[ctvo]

> Now let’s say that BitWarden stores 10 passwords to external services and I had access to those passwords through Bitwarden. Does someone then have to go in and manually change passwords to those 10 services every time someone leaves?

To reframe this: Companies use both SSO and BitWarden, but because a typical company utilizes so many differing services with differing auth coverage (supports SSO? supports roles, permissions, etc.?) BitWarden fills the gap. BitWarden wouldn't be used for your ADP, and 401K. It may be used for your company's payment processor under one main username / password. It may be used for your root AWS account username and password. It may be used for your DNS management. Production API keys for Stripe may be stored there in plain text, but encrypted in your secret store of choice. Those are the typical use cases I see. The list of things you keep in BitWarden are small(er), but they're business critical. Whereas before they were held by the CTO of the early stage startup, now they're centralized, secured, have an audit trail, can be easily shared with others, etc. etc.

In the company I used BitWarden with, these passwords were rotated manually when an employee who had access to that password left and the new value updated in BitWarden. Maybe that's easier now?