bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2025-12-11 05:43:20 +00:00
Code Issues Releases Wiki Activity

Staging (#560)

Browse Source 
* whitepaper copyedits, updated landing page (sans icons), condensed Org articles, etc.

* add MSP and POC icons for landing

* GO edits

* rm

* resolve conflict

Co-authored-by: DanHillesheim <79476558+DanHillesheim@users.noreply.github.com>
This commit is contained in:
fred_the_tech_writer
2021-04-22 10:18:09 -04:00
committed by GitHub
parent 8b734d833d
commit 1f2a771a4d
56 changed files with 645 additions and 590 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
_articles/getting-started/bitwarden-proof-of-concept-project-checklist.md
View File

@@ -1,42 +0,0 @@
---
layout: article
title: Bitwarden Proof-of-Concept Project Checklist
categories: [getting-started]
featured: false
popular: false
hidden: true
tags: [porject guide, poc]
order: 7
---
## Required POC Checklist
| Day | Step |Key Person| Action | Help Article | Duration (hrs)
|:---------------------------------:|:--------------------------------|:--------------------------------------------------------------------:|:-----------------------------------|:-----------------------------------------------:|:-----------------------------------------------:|
| 1 | Identify Organization Owner | Organization Owner | Create a free user account on [vault.bitwarden.com](https://vault.bitwarden.com) using the email intended for Organization ownership and administration. | | 0.1|
1 | Create Organization | Organization Owner | Create a **free** Organization on Bitwarden Cloud at [vault.bitwarden.com](https://vault.bitwarden.com). This will be used for billing purposes even if self-hosted. Once the free Organization is created, let Bitwarden know and we will upgrade the trial to Enterprise status for you. | [About Organizations](https://bitwarden.com/help/article/what-is-an-organization/) | 0.1
|1 | If self-hosting, download a license file for your self-hosted installation. | Organization Owner |This is required to enable the Enterprise Organization functionality and set the number of user seats available for use. | [License Paid Features](https://bitwarden.com/help/article/licensing-on-premise/#organization-account-sharing) | 0.1
|1 | Install self-hosted instance (if applicable) | Organization Owner / IT Team |We recommend deploying on Linux OS for best performance and lowest total cost of ownership. | [Install and Deploy](https://bitwarden.com/help/article/install-on-premise/) | 2.5
|1 | Add additional administrators | Organization Owners + Admins | Add Administrators to the Organization as needed. We also recommend configuring a second Owner for redundancy. | [Add or Remove Users](https://bitwarden.com/help/article/managing-users/) | 0.2
|2 |Create test Collections for Administrators and POC users to share | Organization Owners + Admins | Collections are the method of sharing secure items with Groups of users. | [About Collections](https://bitwarden.com/help/article/about-collections/) | 0.25 |
| 2 | Create test Groups for managing POC users | Organization Owners + Admins | Creating Groups allows easy assignment of Collections. Please note: If you decide to sync Groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and Group assignments later. | [About Groups](https://bitwarden.com/help/article/groups/) | 0.25
| 2 | Assign test Collections to test Groups to begin sharing passwords | Organization Owners + Admins | Assign Groups to Collections, making sure to test and demonstrate 'Read Only' and 'Hide Password' options. | [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/) | .5|
2 | Add items to test Collections | Organization Owners + Admins |Add items manually or import via CSV or JSON from another password management application. | [Import Data to Your Vault](https://bitwarden.com/help/article/import-data/) | 0.25
|2 |Configure Enterprise Policies Note: Any Policies should be enabled prior to user invitation. The 2FA policy being enabled after user invitation will cause a duplicate of efforts onboarding users | Organization Owners + Admins | Best practice is to enable and configure all policies before user onboarding begins. | [Enterprise Policies](https://bitwarden.com/help/article/policies/) | 0.1
|3 | Add short term users to POC Groups manually | Organization Owners + Admins | A recommended best practice while automated functions are tested. | [Add or Remove Users](https://bitwarden.com/help/article/managing-users/) | 0.5
|3 |Download and login to Bitwarden Client Applications |All POC users | Download and implement Bitwarden client applications to confirm proper configuration for secure data sharing, and intended Enterprise Policies are working, and onboarding function is successful.Note: Self-hosted users will need to set the client's environment: [Connect Clients to Your Instance](https://bitwarden.com/help/article/change-client-environment/) | [Download Bitwarden](https://get.bitwarden.com) | 0.5 |
|4-6 |Configure Login with SSO |Organization Owners + Admins | Create an Organization identifier Configure to work with SAML 2.0 or OpenID Connect | [Auto Login With SSO](https://bitwarden.com/help/article/getting-started-with-sso/) | 1.5 |
|4-6 |Test and confirm long-term user onboarding with Directory Connector |Organization Owners + Admins | Download/configure the Bitwarden Directory Connector application and test Group and user sync. | [Auto Directory Connector](https://bitwarden.com/help/article/directory-sync/) | 1.5 |
|4-6 |Configure Directory Connector to invite remainder of users |Organization Owners + Admins | Invitation process Including secure offboarding| | 1 |
## Recommended Deployment Best Practices
| Day | Step |Key Person| Action | Help Article | Duration (hrs)
|:---------------------------------:|:--------------------------------|:--------------------------------------------------------------------:|:-----------------------------------|:-----------------------------------------------:|:-----------------------------------------------:|
| 7 | Determine timeline for rollout to initial wave | Senior leadership / Security teams | | | |
7 | Create internal messaging / memo about Bitwarden rollout | Internal training / managers | Check out Bitwarden tutorial videos on Youtube and the Bitwarden Help Center. | [youtube.com/bitwarden](http://youtube.com/bitwarden) [bitwarden.com/help](https://bitwarden.com/help/) |
|7 | Communicate to internal leaders about Password Management policies | Internal leaders / Security teams | | |
| | | | | |
| | | | | **Total hours (Bitwarden Cloud)** | **7.35**
| | | | | **Total Hours (Self-hosted)** | **9.85** |

