diff --git a/_articles/account/account-encryption-key.md b/_articles/account/account-encryption-key.md index 44a7d0fd..f2aed80f 100644 --- a/_articles/account/account-encryption-key.md +++ b/_articles/account/account-encryption-key.md @@ -7,7 +7,7 @@ popular: false tags: [encryption key, account] order: "04" redirect_from: - - /article/update-encryption-key/ + - /update-encryption-key/ --- Each unique Bitwarden account has an encryption key derived from your Master Password, according to the methods defined in [Encryption]({% link _articles/security/what-encryption-is-used.md %}). This encryption key is used to encrypt all Vault data. diff --git a/_articles/account/basic-auth-autofill.md b/_articles/account/basic-auth-autofill.md index c9c7ccf6..194cabeb 100644 --- a/_articles/account/basic-auth-autofill.md +++ b/_articles/account/basic-auth-autofill.md @@ -9,9 +9,9 @@ tags: [] order: "07" --- -Login prompts like the one pictured below, called "basic" or "native" authentication prompts, will be automatically auto-filled by the Bitwarden Browser Extension **if there is only 1 Login item with a** [**matching URI**]({{site.baseurl}}/article/uri-match-detection). You can also use the Browser Extension's {% icon fa-share-square %} **Launch** button to automatically open and log in to a basic auth-protected resource. +Login prompts like the one pictured below, called "basic" or "native" authentication prompts, will be automatically auto-filled by the Bitwarden Browser Extension **if there is only 1 Login item with a** [**matching URI**]({{site.baseurl}}/uri-match-detection). You can also use the Browser Extension's {% icon fa-share-square %} **Launch** button to automatically open and log in to a basic auth-protected resource. -Auto-filling on basic auth prompts will, by default, use the [Host]({{site.baseurl}}/article/uri-match-detection/#host) URI match detection option so that auto-filling is more restrictive. This can be changed by setting the [match detection option]({{site.baseurl}}/article/uri-match-detection/) for the relevant Vault item. +Auto-filling on basic auth prompts will, by default, use the [Host]({{site.baseurl}}/uri-match-detection/#host) URI match detection option so that auto-filling is more restrictive. This can be changed by setting the [match detection option]({{site.baseurl}}/uri-match-detection/) for the relevant Vault item. If more than one Login item with a matching URI is found, the Browser Extension will not be able to auto-fill your credentials and you will need to manually copy/paste your username and password to log in. diff --git a/_articles/account/forgot-master-password.md b/_articles/account/forgot-master-password.md index 656747b5..d9c7a0fd 100644 --- a/_articles/account/forgot-master-password.md +++ b/_articles/account/forgot-master-password.md @@ -10,7 +10,7 @@ order: "02" As described in the [Your Master Password]({% link _articles/account/master-password.md %}) article, Bitwarden has no knowledge of, way to retrieve, or way to reset your Master Password. -If you've already lost your Master Password, there is unfortunately no way for anyone to recover the account or the data stored in your Personal Vault unless you're enrolled in [Organization Master Password Reset]({{site.baseurl}}/article/admin-reset/). You will need to delete your account and start a new one. +If you've already lost your Master Password, there is unfortunately no way for anyone to recover the account or the data stored in your Personal Vault unless you're enrolled in [Organization Master Password Reset]({{site.baseurl}}/admin-reset/). You will need to delete your account and start a new one. {% callout success %} Before deleting your account: @@ -19,7 +19,7 @@ Before deleting your account: **Second**, if you're having issues logging in with a Bitwarden client application, try logging in using another type of client, or on another device. -**Third**, if you have a designated Trusted Emergency Contact established using [Emergency Access]({{site.baseurl}}/article/emergency-access/), get in contact with them to regain Read or Takeover access to your account. +**Third**, if you have a designated Trusted Emergency Contact established using [Emergency Access]({{site.baseurl}}/emergency-access/), get in contact with them to regain Read or Takeover access to your account. **Lastly**, if you're using any Bitwarden client applications (Mobile Apps, Browser Extensions, etc.), you should check whether any of these sessions are still logged in prior to deleting your account. If a client application is still logged in, you should manually catalogue your Vault items to preserve your data. {% endcallout %} diff --git a/_articles/account/managing-items.md b/_articles/account/managing-items.md index 9f414aab..a48d60ba 100644 --- a/_articles/account/managing-items.md +++ b/_articles/account/managing-items.md @@ -30,7 +30,7 @@ Effectively managing the items in your Vault is key to making sure that you secu {% capture logins %} ### Logins -Login items are most often used to store username and password combinations, and support [TOTP seeds]({{site.baseurl}}/article/authenticator-keys/) for Premium users. Whatever plan you're on, we recommend giving every Login a [URI for easy auto-fill]({{site.baseurl}}/article/uri-match-detection): +Login items are most often used to store username and password combinations, and support [TOTP seeds]({{site.baseurl}}/authenticator-keys/) for Premium users. Whatever plan you're on, we recommend giving every Login a [URI for easy auto-fill]({{site.baseurl}}/uri-match-detection): {% image manage-items/login-item.png Login Vault Item %} @@ -173,7 +173,7 @@ Master password re-prompt **is not** an encryption mechanism. This feature is an ## Move Items to an Organization -If you're a member of an [Organization]({{site.baseurl}}/article/about-organizations/), you can move Vault items to your Organization for sharing with other Organization members. Learn more about [Organizations]({{site.baseurl}}/article/about-organizations/), [Collections]({{site.baseurl}}/article/about-collections), and [Sharing]({{site.baseurl}}/article/sharing/). +If you're a member of an [Organization]({{site.baseurl}}/about-organizations/), you can move Vault items to your Organization for sharing with other Organization members. Learn more about [Organizations]({{site.baseurl}}/about-organizations/), [Collections]({{site.baseurl}}/about-collections), and [Sharing]({{site.baseurl}}/sharing/). ## Clone Vault Items diff --git a/_articles/account/master-password.md b/_articles/account/master-password.md index 4ff27162..dad237d5 100644 --- a/_articles/account/master-password.md +++ b/_articles/account/master-password.md @@ -7,7 +7,7 @@ popular: false tags: [master password, account] order: "01" redirect_from: - - /article/change-your-master-password/ + - /change-your-master-password/ --- ## About your Master Password diff --git a/_articles/directory-connector/directory-sync-cli.md b/_articles/directory-connector/directory-sync-cli.md index 97666946..c0a90424 100644 --- a/_articles/directory-connector/directory-sync-cli.md +++ b/_articles/directory-connector/directory-sync-cli.md @@ -48,7 +48,7 @@ To get started using the Bitwarden Directory Connector CLI: ### login -Use the `login` command to login to Directory Connector with your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/). There are a few ways to use the `login` command: +Use the `login` command to login to Directory Connector with your [Organization API Key]({{site.baseurl}}/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/user-types-access-control/). There are a few ways to use the `login` command: - By itself: diff --git a/_articles/directory-connector/directory-sync-desktop.md b/_articles/directory-connector/directory-sync-desktop.md index 9d84b40d..d066f28a 100644 --- a/_articles/directory-connector/directory-sync-desktop.md +++ b/_articles/directory-connector/directory-sync-desktop.md @@ -12,7 +12,7 @@ The Directory Connector Desktop App is a standalone desktop application that can {% image directory-connector/app.png Directory Connector Desktop App %} -Directory Connector is also available as a [CLI Tool]({{site.baseurl}}/article/directory-sync-cli). The Desktop App and CLI [share a database and configurations]({% link _articles/directory-connector/directory-sync-shared.md %}), so you may choose to use both, however simultaneous use is not recommended. +Directory Connector is also available as a [CLI Tool]({{site.baseurl}}/directory-sync-cli). The Desktop App and CLI [share a database and configurations]({% link _articles/directory-connector/directory-sync-shared.md %}), so you may choose to use both, however simultaneous use is not recommended. ## Getting Started @@ -30,8 +30,8 @@ To get started using the Directory Connector Desktop App: 1. On the Login screen, select **Settings**. 2. In the **Server URL** field, enter the domain name for your self-hosted instance with `https://`. For example, `https://your.domain.bitwarden.com`. 3. Select **Save**. -3. Log in to Directory Connector using your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/). -4. On the {% icon fa-cogs %} **Settings** tab, connect to your directory and configure [sync options]({{site.baseurl}}/article/user-group-filters/). This procedure will vary based on the directory in use, so refer to one of the following articles for instruction: +3. Log in to Directory Connector using your [Organization API Key]({{site.baseurl}}/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/user-types-access-control/). +4. On the {% icon fa-cogs %} **Settings** tab, connect to your directory and configure [sync options]({{site.baseurl}}/user-group-filters/). This procedure will vary based on the directory in use, so refer to one of the following articles for instruction: - [Sync with Active Directory or LDAP]({% link _articles/directory-connector/ldap-directory.md %}) - [Sync with Azure Active Directory]({% link _articles/directory-connector/azure-active-directory.md %}) @@ -39,7 +39,7 @@ To get started using the Directory Connector Desktop App: - [Sync with Okta]({% link _articles/directory-connector/okta-directory.md %}) - [Sync with OneLogin]({% link _articles/directory-connector/onelogin-directory.md %}) - {% callout success %}If you're re-configuring sync options, rather than setting them for the first time, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations ([learn more]({{site.baseurl}}/article/clear-sync-cache/)).{% endcallout %} + {% callout success %}If you're re-configuring sync options, rather than setting them for the first time, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations ([learn more]({{site.baseurl}}/clear-sync-cache/)).{% endcallout %} 5. On the {% icon fa-cogs %} **Settings** tab, select you Organization from the Organization dropdown. 6. **Perform a Test Sync**. To check that your directory connection and sync options are successfully configured and working as expected: @@ -60,6 +60,6 @@ Synced users will be invited to your Organization, and groups will be immediatel ### Automatic Sync -Automatic syncing will poll your directory based on the **Interval** specified in your [sync options]({{site.baseurl}}/article/user-group-filters/) as long as the application is open. If you exit or close the application, automatic sync polling will stop. +Automatic syncing will poll your directory based on the **Interval** specified in your [sync options]({{site.baseurl}}/user-group-filters/) as long as the application is open. If you exit or close the application, automatic sync polling will stop. To start automatic sync polling with Directory Connector, open the {% icon fa-dashboard %} **Dashboard** tab and select the {% icon fa-play %} **Start Sync** button. diff --git a/_articles/directory-connector/directory-sync.md b/_articles/directory-connector/directory-sync.md index 0e9cd14f..a2549098 100644 --- a/_articles/directory-connector/directory-sync.md +++ b/_articles/directory-connector/directory-sync.md @@ -12,10 +12,10 @@ order: "01" The Bitwarden Directory Connector application syncs users and groups to a Bitwarden Organization from a selection of directory services. Directory Connector **will automatically provision and de-provision users, groups, and group associations** from the source directory. -Directory Connector will issue invitations to synced users, however it will not automatically construct Bitwarden credentials based on any credentials stored in the source directory. Invited users will be required to follow the normal Organization [onboarding procedure]({{site.baseurl}}/article/managing-users/#onboard-users) and log in with the created Bitwarden Master Password. +Directory Connector will issue invitations to synced users, however it will not automatically construct Bitwarden credentials based on any credentials stored in the source directory. Invited users will be required to follow the normal Organization [onboarding procedure]({{site.baseurl}}/managing-users/#onboard-users) and log in with the created Bitwarden Master Password. {% callout info %} -Directory Connector functionality is available to **Teams** and **Enterprise** Organizations. To use Directory Connector, you must have access to your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) which can only be retrieved by an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/) and securely shared using [Bitwarden Send]({{site.baseurl}}/article/about-send/). +Directory Connector functionality is available to **Teams** and **Enterprise** Organizations. To use Directory Connector, you must have access to your [Organization API Key]({{site.baseurl}}/public-api/#authentication) which can only be retrieved by an [Organization Owner]({{site.baseurl}}/user-types-access-control/) and securely shared using [Bitwarden Send]({{site.baseurl}}/about-send/). {% endcallout %} {% image directory-connector/dc-diagram.png %} diff --git a/_articles/directory-connector/schedule-directory-sync.md b/_articles/directory-connector/schedule-directory-sync.md index 78fff735..54c844e9 100644 --- a/_articles/directory-connector/schedule-directory-sync.md +++ b/_articles/directory-connector/schedule-directory-sync.md @@ -18,7 +18,7 @@ In Unix-like environments, including Linux and macOS, use cron to schedule Direc When running a cron job, we recommend doing so as a dedicated Directory Connector user. Create a `bwdc` user if you haven't already, and add that user to the `etc/cron.allow` list. This will allow a non-Root user to set up and run cron jobs. -In order to continue, you will also need your Organization's [API Key]({{site.baseurl}}/article/public-api/#authentication) `client_id` and `client_secret`, which can be obtained by an Organization **Owner** from the Web Vault by navigating to Organization **Settings** → **My Organization**. +In order to continue, you will also need your Organization's [API Key]({{site.baseurl}}/public-api/#authentication) `client_id` and `client_secret`, which can be obtained by an Organization **Owner** from the Web Vault by navigating to Organization **Settings** → **My Organization**. ### Setup a Sync Script diff --git a/_articles/directory-connector/user-group-filters.md b/_articles/directory-connector/user-group-filters.md index 194a7e2c..0cecd1a9 100644 --- a/_articles/directory-connector/user-group-filters.md +++ b/_articles/directory-connector/user-group-filters.md @@ -29,7 +29,7 @@ Regardless of which directory you're syncing from, enable the **More than 2000 u {% image directory-connector/largesync.png Signal a Large Sync%} -You may also enable this option directly in the Directory Connector [configuration file]({{site.baseurl}}/article/directory-sync-shared/#config-file) (`data.json`) by setting `"largeImport": true`: +You may also enable this option directly in the Directory Connector [configuration file]({{site.baseurl}}/directory-sync-shared/#config-file) (`data.json`) by setting `"largeImport": true`: ``` "syncConfig": { diff --git a/_articles/faqs/autofill-faqs.md b/_articles/faqs/autofill-faqs.md index 0a7e3d24..46b40e93 100644 --- a/_articles/faqs/autofill-faqs.md +++ b/_articles/faqs/autofill-faqs.md @@ -34,8 +34,8 @@ order: "10" **A:** This most commonly occurs on iOS when you make a change to your device's biometrics settings (e.g. adding another finger to Touch ID). To resolve this error: -1. **If you have [PIN Code]({{site.baseurl}}/article/unlock-with-pin/) verification active**, disable it. +1. **If you have [PIN Code]({{site.baseurl}}/unlock-with-pin/) verification active**, disable it. 2. Log out of your Bitwarden mobile app. -3. Check that your device settings are [setup to use Bitwarden for autofill]({{site.baseurl}}/article/auto-fill-ios/#keyboard-auto-fill). +3. Check that your device settings are [setup to use Bitwarden for autofill]({{site.baseurl}}/auto-fill-ios/#keyboard-auto-fill). 