Q1 Release (#356)

* q1 release additions & extras

* saml samples addition

* safari app extension note

* invitation validity

_articles/account/biometrics.md

@@ -59,3 +59,33 @@ If you do not see the option to enable Windows Hello within the Desktop preferen
 Once Biometric Unlock is enabled, a new button will be presented on the Unlock screen. Selecting this button (for example, **Unlock with Windows Hello**) will initiate unlock. You may at any time choose to unlock your Vault with your Master Password instead.
 
 {% image /biometrics/hello-unlock.png Unlock with Windows Hello %}
+
+## Browser Extensions
+
+Biometric Unlock is supported for **Firefox** and **Chromium-based** (i.e. Chrome, Edge) Bitwarden Browser Extensions by integration with a native Bitwarden Desktop App. Through the Desktop App's access to Biometric APIs, Browser Extensions support Biometric Unlock:
+- For **Windows**, via [Windows Hello](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello){:target="\_blank"} using PIN, Facial Recognition, or [other hardware that meets Windows Hello biometric requirements](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-biometric-requirements){:target="\_blank"}.
+- For **macOS**, via [Touch ID](https://support.apple.com/en-us/HT207054){:target="\_blank"}.
+
+{% callout info %}
+The Bitwarden Desktop Application must be installed, logged in, and running in order to use Biometric Unlock in a Browser Extension. Additionally, you will need to [enable Biometric Unlock in the desktop app](#enable-biometric-unlock-in-desktop) before proceeding.
+{% endcallout %}
+
+### Enable Biometric Unlock for Browser Extensions
+
+Complete the following steps to enable Biometric Unlock in your Browser Extension:
+
+1. In the Desktop App, navigate to **Settings** (on Windows, **File** → **Settings**) (on macOS, **Bitwarden** → **Preferences**).
+2. Check the **Enable Browser Integration** checkbox.
+3. In the Browser Extension, open the **Settings** tab.
+4. Check the **Unlock with biometrics** checkbox.
+
+   To validate a secure channel, a `Desktop sync verification` dialog box will appear in your Browser Extension and a `Verify browser connection` dialog box will appear in your Desktop Application.
+5. Validate that the displayed [account fingerprint]({% link _articles/features/fingerprint-phrase.md %}) matches in both locations. If they match, select the **Approve** button and input your Biometric authentication method.
+
+   You will be required to re-validate each time either the Desktop App or Browser Extension is restarted.
+
+Once Biometric Unlock is enabled, a new button will be presented on the Unlock screen. Selecting the **Unlock biometrics** button will initiate unlock via the Desktop App.
+
+{% callout warning %}
+If you attempt to use Biometric Unlock when the Desktop App is closed, you will be prompted to open the Desktop App and redo the fingerprint validation handshake described in this section.
+{% endcallout %}

_articles/account/export-your-data.md

@@ -8,14 +8,14 @@ tags: [export, accounts, csv]
 order: 06
 ---
 
-Bitwarden allows you to export your personal Vault data from any client application, or an Organization Vault from the Web Vault or CLI.
+Bitwarden allows you to export your personal Vault data from any client application, or an Organization Vault from the Web Vault or CLI. Exports can be downloaded as plaintext `.json` or `.csv` files, or as a `.json` [Encrypted Export]({% link _articles/importing/encrypted-export.md %}).
 
-Exports can be downloaded as `.json` or `.csv` files, however Bitwarden recommends using `.json` for a more complete option for standard backup procedures as `.csv` exports will not export Cards or Identities. For information on the format of Bitwarden `.csv` and `.json` exports, see [Condition a Bitwarden .csv or .json]({% link _articles/importing/condition-bitwarden-import.md %}).
+Bitwarden recommends using `.json` for a more complete option for standard backup procedures as `.csv` exports will not export Cards or Identities. For information on the format of Bitwarden `.csv` and `.json` exports, see [Condition a Bitwarden .csv or .json]({% link _articles/importing/condition-bitwarden-import.md %}).
 
-Vault Exports currently do not include file attachments.
+Vault Exports **will not include** File Attachments or Items in the Trash.
 
 {% callout warning %}
-Vault Exports contain your data in an **unencrypted** format. Do not store or send the exported file over insecure channels, like email. You should delete Vault Exports immediately after you are done using them.
+Unless you're using an [Encrypted Export]({% link _articles/importing/encrypted-export.md %}), do not store or send the exported file over insecure channels, like email, and delete the file immediately after use.
 {% endcallout %}
 
 ## Export a Personal Vault
@@ -27,7 +27,7 @@ Export your Personal Vault data from any client application:
 1. Select **Tools** from the top navigation bar.
 3. Select **Export Vault** from the left-hand Tools menu.
 4. On the Export Vault page:
-   - Select a **File Format** (`.json` or `.csv`).
+   - Select a **File Format** (`.json`, `.csv`, or `.json (Encrypted)`).
    - Enter your **Master Password**.
 5. Select the **Export Vault** button to download your Vault Export. You will be prompted to specify a location for download.
 
@@ -36,7 +36,7 @@ Export your Personal Vault data from any client application:
 1. Tap the **Settings** tab.
 2. Scroll down to the **Tools** section, and tap **Export Vault**.
 3. On the Export Vault page:
-   - Select a **File Format** (`.json` or `.csv`).
+   - Select a **File Format** (`.json`, `.csv`, or `.json (Encrypted)`).
    - Enter your **Master Password**.
 4. Select the **Export Vault** button to download your Vault Export. You will be prompted to specify a location for download.
 