246
_articles/getting-started/getting-started-organizations.md
View File

@@ -9,188 +9,148 @@ tags: [tutorial]
order: 06 order: 06
--- ---
With the Bitwarden free account, and a free Organization for up to 2 users, you can experience secure sharing in no time! ## Why Bitwarden Organizations?
- [Introduction](#introduction) Password managers like Bitwarden make it easy to store and access unique and secure passwords across all of your devices, keeping your online accounts safer than ever! Using Bitwarden, you won't need to dangerously repeat simple passwords or leave them exposed in unencrypted formats like spreadsheets, documents, or sticky notes.
- [What are Organizations?](#what-are-organizations)
- [Set up the First and Second User Accounts](#set-up-the-first-and-second-user-accounts)
- [1. Create an account for User 1](#1-create-an-account-for-user-1)
- [2. Verify Your Email](#2-verify-your-email)
- [3. Set up the Second User Account](#3-set-up-the-second-user-account)
- [Setup and Share with Organizations](#setup-and-share-with-organizations)
- [4. Create a new Organization](#4-create-a-new-organization)
- [5. Add the Second User to your Organization](#5-add-the-second-user-to-your-organization)
- [6. Accept the Invitation](#6-accepting-the-invitation)
- [7. Share within an Organization](#7-sharing-within-an-organization)
- [Continuing with Bitwarden](#continuing-with-bitwarden)
## Introduction **Bitwarden Organizations** add a layer of collaboration and sharing to password management for your family, team, or enterprise, allowing you to securely share common information like office wifi passwords, online credentials, or shared company credit cards. Secure sharing through Organizations is **safe** and **easy**.
Using a password manager makes it easy to store and access unique and secure passwords across all of your devices. This keeps your online accounts safer than repeating passwords or leaving them exposed in unencrypted formats like spreadsheets, documents, or sticky notes! This article will help you get started with a **free 2-person Organization** so you can experience secure sharing in no time.
To get even more out of your password manager, you can collaborate and share with others. At work, you may choose to share common logins to office wifi networks and online services, or a shared company credit card, or a set of secure notes. Personally you may choose to share a few passwords with a significant other.
Bitwarden enables all types of password and secure sharing through Organizations.
If you would like to try it out, Bitwarden has a free account for individuals, and the ability to set up a free Organization for up to two users and two Collections of secure information.
This tutorial walks you through the setup for two basic accounts and sharing in an Organization.
{% callout info %} The free two-user organization is only available in Bitwarden Cloud. {% endcallout %}
### What are Organizations? ### What are Organizations?
A Bitwarden organization is an entity that relates users together that want to share items. An organization could be a family, team, company, or any other type of group that desires to share items in Bitwarden. Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/article/share-to-a-collection/) of Logins, Notes, Cards, and Identities. Organizations could be a family, team, company or any group of people that needs to securely share data. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/article/user-types-access-control/) can manage the Organization's items, users, and settings:
For more, please see [About Organizations](https://bitwarden.com/help/article/about-organizations/). {% image /organizations/org-vault-admin.png Organization Vault %}
**Are Organizations Different than a Premium Membership?** #### Comparing Organizations with Premium
Yes. Organizations are for sharing items across multiple users. Premium membership gives your individual user account additional premium features including: The key thing to know is that **Organizations unlock access to secure sharing** between users. [Premium Individual plans]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.**
- 1GB encrypted file attachments Paid Organizations (Families, Teams, or Enterprise) automatically include those premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), etc.) for **every** user enrolled in the Organization.
- Two-step login with YubiKey, FIDO U2F, & Duo
- Password hygiene & vault health reports
- TOTP authenticator key storage & code gen.
- Priority customer support
## Set up the First and Second User Accounts ## Setup Bitwarden Accounts
You can choose many ways to create an account at [bitwarden.com](https://bitwarden.com) where you will find: Free Bitwarden Organizations allow for 2 users to securely share data. You might use a free Organization to share with friend or partner, or to test Organizations before [upgrading to a different plan]({{site.baseurl}}/article/about-bitwarden-plans/).
- Desktop Apps for Windows, Mac, and Linux Bitwarden provides applications on lots of devices, including Browser Extensions, Mobile Apps, Desktop Apps, and a CLI, but for the purposes of this guide we'll focus on the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}. **The Web Vault provides the richest Bitwarden experience** for administering your Organization.
- Browser Extensions for Google Chrome, Mozilla Firefox, Opera, Microsoft Edge, Safari, Vivaldi, Brave, Tor Browser
- Mobile Apps for iOS and Android
- Command Line Tools
- Web access through <https://vault.bitwarden.com>
For the purpose of this tutorial, we'll focus on the Web Vault. ### Sign up for Bitwarden
### 1. Create an account for User 1 [Create a Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"}, and make sure that you pick a strong and memorable [Master Password]({{site.baseurl}}/article/master-password/). We even recommend writing down your Master Password and storing it in a safe location.
Create the first account by starting at <https://vault.bitwarden.com>. Pick a strong master password and write it down in a safe place. {% callout success %}
**Don't forget your Master Password!** Bitwarden is a Zero knowledge/Zero Trust solution, meaning that the team at Bitwarden, as well as Bitwarden systems themselves, have no knowledge of, way to retrieve, or way to reset your Master Password.
{% callout warning %}
The Bitwarden security model does not support master password recovery. You can read more in the help article regarding [I Forgot my Master Password]({% link _articles/account/master-password.md %}).
{% endcallout %} {% endcallout %}
{% image organizations/orgstart/1-create-account-user-1.png Create account for user 1 %} Once your account is created, log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and verify your account's email address to unlock access to all features:
### 2. Verify Your Email {% image /getting-started/verify-email.png Send Verification Email %}
After you create the account and log in, you will want to verify your email. ### Sign up for Bitwarden again
In order to use your free 2-person Organization for secure sharing, you'll need to have 2 Bitwarden accounts to share between. Once your first Bitwarden account is setup, follow the same procedure (or help your friend or partner to do so) to setup the other account.
{% callout success %}
Bitwarden Organizations have a deep level of [user-level access controls]({{site.baseurl}}/article/user-types-access-control/). Whichever user you proceed to [setup your Organization](#setup-your-organization) with will be the **Owner**.
{% endcallout %}
## Setup your Organization
To setup your Organization:
1. In your [Web Vault](https://vault.bitwarden.com){:target="\_blank"}, select the **New Organization** button:
{%image /organizations/new-org-button-overlay.png Create New Organization %}
2. Enter an **Organization Name** and a **Billing Email** we can reach you at. In this guide we're setting up a free Organization, so you won't be billed for anything!
3. **Choose your Plan**. Bitwarden offers Organizations suited to any need, but in this case select **Free**.
4. Scroll down and select **Submit** to finish creating your Organization.
### Get to know your Organization
Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. As the [Organization Owner]({{site.baseurl}}/article/user-types-access-control/), you'll be able to see your **Vault**, to **Manage** users and [Collections](#get-to-know-collections), to use some Bitwarden **Tools**, and to configure your Organization's **Settings**:
{% image /getting-started/org-vault.png Organization Vault %}
### Get to know Collections
Collections are an important part of a Bitwarden Organization; they represent the logical grouping of shared Vault items that [belong to your Organization](#shared-items). Your Organization comes pre-loaded with a **Default Collection** and an **Unassigned** tag. With a free Organization, you can create up to 2 Collections using the **Manage** tab:
{% image /getting-started/collections.png Collections %}
{% callout success %}
In a lot of ways, Collections are like the [Folders]({{site.baseurl}}/article/folders/) you might use to organize your Personal Vault. A key difference is that items that [belong to your Organization](#shared-items) **must be included in at least 1 Collection**.
{% endcallout %}
## Add a User to your Organization
Now that you're familiar with your Organization, it's a good time to add the other Organization member you'll be sharing with. To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite](#invite) &rarr; [Accept](#accept) &rarr; [Confirm](#confirm).
### Invite
As the Organization Owner, invite a new member:
1. In your Organization Vault, open the **Manage** tab and select the {% icon fa-plus %} **Invite User** button:
{% image /organizations/org-people-invite.png %}
2. Enter the **Email** of your second member, which should match the email they [signed up for Bitwarden](#sign-up-for-bitwarden-again) with. You can also choose the [User Type]({{site.baseurl}}/article/user-types-access-control/#user-types) and [Access Controls]({{site.baseurl}}/article/user-types-access-control/#access-control) assigned to this user.
3. Select **Save** to send the invitation to the designated email address.
Once your invitation is sent, inform your new member and help them [accept the invitation](#accept).
### Accept
As the newly invited member, open your email inbox and look for an email from Bitwarden inviting you to join an Organization. Clicking the link in the email will open a Bitwarden Web Client invitation window:
{% image organizations/user-accept-updated.png Bitwarden Invitation %}
Since you've already [signed up for Bitwarden](#sign-up-for-bitwarden-again), select **Log In**. Fully logging in to your Vault will accept the invitation.
{% callout info %} {% callout info %}
Reminder: You will also want to make sure your master password is written down and in a safe place where you can find it. Invitations expire after 5 days. Make sure you accept the invitation within that window, otherwise the Organization Owner will have to [re-invite you](#invite).
{% endcallout %} {% endcallout %}
{% image organizations/orgstart/2-verify-email.png Verify your email %} ### Confirm
Once your email is verified you will be back to the main screen of the web vault. As the Organization Owner, confirm an accepted invitation to complete the loop:
{% image organizations/orgstart/2-email-verified.png Email verified %} 1. In your Organization Vault, open the **Manage** tab and select **People**.
2. Hover over the `Accepted` user and select the {% icon fa-cog %} gear dropdown:
As noted in the Introduction above, Organizations for sharing secure information are different than Premium membership which offers extra features on an individual account. {% image organizations/org-people-options-overlay.png Confirm an Accepted user %}
3. Select {% icon fa-check %} **Confirm**.
4. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** &rarr; **My Account**:
Premium features are not required for this tutorial, however we do recommend them to get the most out of Bitwarden. {% image fingerprint-phrase.png Sample Fingerprint Phrase %}
### 3. Set up the Second User Account Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select **Submit**.
Follow the same procedures to set up the second account. In our case, we will use gotest+2@bitwarden.com for that. ## Get to know your Vault
## Setup and Share with Organizations Part of the magic of Bitwarden Organizations is that items that belong to you and items that [belong to the Organization](#shared-items) are accessible side-by-side from your **My Vault** view, there's no need to maintain separate profiles. Your Organization-enabled Vault has a few new features to check out, first among which is your **Collections** filters:
### 4. Create a new Organization {% image organizations/personal-vault-org-enabled.png Organization-enabled Vault %}
Next create a new Organization via the **New Organization** button on the right of the screen. [Collections](#get-to-know-collections) are a lot like [Folders]({{site.baseurl}}/article/folders/) in that they organize the shared items in your Vault. Like anything else in the **Filters** menu, selecting a Collection will filter listed Vault items down to only the ones in that Collection.
Identify your Organization name, billing name, and plan. In this case we are choosing the free plan which supports 2 users and 2 collections of items. ### Shared Items
{% image organizations/orgstart/4-create-organization.png Creating a new Organization %} You probably don't have a [shared item](#share-a-login) yet, but when you do it will be displayed in your Vault with a {% icon fa-share-alt %} **Shared** icon:
There are additional choices for family, teams, and enterprise Organizations on this page. {% image /organizations/collection-shared-item.png Shared Item icon %}
After creating your Organization you will be placed into your Organization's vault. Shared items are **owned** by the Organization. This means that anyone with permission can alter the item or delete it, which would remove it from your Vault as well.
{% image organizations/orgstart/4-gotest-organization-vault.png View of the Organization Vault %} ## Share a Login
Be aware that you are now in the context of the Organization as shown above, in our case **GOTEST Organization**. The last step on the road to secure sharing is to share a Vault item. Any existing or new [Vault item]({{site.baseurl}}/article/managing-items/#add-a-vault-item) can be shared from your Organization Vault or Personal Vault. For this guide, we'll go over sharing a new Login from your Personal Vault:
However you can get back to your own personal vault at any time by clicking **My Vault** at the top of the page. 1. On the {% icon fa-lock %} **My Vault** page, select the {% icon fa-plus %} **Add Item** button.
2. Fill in all the relevant information for your new Login item (e.g. Username and Password).
3. In the **Ownership** section at the bottom of the Add Item Panel, select your Organization to designate the item for sharing.
4. Select one or more **Collections** to share this item into. You must select *at least* one Collection.
5. Select the **Save** button to finishing creating the shared item.
Notice that we now have Collections on the left hand side which represent the logical structure of grouping items for your Organization. Here we have a **Default Collection** and one **Unassigned Collection** which is the second one allowed with the Bitwarden free Organization plan. ## Congratulations!
When we move back to our personal vault, we'll see that we have **Folders** on the left which are for our personal items, and **Collections** for our Organization items. You've setup your new Bitwarden accounts, created an Organization, learned a bit about your Vaults, and shared an item! Nice work!
{% image organizations/orgstart/4-personal-vault.png View of the Personal Vault %}
### 5. Add the Second User to your Organization
Now it is time to add a second user from our Organization admin console, in our case we click back on **GOTEST Organization** and then the **Manage** tab.
{% image organizations/orgstart/5-add-user.png Adding a user %}
When adding a new user to the Organization you can set the User Type and Access Control. We also have the ability to choose **all items access**, or **selected collections access** based on specific Collections, as well as read-only access. Read-only is helpful to share logins or secure information but not enable Users to change it.
{% image organizations/orgstart/5-add-user-type-and-control.png Selecting the User Type and Access Control %}
Once User 2 has been invited, they will receive an email invitation to join the Organization and their status will be reflected in the dashboard.
{% image organizations/orgstart/5-user-2-invited.png Inviting User 2 %}
### 6. Accept the Invitation
To ensure a trusted security relationship, **User 2** must accept the invitation, and then **User 1** must accept the **User 2** into the Organization. This sequence is imperative to ensure the highest level of security.
When **User 2** accepts the invitation they will receive a message:
> **Invitation Accepted**
>
> You can access this organization once an administrator confirms your membership. We'll send you an email when that happens
Back at the Organization administration console, **User 1** will see the accepted invitation, and have the ability to confirm that user.
{% image organizations/orgstart/6-confirming-users-with-accepted-invitations.png Confirming users with accepted invitations %}
Keeping with the trusted security model, further confirmation on a unique fingerprint phrase is built into the exchange. For more information on this step visit [What is my account's fingerprint phrase?]({% link _articles/features/fingerprint-phrase.md %})
{% image organizations/orgstart/6-confirm-fingerprint-phrase.png Confirming the fingerprint phrase %}
Once the confirmation process is complete, **User 2** will have access to the Default Collection we shared earlier. Since **User 2** was only added as a User, their Organization Vault has a simplified view.
{% image organizations/orgstart/6-user-2-organization-vault-view.png User 2 Organization Vault view %}
### 7. Share within an Organization
Sharing items in an Organization is simply a matter of creating them within the Organization Vault, or creating them in your Personal Vault and then sharing them with the Organization.
We'll use the example of creating a Secure Note, but the same process applies to a Login or any other item in the vault.
{% image organizations/orgstart/7-add-Item-in-organization.png Adding an Item to an Organization %}
{% image organizations/orgstart/7-adding-a-secure-note.png Adding a Secure Note %}
{% image organizations/orgstart/7-secure-note-user-1.png Secure Note for User 1 %}
As expected, the same Secure Note is now viewable by User 2.
{% image organizations/orgstart/7-secure-note-user-2.png Secure Note for User 2 %}
Congratulations! You have now set up sharing between two users with Bitwarden Organizations!
From here you can share any item using the collaborative capabilities of Bitwarden.
If by chance you have an item in your personal vault that you wish to share, you can choose that option too. Here we have two items seen in the **User 1** Vault:
- A secure note **GOTEST Secure Note** that has a sharing icon to the right of it indicating that is it being shared within a Collection
- A secure note **User 1 Note for Sharing** that is not part of Collection and only within the **User 1** vault
However, that second note can easily be shared with an Organization by clicking the drop down menu next to the item.
{% image organizations/orgstart/7-sharing-items-with-organizations.png Sharing Items with Organizations %}
## Continuing with Bitwarden
Now that you have mastered the basics of Organizations feel free to explore all of the possibilities sharing logins and more!
If you'd like to dig deeper into Bitwarden please visit [bitwarden.com](https://bitwarden.com).

43
_articles/getting-started/proof-of-concept.md Normal file
View File

@@ -0,0 +1,43 @@
---
layout: article
title: Proof-of-Concept Project Checklist
categories: [organizations]
featured: false
popular: false
hidden: true
tags: [project guide, poc]
order: 99
---
This guide is designed by our Product, Implementation, and Sales specialists at Bitwarden to help guide your business in running a PoC of Bitwarden. Bitwarden offers a free trial for [Enterprise Organizations]({{site.baseurl}}/article/about-organizations/), and we're confident that spreading out these steps over that time will help shape a successful PoC.
|Day|Action|Key Person|Description|Resource(s)|Duration (hrs)|
|:-:|:----:|:--------:|:---------:|:---------:|:------------:|
|1|Identify an Organization Owner|Organization Owner|[Create a free Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"} for your Organization Owner, who will manage your Organization's settings, structure, and subscription.|[Create your Bitwarden Account]({{site.baseurl}}/article/create-bitwarden-account/)|0.1|
|1|Create your Organization|Organization Owner|[Create a **free Organization** on the Bitwarden Cloud]({{site.baseurl}}/article/getting-started-organizations/#setup-your-organization). Once created, let us know and we'll upgrade you to an Enterprise trial.<br><br>If you're self-hosting, this Organization will be used only for billing purposes.|[Organizations]({{site.baseurl}}/article/about-organizations/)|0.1|
|1|(**Self-hosting only**) Download a License|Organization Owner|If you're self-hosting Bitwarden, a license file enables Enterprise functionality and the right number of seats for your instance.|[License Paid Features]({{site.baseurl}}/article/licensing-on-premise/#organization-license)|0.1|
|1|(**Self-hosting only**) Install Bitwarden|Organization Owner / IT Team|Setup your Bitwarden server. We recommend deploying on Linux for optimal performance and lowest total cost of ownership.|[Install and Deploy]({{site.baseurl}}/article/install-on-premise/)|2.5|
|1|Add Admins|Organization Owners + Admins|Onboard [Admins]({{site.baseurl}}/article/user-types-access-control/) to Bitwarden, who can manage *most* Organization structures. We also recommend adding a second Owner for redundancy.|[User Management]({{site.baseurl}}/article/managing-users/)|0.2|
|2|Create Collections|Organization Owners + Admins|Create [Collections]({{site.baseurl}}/article/about-collections/), which gather items for secure sharing with Groups of users.|[Collections]({{site.baseurl}}/article/about-collections/)|0.25|
|2| Create Groups|Organization Owners + Admins|Create [Groups]({{site.baseurl}}/article/about-groups), which gather users for scalable assignment of permissions and access to Collections.<br><br>If you decide to sync Groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and Group assignments later.|[Groups]({{site.baseurl}}/article/groups/)|0.25|
|2|Assign Groups to Collections|Organization Owners + Admins| Assign Groups to Collections, making shared items available to supersets of users. Test the *Read Only* and *Hide Password* options.|[Collections Assignment]({{site.baseurl}}/article/about-groups/#edit-collections-assignments)|.5|
|2|Share items to Collections|Organization Owners + Admins|[Add items manually]({{site.baseurl}}/article/share-to-a-collection/#create-a-shared-item) or [import data]({{site.baseurl}}/article/import-to-org/) from another password management application.|[Sharing]({{site.baseurl}}/article/share-to-a-collection)<br><br>[Import to an Organization]({{site.baseurl}}/article/import-to-org/)|0.25|
|2|Configure Enterprise Policies|Organization Owners + Admins|Enterprise Policies can be used to tailor your Bitwarden Organization to fit your security needs. **Enable and configure desired policies before user onboarding begins.**|[Enterprise Policies]({{site.baseurl}}/article/policies/)|0.1|
|3|Add users to Groups|Organization Owners + Admins|Add a set of users to your Organization manually and assign them to different groups. With these users, you'll broadly test all pre-configured functionality **in the next step**, before moving on to advanced functions like Directory Connector.|[User Management]({{site.baseurl}}/article/managing-users/)<br><br>[Groups]({{site.baseurl}}/article/about-groups/)|0.5|
|3|Download Bitwarden Client Applications|All users|All Organization members should download Bitwarden on an assortment of devices, login, and test access to shared items/Collections/Groups and application of applied Policies. **If you're self-hosting,** users will need to [connect each client to your server]({{site.baseurl}}/article/change-client-environment).|[Download Bitwarden](https://get.bitwarden.com)|0.5|
|4-6|Configure Login with SSO|Organization Owners + Admins|Configure Bitwarden to authenticate using your SAML 2.0 or OIDC Identity Provider.|[About Login with SSO]({{site.baseurl}}/article/about-sso/)|1.5|
|4-6|Configure and test user onboarding with Directory Connector|Organization Owners + Admins|Download, configure, and test the Bitwarden Directory Connector application, which is used to automatically sync users and groups from your existing directory service (LDAP, AD, etc.)|[About Directory Connector]({{site.baseurl}}/article/directory-sync/)|1.5|
|4-6|Configure Directory Connector for production onboarding|Organization Owners + Admins|Execute on using Directory Connector to invite your remaining users to the Organization.|[Directory Connector Desktop App]({{site.baseurl}}/article/directory-sync-desktop/)|1|
## Deployment Best Practices
We've seen a lot of deployments and have found that taking the following actions can positive contribute towards a successful PoC and successful adoption with your users:
|Day|Action|Key Person|Description|Resource(s)|Duration (hrs)|
|:-:|:----:|:--------:|:---------:|:---------:|:------------:|
|4-6|Determine timeline for rollout to first-wave users|Senior Leadership & Security teams|There are lots of different strategies for rolling out Bitwarden. Take things at whatever pace best suits your team.| | |
|7|Craft internal messaging about Bitwarden rollout|Internal Training & Managers|Bitwarden provides a lot of resources to help users quickly adopt, check some out on [Youtube](http://youtube.com/bitwarden) and on the [Help Center](https://bitwarden.com/help/).|[Youtube](http://youtube.com/bitwarden)<br><br>[Help Center](https://bitwarden.com/help/)||
|7|Communicate to internal leaders about Password Management policies|Internal leaders / Security teams|Make sure your teams know about any [Enterprise Policies]({{site.baseurl}}/article/policies), [2FA]({{site.baseurl}}/article/setup-two-step-login-duo/) or [SSO]({{site.baseurl}}/article/about-sso/) requirements, and password management best practices.| | |
| | | | | | |
| | | | |**Total Hours (Cloud-hosted)**|**7.35**|
| | | | |**Total Hours (Self-hosted)**|**9.85**|

