ -56,7 +57,7 @@ public class SelfHostedOrganizationDetails : Organization
}
if (!license.UseKeyConnector && UseKeyConnector && SsoConfig?.Data != null &&
- SsoConfig.GetData().KeyConnectorEnabled)
+ SsoConfig.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector)
{
exception = $"Your organization currently has Key Connector enabled. " +
$"Your new license does not allow for the use of Key Connector. Disable your Key Connector.";
diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs
index bad0b347a8..428b9481c1 100644
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@@ -262,7 +262,7 @@ public class OrganizationService : IOrganizationService
if (!newPlan.HasKeyConnector && organization.UseKeyConnector)
{
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
- if (ssoConfig != null && ssoConfig.GetData().KeyConnectorEnabled)
+ if (ssoConfig != null && ssoConfig.GetData().MemberDecryptionType == MemberDecryptionType.KeyConnector)
{
throw new BadRequestException("Your new plan does not allow the Key Connector feature. " +
"Disable your Key Connector.");
@@ -2153,7 +2153,7 @@ public class OrganizationService : IOrganizationService
private async Task ValidateDeleteOrganizationAsync(Organization organization)
{
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(organization.Id);
- if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
+ if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector)
{
throw new BadRequestException("You cannot delete an Organization that is using Key Connector.");
}
diff --git a/src/Core/Services/Implementations/PolicyService.cs b/src/Core/Services/Implementations/PolicyService.cs
index 7f1ec3ee0f..83020505ac 100644
--- a/src/Core/Services/Implementations/PolicyService.cs
+++ b/src/Core/Services/Implementations/PolicyService.cs
@@ -1,4 +1,5 @@
-using Bit.Core.Auth.Repositories;
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Repositories;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
@@ -185,7 +186,7 @@ public class PolicyService : IPolicyService
{
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(org.Id);
- if (ssoConfig?.GetData()?.KeyConnectorEnabled == true)
+ if (ssoConfig?.GetData()?.MemberDecryptionType == MemberDecryptionType.KeyConnector)
{
throw new BadRequestException("Key Connector is enabled.");
}
diff --git a/src/Identity/IdentityServer/CustomTokenRequestValidator.cs b/src/Identity/IdentityServer/CustomTokenRequestValidator.cs
index aef5f5c544..2f76291bf4 100644
--- a/src/Identity/IdentityServer/CustomTokenRequestValidator.cs
+++ b/src/Identity/IdentityServer/CustomTokenRequestValidator.cs
@@ -1,4 +1,5 @@
using System.Security.Claims;
+using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Identity;
using Bit.Core.Auth.Models.Business.Tokenables;
using Bit.Core.Auth.Repositories;
@@ -129,7 +130,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator();
_createOrganizationApiKeyCommand = Substitute.For();
_updateOrganizationLicenseCommand = Substitute.For();
+ _featureService = Substitute.For();
_sut = new OrganizationsController(_organizationRepository, _organizationUserRepository,
_policyRepository, _providerRepository, _organizationService, _userService, _paymentService, _currentContext,
_ssoConfigRepository, _ssoConfigService, _getOrganizationApiKeyQuery, _rotateOrganizationApiKeyCommand,
_createOrganizationApiKeyCommand, _organizationApiKeyRepository, _updateOrganizationLicenseCommand,
- _cloudGetOrganizationLicenseQuery, _globalSettings);
+ _cloudGetOrganizationLicenseQuery, _featureService, _globalSettings);
}
public void Dispose()
@@ -82,7 +85,7 @@ public class OrganizationsControllerTests : IDisposable
Id = default,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = true,
+ MemberDecryptionType = MemberDecryptionType.KeyConnector
}.Serialize(),
Enabled = true,
OrganizationId = orgId,
@@ -115,7 +118,9 @@ public class OrganizationsControllerTests : IDisposable
Id = default,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = keyConnectorEnabled,
+ MemberDecryptionType = keyConnectorEnabled
+ ? MemberDecryptionType.KeyConnector
+ : MemberDecryptionType.MasterPassword
}.Serialize(),
Enabled = true,
OrganizationId = orgId,
diff --git a/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs b/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs
index eb155cd0a1..fdc8217ba8 100644
--- a/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs
+++ b/test/Core.Test/Auth/Services/SsoConfigServiceTests.cs
@@ -1,4 +1,5 @@
using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Bit.Core.Auth.Services;