@@ -45,7 +45,7 @@ Export your Personal Vault data from any client application:
 1. Open the **Settings** tab.
 2. Scroll down to the **Tools** section, and select **Export Vault**.
 4. On the Export Vault page:
-   - Select a **File Format** (`.json` or `.csv`).
+   - Select a **File Format** (`.json`, `.csv`, or `.json (Encrypted)`).
    - Enter your **Master Password**.
 5. Select the **Export Vault** button to download your Vault Export. You will be prompted to specify a location for download.
 
@@ -53,7 +53,7 @@ Export your Personal Vault data from any client application:
 
 1. Navigate to **File** → **Export Vault**.
 2. In the Export Vault window:
-   - Select a **File Format** (`.json` or `.csv`).
+   - Select a **File Format** (`.json`, `.csv`, or `.json (Encrypted)`).
    - Enter your **Master Password**.
 3. Select the **Submit** button to download your Vault Export. You will be prompted to specify a location for download.
 
@@ -63,7 +63,7 @@ Use the `bw export` command to export your Vault data. By default, `bw export` w
 
 You may pass the following options with the `bw export` command:
 - `--output <filePath>` to specify a saving location of your choice.
-- `--format <format>` to specify the file format as `csv` (*default*) or `json`.
+- `--format <format>` to specify the file format as `csv` (*default*), `json`, or `encrypted_json`.
 
 ## Export an Organization Vault
 
@@ -76,7 +76,7 @@ Admins and Owners may export their Organization Vault from the Web Vault or CLI:
    {% image organizations/org-export.png Export Organization Vault %}
 2. Select **Export Vault** from the left-hand Tools menu.
 4. On the Export Vault page:
-   - Select a **File Format** (`.json` or `.csv`).
+   - Select a **File Format** (`.json`, `.csv`, or `.json (Encrypted)`).
    - Enter your **Master Password**.
 5. Select the **Export Vault** button to download your Vault Export. You will be prompted to specify a location for download.
 
@@ -90,4 +90,4 @@ Retrieve your `<orgId>` value using the command: `bw list organizations`.
 
 By default, `bw export` will create a `.csv` export in the current working directory, however you may pass the following options with the command:
 - `--output <filePath>` to specify a saving location of your choice.
-- `--format <format>` to specify the file format as `csv` (*default*) or `json`.
+- `--format <format>` to specify the file format as `csv` (*default*), `json`, or `encrypted_json`.

_articles/account/install-safari-app-extension.md

@@ -1,20 +1,28 @@
 ---
 layout: article
-title: Installing the Bitwarden Safari App Extension
+title: Bitwarden Safari App Extension
 categories: [features]
 featured: false
 popular: false
 tags: [browser, safari]
 ---
 
-The new Safari App Extension is now packaged with the Bitwarden Desktop App. This is the recommended development path from Apple for Safari App Extensions.
+## Get the Extension
 
+Bitwarden's Safari App Extension is packaged with the Bitwarden Desktop App available on the App Store, as recommended by from Apple regarding Safari App Extensions.
 
-Download the Bitwarden Safari App Extension (within the Bitwarden Desktop App)
-[https://vault.bitwarden.com/download/?app=desktop&platform=macos](https://vault.bitwarden.com/download/?app=desktop&platform=macos)
+{% callout warning %}
+Due to changes by Apple, Safari now limits Safari App Extension use to only those obtained through Mac App Store downloads. As of Q1 2021, users will not be able to use a Bitwarden Safari App Extension obtained through a `.dmg` installation from [bitwarden.com/download](https://bitwarden.com/download){:target="\_blank"} or any other non-App Store source.
 
-You can also use the App Store version of the Bitwarden Desktop App.
-
-Be sure to run the desktop application once. If the extension still does not appear, it may just need to be enabled. In Safari, check under Preferences > Extensions.
+To read community conversation on the topic, refer to the following Apple Developer Forum threads ([Thread #1](https://developer.apple.com/forums/thread/659029){:target="\_blank"}, [Thread #2](https://developer.apple.com/forums/thread/667859){:target="\_blank"}).
+{% endcallout %}
 
 For developer detail on Safari App Extensions, click [here](https://developer.apple.com/documentation/safariservices/safari_app_extensions).
+
+## Enable the Extension
+
+Before enabling the Safari App Extension, run the Desktop Application at least one. In Safari:
+
+1. Open the **Preferences** window.
+2. Navigate to the **Extensions** page.
+3. Check the **Bitwarden** checkbox, and select **Turn on** in the confirmation dialog.

_articles/faqs/security-faqs.md

@@ -6,7 +6,7 @@ featured: false
 popular: false
 hidden: false
 tags: []
-order: 08
+order: 09
 redirect_from:
   - /article/why-should-i-trust-bitwarden/
   - /article/what-happens-if-bitwarden-is-hacked/

_articles/features/auto-fill-ios.md

@@ -12,8 +12,8 @@ You can use the Bitwarden iOS app to add new and auto-fill existing logins on th
 ### Enabling Auto-fill in Settings
 
 1. Tap **{% icon fa-cog %} Settings** on your iOS device.
-2. Tap **Passwords and Accounts**
-3. Tap **Auto-fill Passwords**.
+2. Tap **Passwords**
+3. Tap **AutoFill Passwords**.
 4. Turn on Auto-fill.
 5. Locate **Bitwarden** from the list and enable it.
 6. It's considered good practice to disable any other Auto-fill services.
@@ -33,10 +33,10 @@ The Auto-fill Setting is now enabled.
 