8
_articles/hosting/migration.md
View File

@@ -15,18 +15,18 @@ This article will walk your through migration procedures if you're moving from *
When migrating from the Cloud to an on-premises instance: When migrating from the Cloud to an on-premises instance:
1. [Install and Deploy]({% link _articles/hosting/install-on-premise.md %}) Bitwarden to your on-premises server. 1. [Install and Deploy]({% link _articles/hosting/install-on-premise.md %}) Bitwarden to your on-premises server.
2. [Download your Enterprise Organization License](https://bitwarden.com/help/article/licensing-on-premise/#organization-license) from the Cloud Web Vault and use it to [Create an Organization]({% link _articles/organizations/create-an-organization.md %}) in your on-premises instance. 2. [Download your Enterprise Organization License](https://bitwarden.com/help/article/licensing-on-premise/#organization-license) from the Cloud Web Vault and use it to [Create an Organization]({% link _articles/organizations/about-organizations.md %}) in your on-premises instance.
3. [Export your Data]({% link _articles/account/export-your-data.md %}) from the Cloud Web Vault. 3. [Export your Data]({% link _articles/account/export-your-data.md %}) from the Cloud Web Vault.
4. [Import your Data]({% link _articles/importing/import-data.md %}) to your on-premises instance to automatically create Collections, Vault items, and their associations. 4. [Import your Data]({% link _articles/importing/import-data.md %}) to your on-premises instance to automatically create Collections, Vault items, and their associations.
5. [Create User Groups]({% link _articles/organizations/create-groups.md %}) manually in your on-premises instance. 5. [Create User Groups]({% link _articles/organizations/about-groups.md %}) manually in your on-premises instance.
6. Start [Inviting Users to your Organization]({% link _articles/organizations/managing-users.md %}). 6. Start [Inviting Users to your Organization]({% link _articles/organizations/managing-users.md %}).
## Migrate on-premises to Cloud ## Migrate on-premises to Cloud
When migrating from an on-premises instance to the Cloud: When migrating from an on-premises instance to the Cloud:
1. [Create an Organization]({% link _articles/organizations/create-an-organization.md %}) in the Cloud [Web Vault](https://vault.bitwarden.com){:target="\_blank"}. 1. [Create an Organization]({% link _articles/organizations/about-organizations.md %}) in the Cloud [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
2. [Create User Groups]({% link _articles/organizations/create-groups.md %}) and [Invite Users to your Organization]({% link _articles/organizations/managing-users.md %}) to mirror your on-premises instance. 2. [Create User Groups]({% link _articles/organizations/about-groups.md %}) and [Invite Users to your Organization]({% link _articles/organizations/managing-users.md %}) to mirror your on-premises instance.
3. [Export your Data]({% link _articles/account/export-your-data.md %}) from your on-premises instance. Encourage your users to export their personal Vaults as well. 3. [Export your Data]({% link _articles/account/export-your-data.md %}) from your on-premises instance. Encourage your users to export their personal Vaults as well.
4. [Import your Data]({% link _articles/organizations/import-to-org.md %}) to the Cloud. 4. [Import your Data]({% link _articles/organizations/import-to-org.md %}) to the Cloud.
5. Manually migrate (download from on-premises and upload to Cloud) any stored attachments. 5. Manually migrate (download from on-premises and upload to Cloud) any stored attachments.

2
_articles/importing/lastpass-enterprise-migration-guide.md
View File

@@ -55,7 +55,7 @@ Exported data from LastPass will contain data from both your Personal vault, as
Shared or company-level data is stored in a Bitwarden Organization. The best practice is to create this Organization first and import it directly, instead of importing the data into an individual account and then sharing it with the organization secondarily. Shared or company-level data is stored in a Bitwarden Organization. The best practice is to create this Organization first and import it directly, instead of importing the data into an individual account and then sharing it with the organization secondarily.
For more on creating a Bitwarden Organization, visit [this article.](https://bitwarden.com/help/article/create-an-organization/) For more on creating a Bitwarden Organization, visit [this article.](https://bitwarden.com/help/article/about-organizations/)
Self-hosted instances will need to create an Organization on the Bitwarden cloud instance to generate their [license key](https://bitwarden.com/host/) and can then proceed with [installing and configuring a Bitwarden Server instance.](https://bitwarden.com/help/article/install-on-premise/) Self-hosted instances will need to create an Organization on the Bitwarden cloud instance to generate their [license key](https://bitwarden.com/host/) and can then proceed with [installing and configuring a Bitwarden Server instance.](https://bitwarden.com/help/article/install-on-premise/)

2
_articles/importing/teams-enterprise-migration-guide.md
View File

@@ -62,7 +62,7 @@ Exported data from your previous password manager may contain data from both you
Shared or company-level data is stored in a Bitwarden Organization. The best practice is to create this Organization first and import it directly, instead of importing the data into an individual account and then sharing it with the organization secondarily. Shared or company-level data is stored in a Bitwarden Organization. The best practice is to create this Organization first and import it directly, instead of importing the data into an individual account and then sharing it with the organization secondarily.
For more on creating a Bitwarden Organization, visit [this article.](https://bitwarden.com/help/article/create-an-organization/) For more on creating a Bitwarden Organization, visit [this article.](https://bitwarden.com/help/article/about-organizations/)
Self-hosted instances will need to create an Organization on the Bitwarden cloud instance to generate their [license key](https://bitwarden.com/host/) and can then proceed with [installing and configuring a Bitwarden Server instance.](https://bitwarden.com/help/article/install-on-premise/) Self-hosted instances will need to create an Organization on the Bitwarden cloud instance to generate their [license key](https://bitwarden.com/host/) and can then proceed with [installing and configuring a Bitwarden Server instance.](https://bitwarden.com/help/article/install-on-premise/)

61
_articles/organizations/about-collections.md
View File

@@ -1,6 +1,6 @@
--- ---
layout: article layout: article
title: About Collections title: Collections
categories: [organizations] categories: [organizations]
featured: true featured: true
popular: false popular: false
@@ -8,38 +8,57 @@ tags: [collections, access control, best practices]
order: 02 order: 02
redirect_from: redirect_from:
- /article/collections/ - /article/collections/
- /article/create-collections/
--- ---
## What are Collections? ## What are Collections?
Collections are structures used by Organizations to gather together Logins, Notes, Cards, and Identities for sharing, similar to the Folders you might use in your Personal Vault. Organizations control access to shared items by assigning users to Collections. Unlike Folders, items in the Organization Vault *must* be placed in one or more Collections. Collections gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/article/share-to-a-collection/) within an Organization. Think of Collections as Organization-equivalents to the [Folders]({{site.baseurl}}/article/folders/) used to organize a Personal Vault, with a few key differences:
Users with the User Type **Manager** or higher can create Collections, manage items in each Collection, and manage the users with access to each Collection. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/). - Organizations control access to shared items by assigning users or [Groups]({{site.baseurl}}/article/about-groups/) to Collections.
- Shared items **must** be included in at least one Collection.
Create a Collection by navigating to your Organization, opening the **Manage** tab, and selecting the **New Collection** button. For help creating a Collection, see [Create a Collection](https://bitwarden.com/help/article/create-collections/). ### Using Collections
{% image organizations/collection-list-overlay.png Select New Collection %} For many Organizations, using Collections means adding a set of Vault items and individually assigning users to that Collection. Some common methods for constructing scaleable Collections include **Collections by Department** (i.e. users from your Marketing Team are assigned to a **Marketing** Collection), or **Collections by Function** (i.e. users from your Marketing Team are assigned to a **Social Media** Collection):
## Collections Best Practices
Collections are designed to associate related Logins, Notes, Cards, and Identities. You can organize your Collections however best fits your needs, but some common methodologies include:
- Collections by Department (*i.e. users from your Marketing Team are assigned to a **Marketing** Collection*)
- Collections by Function (*i.e. users from your Marketing Team are assigned to a **Social Media** Collection*)
{% image /organizations/collections-graphic-1.png Using Collections %} {% image /organizations/collections-graphic-1.png Using Collections %}
For Teams and Enterprise Organizations, using **Groups** alongside Collections provides a deeper level of access control and scalability to sharing resources. When you create a Group, you can gather users from common departments and assign access to Collections at the Group-level instead of the individual-level. For more information, see [About Groups](https://bitwarden.com/help/article/about-groups/). Teams and Enterprise Organizations can also designate access to Collections based on user [Groups]({{site.baseurl}}/article/about-groups/), rather than individual users. Group-Collection associations provide a deeper level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:
A common Collection-Group methodology is to create **Groups by Department** and **Collections by Function**, for example:
{% image /organizations/collections-graphic-2.png Using Collections with Groups%} {% image /organizations/collections-graphic-2.png Using Collections with Groups%}
Other common methodologies include: Other common methodologies include **Collections by Vendor or System** (i.e. users in an **Engineering** Group are assigned to a **AWS Credentials** Collection) and **Groups by Locality** (i.e. users are assigned to a **US Employees** Group or **UK Employees** Group).
- Collections by Vendor or System (*i.e. users in an **Engineering** Group are assigned to a **AWS Credentials** Collection*)
- Groups by Locality (*i.e. users are assigned to a **US Employees** Group or **UK Employees** Group*)
### Next Steps ## Create a Collection
To get started using Collections, we recommend that you: Users with the [Manager role (or higher)]({{site.baseurl}}/article/user-types-access-control/) can create and manage Collections. To create a Collection:
- [Create a Collection](https://bitwarden.com/help/article/create-collections)
- [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/) 1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Manage** tab and select the {% icon fa-plus %} **New Collection** button:
{% image organizations/collection-list-overlay.png Select New Collection %}
3. Give your Collection a **Name** and, if you're a Teams or Enterprise Organization, assign **Group Access** to any existing [Group]({{site.baseurl}}/article/about-groups/).
{% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/article/directory-sync/).{% endcallout %}
4. Select **Save** to finish creating your Collection.
### Nested Collections
Collections can be "nested" to logically organize them within your Vault:
{% image organizations/collection-nested.png Nested Collection %}
Nested Collections are **for display-purposes only**. They will not inherit items, access, or permissions from their "parent" Collection.
To create a nested Collection, follow the [steps above](#create-a-collection), but give your Collections a **Name** that includes the "parent" name followed by a forward slash (`/`) delimiter, for example `Collection 1/Collection 1a`. If the "parent" Collection doesn't exist, the title will be displayed in-full.
## Edit or Delete a Collection
You may find that you need to add or remove users from a Collection, or delete it entirely. Both of these can be done from the **Manage** &rarr; **Collections** view by hovering over the desired Collection and selecting the {% icon fa-cog %} gear dropdown:
{% image /organizations/collection-delete.png Change a Collection %}
{% callout info %}
Deleting a Collection **will not** delete the Vault items included in it. When a Collection is deleted, Vault items will be moved to the {% icon fa-cube %} **Unassigned** filter, accessible from the Organization Vault.
{% endcallout %}

