SSO Domain Verification Expiring After A Week

[kannasama]

Steps To Reproduce

1. Go to 'Organization' > 'Settings' > 'Domain verification'
2. Add a domain entry, e.g. yourdomain.com.
3. Complete initial verification.
4. After approximately a week, the record is removed.

Expected Result

Domain verification to complete automatically on a regular basis.

Actual Result

Domain verification is removed after approximately one week. This can be extended by manually triggering the verification process.

Screenshots or Videos

No response

Additional Context

It appears that the the automated process to actually trigger the verification check does not occur. If there were an API call, or URL that could be called where a scheduled task could be configured to run this, I would be fine with that. That said, this is something that should be handled in an automated process.

Additionally, while I can understand the need for domain verification in hosted solutions, perhaps some option could be available to exempt self-hosted, single organization instances from this requirement for SSO.

Githash Version

1e3e937-dirty

Environment Details

No response

Database Image

No response

Issue-Link

#2480

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[SergeantConfused]

Hi @kannasama,

Thank you for this report. Just to make sure that you and I are on the same page, in step 3, the domain you set shows as (Verified), as shown in the screenshot here, correct? Meaning, it remains verified for one week, and then is completely removed from the Domain Verification menu, correct?

Thank you,

[kannasama]

Yes, that is correct. It appears that there are no automatic reverification attempts being made.

…

On Sun, May 5, 2024 at 8:49 AM SergeantConfused ***@***.***> wrote: Hi @kannasama <https://github.com/kannasama>, Thank you for this report. Just to make sure that you and I are on the same page, in step 3, the domain you set shows as (Verified), as shown in the screenshot here <https://bitwarden.com/help/domain-verification/#managing-domains>, correct? Meaning, it remains verified for one week, and then is completely removed from the Domain Verification menu, correct? Thank you, — Reply to this email directly, view it on GitHub <#4051 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACAK4IPLYTHDDYNCEUBCZMTZAYTEBAVCNFSM6AAAAABHGDZ7G6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJUG44TKNBYGI> . You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Michael J. Hill ***@***.***

[sso-bitwarden]

At this time, there is no regular check once the domain is verified.

"Regular check" is on our radar for future improvement.

[kannasama]

Just for clarification. The expected behavior right now is, after the initial verification is completed, an admin goes in and manually clicks the reverify link each week?