[GH-ISSUE #3599] Group Membership Information Not Retained on Organization Invite Creation #1615

New issue

Closed

opened 2026-03-03 02:10:41 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 02:10:41 +03:00

Owner

Originally created by @mbmy on GitHub (Jun 21, 2023).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3599

Subject of the issue

Deployment environment

Vaultwarden version: v1.28.1
Web-vault version: v2023.3.0b
OS/Arch: linux/x86_64
Running within Docker: true (Base: Debian)
Environment settings overridden: true
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Database type: SQLite
Database version: 3.39.2
Clients used:
Reverse proxy and version:
Other relevant information:
Install method:
Reverse proxy and version: Caddy

Steps to reproduce

Enable beta groups functionality
Create a group
Within an organization, send an invite to a user to join the organization with the group specified at the time of the invite
The invite will not retain the group information and it will need to be readded.

Expected behaviour

With collections, an invite can be sent to a user with the collections set at the time of the invite so that when the join the org, the collection is visible. It would be nice if group membership information could mimic this behavior. Particularly, if the organization has a policy set to enforce 2FA before the user can be added to the org, you cannot go back and set the group membership after the invite goes out until they completely join.

Actual behaviour

The invite is sent to the user without the group membership. You can only add it after the user is enrolled (with 2FA enforcement policy enabled).

Originally created by @mbmy on GitHub (Jun 21, 2023). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3599 ### Subject of the issue  ### Deployment environment * Vaultwarden version: v1.28.1 * Web-vault version: v2023.3.0b * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.39.2 * Clients used: * Reverse proxy and version: * Other relevant information: * Install method: * Reverse proxy and version: Caddy ### Steps to reproduce 1. Enable beta groups functionality 2. Create a group 3. Within an organization, send an invite to a user to join the organization with the group specified at the time of the invite 4. The invite will not retain the group information and it will need to be readded. ### Expected behaviour With collections, an invite can be sent to a user with the collections set at the time of the invite so that when the join the org, the collection is visible. It would be nice if group membership information could mimic this behavior. Particularly, if the organization has a policy set to enforce 2FA before the user can be added to the org, you cannot go back and set the group membership after the invite goes out until they completely join. ### Actual behaviour The invite is sent to the user without the group membership. You can only add it after the user is enrolled (with 2FA enforcement policy enabled).