56
_articles/organizations/about-groups.md
View File

@@ -1,6 +1,6 @@
--- ---
layout: article layout: article
title: About Groups title: Groups
categories: [organizations] categories: [organizations]
featured: true featured: true
popular: false popular: false
@@ -8,39 +8,59 @@ tags: [groups, access control]
order: 03 order: 03
redirect_from: redirect_from:
- /article/groups/ - /article/groups/
- /article/create-groups/
--- ---
## What are Groups? ## What are Groups?
Groups are structures used by Organizations to together individual users, and provide a scalable way to assign access (including assigning Collections) by configuring Access Controls at the Group-level instead of at the individual-level. Groups are relate together individual users, and provide a scalable way to assign permissions, including access to [Collections]({{site.baseurl}}/article/about-collections) and other [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control). When [onboarding new users]({{site.baseurl}}/article/managing-users/), add them to a Group to have them automatically inherit that Group's configured permissions.
{% callout info %} {% callout info %}
Groups are currently available to Teams Organizations and Enterprise Organizations. Groups are available to [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations).
{% endcallout %} {% endcallout %}
When onboarding new users, add them to a Group to have them automatically inherit that Group's Access Controls configuration. ### Using Groups
Users with the User Type **Admin** or higher can create Groups, assign users to each Group, and construct Group-Collection associations. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/). Teams and Enterprise Organizations can designate access to [Collections]({{site.baseurl}}/article/about-collections/) based on user Groups, rather than individual users. Group-Collection associations provide a deep level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:
Create a Group by navigating to your Organization, opening the **Manage** tab, and selecting the **New Group** button. For help creating a Group, see [Create a Group](https://bitwarden.com/help/article/create-groups/). {% image /organizations/collections-graphic-2.png Using Collections with Groups%}
{% image /organizations/groups-newgroup.png Select New Group %} Other common methodologies include **Collections by Vendor or System** (i.e. users in an **Engineering** Group are assigned to a **AWS Credentials** Collection) and **Groups by Locality** (i.e. users are assigned to a **US Employees** Group or **UK Employees** Group).
## Groups Best Practices ## Create a Group
For Teams and Enterprise Organizations, using **Groups** alongside Collections provides a deeper level of access control and scalability to sharing resources. When you create a Group, you can gather users from common departments and assign access to Collections at the Group-level instead of the individual-level. Users with the [Admin role (or higher)]({{site.baseurl}}/article/user-types-access-control/#user-types) can create and manage Groups. To create a Group:
A common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example: 1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Manage** tab and select **Groups** from the left-hand menu.
3. On the Groups screen, select the {% icon fa-plus %} **New Group** button.
{% image /organizations/collections-graphic-2.png Using Groups %} {% image /organizations/groups-newgroup.png New Group %}
4. Give your Group a **Name** and assign the desired [Access Control]({{site.baseurl}}/article/user-types-access-control/#access-control).
Other common methodologies include: Access Controls can designate that users can access all items (i.e. all Collections) or only specific Collections, as well as whether [Passwords are hidden or Logins are read-only]({{site.baseurl}}/article/user-types-access-control/#granular-access-control).
- Collections by Vendor or System (*i.e. users in an **Engineering** Group are assigned to a **AWS Credentials** Collection*)
- Groups by Locality (*i.e. users are assigned to a **US Employees** Group or **UK Employees** Group*)
### Next Steps {% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/article/directory-sync/).{% endcallout %}
5. Select **Save** to finish creating your Group.
To get started using Groups, we recommend that you: ### Assign Users to Group(s)
- [Create a Group](https://bitwarden.com/help/article/create-groups/) Once your Groups are created and configured, add users to them:
- [Learn about User Types and Access Controls](https://bitwarden.com/help/article/user-types-access-control/)
1. In your Organization Vault open the **Manage** tab and select **People** from the left-hand menu.
2. Hover over the user you want to add and use the {% icon fa-cog %} gear dropdown to select **Groups**:
{% image /organizations/org-people-options-updated-overlay.png %}
3. Select the Group(s) to add this user to and **Save** your selection.
{% callout success %}
You can check which users belong to a Group from the **Manage** &rarr; **Groups** screen by using the {% icon fa-cog %} gear dropdown to select **Users**.
{% endcallout %}
### Edit Collections Assignments
If you want to change the [Collections]({{site.baseurl}}/article/about-collections/) or [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control) assigned to a Group:
1. In your Organization Vault, open the **Manage** tab and select **Groups** from the left-hand menu.
2. Select the group you want to edit.
3. Configure the Access Control settings as you did when the Group was [initially created](#create-a-group).

58
_articles/organizations/about-organizations.md
View File

@@ -1,6 +1,6 @@
--- ---
layout: article layout: article
title: About Organizations title: Organizations
categories: [organizations] categories: [organizations]
featured: true featured: true
popular: true popular: true
@@ -8,50 +8,56 @@ tags: [organizations]
order: 01 order: 01
redirect_from: redirect_from:
- /article/what-is-an-organization/ - /article/what-is-an-organization/
- /article/create-an-organization/
--- ---
## What are Organizations? ## What are Organizations?
Organizations relate Bitwarden users together for secure sharing of Logins, Notes, Cards, and Identities. Creating an Organization opens an Organization Vault that exists alongside your Personal Vault. To share items in your Organization Vault, you can invite users to join your Organization. Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/article/share-to-a-collection/) of Logins, Notes, Cards, and Identities. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/article/user-types-access-control/) can manage the Organization's items, users, and settings:
Organization Vaults are organized into Collections, much like how Personal Vaults can be organized into Folders. Unlike your Personal Vault, items in the Organization Vault *must* be placed in a Collection and will be accessible by *anyone* who is allowed access to that Collection. {% image /organizations/org-vault-admin.png Organization Vault %}
You can create an Organization by selecting the **New Organization** button. For help creating your Organization, see [Create an Organization](https://bitwarden.com/help/article/create-an-organization/). Members of an Organization will find shared items ({% icon fa-share-alt %}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/article/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/article/folders/) organize personal items:
{%image /organizations/new-org-button-overlay.png Select New Organization %} {% image /organizations/shared-items.png Access shared items %}
Once you've created your Organization, invite users to start sharing. Invited users can open the Organization Vault at any time from the top-right **Organizations** card, or quickly access their assigned Collections from the left **Filters** card. For help inviting users to your Organization, see [Add or Remove Users](https://bitwarden.com/help/article/managing-users/). ### Types of Organizations
{% image /organizations/org-use-overlay.png Access shared items %} Bitwarden offers a variety of types of Organizations to meet your business's or family's needs. For feature-by-feature breakdowns of each Organization type, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/).
## Types of Organizations |Type|Description|
|----|-----------|
|Free Organizations|Free Organizations allow 2 users to securely share in up to 2 [Collections]({{site.baseurl}}/article/about-collections/).|
|Families Organizations|Families Organizations allow 6 users to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/).|
|Teams Organizations|Teams Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/) and offer a suite of operational tools like [Event Logs]({{site.baseurl}}/article/event-logs/).|
|Enterprise Organizations|Enterprise Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/) and add enterprise-only features like [Login with SSO]({{site.baseurl}}/article/about-sso/) and [Policies]({{site.baseurl}}/article/policies/) to Bitwarden's suite of operational tools.|
There are a few different types of Organizations available. When you create your Organization, you will be prompted to select one of the following options: ### Comparing Organizations with Premium
### Free Organizations The key thing to know is that **Organizations unlock access to secure sharing** between users. [Premium Individual plans]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.**
Free Organizations allow two users to securely share in up to two Collections. For more information about what features are included in a Free Organization, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#free-organizations).
### Families Organizations Paid Organizations (Families, Teams, or Enterprise) automatically include those premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), etc.) for **every** user enrolled in the Organization.
Families Organizations allow 6 users to securely share in unlimited Collections. For more information about what features are included in a Families Organization, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#families-organizations).
### Teams Organizations ## Create an Organization
Teams Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited Collections and offer a suite of operational tools like Event Logs. For more information about what features are included in a Teams Organization, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#teams-organizations).
### Enterprise Organizations Organizations are created and managed from the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}. If you're new to Bitwarden, [create an account](https://vault.bitwarden.com/#/register){:target="\_blank"} before you start your Organization, then proceed with these instructions:
Enterprise Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited Collections and add enterprise-only features like Login with SSO to Bitwarden's suite of operational tools. For more information about what features are included in an Enterprise Organization, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#enterprise-organizations).
## Organizations compared to Premium 1. Select the **New Organization** button in your Web Vault:
**Organizations unlock access to secure sharing** between users who are members of that Organization. {%image /organizations/new-org-button-overlay.png Select New Organization %}
2. Enter an **Organization Name** and a **Billing Email** we can reach you at.
Premium Individual plans unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more. **Premium Individual does not include secure data sharing.** Checking the **This account is owned by a business** checkbox will filter your options down to those suitable for businesses, and prompt your for a **Business name** so we know who to thank!
3. **Choose your Plan**. Bitwarden offers Organizations suited to any need. Check out the [feature-by-feature breakdown]({{site.baseurl}}/article/about-bitwarden-plans/#compare-the-plans-1) to figure out which is best for you.
**Paid Organizations** (Families, Teams, or Enterprise) automatically include premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), etc.) for every user enrolled in the Organization. {% callout success %}All paid Organization (Families, Teams, or Enterprise) include premium features for all enrolled users!{% endcallout %}
4. If you chose a **Free Organization**, you're all set! If you chose one of our paid Organizations,
### Next Steps - **Families/Teams/Enterprise:** Your plan comes with 1GB of encrypted [storage for attachments]({{site.baseurl}}/article/attachments/). Add **Additional Storage (GB)** for $0.33 per GB per month.
- **Teams/Enterprise:** Specify the number of **User Seats** you need for your Organization. You can always add more seats later.
- **Teams/Enterprise:** Choose whether you'd like to be billed **Annually** or **Monthly**. Families Organizations can only be billed annually.
5. Once you're happy with your Organization, enter your **Payment Information** and select **Submit**.
To get started with a new Organization, we recommend that you: {% callout success %}New Families, Teams, and Enterprise Organization have a 7 day free trial built in! We won't charge you until your trial is over, and you can cancel your subscription at any time from the Organization **Settings** tab.{% endcallout %}
- [Create an Organization](https://bitwarden.com/help/article/create-an-organization/) Once you've created your Organization, create a [collection]({{site.baseurl}}/article/about-collections/), [invite users]({{site.baseurl}}/article/managing-users/), and [start sharing]({{site.baseurl}}/article/share-to-a-collection).
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users/)
- [Learn About Collections](https://bitwarden.com/help/article/about-collections/)

59
_articles/organizations/create-an-organization.md
View File

@@ -1,59 +0,0 @@
---
layout: article
title: Create an Organization
categories: [organizations]
featured: false
popular: false
hidden: false
tags: [organizations, how to]
order: 04
---
This article will guide you through the process of creating an Organization. For more information about Organizations, see [About Organizations](https://bitwarden.com/help/article/about-organizations).
## Before You Begin
If you're a new user of Bitwarden, you'll need to create an account before you can create your Organization. Create your account for free [**here**](https://vault.bitwarden.com/#/register){:target="\_blank"} or refer to [Create Your Bitwarden Account](https://bitwarden.com/help/article/create-bitwarden-account/) for help.
When you create an Organization, you will be assigned the User Type **Owner**. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
## Create an Organization
Complete the following steps to create an Organization:
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
2. Select the **New Organization** button.
{%image /organizations/new-org-button-overlay.png Select New Organization %}
3. On the New Organization screen, enter an **Organization Name** for your new Organization and the **Billing Email** we can reach you at.
{% callout info %}Paid Organizations (Families, Teams, or Enterprise) have a 7 Day Free Trial built in. We won't charge you until your trial is over. You can cancel your subscription at any time in the **Settings** tab of your Organization.
{% endcallout %}
4. If you're creating an Organization on behalf of a business:
- Check the **This account is owned by a business** checkbox.
- Provide your **Business Name**.
Checking the **This account is owned by a business** checkbox will automatically filter your plan options to those suited to businesses. If you represent a business interested in testing secure sharing using a Free Organization, leave this option unchecked.
5. In the **Choose Your Plan** section, select which type of Organization to create. Options include:
- **Free:** For testing or personal use, to share with 1 other user. [**Learn more.**](https://bitwarden.com/help/article/about-bitwarden-plans/#free-organizations)
- **Families:** For personal use, to share between 6 friends or family members. [**Learn more.**](https://bitwarden.com/help/article/about-bitwarden-plans/#families-organizations)
- **Teams:** For businesses and other team organizations. [**Learn more.**](https://bitwarden.com/help/article/about-bitwarden-plans/#teams-organizations)
- **Enterprise:** For businesses and other large organizations. [**Learn more.**](https://bitwarden.com/help/article/about-bitwarden-plans/#enterprise-organizations)
{% callout info %}Paid Organizations (Families, Teams, or Enterprise) include premium features for all enrolled users. For more information about premium features, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#compare-the-plans).
{% endcallout %}
6. If you selected a Paid Organization, enter the following information:
- For **Teams** or **Enterprise**, enter the number of **User Seats** you need. You can add additional seats later if required.
- For **Families**, **Teams**, or **Enterprise**, enter the amount of **Additional Storage (GB)** you need. You plan comes with 1 GB of shared encrypted file attachments, and you can add additional storage space later if needed.
- For **Teams** or **Enterprise**, select whether you'd like to be billed **Annually** or **Monthly**. Families Organizations may only be billed annually.
- For any Paid Organization, enter your **Payment Information**
7. Click **Submit** to start using your new Organization.
### Next Steps
Now that you've created your Organization, we recommend that you:
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users)
- [Create a Collection](https://bitwarden.com/help/article/create-collections/)
- [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/)
- [Import Items to an Organization](https://bitwarden.com/help/article/import-to-org/)

66
_articles/organizations/create-collections.md
View File

@@ -1,66 +0,0 @@
---
layout: article
title: Create a Collection
categories: [organizations]
featured: true
popular: false
tags: [collections, how to]
order: 05
redirect_from:
- /article/how-to-manage-collections/
---
This article will guide you through the process of creating a Collection. For more information about Collections, see [About Collections](https://bitwarden.com/help/article/about-collections/).
## Create a Collection
Complete the following steps to create a collection:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **Collections** from the left menu.
3. On the **Collections** screen, select the **New Collection** button.
{% image organizations/collection-list-overlay.png Select New Collection %}
4. On the **Add Collection** screen:
- Enter a **Name** for your Collection.
- Enter an **External Id** for your Collection. External ids are used to link resources to external systems, like user directories.
- (*Teams and Enterprise Organizations*) Set the **Group Access** configuration for your Collection, including which Groups should be allowed to access this Collection. For more information, see [About Groups](https://bitwarden.com/help/article/about-groups/).
5. Select **Save** to finish creating your Collection.
## Create Nested Collections
Collections can be "nested" in order to logically organize them within your Vault. There's no limit to the depth with which you can nest Collections, but creating too many levels may interfere with your Vault's interface.
{% callout info %}
Nested Collections are designed for in-Vault display purposes only. Nested Collections will not not inherit access or permissions from their "parent" Collection.
{% endcallout %}
{% image organizations/collection-nested.png Nested Collection %}
To create a nested Collection, give your new Collection a **Name** that includes the "parent" Collection followed by a forward slash (`/`) delimiter, for example `Collection 1/Collection 1a`.
If there is no Collection with the corresponding "parent" name or if you don't have access to the "parent", the Collection won't nest and instead it's title will be displayed in-full.
{% image organizations/collection-nested-create.png Create a nested Collection %}
## Delete a Collection
Complete the following steps to delete a collection:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **Collections** from the left menu.
3. On the **Collections** screen, hover over the Collection you want to delete and select the gear dropdown.
4. From the gear dropdown, select **Delete**:
{% image /organizations/collection-delete.png Delete a Collection %}
Deleting a Collection **will not** delete the Vault items in that Collection. When a Collection is deleted, Vault items will be moved to the {% icon fa-cube %} **Unassigned** filter in the Organization Vault view.
### Next Steps
Once you've created a Collection, we recommend that you:
- [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/)
- [Import Items to an Organization](https://bitwarden.com/help/article/import-to-org/)