 1. Open the Bitwarden iOS app.
 2. Tap the **{% icon fa-cog %} Settings** page.
-3. Tap **App Extension**. 
+3. Tap **App Extension**.
 4. Tap the **Enable App Extension** button.
 5. Locate **Bitwarden** from the list and enable it by tapping it.
-6. You will now see "Extension Activated!" in green. 
+6. You will now see "Extension Activated!" in green.
 7. Tap back.
 
 The App Extension feature is now enabled.
@@ -44,7 +44,7 @@ The App Extension feature is now enabled.
 ## Testing the App Extension Feature
 
 1. Open the browser of your choice.
-2. View the login page for the website you'd like to enter. 
+2. View the login page for the website you'd like to enter.
 3. Tap the <img src="../../images/features/auto-fill-ios/ios_share_icon.png" style="margin-top:0px"> share icon.
 4. Scroll down until you see **Bitwarden** and tap on it.
 5. This will launch the Bitwarden application.

_articles/getting-started/releasenotes.md

@@ -21,7 +21,15 @@ Bitwarden believes source code transparency is an absolute requirement for secur
 
 ## Release Announcements
 
-## 2020-11-12: SSO Enhancements
+## 2021-01-19
+For the first major release of 2021, the Bitwarden team combined multiple major enhancements to address the critical needs of all users, including:
+- **Emergency Access**: Bitwarden's new Emergency Access feature enables users to designate and manage trusted emergency contacts, who may request access to their Vault in a Zero Knowledge/Zero Trust environment (see [here]({% link _articles/security/emergency-access.md %}) for details).
+- **Encrypted Exports**: Personal users and Organizations can now export Vault data in an encrypted `.json` file (see [here]({% link _articles/importing/encrypted-export.md %}) for details).
+- **New Role**: A Custom role is now available to allow for granular control over user permissions (see [here](https://bitwarden.com/help/article/user-types-access-control/#custom-role) for details).
+- **New Enterprise Policy**: The Personal Ownership policy is now available for use by Enterprise Organization (see [here](https://bitwarden.com/help/article/policies/#personal-ownership) for details).
+- **Biometric Unlock for Browser Extensions**: Using an integration with a native Desktop application, you can now use Biometric input to unlock Firefox and Chromium-based Browser Extensions (see [here](https://bitwarden.com/help/article/biometrics/#enable-biometric-unlock-for-browser-extensions) for details).
+
+## 2020-11-12
 The latest release of Bitwarden adds SSO-related enhancements to all client applications, including:
 - **New Enterprise Policies:** The Single Organization and Single Sign-On Authentication polices are now available for use by Enterprise Organizations (see [here](https://bitwarden.com/help/article/policies/) for details).
 - **API Key for CLI:** Authenticate into the Bitwarden CLI using an API Key newly available from your Web Vault (see [here](https://bitwarden.com/help/article/personal-api-key/) for details).
@@ -29,5 +37,5 @@ The latest release of Bitwarden adds SSO-related enhancements to all client appl
 - **GDPR Acknowledgement:** From now on, new users of Bitwarden will be asked to acknowledge a Privacy Policy on registration.
 - **Android 11 Inline Auto-fill**: For devices using Android 11+, enabling the Auto-fill Service will display suggestions inline for IMEs that also support [this feature](https://developer.android.com/guide/topics/text/ime-autofill#workflow) (see [here](https://github.com/bitwarden/mobile/pull/1145) for details).
 
-## 2020-9-30: Login with SSO
+## 2020-9-30
 The latest release of Bitwarden adds much-anticipated **Login with SSO** functionality for all client applications, and the Business Portal for Web Vaults. Read this [blog post](https://bitwarden.com/blog/post/bitwarden-launches-sso-authentication/) for more information about Login with SSO, and refer to our [documentation](https://bitwarden.com/help/login-with-sso).

_articles/hosting/install-on-premise-manual.md

@@ -26,7 +26,7 @@ Complete the following steps to install Bitwarden manually:
 1. Download a stubbed version of Bitwarden's dependencies (`docker-stub.zip`) from the [releases pages on GitHub](https://github.com/bitwarden/server/releases){:target="_blank"}. For example:
 
    ```
-   curl -L https://bitwarden.com/bitwarden/server/releases/download/v<version_number>/docker-stub.zip \
+   curl -L https://github.com/bitwarden/server/releases/download/v<version_number>/docker-stub.zip \
     -o docker-stub.zip
    ```
 

_articles/importing/condition-bitwarden-import.md

@@ -5,7 +5,7 @@ categories: [import-export]
 featured: true
 popular: false
 tags: [import]
-order: 07
+order: 08
 ---
 
 This article defines the format you should use when manually conditioning a `.csv` or `.json` for import into Bitwarden. This format is identical to that used by `.csv` or `.json` files created by [Exporting your Bitwarden Vault]({% link _articles/account/export-your-data.md %}).