@@ -83,7 +84,7 @@ public class SsoConfigServiceTests
Id = 1,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = true,
+ MemberDecryptionType = MemberDecryptionType.KeyConnector
}.Serialize(),
Enabled = true,
OrganizationId = organization.Id,
@@ -127,7 +128,7 @@ public class SsoConfigServiceTests
Id = 1,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = true,
+ MemberDecryptionType = MemberDecryptionType.KeyConnector,
}.Serialize(),
Enabled = true,
OrganizationId = organization.Id,
@@ -165,7 +166,7 @@ public class SsoConfigServiceTests
Id = default,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = true,
+ MemberDecryptionType = MemberDecryptionType.KeyConnector,
}.Serialize(),
Enabled = true,
OrganizationId = organization.Id,
@@ -193,7 +194,7 @@ public class SsoConfigServiceTests
Id = default,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = true,
+ MemberDecryptionType = MemberDecryptionType.KeyConnector,
}.Serialize(),
Enabled = true,
OrganizationId = organization.Id,
@@ -227,7 +228,7 @@ public class SsoConfigServiceTests
Id = default,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = true,
+ MemberDecryptionType = MemberDecryptionType.KeyConnector,
}.Serialize(),
Enabled = false,
OrganizationId = organization.Id,
@@ -262,7 +263,7 @@ public class SsoConfigServiceTests
Id = default,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = true,
+ MemberDecryptionType = MemberDecryptionType.KeyConnector,
}.Serialize(),
Enabled = true,
OrganizationId = organization.Id,
@@ -297,7 +298,7 @@ public class SsoConfigServiceTests
Id = default,
Data = new SsoConfigurationData
{
- KeyConnectorEnabled = true,
+ MemberDecryptionType = MemberDecryptionType.KeyConnector,
}.Serialize(),
Enabled = true,
OrganizationId = organization.Id,
diff --git a/test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs b/test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs
index a001454a0d..c0ab7b9c40 100644
--- a/test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs
+++ b/test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs
@@ -1,5 +1,6 @@
using Bit.Core.AdminConsole.Models.OrganizationConnectionConfigs;
using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Entities;
using Bit.Core.Enums;
@@ -173,7 +174,7 @@ public class SelfHostedOrganizationDetailsTests
{
var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
orgLicense.UseKeyConnector = false;
- orgDetails.SsoConfig.SetData(new SsoConfigurationData() { KeyConnectorEnabled = false });
+ orgDetails.SsoConfig.SetData(new SsoConfigurationData() { MemberDecryptionType = MemberDecryptionType.MasterPassword });
var result = orgDetails.CanUseLicense(license, out var exception);
@@ -318,7 +319,7 @@ public class SelfHostedOrganizationDetailsTests
ssoConfig.Enabled = true;
ssoConfig.SetData(new SsoConfigurationData()
{
- KeyConnectorEnabled = true
+ MemberDecryptionType = MemberDecryptionType.KeyConnector,
});
var enabledScimConfig = new ScimConfig() { Enabled = true };
diff --git a/test/Core.Test/Services/OrganizationServiceTests.cs b/test/Core.Test/Services/OrganizationServiceTests.cs
index aae8e98ad4..5a92bdcdf5 100644
--- a/test/Core.Test/Services/OrganizationServiceTests.cs
+++ b/test/Core.Test/Services/OrganizationServiceTests.cs
@@ -1,5 +1,6 @@
using System.Text.Json;
using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Business;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
@@ -1192,7 +1193,7 @@ public class OrganizationServiceTests
SsoConfig ssoConfig)
{
ssoConfig.Enabled = true;
- ssoConfig.SetData(new SsoConfigurationData { KeyConnectorEnabled = true });
+ ssoConfig.SetData(new SsoConfigurationData { MemberDecryptionType = MemberDecryptionType.KeyConnector });
var ssoConfigRepository = sutProvider.GetDependency();
var organizationRepository = sutProvider.GetDependency();
var applicationCacheService = sutProvider.GetDependency();
diff --git a/test/Core.Test/Services/PolicyServiceTests.cs b/test/Core.Test/Services/PolicyServiceTests.cs
index 992daf4b67..a5b2c96077 100644
--- a/test/Core.Test/Services/PolicyServiceTests.cs
+++ b/test/Core.Test/Services/PolicyServiceTests.cs
@@ -1,4 +1,5 @@
using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Bit.Core.Entities;
@@ -147,7 +148,7 @@ public class PolicyServiceTests
});
var ssoConfig = new SsoConfig { Enabled = true };
- var data = new SsoConfigurationData { KeyConnectorEnabled = true };
+ var data = new SsoConfigurationData { MemberDecryptionType = MemberDecryptionType.KeyConnector };
ssoConfig.SetData(data);
sutProvider.GetDependency()