66
_articles/organizations/create-groups.md
View File

@@ -1,66 +0,0 @@
---
layout: article
title: Create a Group
categories: [organizations]
featured: true
popular: false
tags: [groups, how to]
order: 06
---
This article will guide you through the process of setting up your first Group. For more information about Groups, see [About Groups](https://bitwarden.com/help/article/about-groups/).
{% callout info %}
Groups are currently available to Teams Organizations and Enterprise Organizations.
{% endcallout %}
## Create a Group
Complete the following steps to create a Group:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **Groups** from the left menu.
3. On the **Groups** screen, select the **New Group** button.
{% image /organizations/groups-newgroup.png %}
4. On the **Add Group** screen:
- Enter a **Name** for your Group.
- Enter an **External Id** for your Group. External ids are used to link resources to external systems, like user directories.
- Set the **Access Control** configuration for your Group, including which Collections this Group should have access to. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
Users who are added to this Group will automatically receive access according to this configuration.
5. Select **Save** to finish creating your Group.
## Assign Users to a Group
Complete the following steps to assign users to a Group:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **People** from the left menu.
3. Hover over the user you'd like to add to a Group and select the gear dropdown.
{% image /organizations/org-people-options-updated-overlay.png %}
4. From the dropdown, select **Groups**.
5. In the **Groups Access** panel, select the Group(s) to add this user to and **Save** your selection.
Users that are assigned to multiple Groups will be able to access items from the union of associated Collections.
### View Users in a Group
You can view which users belong to a specific Group at any time by completing the following steps:
1. In your Organization's **Manage** tab, select **Groups** from the left menu.
2. Hover over the Group you want to list users for and select the gear dropdown.
3. From the dropdown menu, select **Users**.
## Associate Groups to Collections
You can select which Collections a Group should have access to when you [Create Groups](#create-a-group), or by doing one of the following:
- Opening the Group from the **Manage** tab of your Organization, and configuring the Access Control section.
- Opening the Collection from the **Manage** tab of your Organization, and configuring the Group Access section.
### Next Steps
Now that you've created a Group, we recommend that you:
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users/)

84
_articles/organizations/deploying-bitwarden-as-a-msp.md
View File

@@ -1,95 +1,97 @@
--- ---
layout: article layout: article
title: Deploying Bitwarden as an MSP title: Deploying Bitwarden as an MSP
categories: [getting-started] categories: [organizations]
featured: false featured: false
popular: false popular: false
hidden: false hidden: true
tags: [tutorial] tags: [MSPs, Organizations, Collections, Groups]
order: 07 order: 99
--- ---
If you are looking for information about the Bitwarden Partner Program, look no further. Bitwarden supports a reseller and managed service provider (MSP) model. You can get started right away (no formal agreement needs to be signed).
This article details one recommended configuration to set partners and their customers up for success, as well as addresses some common questions about our Partner Program. Bitwarden supports a reseller and Managed Service Provider (MSP) model. You can get started right away, no formal agreement needs to be signed. If you are looking for information about the Bitwarden Partner Program, look no further.
This article details *one recommended* implementation to set partners and their customers up for success, and addresses some common questions about our Partner Program.
## Create an Organization ## Bitwarden Organizations
Bitwarden Organizations are used for sharing items across multiple users.
An MSP or the client can create an Organizational Vault for the business (Business X). Organizational Vaults will contain the business-specific Logins, Cards, Identity, and Notes. Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/article/share-to-a-collection/) of Logins, Notes, Cards, and Identities. Organizations could be a family, team, company or any group of people that needs to securely share data. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/article/user-types-access-control/) can manage the Organization's items, users, and settings:
Some MSPs choose to create the Organization on behalf of their client as a value added service. If the client chooses to launch the Organization, make sure to designate an owner and administrator from the MSP team. {% image /organizations/org-vault-admin.png Organization Vault %}
Once the Organization is configured, you should invite other administrators to join. This is an important step for setting a foundation of security for the MSP team, as well as the client team. An MSP should [create an Organization]({{site.baseurl}}/article/about-organizations/#create-an-organization) **for each client**, or the client can create one for themselves. There are a few [types of Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations) you can choose from to best fit your client's needs. For the most robust set of business features, we recommend [Enterprise Plans]({{site.baseurl}}/article/about-bitwarden-plans/#enterprise-organizations).
{% callout info %} Note: Adding a new user to an Organization involves three steps: Invite, Accept, and Confirm. Give users a heads-up once Invite emails are sent, so they are aware they need to accept the invitation to join the Organization.{% endcallout %} In all cases, members of the MSP team should be [designated as Owners and Admins]({{site.baseurl}}/article/user-types-access-control/) so they can manage the Organization. Administrators can access and manage all Items, [Collections]({{site.baseurl}}/article/about-collections), and users in the Organization. Share administrative duties between multiple users, especially in cases of Organizations with large number of users.
Administrators can access and manage all Items, Collections, and users in the Organization. Youll want to share your administrative duties with another person, especially if you have a large number of users. {% callout info %}
To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite]({{site.baseurl}}/article/managing-users/#invite) &rarr; [Accept]({{site.baseurl}}/article/managing-users/#accept) &rarr; [Confirm]({{site.baseurl}}/article/managing-users/#confirm). Notify users when an invitation is issued, and help them through accepting if needed.
{% endcallout %}
Continue to create an Organization for **each** of your clients (Business Y, Business Z). **Once members of the MSP team are provisioned as Owners and Admins, they can manage and execute all the tasks remaining in this article.**
You will need to select a Subscription Plan for each Organization--either Teams or Enterprise, depending on which features and functionality will suit the clients needs. For the most robust set of business features, we recommend Enterprise Plans. ### Collections and Groups
Note: An Organization could be a team, company, department, or any other type of group that desires to share items. Bitwarden Organizations are designed to manage users and data in a scalable and secure fashion. Managing users and data on a individual basis is highly inefficient and opens both up to accidental mismanagement. To solve this, Organizations provide [Collections]({{site.baseurl}}/article/about-collections) and [Groups]({{site.baseurl}}/article/about-groups).
Read more: [Password Sharing with Organizations ](https://bitwarden.com/blog/post/password-sharing-with-organizations/) #### Collections
## Assign an Administrative Seat to Every Organization Collections gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/article/share-to-a-collection) within an Organization. Some common methods for constructing scalable Collections include **Collections by Department** (i.e. users from the client's Marketing Team are assigned to a Marketing Collection), or **Collections by Function** (i.e. users from the client's Marketing Team are assigned to a Social Media Collection):
Once an Organization is created for each business, assign one or multiple seats as an Administrative Seat for each Organization. This administrative seat allows MSPs to maintain the account, processes, and organize passwords on behalf of clients.
Further, this administrative role on behalf of a client enables MSPs to provide a wide range of value added services to clients. Some of these services may include Organization design and implementation, onboarding training, Directory services, groups and collection management, and others. {% image /organizations/collections-graphic-1.png Collections %}
Multiple owners can be assigned to an Organization. We recommend this approach of multiple owners and administrators for redundancy and full coverage. [Learn how to create Collections]({{site.baseurl}}/article/about-collections/#create-a-collection).
## Build Collections #### Groups
Once an Organization is configured, start adding passwords and then organizing passwords into Collections.
Collections are a set of related items, such as logins, shared within an Organizations Vault. Managing Collections is a simple way to separate, grant, or limit access to Vault items in Bitwarden, thereby controlling user visibility of resources. Teams and Enterprise Organizations can also institute Groups, which relate together individual users to provide a scalable way to assign permissions, including access to [Collections]({{site.baseurl}}/article/about-collections) and other [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control). One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:
Read more: [How to Effectively Manage Bitwarden Collections](https://bitwarden.com/help/article/how-to-manage-collections/) {% image /organizations/collections-graphic-2.png Groups %}
## Start Sharing [Learn how to create Groups]({{site.baseurl}}/article/about-groups/#create-a-group).
Share items by creating them within the Organizational Vault, or creating them in a Personal Vault and then sharing them with the Organization. We recommend the former, starting in the Organizational Vault, and putting passwords into a Collection as soon as possible.
Read more: [Share within an Organization](https://bitwarden.com/help/article/getting-started-organizations/#7-sharing-within-an-organization) ### Share Vault items
## User Management With Collections now created, and a plan for connecting users to credentials using Groups, you can start adding data to the Organization. You can [import data directly to the Organization]({{site.baseurl}}/article/import-to-org/) or [manually add and share]({{site.baseurl}}/article/share-to-a-collection/) data.
These user management strategies apply to MSPs as well as end-users and Clients.
### Onboarding and Deprovisioning ### User Management
Adding a new user to an Organization involves three steps: Invite, Accept, and Confirm. To remove a user from an Organization, select the Remove option from the options menu for that user.
Read more: [Managing Users for your Organization](https://bitwarden.com/help/article/managing-users/) MSP teams can manage Organization users manually or using Directory Connector to sync users and Groups from existing directory services (LDAP, AD, etc.). For most MSP clients, Directory Connector is the recommended method:
### Adding and Removing User Seats
Administrators and owners can add or remove user seats at any time.
Read more: [User Seat Management for your Organization](https://bitwarden.com/help/article/user-seats/) {% image /directory-connector/dc-diagram.png Directory Connector %}
### Syncing Users and Groups with a Directory
The Bitwarden Directory Connector synchronizes with outside directories of users and/or groups. This function can save time by automatically provisioning and deprovision users, groups, and group associations from the existing user directory.
Directory Sync can be configured on a per-Organization basis. Prepare to onboard users by ensuring your Organization has the correct [number of user seats]({{site.baseurl}}/article/managing-users/#manage-user-seats). Then, onboard users:
Read more: [Syncing Users and Groups with a Directory](https://bitwarden.com/help/article/directory-sync/) - [Directly from the Web Vault]({{site.baseurl}}/article/managing-users/#onboard-users)
## Best Practices and Other Information - [Using Directory Connector]({{site.baseurl}}/article/directory-sync)
## MSP Best Practices
### Pricing for Partners ### Pricing for Partners
Whether youre reselling or using Bitwarden on behalf of clients, Bitwarden offers a transparent pricing model. Price is based on per user per month, and is not dependent on the deployment method (cloud, private cloud, or self-host). Volume discounts start at 500 seats. Whether youre reselling or using Bitwarden on behalf of clients, Bitwarden offers a transparent pricing model. Price is based on per user per month, and is not dependent on the deployment method (cloud, private cloud, or self-host). Volume discounts start at 500 seats.
### Invoicing ### Invoicing
Bitwarden will invoice based on Organization Seats for yearly subscriptions and an invoice will be sent to the Billing Contact on your Account. With many of our MSPs, they add on or charge for additional services, so they prefer to handle billing their own clients. Bitwarden will invoice based on Organization Seats for yearly subscriptions and an invoice will be sent to the Billing Contact on your Account. With many of our MSPs, they add on or charge for additional services, so they prefer to handle billing their own clients.
### Value-Added Services ### Value-Added Services
Partners have complete flexibility for how they want to structure additional services for Clients. Some examples of services are organization consulting and implementation, onboarding training, Collections management, Support, and Reporting. If youd like to see an example of how to structure an invoice for your client, [contact us](https://bitwarden.com/contact/). Partners have complete flexibility for how they want to structure additional services for Clients. Some examples of services are organization consulting and implementation, onboarding training, Collections management, Support, and Reporting. If youd like to see an example of how to structure an invoice for your client, [contact us](https://bitwarden.com/contact/).
### Cross-Platform Accessibility ### Cross-Platform Accessibility
One of the best parts about Bitwarden is that end-users can access it anytime, anywhere, from any device and any platform. One of the best parts about Bitwarden is that end-users can access it anytime, anywhere, from any device and any platform.
Encourage clients and end-users to [download](https://bitwarden.com/download/) Bitwarden for the operating systems and browsers they use the most. Encourage clients and end-users to [download](https://bitwarden.com/download/) Bitwarden for the operating systems and browsers they use the most.
### Training ### Training
Bitwarden is easy-to-use no matter if you are highly technical or more of a typical computer user. There are many [training videos](https://www.youtube.com/c/Bitwarden/videos) on the Bitwarden YouTube channel. Bitwarden is easy-to-use no matter if you are highly technical or more of a typical computer user. There are many [training videos](https://www.youtube.com/c/Bitwarden/videos) on the Bitwarden YouTube channel.
Additionally, Bitwarden hosts webcasts, demos, and Vault hours (our version of “office hours”) to regularly keep in touch with our customers and provide educational opportunities. Stay up-to-date on these events by following us on [Twitter](https://twitter.com/bitwarden). Additionally, Bitwarden hosts webcasts, demos, and Vault hours (our version of “office hours”) to regularly keep in touch with our customers and provide educational opportunities. Stay up-to-date on these events by following us on [Twitter](https://twitter.com/bitwarden).
### Company Credentials and Personal Credentials ### Company Credentials and Personal Credentials
Bitwarden recommends every end-user take advantage of their personal Vault to store their private information and secrets. Bitwarden recommends every end-user take advantage of their personal Vault to store their private information and secrets.
Company credentials should be stored in the Organizational Vault and put into a Collection appropriate for team use. Personal credentials should be stored in personal Vaults. This way, if an end-user parts way with the company, both parties can ensure smooth success. The employee retains access to their personal items, but will not have access to Organizational items. Company credentials should be stored in the Organizational Vault and put into a Collection appropriate for team use. Personal credentials should be stored in personal Vaults. This way, if an end-user parts way with the company, both parties can ensure smooth success. The employee retains access to their personal items, but will not have access to Organizational items.