_articles/importing/encrypted-export.md

@@ -0,0 +1,68 @@
+---
+layout: article
+title: Encrypted Exports
+categories: [import-export]
+featured: true
+popular: false
+tags: [import]
+order: 07
+---
+
+Encrypted Exports provide a secure long-term storage option for Vault data backups. Vault data is encrypted using your account's Encryption Key.
+
+{% callout warning %}
+[Rotating your account's encryption key](https://bitwarden.com/help/article/change-master-password/#rotating-your-accounts-encryption-key) will render an Encrypted Export impossible to decrypt. **If you rotate your encryption key, replace the old backup with one that uses the new encryption key.**
+{% endcallout %}
+
+An Encrypted Export of the following plaintext login item:
+```
+{
+      ...
+      "login": {
+        "username": "mylogin",
+        "password": "mypassword",
+        "totp": "otpauth://totp/my-secret-key"
+      },
+      ...
+```
+
+Will look something like:
+```
+{
+      ...
+      "login": {
+        "username": "9.dZwQ+b9Zasp98dnfp[g|dHZZ1p19783bn1KzkEsA=l52bcWB/w9unvCt2zE/kCwdpiubAOf104os}",
+        "password": "1o8y3oqsp8n8986HmW7qA=oiCZo872b3dbp0nzT/Pw=|A2lgso87bfDBCys049ano278ebdmTe4:",
+        "totp": "2CIUxtpo870B)*^GW2ta/xb0IYyepO(*&G(&BB84LZ5ByZxu0E9hTTs6PHg0=8q5DHEPU&bp9&*bns3EYgETXpiu9898sxO78l"
+      },
+      ...
+```
+
+## Create an Encrypted Export
+
+Downloading an Encrypted Export follows the same procedure as downloading a plaintext `.csv` or `.json` export:
+
+1. In the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}, select **Tools** from the top navigation bar.
+3. Select **Export Vault** from the left-hand Tools menu.
+4. On the Export Vault page:
+   - Select **.json (Encrypted)** from the  **File Format** dropdown.
+   - Enter your **Master Password**.
+5. Select the **Export Vault** button to download your Vault Export. You will be prompted to specify a location for download.
+
+For help downloading an Encrypted Export from any other client application, see [Export Vault Data]({% link _articles/account/export-your-data.md %}).
+
+## Import an Encrypted Export
+
+Importing an Encrypted Export following the same procedure as importing a plaintext `.csv` or `.json` file:
+
+1. In the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}, select **Tools** from the top navigation bar.
+2. Select **Import Data** from the left-hand Tools menu.
+3. Select **Bitwarden (json)** as the format of your file to import.
+
+   {% callout success %}There is no import option specifically for Encrypted Exports. A handler will determine that the `.json` file is encrypted and decrypt using your account encryption key.{% endcallout %}
+5. Select the **Browse** button and add your file.
+6. Select the **Import Data** button to complete your import.
+
+{% callout warning %}
+Importing data multiple times will create duplicates.
+{% endcallout %}

_articles/importing/import-data.md

@@ -8,9 +8,11 @@ tags: [import]
 order: 01
 ---
 
-Bitwarden provides a data import tool for easy migration from any password management solution to your personal Vault. You may also import data directly to an Organization Vault, for information see [Import Data to an Organization]({% link _articles/organizations/import-to-org.md %}).
+Bitwarden provides a data import tool for easy migration from any password management solution to your personal Vault or Organization Vault (see [Import Data to an Organization]({% link _articles/organizations/import-to-org.md %})).
 
-Bitwarden supports a large array of import formats, including those used by the most popular password management solutions:
+You can also use the data import tool to import from one Bitwarden Vault to another, or to import a backup [Encrypted Export]({% link _articles/importing/encrypted-export.md %}).
+
+Bitwarden supports a large array of formats for import, including those used by the most popular password management solutions:
 
 - [Import from LastPass]({% link _articles/importing/import-from-lastpass.md %})
 - [Import from 1Password]({% link _articles/importing/import-from-1password.md %})
@@ -19,10 +21,6 @@ Bitwarden supports a large array of import formats, including those used by the
 
 For a full list of supported formats, see [Supported Formats](#supported-formats).
 
-{% callout info %}
-If you're importing from one Bitwarden Vault to another Bitwarden Vault, or if your format is not listed, [Condition a Bitwarden .csv or .json]({% link _articles/importing/condition-bitwarden-import.md %}).
-{% endcallout %}
-
 ## Import to your Personal Vault
 
 To import your data into a personal Vault:
@@ -31,6 +29,8 @@ To import your data into a personal Vault:
 2. Select **Tools** from the top navigation bar.
 3. Select **Import Data** from the left Tools menu.
 4. Select the format of your file to import from the dropdown menu.
+
+   {% callout success%}If you're importing an [Encrypted Export]({% link _articles/importing/encrypted-export.md %}), select `.json` as you would if it were plaintext. A handler will determine that the file is encrypted and decrypt using your [account encryption key](https://bitwarden.com/help/article//change-your-master-password/#rotating-your-accounts-encryption-key).{% endcallout %}
 5. Select the **Browse** button and add your file.
 6. Select the **Import Data** button to complete your import.
 
@@ -51,7 +51,7 @@ An item in your `.csv` exceeds the size limited allowed for items stored in the
 The following formats are supported out-of-the-box:
 
 {% callout info %}
-If you're importing from one Bitwarden Vault to another Bitwarden Vault, or if your format is not listed, [Condition a Bitwarden .csv or .json]({% link _articles/importing/condition-bitwarden-import.md %}).
+If your format is not listed below, manually [condition a Bitwarden .csv or .json]({% link _articles/importing/condition-bitwarden-import.md %}).
 {% endcallout %}
 
 - [1Password (1pif)]({% link _articles/importing/import-from-1password.md %})

_articles/login-with-sso/configure-sso-saml.md

@@ -13,6 +13,8 @@ This article will guide you through the steps required to configure Login with S
 **Configuration will vary provider-to-provider.** Refer to the following Provider Samples as you configure Login with SSO:
 