4. Log back in to your Bitwarden mobile app. -5. Re-enable [PIN Code]({{site.baseurl}}/article/unlock-with-pin/) verification if you want to use it as a backup for [biometrics]({{site.baseurl}}/article/unlock-with-biometrics/). +5. Re-enable [PIN Code]({{site.baseurl}}/unlock-with-pin/) verification if you want to use it as a backup for [biometrics]({{site.baseurl}}/unlock-with-biometrics/). diff --git a/_articles/faqs/billing-faqs.md b/_articles/faqs/billing-faqs.md index f2f535e7..f963d4d6 100644 --- a/_articles/faqs/billing-faqs.md +++ b/_articles/faqs/billing-faqs.md @@ -24,15 +24,15 @@ For help selecting the right Bitwarden plan for you, refer to [What Plan is Righ ### Q: How do I view my billing information? -**A:** Viewing Billing information is different depending on whether you're viewing it for an Individual or Organization subscription. Use [Update Your Billing Information](https://bitwarden.com/help/article/update-billing-info/) to guide you through both processes. +**A:** Viewing Billing information is different depending on whether you're viewing it for an Individual or Organization subscription. Use [Update Your Billing Information](https://bitwarden.com/help/update-billing-info/) to guide you through both processes. ### Q: How do I delete my account? -**A:** We're sad to see you go! Use [Delete Your Account](https://help.bitwarden.com/article/delete-your-account/) to guide you through this process. +**A:** We're sad to see you go! Use [Delete Your Account](https://help.bitwarden.com/delete-your-account/) to guide you through this process. ### Q: How do I upgrade from an Individual subscription to an Organization? -**A:** Use [Upgrade from Individual to Organization](https://bitwarden.com/help/article/upgrade-from-individual-to-org/) to guide you through this process. +**A:** Use [Upgrade from Individual to Organization](https://bitwarden.com/help/upgrade-from-individual-to-org/) to guide you through this process. ### Q: How do I add or remove a user seat from my Organization? @@ -66,7 +66,7 @@ Legacy Families plans do not automatically provide premium features, so users wo ### Q: Can I pay with Bitcoin? -**A:** Yes! Refer to [Update Your Billing Information](https://bitwarden.com/help/article/update-billing-info/) for more information. +**A:** Yes! Refer to [Update Your Billing Information](https://bitwarden.com/help/update-billing-info/) for more information. [Contact Us](https://bitwarden.com/contact/) once you have added the credit for the subscription amount. We will generate and send you an invoice and activate the new account. You will also receive an invoice from our payment processor (BitPay) at the time the Bitcoin is sent. diff --git a/_articles/faqs/hosting-faqs.md b/_articles/faqs/hosting-faqs.md index b68e1b99..04793f69 100644 --- a/_articles/faqs/hosting-faqs.md +++ b/_articles/faqs/hosting-faqs.md @@ -45,7 +45,7 @@ Retrieve an installation id and key from [https://bitwarden.com/host](https://bi Check that your server name or FQDN has been proliferated to all `globalSettings_baseServiceUri__*` variables in `./bwdata/env/global.override.env`, and that your certificate contains a Subject Alternative Name (SAN) with the new server FQDN -If you are using Let's Encrypt certificate, you'll need to [Manually Update Your Certificate](https://bitwarden.com/help/article/certificates/#manually-update-a-lets-encrypt-certificate){:target="\_blank"}. +If you are using Let's Encrypt certificate, you'll need to [Manually Update Your Certificate](https://bitwarden.com/help/certificates/#manually-update-a-lets-encrypt-certificate){:target="\_blank"}. ## SMTP Configuration @@ -82,7 +82,7 @@ Check that the custom port values have been proliferated to `./bwdata/env/global ### Q: How do I add Bitwarden to system boot? -**A:** Before adding Bitwarden to system boot, complete [Docker Post-Installation](https://bitwarden.com/help/article/install-on-premise/#docker-post-installation-linux-only) to setup a dedicated `bitwarden` service account. +**A:** Before adding Bitwarden to system boot, complete [Docker Post-Installation](https://bitwarden.com/help/install-on-premise/#docker-post-installation-linux-only) to setup a dedicated `bitwarden` service account. Then, complete the following steps: diff --git a/_articles/faqs/org-faqs.md b/_articles/faqs/org-faqs.md index 7371e6e7..e9f3e888 100644 --- a/_articles/faqs/org-faqs.md +++ b/_articles/faqs/org-faqs.md @@ -11,9 +11,9 @@ order: "18" This article contains Frequently Asked Questions (FAQs) regarding **Organizations**. For more high-level information about **Organizations**, refer to the following articles: -- [About Organizations](https://bitwarden.com/help/article/about-organizations/) -- [About Collections](https://bitwarden.com/help/article/about-collections/) -- [About Groups](https://bitwarden.com/help/article/about-groups/) +- [About Organizations](https://bitwarden.com/help/about-organizations/) +- [About Collections](https://bitwarden.com/help/about-collections/) +- [About Groups](https://bitwarden.com/help/about-groups/) ## Organizations General @@ -37,7 +37,7 @@ Paid Organizations (Families, Teams, or Enterprise) automatically include premiu ### Q: What events are audited for my Organization? -**A:** For a full list of what's included in Bitwarden Event Logs, see [Event Logs](https://bitwarden.com/help/article/event-logs/). +**A:** For a full list of what's included in Bitwarden Event Logs, see [Event Logs](https://bitwarden.com/help/event-logs/). ### Q: Can I prevent users from self-registering into my Organization? @@ -66,7 +66,7 @@ Alternatively, you can unshare items by moving them to a different Collection wi ### Q: How do I hide a password from my Organization's users? -**A:** Use the **Hide Passwords** option in the **Access Control** section when adding new users or editing existing ones in order to hide a given Collection's passwords and hidden fields from them. For more information, see [Access Control](https://bitwarden.com/help/article/user-types-access-control/#access-control). +**A:** Use the **Hide Passwords** option in the **Access Control** section when adding new users or editing existing ones in order to hide a given Collection's passwords and hidden fields from them. For more information, see [Access Control](https://bitwarden.com/help/user-types-access-control/#access-control). ### Q: Does an item I move to the Organization stay after I leave? diff --git a/_articles/faqs/product-faqs.md b/_articles/faqs/product-faqs.md index 09bacfca..d271782b 100644 --- a/_articles/faqs/product-faqs.md +++ b/_articles/faqs/product-faqs.md @@ -8,7 +8,7 @@ hidden: false tags: [] order: "16" redirect_from: - - /article/change-your-email/ + - /change-your-email/ --- This article contains Frequently Asked Questions (FAQs) about general Vault Management and Bitwarden functionality. @@ -105,4 +105,4 @@ Clicking on the number will expose the historical password values in plain text ### Q: Can I print my Vault data? -**A:** Not directly from Bitwarden, however you can [export your Vault data]({{site.baseurl}}/article/export-your-data/) as a `.csv` or `.json` file and print it out from your text editor. +**A:** Not directly from Bitwarden, however you can [export your Vault data]({{site.baseurl}}/export-your-data/) as a `.csv` or `.json` file and print it out from your text editor. diff --git a/_articles/faqs/providers-faqs.md b/_articles/faqs/providers-faqs.md index 00e93f6b..2390c6ee 100644 --- a/_articles/faqs/providers-faqs.md +++ b/_articles/faqs/providers-faqs.md @@ -17,7 +17,7 @@ order: "08" ### Q: How are Client Organizations billed? -**A:** Currently, each Client Organization is billed separately using the payment method registered during [Client Organization creation]({{site.baseurl}}/article/client-org-setup/). In the future, we'll be developing functionality to aggregate billing across Client Organizations to improve the Provider experience. +**A:** Currently, each Client Organization is billed separately using the payment method registered during [Client Organization creation]({{site.baseurl}}/client-org-setup/). In the future, we'll be developing functionality to aggregate billing across Client Organizations to improve the Provider experience. ### What customer support do MSPs receive? @@ -41,7 +41,7 @@ The Provider Portal is an all-in-one portal, designed to streamline client manag ### Q: I'm already providing Bitwarden as a service for my clients, what do I need to do to move to the Provider Portal? -**A:** It's quick and easy! [Contact Us](https://bitwarden.com/contact/){:target="\_blank"} and a member of the Bitwarden team will issue you an invitation. Once in the Provider Portal, you can [add existing Client Organizations]({{site.baseurl}}/article/add-existing-client-org/) to begin centralizing client management. +**A:** It's quick and easy! [Contact Us](https://bitwarden.com/contact/){:target="\_blank"} and a member of the Bitwarden team will issue you an invitation. Once in the Provider Portal, you can [add existing Client Organizations]({{site.baseurl}}/add-existing-client-org/) to begin centralizing client management. ### Q: How many clients can I manage through the Provider Portal? @@ -61,11 +61,11 @@ The Provider Portal is an all-in-one portal, designed to streamline client manag ### Q: Is there a recommended workflow for onboarding new clients? -**A:** Yes! We've outlined one recommended workflow [here]({{site.baseurl}}/article/client-org-setup/). +**A:** Yes! We've outlined one recommended workflow [here]({{site.baseurl}}/client-org-setup/). ### Q: How does an MSP access Client Organizations? -**A:** MSPs can access all Client Organizations under management from the Provider Portal. Learn more [here]({{site.baseurl}}/article/manage-client-orgs/). +**A:** MSPs can access all Client Organizations under management from the Provider Portal. Learn more [here]({{site.baseurl}}/manage-client-orgs/). ### Q: Can an MSP administrator see or manage credentials for all clients? @@ -73,4 +73,4 @@ The Provider Portal is an all-in-one portal, designed to streamline client manag ### Q: Can we set default Enterprise Policies that apply to all clients? -**A:** Each Client Organization operates independently with individually configured policies. [Learn more about configuring Enterprise Policies]({{site.baseurl}}/article/policies/). +**A:** Each Client Organization operates independently with individually configured policies. [Learn more about configuring Enterprise Policies]({{site.baseurl}}/policies/). diff --git a/_articles/faqs/security-faqs.md b/_articles/faqs/security-faqs.md index 21187c27..d28ba358 100644 --- a/_articles/faqs/security-faqs.md +++ b/_articles/faqs/security-faqs.md @@ -8,9 +8,9 @@ hidden: false tags: [] order: "11" redirect_from: - - /article/why-should-i-trust-bitwarden/ - - /article/what-happens-if-bitwarden-is-hacked/ - - /article/can-bitwarden-see-my-passwords/ + - /why-should-i-trust-bitwarden/ + - /what-happens-if-bitwarden-is-hacked/ + - /can-bitwarden-see-my-passwords/ --- This article contains Frequently Asked Questions (FAQs) regarding **Security**. @@ -88,9 +88,9 @@ Bitwarden takes user security and privacy seriously. Bitwarden maintains secure, - Offline Vault sessions will expire after 30 days. - **Except** for mobile client applications, which will expire after 90 days. -- [Two-step Login]({{site.baseurl}}/article/setup-two-step-login) **Remember Me** selections will expire after 30 days. -- Directory Connector [sync cache]({{site.baseurl}}/article/clear-sync-cache/) will be cleared after 30 days. -- Organization invites will expire after 5 days. Self-hosted customers can configure this [using an environment variable]({{site.baseurl}}/article/environment-variables/#optional-variables). +- [Two-step Login]({{site.baseurl}}/setup-two-step-login) **Remember Me** selections will expire after 30 days. +- Directory Connector [sync cache]({{site.baseurl}}/clear-sync-cache/) will be cleared after 30 days. +- Organization invites will expire after 5 days. Self-hosted customers can configure this [using an environment variable]({{site.baseurl}}/environment-variables/#optional-variables). ### Questions Regarding Specific Client Apps @@ -120,7 +120,7 @@ When this **optional feature** is enabled, clipboard clear will clear any Bitwar ### Q: Why does the Browser Extension need `nativeMessaging` permission? **A:** -Version 1.48.0 of the browser extension enables [Biometric Unlock for Browser Extensions](https://bitwarden.com/help/article/biometrics/#browser-extensions). +Version 1.48.0 of the browser extension enables [Biometric Unlock for Browser Extensions](https://bitwarden.com/help/biometrics/#browser-extensions). This permission, also known as `nativeMessaging`, is safe to accept and allows the browser extension to communicate with the Bitwarden desktop app, which is required to enabled Unlock with Biometrics. @@ -128,7 +128,7 @@ Note that when your browser updates to this version, you may be asked to accept ### Q: Is Bitwarden FIPS Compliant? -**A:** Bitwarden uses [FIPS compliant libraries and cryptography](https://bitwarden.com/help/article/what-encryption-is-used/#invoked-crypto-libraries), however the Bitwarden platform has not performed any FIPs certifications. Most FIPS installations of Bitwarden leverage the self-hosting option to make evaluations (i.e. Cybersecurity Maturity Model Certification) easier. +**A:** Bitwarden uses [FIPS compliant libraries and cryptography](https://bitwarden.com/help/what-encryption-is-used/#invoked-crypto-libraries), however the Bitwarden platform has not performed any FIPs certifications. Most FIPS installations of Bitwarden leverage the self-hosting option to make evaluations (i.e. Cybersecurity Maturity Model Certification) easier. ### Q: Can I restrict access to Bitwarden to certain devices? diff --git a/_articles/faqs/send-faqs.md b/_articles/faqs/send-faqs.md index 10338ca5..856b23ca 100644 --- a/_articles/faqs/send-faqs.md +++ b/_articles/faqs/send-faqs.md @@ -22,7 +22,7 @@ Additionally, creation of file Sends requires your Email Address to be verified. ### Q: Why are Sends missing from my Send view? -**A:** By design, Sends are ephemeral. Each created Send has a **maximum lifespan of 31 days**, configurable when you [create a Send]({% link _articles/send/create-send.md %}) or at any time by editing it. When a Send's [Deletion Date]({{site.baseurl}}/article/send-lifespan/#deletion-date) is reached, it will be purged from Bitwarden systems and inaccessible to both the Sender and any recipients. +**A:** By design, Sends are ephemeral. Each created Send has a **maximum lifespan of 31 days**, configurable when you [create a Send]({% link _articles/send/create-send.md %}) or at any time by editing it. When a Send's [Deletion Date]({{site.baseurl}}/send-lifespan/#deletion-date) is reached, it will be purged from Bitwarden systems and inaccessible to both the Sender and any recipients. ### Q: What do the icons next to my Sends indicate? @@ -30,17 +30,17 @@ Additionally, creation of file Sends requires your Email Address to be verified. |Icon|Meaning| |----|-------| -|{% icon fa-key %}|This Send is [protected by a password]({{site.baseurl}}/article/send-privacy/#send-passwords).| -|{% icon fa-warning %}|This Send has been [manually disabled]({{site.baseurl}}/article/send-lifespan/#manually-disable-or-delete).| -|{% icon fa-clock-o %}|This Send has reached it's specified [Expiration Date]({{site.baseurl}}/article/send-lifespan/#expiration-date).| -|{% icon fa-ban %}|This Send has reached it's specified [Maximum Access Count]({{site.baseurl}}/article/send-lifespan/#maximum-access-count).| -|{% icon fa-trash %}|This Send has reached it's specified [Deletion Date]({{site.baseurl}}/article/send-lifespan/#deletion-date) and is **Pending Deletion**.| +|{% icon fa-key %}|This Send is [protected by a password]({{site.baseurl}}/send-privacy/#send-passwords).| +|{% icon fa-warning %}|This Send has been [manually disabled]({{site.baseurl}}/send-lifespan/#manually-disable-or-delete).| +|{% icon fa-clock-o %}|This Send has reached it's specified [Expiration Date]({{site.baseurl}}/send-lifespan/#expiration-date).| +|{% icon fa-ban %}|This Send has reached it's specified [Maximum Access Count]({{site.baseurl}}/send-lifespan/#maximum-access-count).| +|{% icon fa-trash %}|This Send has reached it's specified [Deletion Date]({{site.baseurl}}/send-lifespan/#deletion-date) and is **Pending Deletion**.| ### Q: Why is Send disabled for my Organization? -**A:** Bitwarden Enterprise Organizations include a [Disable Send policy]({{site.baseurl}}/article/policies/#disable-send), which Admins and Owners can use to toggle on/off Send functionality within their Organization. Contact your Admin or Owner to discuss your Organization's policies. +**A:** Bitwarden Enterprise Organizations include a [Disable Send policy]({{site.baseurl}}/policies/#disable-send), which Admins and Owners can use to toggle on/off Send functionality within their Organization. Contact your Admin or Owner to discuss your Organization's policies. -During the initial rollout of Send in March 2021, Organizations that already had the [Personal Ownership policy]({{site.baseurl}}/article/policies/#personal-ownership) enabled will find that the Disable Send policy was enabled for their Organizations. This was to allow for customers with this security profile to opt-in to Send on their own schedule. +During the initial rollout of Send in March 2021, Organizations that already had the [Personal Ownership policy]({{site.baseurl}}/policies/#personal-ownership) enabled will find that the Disable Send policy was enabled for their Organizations. This was to allow for customers with this security profile to opt-in to Send on their own schedule. If you do want to use Bitwarden Send as an end-to-end encrypted solution for ephemeral sharing within your Organization, all you need to do is turn the Disable Send policy off from the [Business Portal]({% link _articles/organizations/about-business-portal.md %}) or from your Organization's **Manage** → **Policies** page. @@ -48,4 +48,4 @@ Learn more about Send [here](https://bitwarden.com/products/send). ### Q: Can I disable Send for my Organization? -**A:** Enterprise Organizations can disable Send at any time using the [Disable Send policy]({{site.baseurl}}/article/policies/#disable-send). Admins and Owners can implement this policy from the [Business Portal]({% link _articles/organizations/about-business-portal.md %}) or from your Organization's **Manage** → **Policies** page. Enabling the policy will prevent Organization members from creating or editing any Sends. +**A:** Enterprise Organizations can disable Send at any time using the [Disable Send policy]({{site.baseurl}}/policies/#disable-send). Admins and Owners can implement this policy from the [Business Portal]({% link _articles/organizations/about-business-portal.md %}) or from your Organization's **Manage** → **Policies** page. Enabling the policy will prevent Organization members from creating or editing any Sends. diff --git a/_articles/faqs/sso-faqs.md b/_articles/faqs/sso-faqs.md index f29d5be3..5b35ed3e 100644 --- a/_articles/faqs/sso-faqs.md +++ b/_articles/faqs/sso-faqs.md @@ -11,8 +11,8 @@ order: "07" This article contains Frequently Asked Questions (FAQs) regarding **Login with SSO**. For more high-level information about **Login with SSO**, refer to the following articles: -- [Getting Started with Login with SSO](https://bitwarden.com/help/article/getting-started-with-sso/) -- [About the Business Portal](https://bitwarden.com/help/article/about-business-portal/) +- [Getting Started with Login with SSO](https://bitwarden.com/help/getting-started-with-sso/) +- [About the Business Portal](https://bitwarden.com/help/about-business-portal/) ## Using Login with SSO @@ -26,7 +26,7 @@ For more high-level information about **Login with SSO**, refer to the following ### Q: Can I still log in with my Master Password if my Organization has SSO enabled? - **A:** By default, yes, you can use your email address and Master Password to login to Bitwarden. However, if your Organization enables both the [Single Organization](https://bitwarden.com/help/article/policies/#single-organization) and [Single Sign-On Authentication](https://bitwarden.com/help/article/policies/#single-sign-on-authentication) policies, all non-administrator users will be required to login with SSO. + **A:** By default, yes, you can use your email address and Master Password to login to Bitwarden. However, if your Organization enables both the [Single Organization](https://bitwarden.com/help/policies/#single-organization) and [Single Sign-On Authentication](https://bitwarden.com/help/policies/#single-sign-on-authentication) policies, all non-administrator users will be required to login with SSO. ### Q: How does Login with SSO work for new users ("just-in-time")? @@ -53,15 +53,15 @@ For more high-level information about **Login with SSO**, refer to the following ### Q: What plans offer Login with SSO? -**A:** Only our current Enterprise Plan offers this feature. For more information, see [here](https://bitwarden.com/help/article/2020-plan-updates/). +**A:** Only our current Enterprise Plan offers this feature. For more information, see [here](https://bitwarden.com/help/2020-plan-updates/). ### Q: How do I upgrade my plan so that I can use Login with SSO? -**A:** [Contact Us](https://bitwarden.com/contact/) and select **Upgrade/Change Plan** from the **Subject** dropdown menu. We highly recommend you test Login with SSO by starting a [7 Day Enterprise Free Trial](https://bitwarden.com/help/article/enterprise-free-trial). +**A:** [Contact Us](https://bitwarden.com/contact/) and select **Upgrade/Change Plan** from the **Subject** dropdown menu. We highly recommend you test Login with SSO by starting a [7 Day Enterprise Free Trial](https://bitwarden.com/help/enterprise-free-trial). ### Q: I would like to test Login with SSO. If I decide I don't need it, can I revert to my Classic 2019 plan? -**A:** Unfortunately, we aren't able to revert you back to a Classic 2019 plan once you've upgraded. We recommend creating a new Organization to start a [7 Day Enterprise Free Trial](https://bitwarden.com/help/article/enterprise-free-trial/) to test Login with SSO outside of your Primary Organization. +**A:** Unfortunately, we aren't able to revert you back to a Classic 2019 plan once you've upgraded. We recommend creating a new Organization to start a [7 Day Enterprise Free Trial](https://bitwarden.com/help/enterprise-free-trial/) to test Login with SSO outside of your Primary Organization. ## Supportability diff --git a/_articles/faqs/twostep-faqs.md b/_articles/faqs/twostep-faqs.md index 88d170e8..49bab391 100644 --- a/_articles/faqs/twostep-faqs.md +++ b/_articles/faqs/twostep-faqs.md @@ -17,7 +17,7 @@ This article contains Frequently Asked Questions (FAQs) regarding **Two-step Log ### Q: Can I require my Organization's users to use Two-step Login? -**A:** You can require your Organization's users to use Two-step Login by enabling the [Two-step Login Policy]({{site.baseurl}}/article/policies/#two-step-login). Additionally, you can setup [Organization-wide Duo 2FA]({{site.baseurl}}/article/two-step-login-duo) to ensure that all of your users have a secure Two-step Login method at their disposal. +**A:** You can require your Organization's users to use Two-step Login by enabling the [Two-step Login Policy]({{site.baseurl}}/policies/#two-step-login). Additionally, you can setup [Organization-wide Duo 2FA]({{site.baseurl}}/two-step-login-duo) to ensure that all of your users have a secure Two-step Login method at their disposal. ### Q: Is FIDO U2F or FIDO2 WebAuthn supported on my iOS or Android App? @@ -27,7 +27,7 @@ This article contains Frequently Asked Questions (FAQs) regarding **Two-step Log **A:** In most cases, one of two things is happening: -1. You may be already logged in to Bitwarden and only unlocking your Vault. Two-step Login is required to **Log In** but not to **Unlock** your Vault. For more information on the difference between Logging In and Unlocking, see [Vault Timeout Action](https://bitwarden.com/help/article/vault-timeout/#vault-timeout-action). +1. You may be already logged in to Bitwarden and only unlocking your Vault. Two-step Login is required to **Log In** but not to **Unlock** your Vault. For more information on the difference between Logging In and Unlocking, see [Vault Timeout Action](https://bitwarden.com/help/vault-timeout/#vault-timeout-action). 