31
_articles/organizations/employee-onboarding-and-succession-white-paper.md
View File

@@ -40,7 +40,7 @@ Specifically, this means that if a user forgets their main Bitwarden password, t
{% callout note %} {% callout note %}
Bitwarden is planning a feature in mid-2021 to enable Enterprises to reset their Organization user passwords. This will not impact individual personal accounts that are not connected to an Enterprise organization with this upcoming feature enabled. Bitwarden is planning a feature in mid-2021 to enable Enterprises to reset their Organization user passwords. This will not impact individual personal accounts that are not connected to an Enterprise organization with this upcoming feature enabled.
{% endcallout %} {% endcallout %}
{% callout note %} {% callout note %}
Bitwarden has an Emergency Access feature which can allow a designated user to view or take over your Personal Vault. While not intended as a password-reset feature, some Bitwarden users have found this to be a helpful option. Setting an Emergency Access designee is part of our Premium Account which is also included with any of our Family, Teams, or Enterprise plans. See our [help note on Emergency Access](https://bitwarden.com/help/article/emergency-access/). Bitwarden has an Emergency Access feature which can allow a designated user to view or take over your Personal Vault. While not intended as a password-reset feature, some Bitwarden users have found this to be a helpful option. Setting an Emergency Access designee is part of our Premium Account which is also included with any of our Family, Teams, or Enterprise plans. See our [help note on Emergency Access](https://bitwarden.com/help/article/emergency-access/).
@@ -64,7 +64,7 @@ A Personal Vault is the account owners own responsibility. They can set up Emerg
A Personal Vault is just that, personal. It is not intended for permanent sharing. That is the domain of Bitwarden Organizations in our next section. A Personal Vault is just that, personal. It is not intended for permanent sharing. That is the domain of Bitwarden Organizations in our next section.
{% image ../images/onboarding-succession/bitwarden-individual-personal-vault.png The Bitwarden Individual Personal Vault can be accessed by its owner from any Bitwarden Client. %} {% image ../images/onboarding-succession/bitwarden-individual-personal-vault.png The Bitwarden Individual Personal Vault can be accessed by its owner from any Bitwarden Client. %}
### Starting or joining an Organization ### Starting or joining an Organization
Any Bitwarden user can start an Organization using the web vault. Any Bitwarden user can start an Organization using the web vault.
@@ -73,9 +73,9 @@ Any Bitwarden user can start an Organization using the web vault.
{% image ../images/onboarding-succession/settings-organization-new.png Launching a new Organization from the web vault %} {% image ../images/onboarding-succession/settings-organization-new.png Launching a new Organization from the web vault %}
The person that launches the Organization will be the Owner with full control of the Organization and its members. At the same time every Bitwarden user receives a Personal Vault. The Organization owner does not have the ability to see any other individual Personal Vault by design. The person that launches the Organization will be the Owner with full control of the Organization and its members. At the same time every Bitwarden user receives a Personal Vault. The Organization owner does not have the ability to see any other individual Personal Vault by design.
In this case, employees can be guaranteed that the Personal Vault remains their own. An Organization owner cannot access it due to the encryption model in place within Bitwarden, where individual users maintain the key to decrypt their Personal Vault. In this case, employees can be guaranteed that the Personal Vault remains their own. An Organization owner cannot access it due to the encryption model in place within Bitwarden, where individual users maintain the key to decrypt their Personal Vault.
{% callout note %} {% callout note %}
There is an enterprise policy for the Organization owner to disable the Personal Vault, highlighting the balance between a more centralized compared to a dynamic approach. There is an enterprise policy for the Organization owner to disable the Personal Vault, highlighting the balance between a more centralized compared to a dynamic approach.
@@ -113,11 +113,11 @@ Groups help administer user permissions one level up from individual users. You
### A comprehensive role based access control approach ### A comprehensive role based access control approach
Bitwarden takes an enterprise friendly approach to sharing at scale. Users can be added to the Organization in different roles, belong to different Groups, and have those Groups assigned to various Collections. Bitwarden also enables a custom role for more granular permissions regarding administrative tasks. Please see this article for more detail on [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/) Bitwarden takes an enterprise friendly approach to sharing at scale. Users can be added to the Organization in different roles, belong to different Groups, and have those Groups assigned to various Collections. Bitwarden also enables a custom role for more granular permissions regarding administrative tasks. Please see this article for more detail on [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/)
## Offboarding Users ## Offboarding Users
Lets explore the standard sequence to offboard an employee. Lets explore the standard sequence to offboard an employee.
{% callout note %} {% callout note %}
At Bitwarden, we see sharing of credentials as a vital aspect to get work done efficiently and securely. We also recognize that once a credential is shared, it is technically possible for the recipient to keep that credential. At Bitwarden, we see sharing of credentials as a vital aspect to get work done efficiently and securely. We also recognize that once a credential is shared, it is technically possible for the recipient to keep that credential.
@@ -147,7 +147,7 @@ When an employee such as the person above is removed from the Organization the f
- Once removed from the Organization, any online client such as the mobile app, desktop app, or web extension will no longer show that Organization or any Organizational Collections - Once removed from the Organization, any online client such as the mobile app, desktop app, or web extension will no longer show that Organization or any Organizational Collections
**Collection 1** **Collection 1**
- Will no longer be visible - Will no longer be visible
**Collection 2** **Collection 2**
- Will no longer be visible. Ownership of the Collection remains with the Organization Admins and Owners. This employee will no longer have access to Collection 2 - Will no longer be visible. Ownership of the Collection remains with the Organization Admins and Owners. This employee will no longer have access to Collection 2
@@ -190,7 +190,7 @@ The Directory Connector, Login with SSO, and Web Vault Administration all work i
#### Directory Connector - **Synchronization** - Teams and Enterprise plans #### Directory Connector - **Synchronization** - Teams and Enterprise plans
- LDAP Groups synced to Bitwarden Groups - LDAP Groups synced to Bitwarden Groups
- Users within groups get invitations - Users within groups get invitations
#### Directory Connector - **Invitations** - Teams and Enterprise plans #### Directory Connector - **Invitations** - Teams and Enterprise plans
- Users receive an invitation to join the Organization - Users receive an invitation to join the Organization
@@ -224,7 +224,7 @@ When using Bitwarden and Login with SSO and logging in:
* Decryption of the Vault Contents still requires the users individual key and a password specifically for encryption and decryption * Decryption of the Vault Contents still requires the users individual key and a password specifically for encryption and decryption
* This security model ensures that customers can choose their own Identity Provider and have * This security model ensures that customers can choose their own Identity Provider and have
* the ability to provision users automatically * the ability to provision users automatically
* full access to the entirety of the Bitwarden client suite * full access to the entirety of the Bitwarden client suite
* the ability to decrypt vault contents while offline * the ability to decrypt vault contents while offline
* the option to configure access with or without SSO * the option to configure access with or without SSO
* the option to retain a personal vault * the option to retain a personal vault
@@ -234,7 +234,7 @@ Using Login with SSO, new Bitwarden users can log in to their Bitwarden Vault us
Since users go through a validated authentication process, they will be in the **Accepted** status within the Organization management settings. Since users go through a validated authentication process, they will be in the **Accepted** status within the Organization management settings.
If a user is removed from the companys Identity Provider, the user will no longer be able to authenticate with that path. If a user is removed from the companys Identity Provider, the user will no longer be able to authenticate with that path.
### The Bitwarden Web Vault for Organization Administration ### The Bitwarden Web Vault for Organization Administration
Every Bitwarden Teams and Enterprise Organization comes with the ability to manage Every Bitwarden Teams and Enterprise Organization comes with the ability to manage
@@ -275,7 +275,7 @@ Bitwarden includes events associated with
For more information, please see [Event Logs](https://bitwarden.com/help/article/event-logs/) on the Bitwarden help site. For more information, please see [Event Logs](https://bitwarden.com/help/article/event-logs/) on the Bitwarden help site.
### Option to self-host Bitwarden ### Option to self-host Bitwarden
In keeping with the Bitwarden approach to offer password management across all clients, providing an option In keeping with the Bitwarden approach to offer password management across all clients, providing an option
to self-host addresses an even wider range of use cases for Enterprises. to self-host addresses an even wider range of use cases for Enterprises.
There are many reasons for companies to choose to self-host. Specifically when it comes to onboarding, offboarding, and enhanced features, here are some of the reasons companies choose to do so There are many reasons for companies to choose to self-host. Specifically when it comes to onboarding, offboarding, and enhanced features, here are some of the reasons companies choose to do so
@@ -293,7 +293,7 @@ There are many reasons for companies to choose to self-host. Specifically when i
In addition to these benefits, customers appreciate the ability to tightly integrate Bitwarden into their existing systems. Bitwarden features In addition to these benefits, customers appreciate the ability to tightly integrate Bitwarden into their existing systems. Bitwarden features
A robust public [API](https://bitwarden.com/help/api/) A robust public [API](https://bitwarden.com/help/api/)
A fully featured command line interface ([CLI](https://bitwarden.com/help/article/cli/)) A fully featured command line interface ([CLI](https://bitwarden.com/help/article/cli/))
Together, these options deliver even more customization to fit with existing workflows. Together, these options deliver even more customization to fit with existing workflows.
@@ -303,10 +303,3 @@ Together, these options deliver even more customization to fit with existing wor
We often note that password management is people management, and Bitwarden wants to fit the workflows suited to your organization. By offering a wide range of options, shared via our open source approach, customers can rest assured that they can meet their own individual needs. We often note that password management is people management, and Bitwarden wants to fit the workflows suited to your organization. By offering a wide range of options, shared via our open source approach, customers can rest assured that they can meet their own individual needs.
To get started today with a free Enterprise or Teams trail, visit [bitwarden.com/pricing/business/](https://bitwarden.com/pricing/business/). To get started today with a free Enterprise or Teams trail, visit [bitwarden.com/pricing/business/](https://bitwarden.com/pricing/business/).

96
_articles/organizations/managing-users.md
View File

@@ -1,68 +1,100 @@
--- ---
layout: article layout: article
title: Add or Remove Users title: User Management
categories: [organizations] categories: [organizations]
featured: true featured: true
popular: false popular: false
tags: [] tags: []
order: 09 order: 05
--- ---
This article will guide you through the process of inviting or removing users from your Organization.
Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the **Bitwarden Directory Connector**. For more information, see [About Directory Connector]({% link _articles/directory-connector/directory-sync.md %}}). ## Manage User Seats
Invitations to an Organization will expire after 5 days, at which point the user will need to be re-invited. If you're self-hosting Bitwarden, you can configure the invitation expiration period. For more information, see [Configure Environment Variables]({% link _articles/hosting/environment-variables.md %}). Bitwarden [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations) allow you to add or remove user seats on-the-fly to best fit your business's needs. Only the [Organization Owner]({{site.baseurl}}/article/user-types-access-control/#user-types) can add and remove seats, as this directly affects your billing.
{% callout info %} {% callout info %}
**Free** Organizations and **Families** Organizations have a maximum number of users; 2 and 6 respectively. If you have a [Free or Families Organization]({{site.baseurl}}/article/about-organizations/#types-of-organizations), your user seats are pre-loaded and fixed at 2 and 6, respectively. Proceed to [Onboard Users](#onboard-users).
**Teams** Organizations and **Enterprise** Organizations must ensure that there are available users seats for their account before inviting users. For more information, see [Add or Remove User Seats for your Organization](https://bitwarden.com/help/article/user-seats/).
{% endcallout %} {% endcallout %}
## Invite Users ### Add Seats
{% callout warning %} To add seats to your Organization:
**For Enterprise Organizations**, Bitwarden recommends configuring Enterprise Policies prior to inviting users to ensure compliance on-entrance to your Organization. For more information, see [Enterprise Policies](https://bitwarden.com/help/article/policies/).
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Settings** tab and select **Subscription** from the left-hand menu.
3. Select the **Add Seats** button.
Adding user seats will adjust your future billing totals and immediately charge your payment method on file. That immediate charge will be pro-rated such that you'll only pay for the remainder of the billing cycle (month/year).
### Remove Seats
To remove seats from your Organization:
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Settings** tab and select **Subscription** from the left-hand menu.
3. Select the **Add Seats** button.
Removing user seats will adjust your future billing totals. The next charge will be pro-rated such that you are credited back for time not used by the already-paid-for seat.
## Onboard Users
To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite](#invite) &rarr; [Accept](#accept) &rarr; [Confirm](#confirm).
{% callout success %}
Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the [**Bitwarden Directory Connector**]({{site.baseurl}}/article/directory-sync).
{% endcallout %} {% endcallout %}
Complete the following steps to invite users to your Organization: ### Invite
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization. {% callout success %}
2. In your Organization, open the **Manage** tab and select **People** from the left menu. **For Enterprise Organizations**, we recommend configuring [Enterprise Policies]({{site.baseurl}}/article/policies) prior to inviting users to ensure compliance on-entrance to your Organization.
3. On the **People** screen, select the **Invite User** button. {% endcallout %}
To invite users to your Organization:
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Manage** tab and select **People** from the left-hand menu.
3. Select the {% icon fa-plus %} **Invite User** button:
{% image /organizations/org-people-invite.png Invite User %}
4. On the Invite User panel:
{% image /organizations/org-people-invite.png Select Invite User %}
4. On the **Invite User** panel:
- Enter the **Email** address where new users should receive invites. You can add up to 20 users at a time by comma-separating email addresses. - Enter the **Email** address where new users should receive invites. You can add up to 20 users at a time by comma-separating email addresses.
- Select the **User Type** to be applied to new users. User Type will determine what permissions these users will have at an Organizational level. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/). - Select the **User Type** to be applied to new users. [User Type]({{site.baseurl}}/article/user-types-access-control/#user-type) will determine what permissions these users will have at an Organizational level.
- Select the **Access Control** to be applied to new users. Access Control will determine which Collections these users will have access to, and what level of access within those Collections. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/). - Select the **Access Control** to be applied to new users. [Access Control]({{site.baseurl}}/article/user-types-access-control/#access-control) will determine which Collections these users will have access to, and what level of access within those Collections.
5. Click **Save** to invite the designated users to your Organization. 5. Click **Save** to invite the designated users to your Organization.
Once users have accepted the invitation, you will need to [Confirm Invited Users](#confirm-invited-users). ### Accept
### Invited Users Invited users will receive an email from Bitwarden inviting them to join the Organization. Clicking the link in the email will open a Bitwarden Client invitation window. **Log In** with an existing Bitwarden or **Create Account** to accept the invitation:
Invited users will receive an email from Bitwarden asking them to join the Organization. Clicking the **Join Organization Now** button in the email invitation will open a screen prompting users to **Log In** or **Create Account**. {% image organizations/user-accept-updated.png Invitation Window %}
{% image organizations/user-accept-updated.png %} {% callout warning %}
Invitations will expire after 5 days, at which point the user will need to be [re-invited](#invite). If you're self-hosting Bitwarden, you can configure the invitation expiration period [using an environment variable]({{site.baseurl}}/article/environment-variables/).
{% endcallout %}
If the user does not answer this invitation, it will expire after 5 days. ### Confirm
### Confirm Invited Users To confirm accepted invitations into your Organization:
Once a user has accepted the invitation to join the Organization, you'll need to **Confirm** their acceptance.
On the **People** screen for your Organization, users who have accepted invitations will have an `Accepted` status indicator next to their email address. Users who are invited but have not yet accepted will have an `Invited` status indicator next to their email address. 1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Manage** tab and select **People** from the left-hand menu.
3. Hover over the `Accepted` user and select the {% icon fa-cog %} gear dropdown:
Confirm an `Accepted` user by hovering over the user, selecting the gear dropdown, and selecting **Confirm** from the dropdown menu. {% image organizations/org-people-options-overlay.png Confirm an Accepted user %}
3. Select {% icon fa-check %} **Confirm**.
4. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** &rarr; **My Account**:
{% image organizations/org-people-options-overlay.png Confirm an Accepted user %} {% image fingerprint-phrase.png Sample Fingerprint Phrase %}
Selecting **Confirm** will open a panel asking you to verify the user's fingerprint phrase. For added security, ask the user to verify the fingerprint phrase before confirming them into your Organization. Once confirmed, the user will have access to all assigned Collections within the Organization. Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select **Submit**.
## Remove A User ## Offboard Users
To remove users from your Organization:
Complete the following steps to remove a user from your Organization:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization. 1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **People** from the left menu. 2. In your Organization, open the **Manage** tab and select **People** from the left menu.