 - [ADFS Sample]({% link _articles/login-with-sso/saml-adfs.md%})
+- [Auth0 Sample]({% link _articles/login-with-sso/saml-auth0.md %}) 
+- [AWS Sample]({% link _articles/login-with-sso/saml-aws.md %})
 - [Azure Sample]({% link _articles/login-with-sso/saml-azure.md %})
 - [Duo Sample]({% link _articles/login-with-sso/saml-duo.md %})
 - [Google Sample]({% link _articles/login-with-sso/saml-google.md %})

_articles/login-with-sso/saml-auth0.md

@@ -0,0 +1,25 @@
+---
+layout: article
+title: Auth0 SAML Implementation
+categories: []
+featured: false
+popular: false
+hidden: true
+tags: [sso, saml, aws]
+order:
+---
+This article contains sample configurations for Bitwarden **Login with SSO** (SAML 2.0) implementations with Auth0.
+
+Use this as reference material for the [Configure Login with SSO (SAML 2.0)]({% link _articles/login-with-sso/configure-sso-saml.md%}) article.
+
+## Azure Single Sign-on Portal
+
+The following is a sample SAML 2.0 implementation with Bitwarden in the Auth0 Portal:
+
+{% image sso/cheatsheets/saml-auth0/saml-auth01.png %}
+
+## Bitwarden Business Portal
+
+The following is a sample SAML 2.0 implementation with Auth0 in the Bitwarden Business Portal:
+
+{% image sso/cheatsheets/saml-auth0/saml-auth02.png %}

_articles/login-with-sso/saml-aws.md

@@ -0,0 +1,27 @@
+---
+layout: article
+title: AWS SAML Implementation
+categories: []
+featured: false
+popular: false
+hidden: true
+tags: [sso, saml, aws]
+order:
+---
+This article contains sample configurations for Bitwarden **Login with SSO** (SAML 2.0) implementations with Amazon Web Service (AWS).
+
+Use this as reference material for the [Configure Login with SSO (SAML 2.0)]({% link _articles/login-with-sso/configure-sso-saml.md %}) article.
+
+## AWS Single Sign-on Portal
+
+The following is a sample SAML 2.0 implementation with Bitwarden in the AWS Console:
+
+{% image sso/cheatsheets/saml-aws/saml-aws1.png %}
+
+{% image sso/cheatsheets/saml-aws/saml-aws2.png %}
+
+## Bitwarden Business Portal
+
+The following is a sample SAML 2.0 implementation with AWS in the Bitwarden Business Portal:
+
+{% image sso/cheatsheets/saml-aws/saml-aws3.png %}