2. You may have previously checked the **Remember me** checkbox on a device when accessing your Vault using Two-step Login. diff --git a/_articles/features/authenticator-keys.md b/_articles/features/authenticator-keys.md index 80f32158..a5e51658 100644 --- a/_articles/features/authenticator-keys.md +++ b/_articles/features/authenticator-keys.md @@ -12,7 +12,7 @@ The Bitwarden Authenticator is an alternative solution to dedicated authenticati {% callout info %}Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires Premium or membership to a Paid Organization (Families, Teams, or Enterprise).{% endcallout %} -If you're new to using TOTPs for Two-step Login, refer to the [Field Guide to Two-step Login](https://bitwarden.com/help/article/bitwarden-field-guide-two-step-login/#securing-important-websites) for more information. +If you're new to using TOTPs for Two-step Login, refer to the [Field Guide to Two-step Login](https://bitwarden.com/help/bitwarden-field-guide-two-step-login/#securing-important-websites) for more information. ## Generate TOTP Codes diff --git a/_articles/features/auto-fill-android.md b/_articles/features/auto-fill-android.md index 0187d5da..8b154d41 100644 --- a/_articles/features/auto-fill-android.md +++ b/_articles/features/auto-fill-android.md @@ -42,7 +42,7 @@ To enable the autofill service: You'll be prompted to confirm you trust Bitwarden. Tapping **OK** will let Bitwarden read content on the screen to know when to offer auto-fill. Learn more from [our blog post](https://bitwarden.com/blog/post/the-oreo-autofill-framework){:target="_blank"}. -**Autofill Service not working?** See [Troubleshooting the Autofill Service]({{site.baseurl}}/article/auto-fill-android-troubleshooting/#troubleshooting-the-autofill-service). +**Autofill Service not working?** See [Troubleshooting the Autofill Service]({{site.baseurl}}/auto-fill-android-troubleshooting/#troubleshooting-the-autofill-service). #### Inline Autofill @@ -80,7 +80,7 @@ To enable the accessibility method: {% callout warning %} If you're using Android 6+, you must also enable **Draw-Over**. -**Accessibility not working?** See [Troubleshooting the Accessibility Service]({{site.baseurl}}/article/auto-fill-android-troubleshooting/#troubleshooting-the-accessibility-service). +**Accessibility not working?** See [Troubleshooting the Accessibility Service]({{site.baseurl}}/auto-fill-android-troubleshooting/#troubleshooting-the-accessibility-service). {% endcallout %} #### Draw-Over diff --git a/_articles/features/auto-fill-browser.md b/_articles/features/auto-fill-browser.md index 9af6a8f8..b16e4eba 100644 --- a/_articles/features/auto-fill-browser.md +++ b/_articles/features/auto-fill-browser.md @@ -11,7 +11,7 @@ tags: [browser, auto-fill, autofill] {% callout success %} Most auto-fill functionality relies on the attribution of URIs to Login items. If you're unfamiliar with using URIs, see [Using URIs]({% link _articles/features/uri-match-detection.md %}). -Additionally, **basic authentication prompts** work a little differently than regular auto-fills. See our breakout article on [Basic Auth Prompts]({{site.baseurl}}/article/basic-auth-autofill) +Additionally, **basic authentication prompts** work a little differently than regular auto-fills. See our breakout article on [Basic Auth Prompts]({{site.baseurl}}/basic-auth-autofill) {% endcallout %} Bitwarden Browser Extensions have a unique **Tab** view, which automatically detects the URI (e.g. `myturbotax.intuit.com`) of the page displayed in the open tab and surfaces any Vault items with corresponding URIs. @@ -92,7 +92,7 @@ You can auto-fill items manually that don't have saved URIs by opening them in t ## TOTP Copy -If you use [Bitwarden Authenticator]({{site.baseurl}}/article/authenticator-keys/), Bitwarden will automatically copy a Login item's TOTP code to the clipboard when the Login item is autofilled by any of the above methods. +If you use [Bitwarden Authenticator]({{site.baseurl}}/authenticator-keys/), Bitwarden will automatically copy a Login item's TOTP code to the clipboard when the Login item is autofilled by any of the above methods. {% callout success %} You can disable this option and set a custom interval with which to clear your clipboard from the Browser Extension's {% icon fa-cogs %} **Settings** tab: diff --git a/_articles/features/auto-fill-card-id.md b/_articles/features/auto-fill-card-id.md index 4566234a..50a8701b 100644 --- a/_articles/features/auto-fill-card-id.md +++ b/_articles/features/auto-fill-card-id.md @@ -8,7 +8,7 @@ popular: false tags: [browser, autofill, auto-fill, identity, card, form fill] --- -Bitwarden can do more than just [auto-fill your usernames and passwords]({% link _articles/features/auto-fill-browser.md %})! **Bitwarden Browser Extensions** can auto-fill [Cards]({{site.baseurl}}/article/managing-items/#cards) and [Identities]({{site.baseurl}}/article/managing-items/#identities) to simplify online purchases, account creation, and more using the [unique Tab view]({% link _articles/features/auto-fill-browser.md %}). +Bitwarden can do more than just [auto-fill your usernames and passwords]({% link _articles/features/auto-fill-browser.md %})! **Bitwarden Browser Extensions** can auto-fill [Cards]({{site.baseurl}}/managing-items/#cards) and [Identities]({{site.baseurl}}/managing-items/#identities) to simplify online purchases, account creation, and more using the [unique Tab view]({% link _articles/features/auto-fill-browser.md %}). {% callout info %}Currently, Autofill for Cards & Identities is **only available for Browser Extensions**. Mobile platforms including Android and iOS do not currently support this type of auto-fill function.{% endcallout %} diff --git a/_articles/features/auto-fill-ios.md b/_articles/features/auto-fill-ios.md index 0dbe8118..10a5e535 100644 --- a/_articles/features/auto-fill-ios.md +++ b/_articles/features/auto-fill-ios.md @@ -24,7 +24,7 @@ Auto-fill on iOS comes in two flavors: - **Browser App Extension**: Use this option to make Bitwarden auto-fill accessible *only* in Web Browser apps, like Safari, through the Share menu. {% callout success %} -It is currently not possible to use auto-fill on iOS if the [Vault Timeout Action]({{site.baseurl}}/article/vault-timeout/#vault-timeout-action) for the device is set to **Log Out** and your *only* enabled [Two-step Login Method]({{site.baseurl}}/article/setup-two-step-login) requires NFC (e.g. an NFC YubiKey), as iOS will not allow NFC inputs to interrupt auto-fill workflows. +It is currently not possible to use auto-fill on iOS if the [Vault Timeout Action]({{site.baseurl}}/vault-timeout/#vault-timeout-action) for the device is set to **Log Out** and your *only* enabled [Two-step Login Method]({{site.baseurl}}/setup-two-step-login) requires NFC (e.g. an NFC YubiKey), as iOS will not allow NFC inputs to interrupt auto-fill workflows. Either change your Vault Timeout Action to **Lock**, or enable another Two-step Login Method. {% endcallout %} @@ -50,7 +50,7 @@ To enable keyboard auto-fill on iOS: If a [matching Login]({% link _articles/features/uri-match-detection.md %}) is displayed, tap it to auto-fill. If the {% icon fa-key %} **Passwords** button is displayed, tap it to browse your Vault for the Login item to use. In cases where the {% icon fa-key %} **Passwords** button is displayed, it's probably because there isn't an item in your Vault with a [matching URI]({% link _articles/features/uri-match-detection.md %}). - {% callout info %}Are you getting a `Biometric unlock disabled pending verification of master password` message? [Learn what to do]({{site.baseurl}}/article/autofill-faqs/#q-what-do-i-do-about-biometric-unlock-disabled-pending-verification-of-master-password).{% endcallout%} + {% callout info %}Are you getting a `Biometric unlock disabled pending verification of master password` message? [Learn what to do]({{site.baseurl}}/autofill-faqs/#q-what-do-i-do-about-biometric-unlock-disabled-pending-verification-of-master-password).{% endcallout%} ### Browser App Extension Auto-fill diff --git a/_articles/features/blacklisting-uris.md b/_articles/features/blacklisting-uris.md index 2170e574..0ebc7624 100644 --- a/_articles/features/blacklisting-uris.md +++ b/_articles/features/blacklisting-uris.md @@ -31,7 +31,7 @@ Auto-fill relies on the attribution of URIs to Login items. If you're unfamiliar For websites accessed via a web browser, a proper URI will be the `https://..` address of the Login page, for example `https://twitter.com` or `https://twitter.com/login`. -**For Android Apps**, the [URI scheme]({{site.baseurl}}/article/uri-match-detection/#uri-schemes) always starts with `androidapp://` and is usually a bit different from a typical web browser URI. For example, +**For Android Apps**, the [URI scheme]({{site.baseurl}}/uri-match-detection/#uri-schemes) always starts with `androidapp://` and is usually a bit different from a typical web browser URI. For example, - The Twitter Android app has the URI `androidapp://com.twitter.android` - The Reddit Android app has the URI `androidapp://com.reddit.frontpage` diff --git a/_articles/features/custom-fields.md b/_articles/features/custom-fields.md index 50a566eb..039b83d7 100644 --- a/_articles/features/custom-fields.md +++ b/_articles/features/custom-fields.md @@ -11,7 +11,7 @@ order: "08" Custom fields, available for any [Vault item type]({% link _articles/account/managing-items.md %}), allow you to store additional well-structured data fields for a Vault item. Custom fields are saved as `Name:Value` pairs, and can be one of three types: - **Text**: Field value stores a freeform input (text, numbers, etc.) -- **Hidden**: Field value stores freeform input that is hidden from view (particularly useful for Organizations using the [Hide Password access control](https://bitwarden.com/help/article/user-types-access-control/#granular-access-control)). +- **Hidden**: Field value stores freeform input that is hidden from view (particularly useful for Organizations using the [Hide Password access control](https://bitwarden.com/help/user-types-access-control/#granular-access-control)). - **Boolean**: Field value stores a boolean value (true/false). ## Custom Fields for Keys diff --git a/_articles/features/disable-browser-autofill.md b/_articles/features/disable-browser-autofill.md index 5b505563..e86c0603 100644 --- a/_articles/features/disable-browser-autofill.md +++ b/_articles/features/disable-browser-autofill.md @@ -52,7 +52,7 @@ This page will also list any **Saved Passwords** that are being stored by the br {% image features/chrome-delete-passwords.png Chrome Saved Passwords %} -If you haven't already saved these passwords in Bitwarden, [export them]({{site.baseurl}}/article/import-from-chrome/#export-from-chrome) to prepare for future import to Bitwarden. Once exported, you should delete these passwords from the browser's storage. +If you haven't already saved these passwords in Bitwarden, [export them]({{site.baseurl}}/import-from-chrome/#export-from-chrome) to prepare for future import to Bitwarden. Once exported, you should delete these passwords from the browser's storage. {% endcapture %} {{ chrome | markdownify }} @@ -69,7 +69,7 @@ You should also find out which Logins Firefox has already saved by selecting the {% image features/firefox-delete.png Firefox Saved Logins %} -If you haven't already saved these passwords in Bitwarden, [export them]({{site.baseurl}}/article/import-from-firefox) for future import to Bitwarden. Once exported, you should {% icon fa-trash %} **Remove** these passwords from Firefox. +If you haven't already saved these passwords in Bitwarden, [export them]({{site.baseurl}}/import-from-firefox) for future import to Bitwarden. Once exported, you should {% icon fa-trash %} **Remove** these passwords from Firefox. {% endcapture %} {{ firefox | markdownify }} diff --git a/_articles/features/folders.md b/_articles/features/folders.md index a49bd296..1b5fed9a 100644 --- a/_articles/features/folders.md +++ b/_articles/features/folders.md @@ -8,7 +8,7 @@ tags: [categories, folders, sub-folders] order: "06" --- -Folders are structures used to organize your Personal Vault by gathering together Logins, Cards, Identities, and Secure Notes. Using Folders is a great way to make all Vault items easy to find. Any Vault item can be added to a Folder, including [items shared with you from an Organization]({{site.baseurl}}/article/sharing/). +Folders are structures used to organize your Personal Vault by gathering together Logins, Cards, Identities, and Secure Notes. Using Folders is a great way to make all Vault items easy to find. Any Vault item can be added to a Folder, including [items shared with you from an Organization]({{site.baseurl}}/sharing/). {% callout success %} Items added to a Folder will still appear in your Vault when {% icon fa-th %} **All Items** is selected from the Filter menu, and deleting a Folder **will not** delete the items in that Folder. @@ -98,7 +98,7 @@ To create a Folder, use the command: bw create folder ``` -You can edit an existing folder using `bw edit ` and delete one using `bw delete folder `. For more information, refer to our [CLI documentation]({{site.baseurl}}/article/cli). +You can edit an existing folder using `bw edit ` and delete one using `bw delete folder `. For more information, refer to our [CLI documentation]({{site.baseurl}}/cli). {% endcapture %} {{ cli_info | markdownify}} @@ -108,7 +108,7 @@ You can edit an existing folder using `bw edit ` and delete one using {% callout info %} If you're a member of an Organization, **Collections** will be shown below your Folders in the Filters menu. -There are similarities between Folders and Collections. **Folders organize your Personal Vault** (but can include [shared items]({{site.baseurl}}/article/sharing/)) and are unique to you, where Collections are shared between members of Organizations. +There are similarities between Folders and Collections. **Folders organize your Personal Vault** (but can include [shared items]({{site.baseurl}}/sharing/)) and are unique to you, where Collections are shared between members of Organizations. {% endcallout %} ### Nested Folders @@ -213,7 +213,7 @@ Using `edit` will require you to: - Manipulate the JSON object (specifically, the `folderId` attribute) with a [command-line JSON processor like jq](https://stedolan.github.io/jq/){:target="\_blank"}. - Use the `encode` command to encode changes to the JSON object. -If you're unfamiliar with using any of these parts, refer to our [CLI documentation]({{site.baseurl}}/article/cli). +If you're unfamiliar with using any of these parts, refer to our [CLI documentation]({{site.baseurl}}/cli). {% endcallout %} {% endcapture %} @@ -222,5 +222,5 @@ If you're unfamiliar with using any of these parts, refer to our [CLI documentat {% callout success %} -Items [shared with you from an Organization]({{site.baseurl}}/article/sharing/) can be added to your personal Folders, and doing so will only impact how the item appears in your Personal Vault (i.e. adding an item to a Folder won't give anyone access to that Folder, or change whether it's in a Folder in their Vaults). +Items [shared with you from an Organization]({{site.baseurl}}/sharing/) can be added to your personal Folders, and doing so will only impact how the item appears in your Personal Vault (i.e. adding an item to a Folder won't give anyone access to that Folder, or change whether it's in a Folder in their Vaults). {% endcallout %} diff --git a/_articles/features/uri-match-detection.md b/_articles/features/uri-match-detection.md index 171207f3..270d0c8c 100644 --- a/_articles/features/uri-match-detection.md +++ b/_articles/features/uri-match-detection.md @@ -30,7 +30,7 @@ Schemes include: - `androidapp://` references an Android Application Package ID or Name (e.g. `androidapp://com.twitter.android`) {% callout success %} -An easy way to obtain the proper URI for an Android app is to **use a web browser** to visit the App's page in the Google Play store. The URI for the app will appear in the URL as an `?id=` query parameter (e.g. `https://play.google.com/store/apps/details?id=com.twitter.android`). [Learn more]({{site.baseurl}}/article/blacklisting-uris/#android-app-uris). +An easy way to obtain the proper URI for an Android app is to **use a web browser** to visit the App's page in the Google Play store. The URI for the app will appear in the URL as an `?id=` query parameter (e.g. `https://play.google.com/store/apps/details?id=com.twitter.android`). [Learn more]({{site.baseurl}}/blacklisting-uris/#android-app-uris). {% endcallout %} ## Match Detection Options diff --git a/_articles/getting-started/create-bitwarden-account.md b/_articles/getting-started/create-bitwarden-account.md index 1a919dcc..fbbfa3b4 100644 --- a/_articles/getting-started/create-bitwarden-account.md +++ b/_articles/getting-started/create-bitwarden-account.md @@ -27,7 +27,7 @@ Once you've created your account, prompt Bitwarden to send you a verification em We recommend using any one of these resources to learn the ropes: -- [Get Started with the Web Vault]({{site.baseurl}}/article/getting-started-webvault/) -- [Get Started with Browser Extensions]({{site.baseurl}}/article/getting-started-browserext/) -- [Get Started with the Mobile Apps]({{site.baseurl}}/article/getting-started-mobile/) -- [Get Started with Desktop Apps]({{site.baseurl}}/article/getting-started-desktop/) +- [Get Started with the Web Vault]({{site.baseurl}}/getting-started-webvault/) +- [Get Started with Browser Extensions]({{site.baseurl}}/getting-started-browserext/) +- [Get Started with the Mobile Apps]({{site.baseurl}}/getting-started-mobile/) +- [Get Started with Desktop Apps]({{site.baseurl}}/getting-started-desktop/) diff --git a/_articles/getting-started/getting-started-mobile.md b/_articles/getting-started/getting-started-mobile.md index 2e739a32..aff41e39 100644 --- a/_articles/getting-started/getting-started-mobile.md +++ b/_articles/getting-started/getting-started-mobile.md @@ -8,8 +8,8 @@ hidden: false tags: [tutorial, getting started, mobile, android, ios] order: "04" redirect_from: - - /article/getting-started-android/ - - /article/getting-started-ios/ + - /getting-started-android/ + - /getting-started-ios/ --- Bitwarden's Mobile App lets you take your password manager on the go. Download Bitwarden from the App Store or Google Play Store, or by navigating to [get.bitwarden.com](https://get.bitwarden.com) on any device. diff --git a/_articles/getting-started/getting-started-organizations.md b/_articles/getting-started/getting-started-organizations.md index 49e0df19..3ec0ae18 100644 --- a/_articles/getting-started/getting-started-organizations.md +++ b/_articles/getting-started/getting-started-organizations.md @@ -19,25 +19,25 @@ This article will help you get started with a **free 2-person Organization** so ### What are Organizations? -Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/article/sharing/) of Logins, Notes, Cards, and Identities owned by the Organization. Organizations could be a family, team, company or any group of people that needs to securely share data. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/article/user-types-access-control/) can manage the Organization's items, users, and settings: +Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/sharing/) of Logins, Notes, Cards, and Identities owned by the Organization. Organizations could be a family, team, company or any group of people that needs to securely share data. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/user-types-access-control/) can manage the Organization's items, users, and settings: {% image organizations/org-vault-admin.png Organization Vault %} #### Comparing Organizations with Premium -The key thing to know is that Organizations enable **secure sharing from Organizations to users**. [Premium Individual plans]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.** +The key thing to know is that Organizations enable **secure sharing from Organizations to users**. [Premium Individual plans]({{site.baseurl}}/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.** Paid Organizations (Families, Teams, or Enterprise) automatically include those premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), etc.) for **every** user enrolled in the Organization. ## Setup Bitwarden Accounts -Free Bitwarden Organizations allow for 2 users to securely share Organization-owned credentials. You might use a free Organization to share with friend or partner, or to test Organizations before [upgrading to a different plan]({{site.baseurl}}/article/about-bitwarden-plans/). +Free Bitwarden Organizations allow for 2 users to securely share Organization-owned credentials. You might use a free Organization to share with friend or partner, or to test Organizations before [upgrading to a different plan]({{site.baseurl}}/about-bitwarden-plans/). Bitwarden provides applications on lots of devices, including Browser Extensions, Mobile Apps, Desktop Apps, and a CLI, but for the purposes of this guide we'll focus on the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}. **The Web Vault provides the richest Bitwarden experience** for administering your Organization. ### Sign up for Bitwarden -[Create a Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"}, and make sure that you pick a strong and memorable [Master Password]({{site.baseurl}}/article/master-password/). We even recommend writing down your Master Password and storing it in a safe location. +[Create a Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"}, and make sure that you pick a strong and memorable [Master Password]({{site.baseurl}}/master-password/). We even recommend writing down your Master Password and storing it in a safe location. {% callout success %} **Don't forget your Master Password!** Bitwarden is a Zero knowledge/Zero Trust solution, meaning that the team at Bitwarden, as well as Bitwarden systems themselves, have no knowledge of, way to retrieve, or way to reset your Master Password. @@ -52,7 +52,7 @@ Once your account is created, log in to your [Web Vault](https://vault.bitwarden In order to use your free 2-person Organization for secure sharing, you'll need to have 2 Bitwarden accounts. Once your first Bitwarden account is setup, follow the same procedure (or help your friend or partner to do so) to setup the other account. {% callout success %} -Bitwarden Organizations have a deep level of [user-level access controls]({{site.baseurl}}/article/user-types-access-control/). Whichever user you proceed to [setup your Organization](#setup-your-organization) with will be the **Owner**. +Bitwarden Organizations have a deep level of [user-level access controls]({{site.baseurl}}/user-types-access-control/). Whichever user you proceed to [setup your Organization](#setup-your-organization) with will be the **Owner**. {% endcallout %} ## Setup your Organization @@ -68,7 +68,7 @@ To setup your Organization: ### Get to know your Organization -Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. As the [Organization Owner]({{site.baseurl}}/article/user-types-access-control/), you'll be able to see your **Vault**, to **Manage** users and [Collections](#get-to-know-collections), to use some Bitwarden **Tools**, and to configure your Organization's **Settings**: +Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. As the [Organization Owner]({{site.baseurl}}/user-types-access-control/), you'll be able to see your **Vault**, to **Manage** users and [Collections](#get-to-know-collections), to use some Bitwarden **Tools**, and to configure your Organization's **Settings**: {% image getting-started/org-vault.png Organization Vault %} @@ -79,7 +79,7 @@ Collections are an important part of a Bitwarden Organization; they represent th {% image getting-started/collections.png Collections %} {% callout success %} -In a lot of ways, Collections are like the [Folders]({{site.baseurl}}/article/folders/) you might use to organize your Personal Vault. A key difference is that items that [belong to your Organization](#shared-items) **must be included in at least 1 Collection**. +In a lot of ways, Collections are like the [Folders]({{site.baseurl}}/folders/) you might use to organize your Personal Vault. A key difference is that items that [belong to your Organization](#shared-items) **must be included in at least 1 Collection**. {% endcallout %} ## Add a User to your Organization @@ -93,7 +93,7 @@ As the Organization Owner, invite a new member: 1. In your Organization Vault, open the **Manage** tab and select the {% icon fa-plus %} **Invite User** button: {% image organizations/org-people-invite.png %} -2. Enter the **Email** of your second member, which should match the email they [signed up for Bitwarden](#sign-up-for-bitwarden-again) with. You can also choose the [User Type]({{site.baseurl}}/article/user-types-access-control/#user-types) and [Access Controls]({{site.baseurl}}/article/user-types-access-control/#access-control) assigned to this user, including which [Collections](#get-to-know-collections) they can access. +2. Enter the **Email** of your second member, which should match the email they [signed up for Bitwarden](#sign-up-for-bitwarden-again) with. You can also choose the [User Type]({{site.baseurl}}/user-types-access-control/#user-types) and [Access Controls]({{site.baseurl}}/user-types-access-control/#access-control) assigned to this user, including which [Collections](#get-to-know-collections) they can access. 3. Select **Save** to send the invitation to the designated email address. Once your invitation is sent, inform your new member and help them [accept the invitation](#accept). @@ -119,7 +119,7 @@ Confirm accepted Organization to complete the loop: 3. Select any `Accepted` users and use the {% icon fa-cog %} gear dropdown to {% icon fa-check %} **Confirm Selected**: {% image organizations/org-people-options-overlay.png Confirm an Accepted user %} -3. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** → **My Account**: +3. Verify that the [fingerprint phrase]({{site.baseurl}}/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** → **My Account**: {% image fingerprint-phrase.png Sample Fingerprint Phrase %} @@ -131,7 +131,7 @@ Part of the magic of Bitwarden Organizations is that items that belong to you an {% image organizations/personal-vault-org-enabled.png Organization-enabled Vault %} -[Collections](#get-to-know-collections) are a lot like [Folders]({{site.baseurl}}/article/folders/) in that they organize the Organization-owned items in your Vault. Like anything else in the **Filters** menu, selecting a Collection will filter listed Vault items down to only the ones in that Collection. +[Collections](#get-to-know-collections) are a lot like [Folders]({{site.baseurl}}/folders/) in that they organize the Organization-owned items in your Vault. Like anything else in the **Filters** menu, selecting a Collection will filter listed Vault items down to only the ones in that Collection. ### Items Shared from an Organization @@ -143,7 +143,7 @@ Shared items are **owned** by the Organization. This means that anyone with perm ## Move an Item to the Organization -The last step on the road to secure sharing is to create an item and move it to the Organization so it can be shared. An existing [Vault item]({{site.baseurl}}/article/managing-items/#add-a-vault-item) can be moved to the Organization after it's created, but for this guide, we'll focus on creating a **new** Login from your Personal Vault: +The last step on the road to secure sharing is to create an item and move it to the Organization so it can be shared. An existing [Vault item]({{site.baseurl}}/managing-items/#add-a-vault-item) can be moved to the Organization after it's created, but for this guide, we'll focus on creating a **new** Login from your Personal Vault: 1. On the {% icon fa-lock %} **My Vault** page, select the {% icon fa-plus %} **Add Item** button. 2. Fill in all the relevant information for your new Login item (e.g. Username and Password). The item can be anything you want both yourself and the other Organization user to have access to, for example a family streaming account. diff --git a/_articles/getting-started/proof-of-concept.md b/_articles/getting-started/proof-of-concept.md index d9544a92..264e6509 100644 --- a/_articles/getting-started/proof-of-concept.md +++ b/_articles/getting-started/proof-of-concept.md @@ -8,28 +8,28 @@ hidden: false tags: [project guide, poc] order: "05" redirect_from: - - /article/bitwarden-proof-of-concept-project-guide/ + - /bitwarden-proof-of-concept-project-guide/ --- -This guide is designed by our Product, Implementation, and Sales specialists at Bitwarden to help guide your business in running a PoC of Bitwarden. Bitwarden offers a free trial for [Enterprise Organizations]({{site.baseurl}}/article/about-organizations/), and we're confident that spreading out these steps over that time will help shape a successful PoC. +This guide is designed by our Product, Implementation, and Sales specialists at Bitwarden to help guide your business in running a PoC of Bitwarden. Bitwarden offers a free trial for [Enterprise Organizations]({{site.baseurl}}/about-organizations/), and we're confident that spreading out these steps over that time will help shape a successful PoC. |Day|Action|Key Person|Description|Resource(s)|Duration (hrs)| |:-:|:----:|:--------:|:---------:|:---------:|:------------:| -|1|Identify an Organization Owner|Organization Owner|[Create a free Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"} for your Organization Owner, who will manage your Organization's settings, structure, and subscription.|[Create your Bitwarden Account]({{site.baseurl}}/article/create-bitwarden-account/)|0.1| -|1|Create your Organization|Organization Owner|[Create a **free Organization** on the Bitwarden Cloud]({{site.baseurl}}/article/getting-started-organizations/#setup-your-organization). Once created, let us know and we'll upgrade you to an Enterprise trial.

If you're self-hosting, this Organization will be used only for billing purposes.|[Organizations]({{site.baseurl}}/article/about-organizations/)|0.1| -|1|(**Self-hosting only**) Download a License|Organization Owner|If you're self-hosting Bitwarden, a license file enables Enterprise functionality and the right number of seats for your instance.|[License Paid Features]({{site.baseurl}}/article/licensing-on-premise/#organization-license)|0.1| -|1|(**Self-hosting only**) Install Bitwarden|Organization Owner / IT Team|Setup your Bitwarden server. We recommend deploying on Linux for optimal performance and lowest total cost of ownership.|[Install and Deploy]({{site.baseurl}}/article/install-on-premise/)|2.5| -|1|Add Admins|Organization Owners + Admins|Onboard [Admins]({{site.baseurl}}/article/user-types-access-control/) to Bitwarden, who can manage *most* Organization structures. We also recommend adding a second Owner for redundancy.|[User Management]({{site.baseurl}}/article/managing-users/)|0.2| -|2|Create Collections|Organization Owners + Admins|Create [Collections]({{site.baseurl}}/article/about-collections/), which gather items for secure sharing with Groups of users.|[Collections]({{site.baseurl}}/article/about-collections/)|0.25| -|2| Create Groups|Organization Owners + Admins|Create [Groups]({{site.baseurl}}/article/about-groups), which gather users for scalable assignment of permissions and access to Collections.

If you decide to sync Groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and Group assignments later.|[Groups]({{site.baseurl}}/article/groups/)|0.25| -|2|Assign Groups to Collections|Organization Owners + Admins| Assign Groups to Collections, making shared items available to supersets of users. Test the *Read Only* and *Hide Password* options.|[Collections Assignment]({{site.baseurl}}/article/about-groups/#edit-collections-assignments)|.5| -|2|Share items to Collections|Organization Owners + Admins|[Add items manually]({{site.baseurl}}/article/sharing/#create-an-organization-item) or [import data]({{site.baseurl}}/article/import-to-org/) from another password management application.|[Sharing]({{site.baseurl}}/article/sharing)

[Import to an Organization]({{site.baseurl}}/article/import-to-org/)|0.25| -|2|Configure Enterprise Policies|Organization Owners + Admins|Enterprise Policies can be used to tailor your Bitwarden Organization to fit your security needs. **Enable and configure desired policies before user onboarding begins.**|[Enterprise Policies]({{site.baseurl}}/article/policies/)|0.1| -|3|Add users to Groups|Organization Owners + Admins|Add a set of users to your Organization manually and assign them to different groups. With these users, you'll broadly test all pre-configured functionality **in the next step**, before moving on to advanced functions like Directory Connector.|[User Management]({{site.baseurl}}/article/managing-users/)

[Groups]({{site.baseurl}}/article/about-groups/)|0.5| -|3|Download Bitwarden Client Applications|All users|All Organization members should download Bitwarden on an assortment of devices, login, and test access to shared items/Collections/Groups and application of applied Policies. **If you're self-hosting,** users will need to [connect each client to your server]({{site.baseurl}}/article/change-client-environment).|[Download Bitwarden](https://get.bitwarden.com/)|0.5| -|4-6|Configure Login with SSO|Organization Owners + Admins|Configure Bitwarden to authenticate using your SAML 2.0 or OIDC Identity Provider.|[About Login with SSO]({{site.baseurl}}/article/about-sso/)|1.5| -|4-6|Configure and test user onboarding with Directory Connector|Organization Owners + Admins|Download, configure, and test the Bitwarden Directory Connector application, which is used to automatically sync users and groups from your existing directory service (LDAP, AD, etc.)|[About Directory Connector]({{site.baseurl}}/article/directory-sync/)|1.5| -|4-6|Configure Directory Connector for production onboarding|Organization Owners + Admins|Execute on using Directory Connector to invite your remaining users to the Organization.|[Directory Connector Desktop App]({{site.baseurl}}/article/directory-sync-desktop/)|1| +|1|Identify an Organization Owner|Organization Owner|[Create a free Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"} for your Organization Owner, who will manage your Organization's settings, structure, and subscription.|[Create your Bitwarden Account]({{site.baseurl}}/create-bitwarden-account/)|0.1| +|1|Create your Organization|Organization Owner|[Create a **free Organization** on the Bitwarden Cloud]({{site.baseurl}}/getting-started-organizations/#setup-your-organization). Once created, let us know and we'll upgrade you to an Enterprise trial.

If you're self-hosting, this Organization will be used only for billing purposes.|[Organizations]({{site.baseurl}}/about-organizations/)|0.1| +|1|(**Self-hosting only**) Download a License|Organization Owner|If you're self-hosting Bitwarden, a license file enables Enterprise functionality and the right number of seats for your instance.|[License Paid Features]({{site.baseurl}}/licensing-on-premise/#organization-license)|0.1| +|1|(**Self-hosting only**) Install Bitwarden|Organization Owner / IT Team|Setup your Bitwarden server. We recommend deploying on Linux for optimal performance and lowest total cost of ownership.|[Install and Deploy]({{site.baseurl}}/install-on-premise/)|2.5| +|1|Add Admins|Organization Owners + Admins|Onboard [Admins]({{site.baseurl}}/user-types-access-control/) to Bitwarden, who can manage *most* Organization structures. We also recommend adding a second Owner for redundancy.|[User Management]({{site.baseurl}}/managing-users/)|0.2| +|2|Create Collections|Organization Owners + Admins|Create [Collections]({{site.baseurl}}/about-collections/), which gather items for secure sharing with Groups of users.|[Collections]({{site.baseurl}}/about-collections/)|0.25| +|2| Create Groups|Organization Owners + Admins|Create [Groups]({{site.baseurl}}/about-groups), which gather users for scalable assignment of permissions and access to Collections.