244
_articles/organizations/onboarding-and-succession.md Normal file
View File

@@ -0,0 +1,244 @@
---
layout: article
title: Onboarding and Succession
categories: [organizations]
featured: true
popular: false
hidden: true
tags: [onboarding]
order: 10
---
## Password Management to fit your Business
Getting new employees up and running quickly drives productivity. Likewise, saying farewell properly drives assurance in the security of your business's systems and accounts. Whether your business leans towards consolidation and centralization, or prefers a flexible and dynamic environment, Bitwarden fits your needs.
This guide covers the Bitwarden approach to onboarding and succession planning for users in your Organization, starting with our approach to the relationship between users and Organizations, then covering the simplest use-cases for Onboarding and Offboarding, and finally and moving on to the levers and options at your disposal to fit Bitwarden to your needs.
## The Bitwarden Approach
The Bitwarden vision is to imagine a world where no one gets hacked. We carry this forward in our mission to help individuals and companies manage their sensitive information easily and securely. Bitwarden believes that:
- Basic password management for individuals can and should be **free**. We provide just that, a [basic free account for individuals]({{site.baseurl}}/article/about-bitwarden-plans/#free-individual).
- Individuals and Families should take an active role in their security using [TOTPs, Emergency Access, and other supporting security features]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual).
- Organizations can greatly improve their security profile through [Organizational password management and secure sharing]({{site.baseurl}}/article/about-bitwarden-plans/#bitwarden-for-your-business).
{% callout success %}
For Bitwarden, [different plans]({{site.baseurl}}/article/about-bitwarden-plans/) and options are connected and complementary, all originating in our vision of a hack-free world. Empowering everyone at work **and** at home with password management gets us one step closer to that goal.
{% endcallout %}
A key aspect of Bitwarden is that, unlike many software applications, everything in every a Vault is [end-to-end encrypted]({{site.baseurl}}/article/what-encryption-is-used/). To maintain this security model, every person using Bitwarden must have a unique account with a unique [Master Password]({{site.baseurl}}/article/master-password). Master Passwords should be **strong** and **memorable**.
Each user is in charge of their Master Password. Bitwarden is a Zero-knowledge encryption solution, meaning that the team at Bitwarden, as well as Bitwarden systems themselves, have no knowledge of, way to retrieve, or way to reset any Master Password.
{% callout success %}
Bitwarden is planning a feature in mid-2021 to enable Enterprises to reset their Organization user passwords. This will not impact individual personal accounts that are not connected to an Enterprise organization with this upcoming feature enabled.
{% endcallout %}
### Use Bitwarden Anywhere
Security everywhere means security anywhere, so the best password managers provide access across all your devices. Bitwarden supports a [range of client applications](https://bitwarden.com/download), any of which can be connected to our Cloud-hosted servers or a self-hosted server of your own:
{% image ../images/onboarding-succession/bitwarden-clients-cloud-server.png Bitwarden Clients/Servers %}
### Users' Personal Vaults
Anyone who creates a Bitwarden account will have their own Personal Vault. Accessible from any client application, Personal Vaults are unique to each user and only that user holds the key to access it, using a combination of their Email Address and Master Password. Personal accounts, and the personal [Vault items]({{site.baseurl}}/article/managing-items/) stored therein, are the account owners responsibility. Organization [Owners, Admins, and Managers]({{site.baseurl}}/article/user-types-access-control) cannot see any other user's Personal Vault by design, guaranteeing someone's personal data remains their own.
{% image ../images/onboarding-succession/bitwarden-individual-personal-vault.png Personal Vaults %}
Families, Teams, and Enterprise Organizations automatically provide members individually with premium features, like [Emergency Access]({{site.baseurl}}/article/emergency-access/) and [encrypted Attachment storage]({{site.baseurl}}/article/attachments/), which they can choose to use. A Personal Vault is just that, **Personal**, but Personal Vaults do not enable sharing, [Organization do](#bitwarden-organizations).
{% callout success %}
**Why provide Personal Vaults by default?**
Personal Vaults are an instrumental component of the [Bitwarden approach](#the-bitwarden-approach). Employees use a range of credentials every day, personally and professionally, and **habits formed in one area typically become habits in the other**. In our view, employees that use proper security practices in their personal lives will carry over that good behavior to their professional lives, **protecting your business** in the process.
Using the same tool in both areas helps that habit form faster and easier. Enterprise Organizations have the option to [configure policies](#), including to disable Personal Vaults.
{% endcallout %}
## Bitwarden Organizations
**Bitwarden Organizations** add a layer of collaboration and sharing to password management for your team or enterprise, allowing you to securely share common information like office wifi passwords, online credentials, or shared company credit cards. Secure sharing through Organizations is safe and easy.
{% image ../images/onboarding-succession/bitwarden-organization-collections.png %}
Anyone can start an Organization directly from the Web Vault:
{% image /organizations/new-org-button-overlay.png Create New Organization %}
Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. Whoever launches the Organization will be the [Owner]({{site.baseurl}}/article/user-types-access-control), giving them full control to oversee the **Vault**, to **Manage** users, [Collections](#), [Groups](#), and [Policies](#), to use a suite of Bitwarden **Tools**, and to configure the Organization's **Settings**:
{% image /getting-started/org-vault.png Organization Vault %}
### Collections
Bitwarden Organizations manage users and data in a scalable and secure fashion. Managing users and data on an individual basis is inefficient for large businesses and can leave room for error. To solve this, Organizations provide Collections and [Groups](#groups).
**Collections** gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/article/share-to-a-collection/) within an Organization:
{% image /organizations/collections-graphic-1.png Using Collections %}
### Onboarding Users
Once your Organization is established and Collections are setup to store your data, Owners and Administrators should invite new members. To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding new members, [Invite]({{site.baseurl}}/article/managing-users/#invite) &rarr; [Accept]({{site.baseurl}}/article/managing-users/#accept) &rarr; [Confirm]({{site.baseurl}}/article/managing-users/#confirm).
Users can be onboarded [directly from the Web Vault](#adding-users) or [using the Directory Connector](#directory-connector) application to sync individual users and [Groups](#groups).
#### Adding Users
In the simplest cases, users can be added to your Organization directly from the Web Vault. When adding users, you can designate which [Collection](#collections) to grant them access to, which [role](#comprehensive-role--based-access-controls) to give them, and more.
[Learn step-by-step how to add users to your Organization]({{site.baseurl}}/article/managing-users/#onboard-users).
Once users are fully onboarded to your Organization, you can assign access to your Organization's Vault data by assigning them to [Collections](#collections). Teams and Enterprise Organizations can assign users to [Groups](#groups) for scalable permissions assignment, and construct Group-Collection associations instead of assigning access on the individual level.
{% callout success %}
For large Organizations, [Directory Connector](#directory-connector) is the best way to onboard and offboard users at scale.
{% endcallout %}
#### Groups
Groups relate together individual users, and provide a scaleable way to assign permissions including access to [Collections](#collections) and other [access controls](#comprehensive-role--based-access-controls). When onboarding new users, add them to a Group to have them automatically inherit that Groups's configured permissions:
{% image /organizations/collections-graphic-2.png Using Collections with Groups %}
#### Comprehensive Role-based Access Controls
Bitwarden takes an enterprise-friendly approach to sharing at scale. Users can be added to the Organization with [a number of different roles]({{site.baseurl}}/article/user-types-access-control/), belong to different [Groups](#groups), and have those Groups assigned to various [Collections](#collections) to regulate access. Among the available roles is a [Custom Role]({{site.baseurl}}/article/user-types-access-control/#custom-role) for granular configuration of administrative permissions.
### Offboarding Users
At Bitwarden, we see sharing of credentials as a vital aspect to getting work done efficiently and securely. We also recognize that once a credential is shared, it is *technically* possible for the recipient to keep it. For that reason, secure onboarding using appropriate [role-based access controls](#comprehensive-role--based-access-controls) and [implementing policies](#) plays an important role in facilitating secure offboarding.
Offboarding users from Bitwarden involves removing users from your Organization, and like onboarding can be done [directly from the Web Vault](#adding-users) or in automated fashion [using the Directory Connector](#directory-connector).
### Sample Offboarding
Alice is a **Manager** in your Organization, which is hosted on the Bitwarden Cloud and uses company email addresses (e.g. `first-last@company.com`). Currently, this is how Jane uses Bitwarden:
|**Client Applications**|Uses Bitwarden on Mobile and a Browser Extension personally and professionally, and the Web Vault for occasional Organization-related work.|
|**Email & Master Password**|Logs in to Bitwarden using `alice@company.com` and `p@ssw0rD`.|
|**Personal Items**|Stores assorted personal items, including Logins and Credit Cards, in her Personal Vault.|
|**Permissions in the Organization**|As a [Manager]({{site.baseurl}}/articles/user-types-access-control/), Jane can manage many aspects of Collections.|
|**Two-step Login**|Uses Organization-wide [Duo 2FA]({{site.baseurl}}/article/setup-two-step-login-duo).|
|**Created Collections**|Created a Collection for her team, "Jane's Team Collection".|
|**Shared Items**|Created and shared several Vault items that are owned by by the Organization and reside in her team's Collection.|
#### Once Offboarded
When Jane is removed from your Organization:
|**Client Applications**|Can continue to use any Bitwarden application to access her Personal Vault, however **all will immediately lose access** to the Organization Vault, all Collections, and all shared items.|
|**Email & Master Password**|Can continue to log in using `alice@company.com` and `p@ssw0rD`, however since she won't have access to her `@company.com` inbox, she should be advised to change the email associated with her Bitwarden account.|
|**Personal Items**|Will still be able to use her Personal Vault and access the items stored therein.|
|**Permissions in the Organization**|Will **immediately lose all permissions over and access to** anything related to the Organization.|
|**Two-step Login**|Won't be able to use Organization Duo 2FA to access her Vault, but can setup one of our free Two-step Login options or upgrade to Premium for more.|
|**Created Collections**|Ownership of Collections and shared items **belongs to the Organization**, so Jane will lose access to "Jane's Team Collection" despite having created it.|
|**Shared Items**|Ownership of Collections and shared items **belongs to the Organization**, so Jane will lose access to all these items despite having created them.|
{% callout success %}
Offline devices cache a read-only copy of Vault data, including Organizational Vault data. If your anticipate malicious exploitation of this, credentials the employee had access to should be updated upon separation.
{% endcallout %}
## Designing your Organization for your Business
At Bitwarden, we often say that password management is people management, and we can fit the workflows suited to your Organization. By offering a wide range of options, shared via our open source approach, customers can rest assured that they can meet their own individual needs.
[Get started today](https://bitwarden.com/pricing/business/) with a free Enterprise or Teams trial.
### Directory Connector
For companies with large user-bases that operate using directory services (LDAP, AD, Okta, and others), Directory Connector can synchronize users and groups from the directory to the Bitwarden Organization. Directory Connector is a stand-alone application that can be run anywhere with access to your directories and to Bitwarden.
{% image onboarding-succession/bitwarden-directory-connector.png Directory Connector %}
Many Bitwarden Teams and Enterprise Organizations focus their onboarding efforts on the Directory Connector and use the Organization Vault administration areas to manage Group-Collection relationships.
Directory Connector will:
- Sync LDAP-based directory groups with Bitwarden Groups
- Sync users within each Group
- Invite new users to join the Organization
- Remove deleted users from the Organization
### Login with SSO
Bitwarden Enterprise Organizations can integrate with you existing Identity Provider (IdP) using SAML 2.0 or OIDC to allow members of your Organization to login to Bitwarden using SSO. Login with SSO separates user authentication from Vault decryption:
**Authentication** is completed to your chosen IdP and retains any two-factor authentication processes connected to that IdP. **Decryption** of Vault data requires the user's individual key, through the Master Password. Using Login with SSO, new Bitwarden users can authenticate into their Bitwarden Vault using their regular SSO credentials and perform decryption of this Vault with their newly created master password. Users that removed from your IdP will no longer be able to authenticate with that path.
This approach ensures that you can:
- Leverage your existing Identity Provider
- Protect the end-to-end encryption of your data
- Provision users automatically
- Configure access with or without SSO
- Decrypt Vault data wile offline
### Enterprise Policies
Enterprise Organizations can implement a variety of Policies designed to lay a secure foundation for any business. Policies include:
- **Two-step Login:** Require users to set up two-step login on their personal accounts.
- **Master Password:** Set minimum requirements for master password strength.
- **Password Generator:** Set minimum requirements for password generator configuration.
- **Single Organization:** Restrict users from being able to join any other organizations.
- **Personal Ownership:** Require users to save vault items to an organization by removing the personal ownership option.
{% callout success %}
The **Personal Ownership** policy, for example, fits into earlier discussion regarding the interplay between Personal Vaults and Organization Vaults. Some companies may desire the assurance of have all credentials retained in the Organization Vault. A possible implementation could involve allowing each individual user to have their own Collection, which unlike Personal Vaults could be overseen by Organization Owners and Admins.
{% endcallout %}
### Event Logs
Bitwarden Organizations include access to [Event Logs]({{site.baseurl}}/article/event-logs), which can be viewed directly from the Web Vault or [exported to be analyzed]({{site.baseurl}}/article/event-logs/#siem-and-external-systems-integrations) within security information and event management (SIEM) systems like Splunk. Event Logs include information about:
- User-Item interactions
- Changes made to Vault items
- Onboarding Events
- Organization Configuration Changes
- Much, much more
{% callout success%}
In addition to these benefits, customers appreciate the ability to tightly integrate Bitwarden into their existing systems. Bitwarden offers a robust public [API](https://bitwarden.com/help/api/) and a fully-featured command line interface ([CLI](https://bitwarden.com/help/article/cli/)) for further integration into existing Organization workflows.
{% endcallout %}
### Self-hosting
In keeping with the Bitwarden approach to offer password management anywhere and everywhere, Bitwarden provides an option
to self-host to address an even wider range of use cases for Enterprises. There are many reasons for a company to choose to self-host. Specifically when it comes to onboarding, offboarding, and enhanced features, here are some of the reasons companies choose to do so:
- **Immediate deletion of user accounts:** Because you control the server, users can be deleted entirely (including their Personal Vaults).
- **Network access control**: Organization Owners can determine which network access employees must use to access their Bitwarden server.
- **Advanced proxy settings:** Administrators can choose to enable or disable certain types of devices from accessing the Bitwarden Server.
- **Use an existing database cluster:** Connect to an existing Microsoft SQL Server database. Additional databases will be supported in the future.
- **Increase storage for file attachments and Bitwarden Send:** File attachments for Bitwarden items or Bitwarden Send are retained on user-provided storage.
## Put the Pieces Together
Directory Connector, Login with SSO, Enterprise Policies, and your Vault work well individually or in harmony to optimize your onboarding, offboarding, and Organization management experience. The following table details how that it might look to string together these pieces into one smooth process:
|Step|Description|
|----|-----------|
|**Synchronize**|Use Directory Connector to sync groups and users to Bitwarden from your existing directory service.|
|**Invite**|Directory Connector will automatically issue invitations to synced users.|
|**Authenticate**|Pair your Login with SSO implementation with the SSO Policy to require users to sign up with SSO when they accept their invitations.|
|**Administer**|Use the Web Vault interface to promote some users to different roles and to ensure Group-Collection relationships are configured to grant the right access to the right users.|
|**Re-synchronize**|Periodically re-run Directory Connector to remove users from Bitwarden that are no longer active in your directory service and to start onboarding for new hires.|
## FAQs
#### Q: If an employee already has a Bitwarden account, can we attach it to the Organization so they don't need another Bitwarden account?
**A:** Yes! You can. Some customers recommend that prior to attaching users to the Organization, that those users have a Bitwarden Vault attached to their company email. This choice is company-specific and either approach works.
#### Q: When an employee leaves, can we detach their account from the Organization so that they don't have access to company credentials anymore and they do not lose their personal credentials?
**A:** Yes! That's exactly what [offboarding entails](#offboarding-users).
#### Q: Can we prevent employees from duplicating credentials from the company Organization to their Personal Vault
**A:** Yes! Using our [comprehensive suite of role-based access controls]({{site.baseurl}}/article/user-types-access-control/#access-control) you can make credentials **Read Only** to prevent duplication.