_articles/miscellaneous/cli.md

@@ -333,7 +333,9 @@ bw import bitwardencsv ./file.csv
 
 ### Export
 
-The `export` command allows you to export your *unencrypted* vault data to a CSV or JSON formatted file on disk.
+The `export` command allows you to export your Vault data as plaintext `.json` or `.csv` files, or as a `.json` [Encrypted Export]({% link _articles/importing/encrypted-export.md %}).
+
+Valid format values are `csv`, `json`, and `encrypted_json`.
 
 ```
 bw export [password] [--output <filePath>] [--format <format>] [--organizationid <orgId>]

_articles/miscellaneous/localization.md

@@ -1,16 +1,28 @@
 ---
 layout: article
-title: Help translate Bitwarden to other languages
+title: Localization
 categories: [miscellaneous]
 featured: false
 popular: false
 tags: [localize, l10n, translate, i18n, internationalization, language]
 ---
 
-Localizing Bitwarden does not require any programming knowledge. We use a translation tool called [Crowdin](https://crowdin.com) to help manage our localization efforts across many different languages.
+## Change App Language
 
-If you are interested in translating a Bitwarden application into another language (or make a translation correction), please register an account at Crowdin and join our projects here: <https://crowdin.com/projects/kspearrin>
+In the [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and Desktop App, Bitwarden will default to American English. You can manually change the language by navigating to **Settings** &rarr; **Options** and selecting your language from the **Language** dropdown.
 
-If the language that you are interested in translating into is not already listed, create a new account on Crowdin, join the project and contact the project owner (<https://crowdin.com/profile/tgreer>).
+Bitwarden Browser Extensions will dynamically change to use the language set by your Web Browser.
+- [Learn how to change Chrome's language](https://support.google.com/chrome/answer/173424?co=GENIE.Platform%3DDesktop&hl=en){:target="\_blank"}
+- [Learn how to change Firefox's language](https://support.mozilla.org/en-US/kb/use-firefox-another-language){:target="\_blank"}
 
-You can read Crowdin's getting started guide for translators here: <https://support.crowdin.com/crowdin-intro/>
+Bitwarden Mobile Apps will dynamically change use the language set by your Operating System.
+
+### Don't See Your Language?
+
+If your language isn't listed in the Web Vault or Desktop App, or if your Browser Extension or Mobile App isn't dynamically using your language, **we want your help!**
+
+Bitwarden uses a translation tool called [Crowdin](https://crowdin.com){:target="\_blank"} to manage our localization effort across many different languages (**no programming knowledge required**).
+- To contribute to or make corrections to an existing translation, [join our project](https://crowdin.com/projects/kspearrin){:target="\_blank"}.
+- To start translating Bitwarden to a new language, join our project and contact the [Project Owner](https://crowdin.com/profile/tgreer){:target="\_blank"}.
+
+Read [Crowdin's Getting Started Guide](https://support.crowdin.com/crowdin-intro/){:target="\_blank"}.

_articles/miscellaneous/subprocessors.md

@@ -1,11 +1,11 @@
 ---
 layout: article
-title: Bitwarden Subprocessors
+title: Bitwarden's Subprocessors
 categories: [security]
 featured: false
 popular: false
 tags: []
-order: 07
+order: 08
 ---
 
 Reference the table below for a list of Bitwarden's subprocessors.

_articles/miscellaneous/website-icons.md

@@ -5,7 +5,7 @@ categories: [security]
 featured: false
 popular: false
 tags: [icons, website icons, privacy]
-order: 06
+order: 07
 ---
 
 *Bitwarden does not collect any information when you download icons for website logins stored in your Bitwarden vault.*

_articles/organizations/import-to-org.md

@@ -8,9 +8,11 @@ tags: [organizations, import]
 order: 08
 ---
 
-Bitwarden provides a data import tool for easy migration from any password management solution to your Organization Vault. You may also import data directly to your personal Vault, for more information see [Import Data to your Vault]({% link _articles/importing/import-data.md %}).
+Bitwarden provides a data import tool for easy migration from any password management solution to your Organization Vault.
 
-Bitwarden supports a large array of import formats, including those used by the most popular password management solutions:
+You can also use the data import tool to import from one Bitwarden Vault to another, or to import a backup [Encrypted Export]({% link _articles/importing/encrypted-export.md %}).
+
+Bitwarden supports a large array of formats for import, including those used by the most popular password management solutions:
 
 - [Import from LastPass]({% link _articles/importing/import-from-lastpass.md %})
 - [Import from 1Password]({% link _articles/importing/import-from-1password.md %})
@@ -19,10 +21,6 @@ Bitwarden supports a large array of import formats, including those used by the
 
 For a full list of supported formats, see [Supported Formats](#supported-formats).
 
-{% callout info %}
-If you're importing from one Bitwarden Vault to another Bitwarden Vault, or if your format is not listed, [Condition a Bitwarden .csv or .json](https://bitwarden.com/help/article/condition-bitwarden-import/#for-your-organization).
-{% endcallout %}
-
 ## Import to your Organization
 
 To import data to an Organization Vault:
@@ -47,6 +45,10 @@ An item in your `.CSV` exceeds the size limit allowed for items stored in the Bi
 
 ## Supported Formats
 
+{% callout info %}
+If your format is not listed below, manually [condition a Bitwarden .csv or .json]({% link _articles/importing/condition-bitwarden-import.md %}).
+{% endcallout %}
+
 The following formats are supported out-of-the-box:
 
 - [1Password (1pif)]({% link _articles/importing/import-from-1password.md %})

_articles/organizations/managing-users.md

@@ -9,7 +9,7 @@ order: 09
 ---
 This article will guide you through the process of inviting or removing users from your Organization.
 
-Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the **Bitwarden Directory Connector**. For more information, see [Syncing users and groups with a directory](https://bitwarden.com/help/article/directory-sync/).
+Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the **Bitwarden Directory Connector**. For more information, see [About Directory Connector]({% link _articles/directory-connector/directory-sync.md %}}).
 
 {% callout info %}
 **Free** Organizations and **Families** Organizations have a maximum number of users; 2 and 6 respectively.

_articles/organizations/policies.md

@@ -72,7 +72,7 @@ Enabling the **Password Generator** policy will enforce a configurable set of mi
 {% callout warning %}
 Existing non-compliant passwords **will not** be changed when this policy is enabled, nor will the items be removed from the Organization. When changing or generating a password after this policy is enabled, configured policy rules will be enforced.
 
-A banner will appear to users on the Password Generator screen indicating that a policy will affect their generator settings.
+A banner is displayed to users on the Password Generator screen indicating that a policy will affect their generator settings.