If you decide to sync Groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and Group assignments later.|[Groups]({{site.baseurl}}/groups/)|0.25| +|2|Assign Groups to Collections|Organization Owners + Admins| Assign Groups to Collections, making shared items available to supersets of users. Test the *Read Only* and *Hide Password* options.|[Collections Assignment]({{site.baseurl}}/about-groups/#edit-collections-assignments)|.5| +|2|Share items to Collections|Organization Owners + Admins|[Add items manually]({{site.baseurl}}/sharing/#create-an-organization-item) or [import data]({{site.baseurl}}/import-to-org/) from another password management application.|[Sharing]({{site.baseurl}}/sharing)

[Import to an Organization]({{site.baseurl}}/import-to-org/)|0.25| +|2|Configure Enterprise Policies|Organization Owners + Admins|Enterprise Policies can be used to tailor your Bitwarden Organization to fit your security needs. **Enable and configure desired policies before user onboarding begins.**|[Enterprise Policies]({{site.baseurl}}/policies/)|0.1| +|3|Add users to Groups|Organization Owners + Admins|Add a set of users to your Organization manually and assign them to different groups. With these users, you'll broadly test all pre-configured functionality **in the next step**, before moving on to advanced functions like Directory Connector.|[User Management]({{site.baseurl}}/managing-users/)

[Groups]({{site.baseurl}}/about-groups/)|0.5| +|3|Download Bitwarden Client Applications|All users|All Organization members should download Bitwarden on an assortment of devices, login, and test access to shared items/Collections/Groups and application of applied Policies. **If you're self-hosting,** users will need to [connect each client to your server]({{site.baseurl}}/change-client-environment).|[Download Bitwarden](https://get.bitwarden.com/)|0.5| +|4-6|Configure Login with SSO|Organization Owners + Admins|Configure Bitwarden to authenticate using your SAML 2.0 or OIDC Identity Provider.|[About Login with SSO]({{site.baseurl}}/about-sso/)|1.5| +|4-6|Configure and test user onboarding with Directory Connector|Organization Owners + Admins|Download, configure, and test the Bitwarden Directory Connector application, which is used to automatically sync users and groups from your existing directory service (LDAP, AD, etc.)|[About Directory Connector]({{site.baseurl}}/directory-sync/)|1.5| +|4-6|Configure Directory Connector for production onboarding|Organization Owners + Admins|Execute on using Directory Connector to invite your remaining users to the Organization.|[Directory Connector Desktop App]({{site.baseurl}}/directory-sync-desktop/)|1| ## Deployment Best Practices @@ -39,7 +39,7 @@ We've seen a lot of deployments and have found that taking the following actions |:-:|:----:|:--------:|:---------:|:---------:|:------------:| |4-6|Determine timeline for rollout to first-wave users|Senior Leadership & Security teams|There are lots of different strategies for rolling out Bitwarden. Take things at whatever pace best suits your team.| | | |7|Craft internal messaging about Bitwarden rollout|Internal Training & Managers|Bitwarden provides a lot of resources to help users quickly adopt, check some out on [Youtube](http://youtube.com/bitwarden) and on the [Help Center](https://bitwarden.com/help/).|[Youtube](http://youtube.com/bitwarden)

[Help Center](https://bitwarden.com/help/)|| -|7|Communicate to internal leaders about Password Management policies|Internal leaders / Security teams|Make sure your teams know about any [Enterprise Policies]({{site.baseurl}}/article/policies), [2FA]({{site.baseurl}}/article/setup-two-step-login-duo/) or [SSO]({{site.baseurl}}/article/about-sso/) requirements, and password management best practices.| | | +|7|Communicate to internal leaders about Password Management policies|Internal leaders / Security teams|Make sure your teams know about any [Enterprise Policies]({{site.baseurl}}/policies), [2FA]({{site.baseurl}}/setup-two-step-login-duo/) or [SSO]({{site.baseurl}}/about-sso/) requirements, and password management best practices.| | | | | | | | | | | | | | |**Total Hours (Cloud-hosted)**|**7.35**| | | | | |**Total Hours (Self-hosted)**|**9.85**| diff --git a/_articles/getting-started/releasenotes.md b/_articles/getting-started/releasenotes.md index 26332d3c..03113eef 100644 --- a/_articles/getting-started/releasenotes.md +++ b/_articles/getting-started/releasenotes.md @@ -41,21 +41,21 @@ If you're not ready to start a Provider, the Bitwarden team is eager to support The latest release of Bitwarden is focused on enabling Managed Service Providers (MSPs) to support their customers' password management needs: -- **Provider Portal**: The Provider Portal allows Managed Service Providers (MSPs) and Resellers to create and administer Organizations on behalf of customers. Using the Portal, Providers can seamlessly support credential management across multiple customers (see [here]({{site.baseurl}}/article/getting-started-providers/) for details). +- **Provider Portal**: The Provider Portal allows Managed Service Providers (MSPs) and Resellers to create and administer Organizations on behalf of customers. Using the Portal, Providers can seamlessly support credential management across multiple customers (see [here]({{site.baseurl}}/getting-started-providers/) for details). - **Share Verbiage Change**: We've updated the {% icon fa-share-alt %} **Share** button to {% icon fa-arrow-circle-o-right %} **Move to Organization** to make it cleared that shared items are owned by the Organization. Additionally, we've updated the "shared item" indicator ({% icon fa-share-alt %}) to match the Collections indicator ({% icon fa-cube %}). -- **CLI `move` Command**: In keeping with the above item, the CLI `share` command has been changed to `move` (see [here]({{site.baseurl}}/article/cli/#move) for details). +- **CLI `move` Command**: In keeping with the above item, the CLI `share` command has been changed to `move` (see [here]({{site.baseurl}}/cli/#move) for details). ## 2021-06-29 The Bitwarden team is happy to announce the rollout of Admin Password Reset, the latest feature purpose-built to help enterprises seeking to ensure password security at scale. This release includes: -- **Admin Password Reset**: Enterprise Organizations can enroll in Admin Password Reset to allow designated administrators to reset the Master Password of Organization users (see [here]({{site.baseurl}}/article/admin-reset/) for details). -- **Master Password Re-prompt**: Use the new Master Password re-prompt option to require verification of your Master Password to access sensitive Vault items as designated by the user (see [here]({{site.baseurl}}/article/managing-items/#protect-individual-items) for details). -- **Bulk User Management**: Organization Owners and Admins can now re-send invitations, confirm accepted users, and remove users from an Organization in-bulk (see [here]({{site.baseurl}}/article/managing-users/#onboard-users) for details). -- **Event Log Export**: Export event logs directly from the Web Vault (see [here]({{site.baseurl}}/article/event-logs/#export-events) for details). -- **Directory Connector API Key Authentication**: Starting with this release, users of Directory Connector will need to use the [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) to login. -- **Directory Connector Sync Limit Increase**: Directory Connector can now sync an unlimited number of users or groups, where previously the limit was set at 2000 of either. To sync more than 2000 users or groups, toggle the new Sync Option (see [here]({{site.baseurl}}/article/user-group-filters/#large-syncs) for details). -- **Autofill On Page Load Enhancements**: The Browser Extension's Auto-fill on page load feature has been upgraded to more flexibly fit users' unique needs (see [here]({{site.baseurl}}/article/auto-fill-browser/#on-page-load) for details). +- **Admin Password Reset**: Enterprise Organizations can enroll in Admin Password Reset to allow designated administrators to reset the Master Password of Organization users (see [here]({{site.baseurl}}/admin-reset/) for details). +- **Master Password Re-prompt**: Use the new Master Password re-prompt option to require verification of your Master Password to access sensitive Vault items as designated by the user (see [here]({{site.baseurl}}/managing-items/#protect-individual-items) for details). +- **Bulk User Management**: Organization Owners and Admins can now re-send invitations, confirm accepted users, and remove users from an Organization in-bulk (see [here]({{site.baseurl}}/managing-users/#onboard-users) for details). +- **Event Log Export**: Export event logs directly from the Web Vault (see [here]({{site.baseurl}}/event-logs/#export-events) for details). +- **Directory Connector API Key Authentication**: Starting with this release, users of Directory Connector will need to use the [Organization API Key]({{site.baseurl}}/public-api/#authentication) to login. +- **Directory Connector Sync Limit Increase**: Directory Connector can now sync an unlimited number of users or groups, where previously the limit was set at 2000 of either. To sync more than 2000 users or groups, toggle the new Sync Option (see [here]({{site.baseurl}}/user-group-filters/#large-syncs) for details). +- **Autofill On Page Load Enhancements**: The Browser Extension's Auto-fill on page load feature has been upgraded to more flexibly fit users' unique needs (see [here]({{site.baseurl}}/auto-fill-browser/#on-page-load) for details). - **More CLI Options**: We've added a few new CLI options, including easy retrieval of Vault item notes (`bw get notes `) and the ability to set maximum access count for Sends (`bw send create --maxAccessCount <#>`). - **Web Developer Autofill Exclusion**: Web Development contributors can now prevent the Browser Extension from auto-filling a given form element by adding a `data-bwignore` attribute (e.g. `data-bwignore="true"`) to an `` element. @@ -63,19 +63,19 @@ The Bitwarden team is happy to announce the rollout of Admin Password Reset, the The Bitwarden team is pleased to release a set of features and updates continuing our mission of making password management easy and accessible for individuals and businesses: -- **Privacy & Security Options for Send**: Use a new Send Privacy option to hide your email from recipients (see [here]({{site.baseurl}}/article/send-privacy/#hide-email) for details). To prevent abuse, File Sends will now require a verified email address. Additionally, Enterprise Organizations can implement a new policy to set the availability of the Hide Email option (see [here]({{site.baseurl}}/article/policies/#send-options) for details). -- **FIDO Updates & Expanded Support**: Our FIDO implementation has been upgraded from FIDO U2F to FIDO2 WebAuthn, but existing FIDO U2F keys will retain their integrity. FIDO support has been expanded to more Browser Extensions and the Windows Desktop App (see [here]({{site.baseurl}}/article/setup-two-step-login-fido/) for details). -- **Custom Fields for Keys**: Custom Field values have been upgraded to support up to 5000 characters, allowing storage of keys like RSA 4096-bit SSH keys (see [here]({{site.baseurl}}/article/custom-fields/#custom-fields-for-keys) for details). +- **Privacy & Security Options for Send**: Use a new Send Privacy option to hide your email from recipients (see [here]({{site.baseurl}}/send-privacy/#hide-email) for details). To prevent abuse, File Sends will now require a verified email address. Additionally, Enterprise Organizations can implement a new policy to set the availability of the Hide Email option (see [here]({{site.baseurl}}/policies/#send-options) for details). +- **FIDO Updates & Expanded Support**: Our FIDO implementation has been upgraded from FIDO U2F to FIDO2 WebAuthn, but existing FIDO U2F keys will retain their integrity. FIDO support has been expanded to more Browser Extensions and the Windows Desktop App (see [here]({{site.baseurl}}/setup-two-step-login-fido/) for details). +- **Custom Fields for Keys**: Custom Field values have been upgraded to support up to 5000 characters, allowing storage of keys like RSA 4096-bit SSH keys (see [here]({{site.baseurl}}/custom-fields/#custom-fields-for-keys) for details). - **File Size Increases**: You can now create File Attachments or File Sends that are up to 500 MB each. Due to device restrictions, the old 100 MB limit is still in place for Mobile Apps. {% callout warning %}As a result of the Attachment upgrade, Attachments uploaded on the newest clients cannot be opened on older client versions. If you find you're unable to access a recently-created Attachment, upgrade your client to the newest version. (**Hint:** The Cloud Web Vault is *always* on the newest version.)

**Frozen or legacy client versions**, including the Safari 13 (or earlier) macOS Desktop App & App Extension, will not support accessing these attachments.{% endcallout %} -- **Disable Browser Extension Counter**: Disable the Browser Extension badge counter using a new toggle in the {% icon fa-cogs %} **Settings** → **Options** menu (see [here]({{site.baseurl}}/article/auto-fill-browser/) for details). -- **Biometrics for Safari**: The Safari Web Extension now includes support for Unlock with Biometrics for Safari 14+ (see [here]({{site.baseurl}}/article/biometrics/) for details). +- **Disable Browser Extension Counter**: Disable the Browser Extension badge counter using a new toggle in the {% icon fa-cogs %} **Settings** → **Options** menu (see [here]({{site.baseurl}}/auto-fill-browser/) for details). +- **Biometrics for Safari**: The Safari Web Extension now includes support for Unlock with Biometrics for Safari 14+ (see [here]({{site.baseurl}}/biometrics/) for details). - **Search Internationalization**: Vaults can now be searched against 1 character, improving the experience for languages with 1-character words like Simplified and Traditional Chinese. -- **Sorted Weak Passwords Report**: The Weak Passwords Report is now sorted by the severity of the password's weakness (see [here]({{site.baseurl}}/article/reports/#weak-passwords-report) for details) +- **Sorted Weak Passwords Report**: The Weak Passwords Report is now sorted by the severity of the password's weakness (see [here]({{site.baseurl}}/reports/#weak-passwords-report) for details) {% callout success %} -Since implementing [Soft Delete]({{site.baseurl}}/article/managing-items/#items-in-the-trash) back in 2020, we've been patient to take out the Trash. **Starting 5/15/2021**, we'll activate the nightly job that will permanently delete items that have been in your trash for 30 days or more. +Since implementing [Soft Delete]({{site.baseurl}}/managing-items/#items-in-the-trash) back in 2020, we've been patient to take out the Trash. **Starting 5/15/2021**, we'll activate the nightly job that will permanently delete items that have been in your trash for 30 days or more. Prior to 5/15/2021, we recommend digging through your Trash for anything you might want to Restore! {% endcallout %} @@ -87,7 +87,7 @@ Bitwarden is proud to announce the release of Bitwarden Send, and end-to-end enc - **Bitwarden Send**: Bitwarden Send is end-to-end encrypted solution for ephemeral sharing. There's lot of material about Send on our website and Help Center, but you can start [here](https://bitwarden.com/products/send){:target="\_blank"} or [here]({% link _articles/send/about-send.md %}). - **FIDO U2F Support for Edge**: Two-step Login via FIDO U2F is now available for the Web Vault and Browser Extensions in Microsoft Edge (see [here]({% link _articles/two-step-login/setup-two-step-login-fido.md %}) for details). - **Domain Exclusion in Browser Extensions**: Bitwarden Browser Extensions can now be configured with domains to explicitly not offer to remember passwords for (see [here]({% link _articles/miscellaneous/exclude-domains.md %}) for details). -- **Improved Import Error Messages**: We've had lots of folks migrating to Bitwarden recently, so we cleaned up an import error message to help you reconcile issues faster (see [here]({{site.baseurl}}/article/import-data/#length-related-import-errors) for details). +- **Improved Import Error Messages**: We've had lots of folks migrating to Bitwarden recently, so we cleaned up an import error message to help you reconcile issues faster (see [here]({{site.baseurl}}/import-data/#length-related-import-errors) for details). - **Safari Web Extension Port**: Our Safari App Extension has officially been ported to a Web Extension for use with Safari 14+. Due to changes to Safari, Web Extension use is now limited to only those obtained through Mac App Store downloads (see [here]({% link _articles/account/install-safari-app-extension.md %}) for details). ## 2021-01-19 Post-Release Update @@ -95,7 +95,7 @@ Bitwarden is proud to announce the release of Bitwarden Send, and end-to-end enc {% callout info %} Biometric Unlock for Browser Extensions is available for **only Chromium-based browsers** (e.g. Chrome, Edge) with v1.48.0 of the Browser Extension, provided you have the latest version (2021-01-19) of the Desktop App. -When your Browser Extension updates to this version, you may be asked to accept a new permission for Bitwarden to `Communicate with cooperating native applications`. This permission is safe, but **optional**, and will enable the Browser Extension to communicate with the Bitwarden Desktop App, which is required to enable Biometric Unlock (see [here](https://bitwarden.com/help/article/biometrics/#browser-extensions) for details). Declining this permission will allow you to use v1.48.0 without Biometric Unlock functionality. +When your Browser Extension updates to this version, you may be asked to accept a new permission for Bitwarden to `Communicate with cooperating native applications`. This permission is safe, but **optional**, and will enable the Browser Extension to communicate with the Bitwarden Desktop App, which is required to enable Biometric Unlock (see [here](https://bitwarden.com/help/biometrics/#browser-extensions) for details). Declining this permission will allow you to use v1.48.0 without Biometric Unlock functionality. **Biometric Unlock is currently not available for:** - Firefox Browser Extensions below version 87. @@ -109,14 +109,14 @@ The Bitwarden team is investigating these and will provide updates as things pro For the first major release of 2021, the Bitwarden team combined multiple major enhancements to address the critical needs of all users, including: - **Emergency Access**: Bitwarden's new Emergency Access feature enables users to designate and manage trusted emergency contacts, who may request access to their Vault in a Zero Knowledge/Zero Trust environment (see [here]({% link _articles/security/emergency-access.md %}) for details). - **Encrypted Exports**: Personal users and Organizations can now export Vault data in an encrypted `.json` file (see [here]({% link _articles/importing/encrypted-export.md %}) for details). -- **New Role**: A Custom role is now available to allow for granular control over user permissions (see [here](https://bitwarden.com/help/article/user-types-access-control/#custom-role) for details). -- **New Enterprise Policy**: The Personal Ownership policy is now available for use by Enterprise Organization (see [here](https://bitwarden.com/help/article/policies/#personal-ownership) for details). -- **Biometric Unlock for Browser Extensions**: Using an integration with a native Desktop application, you can now use Biometric input to unlock Chromium-based Browser Extensions (see [here](https://bitwarden.com/help/article/biometrics/#browser-extensions) for details). +- **New Role**: A Custom role is now available to allow for granular control over user permissions (see [here](https://bitwarden.com/help/user-types-access-control/#custom-role) for details). +- **New Enterprise Policy**: The Personal Ownership policy is now available for use by Enterprise Organization (see [here](https://bitwarden.com/help/policies/#personal-ownership) for details). +- **Biometric Unlock for Browser Extensions**: Using an integration with a native Desktop application, you can now use Biometric input to unlock Chromium-based Browser Extensions (see [here](https://bitwarden.com/help/biometrics/#browser-extensions) for details). ## 2020-11-12 The latest release of Bitwarden adds SSO-related enhancements to all client applications, including: -- **New Enterprise Policies:** The Single Organization and Single Sign-On Authentication polices are now available for use by Enterprise Organizations (see [here](https://bitwarden.com/help/article/policies/) for details). -- **API Key for CLI:** Authenticate into the Bitwarden CLI using an API Key newly available from your Web Vault (see [here](https://bitwarden.com/help/article/personal-api-key/) for details). +- **New Enterprise Policies:** The Single Organization and Single Sign-On Authentication polices are now available for use by Enterprise Organizations (see [here](https://bitwarden.com/help/policies/) for details). +- **API Key for CLI:** Authenticate into the Bitwarden CLI using an API Key newly available from your Web Vault (see [here](https://bitwarden.com/help/personal-api-key/) for details). - **Improvements to SSO Onboarding:** We've made some improvements to the way users are onboarded via SSO to prevent potential security risks (see [here](https://github.com/bitwarden/server/pull/945) for details). - **GDPR Acknowledgement:** From now on, new users of Bitwarden will be asked to acknowledge a Privacy Policy on registration. - **Android 11 Inline Auto-fill**: For devices using Android 11+, enabling the Auto-fill Service will display suggestions inline for IMEs that also support [this feature](https://developer.android.com/guide/topics/text/ime-autofill#workflow) (see [here](https://github.com/bitwarden/mobile/pull/1145) for details). @@ -128,8 +128,8 @@ The latest release of Bitwarden adds much-anticipated **Login with SSO** functio The following items were released between March and September of 2020. -- [Enterprise Policies](https://bitwarden.com/help/article/policies/) -- [Vault Timeout Options](https://bitwarden.com/help/article/vault-timeout/) -- [Trash functionality](https://bitwarden.com/help/article/managing-items/#deleting-an-item) -- [Password View Permissions - "Hide Passwords"](https://bitwarden.com/help/article/user-types-access-control/#granular-access-control) -- [Touch ID / Windows Hello for Desktop Applications](https://bitwarden.com/help/article/biometrics/#desktop-applications) +- [Enterprise Policies](https://bitwarden.com/help/policies/) +- [Vault Timeout Options](https://bitwarden.com/help/vault-timeout/) +- [Trash functionality](https://bitwarden.com/help/managing-items/#deleting-an-item) +- [Password View Permissions - "Hide Passwords"](https://bitwarden.com/help/user-types-access-control/#granular-access-control) +- [Touch ID / Windows Hello for Desktop Applications](https://bitwarden.com/help/biometrics/#desktop-applications) diff --git a/_articles/hosting/backup-on-premise.md b/_articles/hosting/backup-on-premise.md index 480589d9..dfdbf72c 100644 --- a/_articles/hosting/backup-on-premise.md +++ b/_articles/hosting/backup-on-premise.md @@ -14,7 +14,7 @@ When self-hosting Bitwarden, you are responsible for implementing your own backu Bitwarden's Docker containers use volume mapping to persist all important data on the host machine, meaning stopping your containers will not delete any data. Docker containers, on the other hand, are to be considered ephemeral and do not persist data or state. -All Bitwarden data is stored on the host machine in the `./bwdata` directory, relative to the location in which you installed Bitwarden. For more information, see [Install and Deploy](https://bitwarden.com/help/article/install-on-premise/#install-bitwarden). +All Bitwarden data is stored on the host machine in the `./bwdata` directory, relative to the location in which you installed Bitwarden. For more information, see [Install and Deploy](https://bitwarden.com/help/install-on-premise/#install-bitwarden). ## Backup Hosted Data diff --git a/_articles/hosting/configure-clients.md b/_articles/hosting/configure-clients.md index 8aa4627d..7b75df67 100644 --- a/_articles/hosting/configure-clients.md +++ b/_articles/hosting/configure-clients.md @@ -46,7 +46,7 @@ Most Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solu To centrally configure the Desktop app for deployment, first complete the following steps on a single workstation: 1. Install the Desktop app. If you're using Windows, silent install Bitwarden using `installer.exe /S` (see [NSIS documentation](https://nsis.sourceforge.io/Docs/Chapter4.html#silent){:target="\_blank"}). -2. Navigate to the Desktop app's locally stored settings. This directory is different depending on your OS (e.g. `%AppData%\Bitwarden` on Windows, `~/Library/Application Support/Bitwarden` on macOS). [Find your directory.]({{site.baseurl}}/article/data-storage/) +2. Navigate to the Desktop app's locally stored settings. This directory is different depending on your OS (e.g. `%AppData%\Bitwarden` on Windows, `~/Library/Application Support/Bitwarden` on macOS). [Find your directory.]({{site.baseurl}}/data-storage/) 3. In the directory, open the `data.json` file. 4. Edit `data.json` to configure the Desktop app as desired. In particular, create the following object to configure the app with your self-hosted Server URL: @@ -76,7 +76,7 @@ To centrally configure the Desktop app for deployment, first complete the follo While it is possible to deploy Bitwarden Browser Extensions using an endpoint management solution like [Jamf](https://www.jamf.com/){:target="\_blank"} or Microsoft Endpoint Manager (formerly SCCM), it is currently **not possible** to alter the configuration in this way. -Instruct your end-users to follow [these steps]({{site.baseurl}}/article/change-client-environment/#browser-extensions-desktop-apps-and-mobile-apps) to connect a Browser Extension to your self-hosted server. +Instruct your end-users to follow [these steps]({{site.baseurl}}/change-client-environment/#browser-extensions-desktop-apps-and-mobile-apps) to connect a Browser Extension to your self-hosted server. {% endcapture %} {{ browser_extension | markdownify}} diff --git a/_articles/hosting/environment-variables.md b/_articles/hosting/environment-variables.md index 2e7107c9..db539ef5 100644 --- a/_articles/hosting/environment-variables.md +++ b/_articles/hosting/environment-variables.md @@ -22,7 +22,7 @@ The following variables are among those that already exist in `global.override.e |Variable|Description| |--------|-----------| -|globalSettings__sqlServer__connectionString=|Use this field to [connect to an exernal MSSQL database]({{site.baseurl}}/article/external-db/).| +|globalSettings__sqlServer__connectionString=|Use this field to [connect to an exernal MSSQL database]({{site.baseurl}}/external-db/).| |globalSettings__oidcIdentityClientKey=|A randomly generated OpenID Connect client key. For more information, see [OpenID Documentation](https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse){:target="\_blank"}.| |globalSettings__duo__aKey=|A randomly generated Duo akey. For more information, see [Duo's Documentation](https://duo.com/docs/duoweb#1.-generate-an-akey){:target="\_blank"}.| |globalSettings__yubico__clientId=|Client ID for YubiCloud Validation Service or Self-hosted Yubico Validation Server.

If YubiCloud, get your Client ID and Secret Key [here](https://upgrade.yubico.com/getapikey/){:target="\_blank"}.

If self-hosted, see Optional Variable `globalSettings__yubico__validationUrls`.| diff --git a/_articles/hosting/external-db.md b/_articles/hosting/external-db.md index 150e2c5c..c5badb80 100644 --- a/_articles/hosting/external-db.md +++ b/_articles/hosting/external-db.md @@ -8,7 +8,7 @@ tags: [hosting, database, mssql] order: "12" --- -By default, self-hosted instances of Bitwarden will use a Microsoft SQL Server (MSSQL) database created as a normal part of [installation setup]({{site.baseurl}}/article/install-on-premise), however you configure Bitwarden to use an external MSSQL database. +By default, self-hosted instances of Bitwarden will use a Microsoft SQL Server (MSSQL) database created as a normal part of [installation setup]({{site.baseurl}}/install-on-premise), however you configure Bitwarden to use an external MSSQL database. {% callout info %} Currently, self-hosted installations of Bitwarden support **only** MSSQL databases. Stay tuned for future updates on this topic. @@ -36,7 +36,7 @@ To setup your self-hosted instance with an external database: {% comment %} 6. Run `./bitwarden.sh updatedb` to migrate the **database schema**. - {% callout success %}`updatedb` does not migrate data, it only migrates the database schema. To move existing data to the new database, [restore a backup]({{site.baseurl}}/article/backup-on-premise/#restore-a-nightly-backup) from `./bwdata/mssql/backups`.{% endcallout %} + {% callout success %}`updatedb` does not migrate data, it only migrates the database schema. To move existing data to the new database, [restore a backup]({{site.baseurl}}/backup-on-premise/#restore-a-nightly-backup) from `./bwdata/mssql/backups`.{% endcallout %} {% endcomment %} Once the above steps are complete, you can test the connection by creating a new user through the Web Vault and querying the external `vault` database for creation of the new user. diff --git a/_articles/hosting/install-on-premise.md b/_articles/hosting/install-on-premise.md index 206ec61f..919516e7 100644 --- a/_articles/hosting/install-on-premise.md +++ b/_articles/hosting/install-on-premise.md @@ -33,7 +33,7 @@ The following is a summary of the Installation Procedure in this article. Links 2. [**Install Docker and Docker Compose**](#install-docker-and-docker-compose) on your machine, and complete the optional [**Docker Post-Installation**](#docker-post-installation-linux-only). 3. Retrieve an installation id and key from [**https://bitwarden.com/host**](https://bitwarden.com/host){:target="_blank"} for use in installation. - For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/article/hosting-faqs/#general). + For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/hosting-faqs/#general). 4. [**Install Bitwarden**](#install-bitwarden) on your machine. 5. [**Configure your Environment**](#configure-your-environment) by adjusting settings in `./bwdata/env/global.override.env`. {% callout success %}At a minimum, configure the `globalSettings__mail__smtp...` variables to setup an email server for inviting and verifying users.{% endcallout %} @@ -146,10 +146,10 @@ Bitwarden provides a shell script for easy installation on Linux and macOS (Bash - **Enter your installation id:** - Retrieve an installation id using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/article/hosting-faqs/#general). + Retrieve an installation id using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/hosting-faqs/#general). - **Enter your installation key:** - Retrieve an installation key using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/article/hosting-faqs/#general). + Retrieve an installation key using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/hosting-faqs/#general). - **Do you have a SSL certificate to use? (y/n):** If you already have your own SSL certificate, specify `y` and place the necessary files in the `.bwdata/ssl/your.domain` directory. You will be asked whether it is a trusted SSL certificate (y/n). For more information, see [Certificate Options]({% link _articles/hosting/certificates.md %}). diff --git a/_articles/hosting/licensing-on-premise.md b/_articles/hosting/licensing-on-premise.md index 2b8f61cf..90503518 100644 --- a/_articles/hosting/licensing-on-premise.md +++ b/_articles/hosting/licensing-on-premise.md @@ -28,7 +28,7 @@ To retrieve your license from your Cloud account and apply it to your self-hoste 1. Log in to your self-hosted Web Vault with an email address that matches the Cloud-hosted account from which you downloaded the license. - {% callout success %}If you haven't already, verify your email address before proceeding. You will need to have [configured SMTP-related environment variables]({{site.baseurl}}/article/environment-variables) to do so.{% endcallout %} + {% callout success %}If you haven't already, verify your email address before proceeding. You will need to have [configured SMTP-related environment variables]({{site.baseurl}}/environment-variables) to do so.{% endcallout %} 2. Select the **Settings** tab from the top navigation. 3. Select **Go Premium** from the left menu. 4. In the License File section, select the **Browse...** button and add the downloaded license file. @@ -39,7 +39,7 @@ To retrieve your license from your Cloud account and apply it to your self-hoste To retrieve your Organization license from your Cloud Organization and apply it to you self-hosted server: {% callout info %} -You must be an [Organization Owner]({{site.baseurl}}/article/user-types-access-control) to both retrieve and apply a license. +You must be an [Organization Owner]({{site.baseurl}}/user-types-access-control) to both retrieve and apply a license. {% endcallout %} #### Retrieve your License @@ -65,4 +65,4 @@ Once downloaded, open your self-hosted Web Vault and update the license from the {% image hosting/update-license.png Update a self-hosting license %} -If you receive a `version not supported` error message, you'll need to update your server before proceeding. Make a backup or copy of the `bwdata` directory, then follow [these instructions]({{site.baseurl}}/article/updating-on-premise/). +If you receive a `version not supported` error message, you'll need to update your server before proceeding. Make a backup or copy of the `bwdata` directory, then follow [these instructions]({{site.baseurl}}/updating-on-premise/). diff --git a/_articles/hosting/migration.md b/_articles/hosting/migration.md index 1fbc7c78..bec1b745 100644 --- a/_articles/hosting/migration.md +++ b/_articles/hosting/migration.md @@ -29,32 +29,32 @@ This article will walk you through procedures for transitioning from Cloud to Se To migrate from the Cloud to a self-hosted server: -1. [Install and deploy]({{site.baseurl}}/article/install-on-premise) Bitwarden to your server. At a high-level, this procedure involves: +1. [Install and deploy]({{site.baseurl}}/install-on-premise) Bitwarden to your server. At a high-level, this procedure involves: - 1. [Configuring a domain]({{site.baseurl}}/article/install-on-premise/#configure-your-domain) for Bitwarden. - 2. Installing [Docker and Docker Compose]({{site.baseurl}}/article/install-on-premise/#install-docker-and-docker-compose). - 3. Running the [installation shell script]({{site.baseurl}}/article/install-on-premise/#install-bitwarden). - 4. [Configuring your environment]({{site.baseurl}}/article/install-on-premise/#configure-your-environment) to setup the Admin Portal, an SMTP Server connection, and more. + 1. [Configuring a domain]({{site.baseurl}}/install-on-premise/#configure-your-domain) for Bitwarden. + 2. Installing [Docker and Docker Compose]({{site.baseurl}}/install-on-premise/#install-docker-and-docker-compose). + 3. Running the [installation shell script]({{site.baseurl}}/install-on-premise/#install-bitwarden). + 4. [Configuring your environment]({{site.baseurl}}/install-on-premise/#configure-your-environment) to setup the Admin Portal, an SMTP Server connection, and more. 2. Start your server by running `./bitwarden.sh start`. -3. Open the Cloud Web Vault and [download your license]({{site.baseurl}}/article/licensing-on-premise). +3. Open the Cloud Web Vault and [download your license]({{site.baseurl}}/licensing-on-premise). - {% callout success %}There are separate files for an [Organization license]({{site.baseurl}}/article/licensing-on-premise/#organization-license) and an [Individual license]({{site.baseurl}}/article/licensing-on-premise/#individual-license). **You don't need both license files.** If you're migrating an Organization, you only need to retrieve the Organization license and must be an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/) to do so.{% endcallout %} -4. Still in the Cloud Web Vault, [export your personal Vault data]({{site.baseurl}}/article/export-your-data/#export-a-personal-vault) or [export your Organization Vault data]({{site.baseurl}}/article/export-your-data/#export-an-organization-vault). If you're migrating an Organization, encourage your end-users to export their Personal Vaults as well. + {% callout success %}There are separate files for an [Organization license]({{site.baseurl}}/licensing-on-premise/#organization-license) and an [Individual license]({{site.baseurl}}/licensing-on-premise/#individual-license). **You don't need both license files.** If you're migrating an Organization, you only need to retrieve the Organization license and must be an [Organization Owner]({{site.baseurl}}/user-types-access-control/) to do so.{% endcallout %} +4. Still in the Cloud Web Vault, [export your personal Vault data]({{site.baseurl}}/export-your-data/#export-a-personal-vault) or [export your Organization Vault data]({{site.baseurl}}/export-your-data/#export-an-organization-vault). If you're migrating an Organization, encourage your end-users to export their Personal Vaults as well. 5. Open your self-hosted Web Vault and create an account. This account **must use the same email address** as the Cloud account you downloaded the license with. -5. Still in your self-hosted Web Vault, upload your [license]({{site.baseurl}}/article/licensing-on-premise). +5. Still in your self-hosted Web Vault, upload your [license]({{site.baseurl}}/licensing-on-premise). - {% callout success %}There are separate locations in which to upload an [Organization license]({{site.baseurl}}/article/licensing-on-premise/#organization-license) versus an [Individual license]({{site.baseurl}}/article/licensing-on-premise/#individual-license). As before, only upload the one that's relevant for you.{% endcallout %} -6. Still in the self-hosted Web Vault, import data to your [Personal Vault]({{site.baseurl}}/article/import-your-data/) or [Organization Vault]({{site.baseurl}}/article/import-to-org/). + {% callout success %}There are separate locations in which to upload an [Organization license]({{site.baseurl}}/licensing-on-premise/#organization-license) versus an [Individual license]({{site.baseurl}}/licensing-on-premise/#individual-license). As before, only upload the one that's relevant for you.{% endcallout %} +6. Still in the self-hosted Web Vault, import data to your [Personal Vault]({{site.baseurl}}/import-your-data/) or [Organization Vault]({{site.baseurl}}/import-to-org/). - {% callout info %}Importing data to an Organization will automatically re-create your [Collections]({{site.baseurl}}/article/about-collections/) and add the relevant Vault items to them.{% endcallout %} + {% callout info %}Importing data to an Organization will automatically re-create your [Collections]({{site.baseurl}}/about-collections/) and add the relevant Vault items to them.{% endcallout %} #### Organizations-only Next Steps If you're migrating an Organization to a self-hosted server, continue with the following steps: -1. (**Enterprise Organizations Only**) Re-implement your [Enterprise Policy]({{site.baseurl}}/article/policies) specifications and/or configure [Login with SSO]({{site.baseurl}}/article/about-sso/). -2. Manually [re-create user Groups]({{site.baseurl}}/article/about-groups/#create-a-group) in your self-hosted Web Vault and assign them to the proper Collections. -3. Start [inviting users to your Organization]({{site.baseurl}}/article/managing-users/#invite) manually or using [Directory Connector]({{site.baseurl}}/article/directory-sync). +1. (**Enterprise Organizations Only**) Re-implement your [Enterprise Policy]({{site.baseurl}}/policies) specifications and/or configure [Login with SSO]({{site.baseurl}}/about-sso/). +2. Manually [re-create user Groups]({{site.baseurl}}/about-groups/#create-a-group) in your self-hosted Web Vault and assign them to the proper Collections. +3. Start [inviting users to your Organization]({{site.baseurl}}/managing-users/#invite) manually or using [Directory Connector]({{site.baseurl}}/directory-sync). {% endcapture %} {{ mobile_info | markdownify}} @@ -66,25 +66,25 @@ If you're migrating an Organization to a self-hosted server, continue with the f To migrate from a self-hosted server to the Cloud: -1. Create a full backup of the `./bwdata` directory of your self-hosted Bitwarden server. In particular, you will need access to `./bwdata/core/attachments` to manually upload [file attachments]({{site.baseurl}}/article/attachments/) to the Cloud (**Step 5**). +1. Create a full backup of the `./bwdata` directory of your self-hosted Bitwarden server. In particular, you will need access to `./bwdata/core/attachments` to manually upload [file attachments]({{site.baseurl}}/attachments/) to the Cloud (**Step 5**). {% callout success %} If users are exporting their Personal Vaults over a period of time, you may need to re-sync the items from your `./bwdata/core/attachments` directory to your backup location and upload any new items in the event that they change during the cut-over period.