6
_articles/organizations/share-to-a-collection.md
View File

@@ -1,16 +1,16 @@
--- ---
layout: article layout: article
title: Share a Vault Item title: Sharing
categories: [organizations] categories: [organizations]
featured: false featured: false
popular: false popular: false
hidden: false hidden: false
tags: [sharing, how to] tags: [sharing, how to]
order: 07 order: 04
--- ---
{% callout info %} {% callout info %}
In order to share items you need to be a member of an Organization. Learn more about [Organizations]({% link _articles/organizations/about-organizations.md %}) or learn how to [start your own two-person Organization]({% link _articles/organizations/create-an-organization.md %}). In order to share items you need to be a member of an Organization. Learn more about [Organizations]({% link _articles/organizations/about-organizations.md %}) or learn how to [start your own two-person Organization]({{site.baseurl}}/article/getting-started-organizations/).
{% endcallout %} {% endcallout %}
Sharing items with Bitwarden means putting them into a Collection, a structure used to gather together together Logins, Notes, Cards, and Identities for access by multiple users. There are a few different ways you can share an item to a Collection: Sharing items with Bitwarden means putting them into a Collection, a structure used to gather together together Logins, Notes, Cards, and Identities for access by multiple users. There are a few different ways you can share an item to a Collection:

31
_articles/organizations/user-seats.md
View File

@@ -1,31 +0,0 @@
---
layout: article
title: Add or Remove User Seats
categories: [organizations]
featured: true
popular: false
tags: []
order: 10
---
This article will guide you through the process of adding or removing user seats from your Bitwarden Teams or Enterprise Organization.
## Add User Seats
Complete the following steps to add user seats to your Organization:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Settings** tab and select **Subscription** from the left menu.
3. In the **User Seats** section, select the **Add Seats** button.
Adding user seats will result in adjustments to your billing totals and immediately charge your payment method on file. The first charge will be prorated for the remainder of the current billing cycle.
## Remove User Seats
Complete the following steps to remove user seats from your Organization:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Settings** tab and select **Subscription** from the left menu.
3. In the **User Seats** section, select the **Remove Seats** button.
Removing user seats will result in adjustments to your billing totals that will be prorated as credits toward your next billing charge.

2
_articles/organizations/user-types-access-control.md
View File

@@ -5,7 +5,7 @@ categories: [organizations]
featured: true featured: true
popular: false popular: false
tags: [user types, access control] tags: [user types, access control]
order: 11 order: 06
--- ---
Users in Bitwarden Organizations can be granted a variety of User Types and Access Controls in order to manage their permissions. Users in Bitwarden Organizations can be granted a variety of User Types and Access Controls in order to manage their permissions.

2
_articles/plans-and-pricing/enterprise-free-trial.md
View File

@@ -44,7 +44,7 @@ If you already have a Bitwarden account, complete the following steps to start y
Now that you've created your trial Enterprise Organization, we recommend that you: Now that you've created your trial Enterprise Organization, we recommend that you:
- [Add Users to your Organization](https://bitwarden.com/help/article/managing-users/) - [Add Users to your Organization](https://bitwarden.com/help/article/managing-users/)
- [Create a Collection](https://bitwarden.com/help/article/create-collections/) - [Create a Collection](https://bitwarden.com/help/article/about-collections/#create-a-collection)
- Use the [Business Portal](https://bitwarden.com/help/article/about-business-portal) to: - Use the [Business Portal](https://bitwarden.com/help/article/about-business-portal) to:
- Set up [Login with SSO](https://bitwarden.com/help/article/getting-started-with-sso) - Set up [Login with SSO](https://bitwarden.com/help/article/getting-started-with-sso)
- Create [Enterprise Policies](https://bitwarden.com/help/article/policies) - Create [Enterprise Policies](https://bitwarden.com/help/article/policies)

2
_articles/plans-and-pricing/upgrade-from-individual-to-org.md
View File

@@ -65,5 +65,5 @@ Complete the following steps to cancel your Premium Individual subscription:
Now that you've created your Organization, we recommend that you: Now that you've created your Organization, we recommend that you:
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users) - [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users)
- [Create a Collection](https://bitwarden.com/help/article/create-collections/) - [Create a Collection](https://bitwarden.com/help/article/about-collections/#create-a-collection)
- [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/) - [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/)

BIN
images/fingerprint-phrase.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
images/getting-started/collections.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
images/getting-started/org-vault.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
images/getting-started/verify-email.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
images/landing/blank.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.4 KiB

BIN
images/landing/msp.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
images/landing/poc-guide.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.7 KiB

BIN
images/onboarding-succession/bitwarden-clients-cloud-server.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 33 KiB

After

Width:  |  Height:  |  Size: 27 KiB

BIN
images/onboarding-succession/bitwarden-directory-connector.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 51 KiB

After

Width:  |  Height:  |  Size: 57 KiB

BIN
images/onboarding-succession/bitwarden-individual-personal-vault.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 40 KiB

BIN
images/onboarding-succession/bitwarden-organization-collections.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 48 KiB

After

Width:  |  Height:  |  Size: 56 KiB

BIN
images/organizations/new-org-button-overlay.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 41 KiB

BIN
images/organizations/org-people-invite.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 64 KiB

After

Width:  |  Height:  |  Size: 65 KiB

BIN
images/organizations/org-people-options-overlay.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 88 KiB

After

Width:  |  Height:  |  Size: 88 KiB

BIN
images/organizations/org-vault-admin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
images/organizations/orgstart/1-create-account-user-1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 408 KiB

BIN
images/organizations/orgstart/2-email-verified.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 310 KiB

BIN
images/organizations/orgstart/2-verify-email.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 309 KiB

BIN
images/organizations/orgstart/4-create-organization.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 269 KiB

BIN
images/organizations/orgstart/4-gotest-organization-vault.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 303 KiB

BIN
images/organizations/orgstart/4-personal-vault.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 321 KiB

BIN
images/organizations/orgstart/5-add-user-type-and-control.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 354 KiB

BIN
images/organizations/orgstart/5-add-user.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 301 KiB

BIN
images/organizations/orgstart/5-user-2-invited.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 246 KiB

BIN
images/organizations/orgstart/6-confirm-fingerprint-phrase.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 163 KiB

BIN
images/organizations/orgstart/6-confirming-users-with-accepted-invitations.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 280 KiB

BIN
images/organizations/orgstart/6-user-2-organization-vault-view.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 296 KiB

BIN
images/organizations/orgstart/7-add-Item-in-organization.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 306 KiB

BIN
images/organizations/orgstart/7-adding-a-secure-note.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 299 KiB

BIN
images/organizations/orgstart/7-secure-note-user-1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 314 KiB

BIN
images/organizations/orgstart/7-secure-note-user-2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 299 KiB

BIN
images/organizations/orgstart/7-sharing-items-with-organizations.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 668 KiB

BIN
images/organizations/personal-vault-org-enabled.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 94 KiB

BIN
images/organizations/shared-items.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

28
index.html
View File

@@ -50,25 +50,25 @@ title: Help Center
</h4> </h4>
<div class="card-body"> <div class="card-body">
<div class="icon-wrapper text-center align-items-center justify-content-around"> <div class="icon-wrapper text-center align-items-center justify-content-around">
<a class="icon-link" href="{{site.baseurl}}/article/about-organizations"> <a class="icon-link" href="{{site.baseurl}}/article/getting-started-organizations">
<img src="images/landing/organizations.png"> <img src="images/landing/organizations.png">
<p class="font-weight-bold">Organizations</p> <p class="font-weight-bold">Get Started with Organizations</p>
</a> </a>
<a class="icon-link" href="{{site.baseurl}}/article/directory-sync"> <a class="icon-link" href="{{site.baseurl}}/article/proof-of-concept">
<img src="images/landing/poc-guide.png">
<p class="font-weight-bold">Proof-of-Concept Checklist</p>
</a>
<a class="icon-link" href="{{site.baseurl}}/article/onboarding-and-succession">
<img src="images/landing/directory-sync.png"> <img src="images/landing/directory-sync.png">
<p class="font-weight-bold">Directory Sync</p> <p class="font-weight-bold">Onboarding & Succession</p>
</a> </a>
<a class="icon-link" href="{{site.baseurl}}/article/about-sso"> <a class="icon-link" href="{{site.baseurl}}/article/bitwarden-security-white-paper">
<img src="images/landing/sso.png">
<p class="font-weight-bold">Login with SSO</p>
</a>
<a class="icon-link" href="{{site.baseurl}}/article/install-on-premise">
<img src="images/landing/selfhost.png">
<p class="font-weight-bold">Self Host</p>
</a>
<a class="icon-link" href="{{site.baseurl}}/article/what-encryption-is-used">
<img src="images/landing/security.png"> <img src="images/landing/security.png">
<p class="font-weight-bold">Security</p> <p class="font-weight-bold">Security & Compliance</p>
</a>
<a class="icon-link" href="{{site.baseurl}}/article/deploying-bitwarden-as-a-msp">
<img src="images/landing/msp.png">
<p class="font-weight-bold">Bitwarden for MSPs</p>
</a> </a>
</div> </div>
</div> </div>