 {% endcallout %}
 
 ### Single Organization
@@ -91,4 +91,16 @@ Enabling the **Single Sign-On Authentication** policy will require non-Owner/non
 
 {% callout info %}
 The **Single Organization** policy must be enabled before activating this policy.
+
+As a result, you must disable the **Single Sign-On Authentication** policy before you can disable the **Single Ownership** policy.
+{% endcallout %}
+
+### Personal Ownership
+
+Enabling the **Personal Ownership** policy will require non-Owner/non-Admin users to save Vault Items to an Organization by disabling personal ownership of Vault items for organization users.
+
+A banner is displayed to users on the Add Item screen indicating that a policy will affect their membership options.
+
+{% callout info %}
+Vault Items that were created prior to the implementation of this policy or prior to joining the Organization will remain in the user's personal Vault.
 {% endcallout %}

_articles/organizations/user-types-access-control.md

@@ -24,11 +24,34 @@ Options include:
 |Manager|All of the above,<br>+ Assign Users to Collections<br>+ Assign User Groups to Collections<br>+ Create or delete new Collections|
 |Admin|All of the above,<br>+ Assign Users to User Groups<br>+ Create or delete User Groups<br>+ Invite and confirm new Users<br>+ Manage Enterprise Policies<br>+ View Event Logs<br>+ Export Organization Vault data<br><br>**Admin Users automatically have access to all Collections.**|
 |Owner|All of the above,<br>+ Manage Billing, Subscription, and Integrations<br><br>**Owner Users automatically have access to all Collections.**|
+|Custom|Allows for granular control of user permissions on a user-by-user basis. For more information, see [Custom Role](#custom-role).|
 
 {% callout warning %}
 **Only an Owner** can create a new Owner or assign Owner to an existing user. For failover purposes, Bitwarden recommends creating multiple Owner users.
 {% endcallout %}
 
+### Custom Role
+
+Selecting the **Custom** role for a user allows for granular control of user permissions on a user-by-user basis. A user with the Custom role can have a customizable selection of Manager and Admin capabilities, including:
+
+- Manage Assigned collections
+- Access Business Portal
+- Access Event Logs
+- Access Import/Export
+- Access Reports
+- Manage All Collections
+- Manage Groups
+- Manage SSO
+- Manage Policies
+- Manage Users
+
+{% callout success %}
+As an example, the Custom role allows for the creation of a user that can fully manage a User-Group-Collection relationship, without the ability to see anything in a Collection to which they are not assigned. This scenario would involve selecting only the following boxes for this Custom user:
+- Manage Assigned Collections
+- Manage Groups
+- Manage Users
+{% endcallout %}
+
 ## Access Control
 
 Access Control determines the Collection assignment of **Users** and **Managers**, as well as permissions within a given Collection. Access Control is configured at the Collection level.

_articles/security/data-storage.md

@@ -18,7 +18,7 @@ Bitwarden **always** encrypts and/or hashes your data on your local device befor
 
 ## On Bitwarden Servers
 
-Bitwarden processes and stores all data securely in the [Microsoft Azure Cloud](https://en.wikipedia.org/wiki/Microsoft_Azure){:target="\_blank"} using services that are managed by the team at microsoft. Since Bitwarden only uses service offerings provided by Azure, there is no server infrastructure to manage and maintain. All uptime, scalability, and security updates and guarantees and backed by Microsoft and their cloud infrastructure. Review the [Microsoft Azure Compliance Offerings](https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/) documentation for more detail.
+Bitwarden processes and stores all data securely in the [Microsoft Azure Cloud](https://en.wikipedia.org/wiki/Microsoft_Azure){:target="\_blank"} in the US using services that are managed by the team at Microsoft. Since Bitwarden only uses service offerings provided by Azure, there is no server infrastructure to manage and maintain. All uptime, scalability, and security updates and guarantees and backed by Microsoft and their cloud infrastructure. Review the [Microsoft Azure Compliance Offerings](https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/) documentation for more detail.
 
 Don't trust Bitwarden Servers? You don't have to. Open source is beautiful. You can easily host the entire Bitwarden stack yourself. You control your data. Learn more [here]({% link _articles/hosting/install-on-premise.md %}).
 ## On your Local Machine

_articles/security/emergency-access.md

@@ -0,0 +1,123 @@
+---
+layout: article
+title: Emergency Access
+categories: [security]
+featured: true
+popular: false
+hidden: false
+tags: []
+order: 06
+---
+
+Emergency Access enables users to designate and manage trusted emergency contacts, who may request access to their Vault with a configurable level of permissions.
+
+## How it Works
+
+Emergency Access uses public key exchange and encryption/decryption to allow users to give a [trusted emergency contact](#trusted-emergency-contacts) permission to [access Vault data](#user-access) in a Zero Knowledge/Zero Trust environment:
+
+1. A Bitwarden user (the *grantor*) [invites another Bitwarden user](#invite-a-trusted-emergency-contact) to become a trusted emergency contact (the *grantee*). The invitation (valid for only 5 days) specifies a [user access level](#user-access) and includes a request for the grantee's public key.
+2. Grantee is notified of invitation via email and [accepts the invitation](#accept-an-invitation) to become a trusted emergency contact. On acceptance, the grantee's public key is stored with the invite.
+3. Grantor is notified of acceptance via email and [confirms the grantee](#confirm-an-accepted-invitation) as their trusted emergency contact. On confirmation, the grantor's Master Key is encrypted using the grantee's public key and stored once encrypted. Grantee is notified of confirmation.
+4. An emergency occurs, resulting in grantee requiring access to grantor's Vault. Grantee [submits a request for emergency access](#initiate-emergency-access).
+5. Grantor is notification of request via email. The grantor may [manually approve the request](#manually-approve-emergency-access) at any time, otherwise the request is bound by a grantor-specified wait time. When the request is approved or the wait time lapses, the public-key-encrypted Master Key is delivered to grantee for decryption with grantee's private key.
+
+4. Depending on the specified [user access level](#user-access), the grantee will either:
+   - Obtain view/read access to items in the grantor's Vault (**View**).
+   - Be prompted to create a new Master Password for the grantor's Vault (**Takeover**).
+
+### Trusted Emergency Contacts
+
+Emergency Access relies on public key exchange within Bitwarden, therefore trusted emergency contacts must be existing Bitwarden users, or will be prompted to create a Bitwarden account before they can accept an invitation.
+
+There is no limit to the number of trusted emergency contacts a user can have.
+
+### User Access
+
+Trusted emergency contacts can be granted one of the following user access levels:
+- **View**: When an emergency access request is granted, this user is granted view/read access to all items in your personal Vault.
+
+  {% callout success %}As a grantor, you may revoke access to a grantee with **View** access at any time.{% endcallout %}
+- **Takeover**: When an emergency access request is granted, this user can create a Master Password for permanent read/write access to your Vault (this will **replace** your previous Master Password).
+
+## Using Emergency Access
+
+The following sections will walk you through establishing a trusted emergency contact, and executing on emergency access:
+
+### Invite a Trusted Emergency Contact
+
+As a grantor, complete the following steps to invite a trusted emergency contact for your Vault:
+
+1. Log in to the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
+2. Select **Settings** from the top navigation bar.
+3. Select **Emergency Access** from the left-hand Settings menu.
+4. Select the {% icon fa-plus %} **Add emergency contact** button. In the Invite Emergency Contact window:
+
+   {% image /features/emergency-access/ea-invite.png Add emergency contact%}
+   - Enter the **Email** of your trusted emergency contact. Trusted emergency contacts must have Bitwarden accounts of their own.
+   - Set a **User Access** level for the trusted emergency contact ([View-only or Takeover](#user-access)).
+   - Set a **Wait Time** for Vault access. Wait Time dictates how long your trusted emergency contact must wait to access your Vault after initiating an emergency access request.
+5. Select the **Save** button to send the invitation.
+
+{% callout info %}
+Emergency Contact invitations are only valid for 5 days.
+{% endcallout %}
+
+### Accept an Invitation
+
+As a grantee, complete the following steps to accept an invitation to become a trusted emergency contact:
+
+1. In the received email invitation, select the **Become emergency contact** button in the email to open an Emergency Access acceptance page in your Browser:
+
+   {% image /features/emergency-access/ea-invitation.png Emergency access invitation %}
+2. Log in to your Bitwarden account to accept the invitation. If you don't already have a Bitwarden account, you'll need to create one.
+
+### Confirm an Accepted Invitation
+
+As a grantor, complete the following steps to confirm an accepted invitation:
+
+1. Log in to the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
+2. Select **Settings** from the top navigation bar.
+3. Select **Emergency Access** from the left-hand Settings menu.
+
+   In the **Trusted emergency contacts** section, the invited user should appear with an `Accepted` status card.
+4. Hovering over the user, select the gear icon and select **Confirm** from the dropdown menu.
+
+   {% image /features/emergency-access/ea-confirm.png %}
+
+To ensure the integrity of your encryption keys, verify the displayed fingerprint phrase with the grantee before completing confirmation.
+
+### Initiate Emergency Access
+
+As a grantee, complete the following steps to initiate an emergency access request:
+
+1. Log in to the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
+2. Select **Settings** from the top navigation bar.
+3. Select **Emergency Access** from the left-hand Settings menu.
+4. In the **Designated as emergency contact** section, select the grantor whose Vault you wish to access.
+5. In the Request Access window, select the **Request Access** button.
+
+   {% image /features/emergency-access/ea-request.png Request Access%}
+   You will be provided access to the grantor's Vault after the configured Wait Time, or when the grantor [manually approves](#manually-approve-emergency-access) the emergency access request.
+
+### Manually Approve Emergency Access
+
+As a grantor, you may manually approve an emergency access request as an alternative to the configured Wait Time. Complete the following steps to manually approve emergency access:
+
+1. Log in to the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
+2. Select **Settings** from the top navigation bar.
+3. Select **Emergency Access** from the left-hand Settings menu.
+4. Hovering over the user with the `Emergency Access Initiated` status card, select the gear icon.
+5. From the gear dropdown, select **Approve**.
+6. In the confirmation dialog box, select **Approve**.
+
+### Access Grantee's Vault
+
+As the grantee, complete the following steps to access the grantor's Vault once your request has been approved (manually or through lapsed wait time):
+
+1. Log in to the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
+2. Select **Settings** from the top navigation bar.
+3. Select **Emergency Access** from the left-hand Settings menu.
+4. In the **Designated as emergency contact** section, hover over the grantor the grantor whose Vault you wish to access, and select the gear icon.
+5. Select the option from the dropdown that corresponds with your [assigned access](#user-access):
+   - **View** - Selecting this option will display the grantor's Vault items on this screen.
+   - **Takeover** - Selecting this option will open the Takeover dialog box. Enter and confirm a new master password for the grantor's account. Once saved, log in to Bitwarden as normal, entering the the grantor's email address and the created Master Password.

_articles/two-step-login/setup-two-step-login-yubikey.md

@@ -64,9 +64,24 @@ The following assumes that **YubiKey** is your [highest-priority enabled method]
 
 You will not be required to complete your secondary Two-step Login step to **Unlock** your Vault once logged in. For help configuring Log Out vs. Lock behavior, see [Vault Timeout Options]({% link _articles/account/vault-timeout.md %}).
 
-### Troubleshooting Android
+## NFC Troubleshooting
 
-If you do not know where your NFC receiver is located, you may need to move it around some, trying different areas. Once Bitwarden detects the YubiKey it will automatically validate and log you in. If a YubiKey NEO or YubiKey 5 NFC continues to not work on your Android device, check the following:
+If your YubiKey's NFC functionality isn't working properly:
+
+##### Check that NFC is enabled:
+1. Download [YubiKey Manager](https://www.yubico.com/products/services-software/download/yubikey-manager/){:target="\_blank"}.
+2. Plug the YubiKey into your device.
+3. Select the **Interfaces** tab, and check that all boxes in the NFC section are checked.
+
+##### Check that NFC is configured properly:
+1. Download the [YubiKey Personalization Tool](https://www.yubico.com/products/services-software/download/yubikey-personalization-tools/){:target="\_blank"}.
+2. Plug the YubiKey into your device.
+3. Select the **Tools** tab.
+4. Select the **NDEF Programming** button.
+5. Select the the configuration slot you would like the YubiKey to use over NFC.
+6. Select the **Program** button.
+
+##### (Android-only) Check the following:
 
 - That you checked the **One of my keys supports NFC** checkbox during setup.
 - That your Android device supports [NFC](https://en.wikipedia.org/wiki/List_of_NFC-enabled_mobile_devices){:target="_blank"} and is [known to work properly](https://forum.yubico.com/viewtopic1c5f.html?f=26&t=1302){:target="_blank"} with YubiKey NEO or YubiKey 5 NFC.