{% endcallout %} -2. In your self-hosted Web Vault, [export your personal Vault data]({{site.baseurl}}/article/export-your-data/#export-a-personal-vault) or [export your Organization Vault data]({{site.baseurl}}/article/export-your-data/#export-an-organization-vault). If you're migrating an Organization, encourage your end-users to export their Personal Vaults as well. +2. In your self-hosted Web Vault, [export your personal Vault data]({{site.baseurl}}/export-your-data/#export-a-personal-vault) or [export your Organization Vault data]({{site.baseurl}}/export-your-data/#export-an-organization-vault). If you're migrating an Organization, encourage your end-users to export their Personal Vaults as well. 3. Open the Cloud Web Vault. Most users will have previously created Cloud accounts for billing purposes, so log in to that account. If you were previously a free user without a Cloud account for billing, create an account now. - {% callout success %}If you're migrating an Organization, you'll already have a Cloud Organization established for billing and licensing purposes. For smoothest transition, we recommend using this already-established Organization rather than [creating a new one]({{site.baseurl}}/article/about-organizations/#create-an-organization).{% endcallout %} -4. Still in the self-hosted Web Vault, import data to your [Personal Vault]({{site.baseurl}}/article/import-your-data/) or [Organization Vault]({{site.baseurl}}/article/import-to-org/). + {% callout success %}If you're migrating an Organization, you'll already have a Cloud Organization established for billing and licensing purposes. For smoothest transition, we recommend using this already-established Organization rather than [creating a new one]({{site.baseurl}}/about-organizations/#create-an-organization).{% endcallout %} +4. Still in the self-hosted Web Vault, import data to your [Personal Vault]({{site.baseurl}}/import-your-data/) or [Organization Vault]({{site.baseurl}}/import-to-org/). - {% callout info %}Importing data to an Organization will automatically re-create your [Collections]({{site.baseurl}}/article/about-collections/) and add the relevant Vault items to them.{% endcallout %} -5. Manually upload [file attachments]({{site.baseurl}}/article/attachments/) to your Personal or Organization Vault. + {% callout info %}Importing data to an Organization will automatically re-create your [Collections]({{site.baseurl}}/about-collections/) and add the relevant Vault items to them.{% endcallout %} +5. Manually upload [file attachments]({{site.baseurl}}/attachments/) to your Personal or Organization Vault. #### Organizations-only Next Steps If you're migrating an Organization to the Cloud, continue with the following steps: -1. (**Enterprise Organizations Only**) Re-implement your [Enterprise Policy]({{site.baseurl}}/article/policies) specifications and/or configure [Login with SSO]({{site.baseurl}}/article/about-sso/). -2. Manually [re-create user Groups]({{site.baseurl}}/article/about-groups/#create-a-group) in the Cloud and assign them to the proper Collections. -3. Start [inviting users to your Organization]({{site.baseurl}}/article/managing-users/#invite) manually or using [Directory Connector]({{site.baseurl}}/article/directory-sync). +1. (**Enterprise Organizations Only**) Re-implement your [Enterprise Policy]({{site.baseurl}}/policies) specifications and/or configure [Login with SSO]({{site.baseurl}}/about-sso/). +2. Manually [re-create user Groups]({{site.baseurl}}/about-groups/#create-a-group) in the Cloud and assign them to the proper Collections. +3. Start [inviting users to your Organization]({{site.baseurl}}/managing-users/#invite) manually or using [Directory Connector]({{site.baseurl}}/directory-sync). {% endcapture %} {{ desktop_info | markdownify}} @@ -98,7 +98,7 @@ To migrate from one self-hosted Bitwarden server to another: 1. Stop your existing Bitwarden server by running `./bitwarden.sh stop`. When you run this command, Bitwarden will go down for anyone currently using it. 2. Make a full copy of the `./bwdata` directory of the *old* server. This copy will be used to recreate your configuration, database, attachments, etc. on the new server. -3. [Install and deploy]({{site.baseurl}}/article/install-on-premise/) Bitwarden to your new server. +3. [Install and deploy]({{site.baseurl}}/install-on-premise/) Bitwarden to your new server. 4. Once the new Bitwarden server is set up, replace the newly-created `./bwdata` directory with the copy from the old server. 5. Print the new Bitwarden server's UID by running `id -u bitwarden`. 6. Open the file `./bwdata/env/uid.env` and check that the listed values match what was printed in the previous step. If they do not match, replace *both* values with the result of `id -u bitwarden`. diff --git a/_articles/importing/import-data.md b/_articles/importing/import-data.md index bce5e064..1b7078db 100644 --- a/_articles/importing/import-data.md +++ b/_articles/importing/import-data.md @@ -10,7 +10,7 @@ order: "01" Bitwarden provides a data import tool for easy migration from any password management solution to your personal Vault or Organization Vault. You can also use the data import tool to import from one Bitwarden Vault to another, or to import a Bitwarden [Encrypted Export]({% link _articles/importing/encrypted-export.md %}). -For a full list of supported import formats, see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import), or use one of these articles for importing from the most popular solutions: +For a full list of supported import formats, see [What file formats does Bitwarden support for import?]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import), or use one of these articles for importing from the most popular solutions: - [Import from LastPass]({% link _articles/importing/import-from-lastpass.md %}) - [Import from 1Password]({% link _articles/importing/import-from-1password.md %}) @@ -26,11 +26,11 @@ For a full list of supported import formats, see [What file formats does Bitward ## Import to your Personal Vault -Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: +Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: 1. In the Web Vault, select **Tools** from the top navigation bar. 2. Select **Import Data** from the left-hand Tools menu. - 3. From the format dropdown, choose a **File Format** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import)). + 3. From the format dropdown, choose a **File Format** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import)). 5. Select the **Choose File** button and add the file to import or **copy/paste** the contents of your file into the input box. @@ -38,7 +38,7 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https: 6. Select the **Import Data** button to complete your import. 7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised. -Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file). +Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file). ## Troubleshooting diff --git a/_articles/importing/import-from-1password.md b/_articles/importing/import-from-1password.md index c6dbb01a..af7f2f4e 100644 --- a/_articles/importing/import-from-1password.md +++ b/_articles/importing/import-from-1password.md @@ -31,7 +31,7 @@ Complete the following steps to export data from the 1Password Desktop App: ## Import to Bitwarden -Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: +Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: 1. In the Web Vault, select **Tools** from the top navigation bar. 2. Select **Import Data** from the left-hand Tools menu. @@ -46,4 +46,4 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https: 6. Select the **Import Data** button to complete your import. 7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised. -Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file). +Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file). diff --git a/_articles/importing/import-from-chrome.md b/_articles/importing/import-from-chrome.md index 3e0468f2..17c7a641 100644 --- a/_articles/importing/import-from-chrome.md +++ b/_articles/importing/import-from-chrome.md @@ -66,11 +66,11 @@ To export passwords from Chrome on your Mobile Device: ## Import to Bitwarden -Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: +Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: 1. In the Web Vault, select **Tools** from the top navigation bar. 2. Select **Import Data** from the left-hand Tools menu. - 3. From the format dropdown, choose a **Chrome (csv)** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import)). + 3. From the format dropdown, choose a **Chrome (csv)** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import)). 5. Select the **Choose File** button and add the file to import or **copy/paste** the contents of your file into the input box. @@ -78,4 +78,4 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https: 6. Select the **Import Data** button to complete your import. 7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised. -Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file). +Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file). diff --git a/_articles/importing/import-from-firefox.md b/_articles/importing/import-from-firefox.md index 9c3836f9..d7d0ead3 100644 --- a/_articles/importing/import-from-firefox.md +++ b/_articles/importing/import-from-firefox.md @@ -83,7 +83,7 @@ Some Firefox-based browsers offer login export in a different location than vani ## Import to Bitwarden -Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: +Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: 1. In the Web Vault, select **Tools** from the top navigation bar. 2. Select **Import Data** from the left-hand Tools menu. @@ -95,4 +95,4 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https: 6. Select the **Import Data** button to complete your import. 7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised. -Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file). +Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file). diff --git a/_articles/importing/import-from-lastpass.md b/_articles/importing/import-from-lastpass.md index 85b5fc4b..7067e221 100644 --- a/_articles/importing/import-from-lastpass.md +++ b/_articles/importing/import-from-lastpass.md @@ -79,7 +79,7 @@ To export your data from a LastPass Browser Extension: ## Import to Bitwarden -Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: +Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: 1. In the Web Vault, select **Tools** from the top navigation bar. 2. Select **Import Data** from the left-hand Tools menu. @@ -91,7 +91,7 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https: 5. Select the **Import Data** button to complete your import. 6. After successful import, delete the source `.csv` file from your computer. This will protect you in the event your computer is compromised. - Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file). + Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file). ## Import Troubleshooting diff --git a/_articles/importing/import-from-passwordsafe.md b/_articles/importing/import-from-passwordsafe.md index 897994e9..5625f025 100644 --- a/_articles/importing/import-from-passwordsafe.md +++ b/_articles/importing/import-from-passwordsafe.md @@ -39,7 +39,7 @@ To prepare the exported file for import, please follow the instructions in this ## Import to Bitwarden -Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: +Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data: 1. In the Web Vault, select **Tools** from the top navigation bar. 2. Select **Import Data** from the left-hand Tools menu. @@ -51,4 +51,4 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https: 6. Select the **Import Data** button to complete your import. 7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised. -Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file). +Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file). diff --git a/_articles/importing/lastpass-enterprise-migration-guide.md b/_articles/importing/lastpass-enterprise-migration-guide.md index 32e7f751..5eb989c6 100644 --- a/_articles/importing/lastpass-enterprise-migration-guide.md +++ b/_articles/importing/lastpass-enterprise-migration-guide.md @@ -44,8 +44,8 @@ Data imported into Bitwarden is defined as one of four item types: Bitwarden currently limits the length of item fields to 1,000 characters, and Secure Notes to 10,000 characters. Items that exceed that criteria should be saved as separate files (text, key, pem, ssh, etc.) and added as attachments to an item. -- [More on Items](https://bitwarden.com/help/article/managing-items/) -- [Attaching a file to an item](https://bitwarden.com/help/article/attachments/) +- [More on Items](https://bitwarden.com/help/managing-items/) +- [Attaching a file to an item](https://bitwarden.com/help/attachments/) Gathering a full export of your data across your LastPass Organization may require assigning all shared folders to a single user, or performing multiple exports - one for each segment of shared folders. @@ -55,9 +55,9 @@ Exported data from LastPass will contain data from both your Personal vault, as Shared or company-level data is stored in a Bitwarden Organization. The best practice is to create this Organization first and import it directly, instead of importing the data into an individual account and then sharing it with the organization secondarily. -For more on creating a Bitwarden Organization, visit [this article.](https://bitwarden.com/help/article/about-organizations/) +For more on creating a Bitwarden Organization, visit [this article.](https://bitwarden.com/help/about-organizations/) -Self-hosted instances will need to create an Organization on the Bitwarden cloud instance to generate their [license key](https://bitwarden.com/host/) and can then proceed with [installing and configuring a Bitwarden Server instance.](https://bitwarden.com/help/article/install-on-premise/) +Self-hosted instances will need to create an Organization on the Bitwarden cloud instance to generate their [license key](https://bitwarden.com/host/) and can then proceed with [installing and configuring a Bitwarden Server instance.](https://bitwarden.com/help/install-on-premise/) {%callout%} Self-hosting is available for Enterprise plans. @@ -67,15 +67,15 @@ Self-hosting is available for Enterprise plans. Bitwarden Enterprise plans support Login with Single-Sign-On using either SAML 2.0 or OpenID Connect (OIDC). -Each Bitwarden Organization can configure one SSO provider. Configuration for this is located in the [Business Portal](https://bitwarden.com/help/article/about-business-portal/), accessible from the Web Vault by Organization Owners and Administrators. +Each Bitwarden Organization can configure one SSO provider. Configuration for this is located in the [Business Portal](https://bitwarden.com/help/about-business-portal/), accessible from the Web Vault by Organization Owners and Administrators. -For more details on Login with SSO configurations and examples of Identity Provider (IdP) settings and naming conventions, please visit [these help articles](https://bitwarden.com/help/article/about-sso/). +For more details on Login with SSO configurations and examples of Identity Provider (IdP) settings and naming conventions, please visit [these help articles](https://bitwarden.com/help/about-sso/). ### Enabling enterprise policies -Policies are found in the [Business Portal](https://bitwarden.com/help/article/about-business-portal/) +Policies are found in the [Business Portal](https://bitwarden.com/help/about-business-portal/) -Policies allow you to control the actions of users within your Organization. It is recommended to configure these policies prior to onboarding users. For a complete list and details for Enterprise Policies, please see our helpful article [here.](https://bitwarden.com/help/article/policies/) +Policies allow you to control the actions of users within your Organization. It is recommended to configure these policies prior to onboarding users. For a complete list and details for Enterprise Policies, please see our helpful article [here.](https://bitwarden.com/help/policies/) ## Importing data @@ -88,7 +88,7 @@ Creating a Bitwarden specific CSV from your exported data The best practice for most Organizations is to format your data into a Bitwarden CSV, or for advanced users, a Bitwarden JSON file for import into your Organization vault. -For instructions on shaping a Bitwarden specific import file, please refer to the guide [here.](https://bitwarden.com/help/article/condition-bitwarden-import/) +For instructions on shaping a Bitwarden specific import file, please refer to the guide [here.](https://bitwarden.com/help/condition-bitwarden-import/) A collection of data import and export documentation is available [here.](https://bitwarden.com/help/import-export/) to assist with imports from additional sources. @@ -108,14 +108,14 @@ Bitwarden supports both manual and automated user invitation and boarding. Best ### Manual onboarding -Manual boarding is done via the Web Vault. More information on manual user boarding can be found in this [helpful article](https://bitwarden.com/help/article/managing-users/) +Manual boarding is done via the Web Vault. More information on manual user boarding can be found in this [helpful article](https://bitwarden.com/help/managing-users/) ### Automated onboarding -Automated user boarding is also available when leveraging Bitwarden Directory Connector - a standalone application available in a [Desktop app](https://bitwarden.com/help/article/directory-sync-desktop/) and a [CLI tool](https://bitwarden.com/help/article/directory-sync-cli/) - synchronizing user and group information to the Bitwarden Organization. These users are automatically invited to join the Organization, and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/help/article/cli/#confirm). +Automated user boarding is also available when leveraging Bitwarden Directory Connector - a standalone application available in a [Desktop app](https://bitwarden.com/help/directory-sync-desktop/) and a [CLI tool](https://bitwarden.com/help/directory-sync-cli/) - synchronizing user and group information to the Bitwarden Organization. These users are automatically invited to join the Organization, and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/help/cli/#confirm). -- Learn more about how syncing works [here.](https://bitwarden.com/help/article/directory-sync/) -- Discover how to configure user and group filters for Directory Connector [here.](https://bitwarden.com/help/article/user-group-filters/) +- Learn more about how syncing works [here.](https://bitwarden.com/help/directory-sync/) +- Discover how to configure user and group filters for Directory Connector [here.](https://bitwarden.com/help/user-group-filters/) - Documentation for multiple Directory Connector options is available [here.](https://bitwarden.com/help/directory-connector/) ## Sharing Collections and items @@ -138,7 +138,7 @@ Example Bitwarden Organization Import Collections can be shared with both Groups and Individual users. Limiting the number of individual users that can access a Collection will make management more efficient for Administrators. -For more information on assigning Collections to Users and Groups, please refer to our help article [here.](https://bitwarden.com/help/article/about-collections/) +For more information on assigning Collections to Users and Groups, please refer to our help article [here.](https://bitwarden.com/help/about-collections/) ### Groups @@ -146,7 +146,7 @@ Leveraging Groups for sharing is the most effective way to provide credential an As a part of deployment preparations, it is possible to synchronize **just** groups from the LDAP directory before synchronization of Users begins, such that Collections can be assigned to Groups before users begin accessing Bitwarden. -For more information on filtering and synchronization of Users with the Bitwarden Directory Connector, please check out the article [here.](https://bitwarden.com/help/article/user-group-filters/) +For more information on filtering and synchronization of Users with the Bitwarden Directory Connector, please check out the article [here.](https://bitwarden.com/help/user-group-filters/) ### Permissions @@ -165,7 +165,7 @@ Bitwarden uses an union of permissions to determine final access permissions for - User A is also a member of the Support Management group, which has access to the Support Collection, with read-write access. - In this scenario, User A will be able to read-write to the Collection. -More information on permissions can be found on our help site [here.](https://bitwarden.com/help/article/user-types-access-control/#access-control) +More information on permissions can be found on our help site [here.](https://bitwarden.com/help/user-types-access-control/#access-control) ## Migration support @@ -175,7 +175,7 @@ The Bitwarden Customer Success team is available 24/7 with priority support for ### Organization -- A Bitwarden Organization is the encompassing “object” that relates all data for a given sharing entity. Click [here](https://bitwarden.com/help/article/about-organizations/) for more information on Organizations. +- A Bitwarden Organization is the encompassing “object” that relates all data for a given sharing entity. Click [here](https://bitwarden.com/help/about-organizations/) for more information on Organizations. ### Folders for Individual Vaults diff --git a/_articles/importing/teams-enterprise-migration-guide.md b/_articles/importing/teams-enterprise-migration-guide.md index 0e1073e5..e93ea8d6 100644 --- a/_articles/importing/teams-enterprise-migration-guide.md +++ b/_articles/importing/teams-enterprise-migration-guide.md @@ -23,7 +23,7 @@ If you need assistance during your migration, our [Customer Success team is here ## Scope -This document describes the best practices for migrating secure data from your current password manager(s) to a Bitwarden [Teams or Enterprise Organization]({{site.baseurl}}/article/about-organizations/), building an infrastructure for security based on simple and scalable methods. +This document describes the best practices for migrating secure data from your current password manager(s) to a Bitwarden [Teams or Enterprise Organization]({{site.baseurl}}/about-organizations/), building an infrastructure for security based on simple and scalable methods. Password management is crucial for organizational security and operational efficiency. Providing insight into the best methods to perform migration and configuration is designed to minimize the trial-and-error approach that is often needed when exchanging enterprise tools. @@ -31,7 +31,7 @@ Steps in this document **are listed in the recommended order** for ease of use a ## Step 1: Export your Data -Exporting data from another password manager will be different for each solution, and in some cases may be a bit tricky. Use one of our [Import & Export Guides]({{site.baseurl}}/import-export/) for help, for example with exporting from [Lastpass]({{site.baseurl}}/article/import-from-lastpass/#export-from-lastpass) or [1Password]({{site.baseurl}}/article/import-from-1password/#export-from-1password). +Exporting data from another password manager will be different for each solution, and in some cases may be a bit tricky. Use one of our [Import & Export Guides]({{site.baseurl}}/import-export/) for help, for example with exporting from [Lastpass]({{site.baseurl}}/import-from-lastpass/#export-from-lastpass) or [1Password]({{site.baseurl}}/import-from-1password/#export-from-1password). Gathering a full export of your data may require assigning shared folders or items to a single user for export, or performing multiple exports between users with appropriate permissions. Additionally, exported data may include personal data alongside shared/organizational data, so be sure to remove personal items from the export file before [importing to Bitwarden](#). @@ -49,20 +49,20 @@ We recommend paying special attention to the location of the following types of ## Step 2: Setup your Bitwarden Organization -Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/article/sharing/) of Logins, Notes, Cards, and Identities. +Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/sharing/) of Logins, Notes, Cards, and Identities. {% callout success %} -It's important that you create your Organization first and [import data to it directly]({{site.baseurl}}/article/import-to-org/), rather than importing the data to an individual account and then [moving items]({{site.baseurl}}/article/sharing/) to the Organization secondarily. +It's important that you create your Organization first and [import data to it directly]({{site.baseurl}}/import-to-org/), rather than importing the data to an individual account and then [moving items]({{site.baseurl}}/sharing/) to the Organization secondarily. {% endcallout %} -1. **Create your Organization**. Start by creating your Organization. To learn how, check out [this article]({{site.baseurl}}/article/about-organizations/#create-an-organization). +1. **Create your Organization**. Start by creating your Organization. To learn how, check out [this article]({{site.baseurl}}/about-organizations/#create-an-organization). - {% callout note %}To self-host Bitwarden, create an Organization on the Bitwarden cloud, generate a [license key](https://bitwarden.com/host/), and use the key to [unlock Organizations]({{site.baseurl}}/article/licensing-on-premise/#organization-license) on your server.{% endcallout %} + {% callout note %}To self-host Bitwarden, create an Organization on the Bitwarden cloud, generate a [license key](https://bitwarden.com/host/), and use the key to [unlock Organizations]({{site.baseurl}}/licensing-on-premise/#organization-license) on your server.{% endcallout %} -2. **Onboard Administrative Users**. With your Organization created, further setup procedures can be made easier by onboarding some [administrative users]({{siter.baseurl}}/article/user-types-access-control). It's important that you **do not begin end-user onboarding** at this point, as there are a few steps left to prepare your Organization. Learn how to invite admins [here]({{site.baseurl}}/article/managing-users/#onboard-users). -3. **Configure Identity Services**. Bitwarden Enterprise Organizations support [Login with Single-Sign-On]({{site.baseurl}}/article/about-sso/) using either SAML 2.0 or OpenID Connect (OIDC). To configure SSO, navigate to the [Business Portal](https://bitwarden.com/help/article/about-business-portal/), accessible from the Web Vault by [Organization Owners and Administrators]({{site.baseurl}}/article/user-types-access-control/). +2. **Onboard Administrative Users**. With your Organization created, further setup procedures can be made easier by onboarding some [administrative users]({{siter.baseurl}}/user-types-access-control). It's important that you **do not begin end-user onboarding** at this point, as there are a few steps left to prepare your Organization. Learn how to invite admins [here]({{site.baseurl}}/managing-users/#onboard-users). +3. **Configure Identity Services**. Bitwarden Enterprise Organizations support [Login with Single-Sign-On]({{site.baseurl}}/about-sso/) using either SAML 2.0 or OpenID Connect (OIDC). To configure SSO, navigate to the [Business Portal](https://bitwarden.com/help/about-business-portal/), accessible from the Web Vault by [Organization Owners and Administrators]({{site.baseurl}}/user-types-access-control/). -4. **Enable Enterprise Policies**. [Enterprise Policies]({{site.baseurl}}/article/) enable Enterprise Organizations to implement roles for users, for example requiring use of Two-step Login. It is highly recommended that you configure Policies before onboarding users. +4. **Enable Enterprise Policies**. [Enterprise Policies]({{site.baseurl}}/) enable Enterprise Organizations to implement roles for users, for example requiring use of Two-step Login. It is highly recommended that you configure Policies before onboarding users. ## Step 3: Import Data to your Organization @@ -91,7 +91,7 @@ When importing data to your Organization, you have two options: 1. To import the default file format from your prior password manager. 2. To condition a Bitwarden-specific `.CSV` for import. -We recommend formatting your file for import as a Bitwarden `.CSV` for best results, or for advanced users, as a Bitwarden `.JSON` file. For instructions on shaping a Bitwarden-specific import file, refer to [this import guide]({{site.baseurl}}/article/condition-bitwarden-import/). For more import documentation, see [these articles]({{site.baseurl}}/import-export/). +We recommend formatting your file for import as a Bitwarden `.CSV` for best results, or for advanced users, as a Bitwarden `.JSON` file. For instructions on shaping a Bitwarden-specific import file, refer to [this import guide]({{site.baseurl}}/condition-bitwarden-import/). For more import documentation, see [these articles]({{site.baseurl}}/import-export/). ## Step 4: Onboard Users to the Organization @@ -99,16 +99,16 @@ Bitwarden supports both manual onboarding via the Web Vault and automated onboar ### Manual Onboarding -To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite](#invite) → [Accept](#accept) → [Confirm](#confirm). Learn how to invite new users [here]({{site.baseurl}}/article/managing-users/#onboard-users). +To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite](#invite) → [Accept](#accept) → [Confirm](#confirm). Learn how to invite new users [here]({{site.baseurl}}/managing-users/#onboard-users). ### Automated Onboarding -Automated user onboarding is available through [Bitwarden Directory Connector]({{site.baseurl}}/article/directory-sync), a standalone application available in a [Desktop app]({{site.baseurl}}/article/directory-sync-desktop/) and [CLI]({{site.baseurl}}/article/directory-sync-cli/) that will synchronize users and groups from your existing directory service. +Automated user onboarding is available through [Bitwarden Directory Connector]({{site.baseurl}}/directory-sync), a standalone application available in a [Desktop app]({{site.baseurl}}/directory-sync-desktop/) and [CLI]({{site.baseurl}}/directory-sync-cli/) that will synchronize users and groups from your existing directory service. -Users are automatically invited to join the Organization, and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/help/article/cli/#confirm). +Users are automatically invited to join the Organization, and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/help/cli/#confirm). -- Learn more about how syncing works [here]({{site.baseurl}}/article/directory-sync/). -- Discover how to configure user and group filters for Directory Connector [here]({{site.baseurl}}/article/user-group-filters/). +- Learn more about how syncing works [here]({{site.baseurl}}/directory-sync/). +- Discover how to configure user and group filters for Directory Connector [here]({{site.baseurl}}/user-group-filters/). - See more Directory Connector documentation [here]({{site.baseurl}}/directory-connector/). ## Step 5: Configure Access to Collections and Items @@ -131,19 +131,19 @@ Example Bitwarden Organization Import: {%image /migration/bw-import.png Note: shared folders are now in the Collections column %} -Collections can be shared with both Groups and Individual users. Limiting the number of individual users that can access a Collection will make management more efficient for Administrators. Learn more [here]({{site.baseurl}}/article/about-collections/). +Collections can be shared with both Groups and Individual users. Limiting the number of individual users that can access a Collection will make management more efficient for Administrators. Learn more [here]({{site.baseurl}}/about-collections/). ### Groups Leveraging Groups for sharing is the most effective way to provide credential and secret access. Ideally Groups are mirrored from an LDAP service, however Bitwarden supports automatic Group synchronization via the Directory Connector application, as well as manually created ad-hoc Groups. -As a part of deployment preparations, it is possible to synchronize **just** groups from the LDAP directory before synchronization of Users begins, such that Collections can be assigned to Groups before users begin accessing Bitwarden. Learn more about syncing Groups with Directory Connector [here]({{site.baseurl}}/article/user-group-filters/). +As a part of deployment preparations, it is possible to synchronize **just** groups from the LDAP directory before synchronization of Users begins, such that Collections can be assigned to Groups before users begin accessing Bitwarden. Learn more about syncing Groups with Directory Connector [here]({{site.baseurl}}/user-group-filters/). ### Permissions Permissions for Bitwarden Collections can be assigned on the Group or User-level. This means that each Group or User can be configured with permissions for the same Collection. Collection permissions include options for **Read Only** and **Hide Passwords**. -Bitwarden uses an union of permissions to determine final access permissions for a User and a Collection Item. Learn more [here]({{site.baseurl}}/article/user-types-access-control/#access-control). +Bitwarden uses an union of permissions to determine final access permissions for a User and a Collection Item. Learn more [here]({{site.baseurl}}/user-types-access-control/#access-control). **Example:** diff --git a/_articles/login-with-sso/about-sso.md b/_articles/login-with-sso/about-sso.md index 6389a8a9..1b0ccc69 100644 --- a/_articles/login-with-sso/about-sso.md +++ b/_articles/login-with-sso/about-sso.md @@ -7,7 +7,7 @@ popular: true tags: [saml, saml2.0, single sign-on, sso, oidc, openid, openid connect, idp, identity provider] order: "01" redirect_from: - - /article/getting-started-with-sso/ + - /getting-started-with-sso/ --- ## What is Login with SSO? @@ -16,9 +16,9 @@ Login with SSO separates user authentication from Vault decryption by leveraging Login with SSO currently supports SAML 2.0 and OpenID Connect authentication for customers on the current Enterprise Plan. -Users of Bitwarden authenticate into their vaults using the **Enterprise Single Sign-On** button located on the login screen of any Bitwarden client application. For more information, see [Access Your Vault Using SSO](https://bitwarden.com/help/article/sso-access-your-vault/). +Users of Bitwarden authenticate into their vaults using the **Enterprise Single Sign-On** button located on the login screen of any Bitwarden client application. For more information, see [Access Your Vault Using SSO](https://bitwarden.com/help/sso-access-your-vault/). -Administrators can configure Login with SSO in the Business Portal. For more information, see [About the Business Portal](https://bitwarden.com/help/article/about-business-portal/). +Administrators can configure Login with SSO in the Business Portal. For more information, see [About the Business Portal](https://bitwarden.com/help/about-business-portal/). {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} @@ -32,7 +32,7 @@ Login with SSO is available for all customers on the current Enterprise plan (fo Start your Enterprise Free Trial -If you're an experienced Bitwarden user, refer to the [this article]({% link _articles/plans-and-pricing/enterprise-free-trial.md %}) for help. If you're self-hosting Bitwarden, you will need to generate a new license file after starting your 7 Day Free Trial. We recommend using a separate Bitwarden instance for testing Login with SSO. For more information, see [Licensing Paid Features](https://bitwarden.com/help/article/licensing-on-premise). +If you're an experienced Bitwarden user, refer to the [this article]({% link _articles/plans-and-pricing/enterprise-free-trial.md %}) for help. If you're self-hosting Bitwarden, you will need to generate a new license file after starting your 7 Day Free Trial. We recommend using a separate Bitwarden instance for testing Login with SSO. For more information, see [Licensing Paid Features](https://bitwarden.com/help/licensing-on-premise). ## Requirements @@ -54,7 +54,7 @@ Your Bitwarden client applications require the following versions: ### Self-Hosting Requirements If you are self-hosting Bitwarden, your installation must be on v1.37+. -For information on updating your self-hosted instance, see [Updating your Self-Hosted Installation](https://bitwarden.com/help/article/updating-on-premise/). +For information on updating your self-hosted instance, see [Updating your Self-Hosted Installation](https://bitwarden.com/help/updating-on-premise/). ## Workflow Diagram The following diagram is an overview of the workflow used by Bitwarden to authenticate using SSO: @@ -63,12 +63,12 @@ The following diagram is an overview of the workflow used by Bitwarden to authen ## Next Steps For administrators configuring Login with SSO, see: -- [Configure Login with SSO (SAML 2.0)](https://bitwarden.com/help/article/configure-sso-saml/) -- [Configure Login with SSO (OIDC)](https://bitwarden.com/help/article/configure-sso-oidc) +- [Configure Login with SSO (SAML 2.0)](https://bitwarden.com/help/configure-sso-saml/) +- [Configure Login with SSO (OIDC)](https://bitwarden.com/help/configure-sso-oidc) For existing users, see: -- [Link an Existing Account to SSO](https://bitwarden.com/help/article/link-to-sso/) -- [Access Your Vault Using SSO](https://bitwarden.com/help/article/sso-access-your-vault/) +- [Link an Existing Account to SSO](https://bitwarden.com/help/link-to-sso/) +- [Access Your Vault Using SSO](https://bitwarden.com/help/sso-access-your-vault/) For more information, see: -- [SSO FAQs](https://bitwarden.com/help/article/sso-faqs) +- [SSO FAQs](https://bitwarden.com/help/sso-faqs) diff --git a/_articles/login-with-sso/configure-sso-oidc.md b/_articles/login-with-sso/configure-sso-oidc.md index 2d910181..2b98a886 100644 --- a/_articles/login-with-sso/configure-sso-oidc.md +++ b/_articles/login-with-sso/configure-sso-oidc.md @@ -10,7 +10,7 @@ order: "04" ## Step 1: Set an Organization Identifier -Users who [authenticate their identity using SSO]({{site.baseurl}}/article/sso-access-your-vault) will be required to enter an **Organization Identifier** that indicates the Organization (and therefore, the SSO integration) to authenticate against. To set a unique Organization Identifier: +Users who [authenticate their identity using SSO]({{site.baseurl}}/sso-access-your-vault) will be required to enter an **Organization Identifier** that indicates the Organization (and therefore, the SSO integration) to authenticate against. To set a unique Organization Identifier: 1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization. 2. Open the **Settings** tab and enter a unique **Identifier** for your Organization. @@ -34,7 +34,7 @@ Once you have your Organization Identifier, you can proceed to enabling and conf {% image sso/sso-bp-1.png Business Portal Menu%} 3. Check the **Enabled** checkbox. -4. From the **Type** dropdown menu, select the **OpenID Connect** option. If you intend to use SAML instead, switch over the the [SAML Configuration Guide]({{site.baseurl}}/article/configure-sso-saml/). +4. From the **Type** dropdown menu, select the **OpenID Connect** option. If you intend to use SAML instead, switch over the the [SAML Configuration Guide]({{site.baseurl}}/configure-sso-saml/). ## Step 3: Configuration @@ -42,12 +42,12 @@ From this point on, **implementation will vary provider-to-provider**. Jump to o |Provider|Guide| |--------|-----| -|Azure|[Azure Implementation Guide]({{site.baseurl}}/article/oidc-azure/)| -|Okta|[Okta Implementation Guide]({{site.baseurl}}/article/oidc-okta/)| +|Azure|[Azure Implementation Guide]({{site.baseurl}}/oidc-azure/)| +|Okta|[Okta Implementation Guide]({{site.baseurl}}/oidc-okta/)| ### Configuration Reference Materials -The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal), agnostic of which IdP you're integrating with. Fields that must be configured will be marked (**Required**). +The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/about-business-portal), agnostic of which IdP you're integrating with. Fields that must be configured will be marked (**Required**). {% callout success %} **Unless you're comfortable with OpenID Connect**, we recommend using one of the [above Implementation Guides](#step-3-configuration) instead of the following generic material. @@ -55,11 +55,11 @@ The following sections will define fields configured in the [Bitwarden Business |Field|Description| |-----|-----------| -|Callback Path|(**Automatically generated**) The URL for authentication automatic redirect. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.| -|Signed Out Callback Path|(**Automatically generated**) The URL for sign-out automatic redirect. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signedout`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signedout`.| +|Callback Path|(**Automatically generated**) The URL for authentication automatic redirect. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.| +|Signed Out Callback Path|(**Automatically generated**) The URL for sign-out automatic redirect. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signedout`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signedout`.| |Authority|(**Required**) The URL of your Authorization Server ("Authority"), which Bitwarden will perform authentication against. For example, `https://your.domain.okta.com/oauth2/default` or `https://login.microsoft.com//v2.0`.| -|Client ID|(**Required**) An identifier for the OIDC Client. This value is typically specific to a constructed IdP App Integration, for example an [Azure App Registration]({{site.baseurl}}/article/oidc-azure/) or [Okta Web App]({{site.baseurl}}/article/oidc-okta/).| -|Client Secret|(**Required**) The client secret used in conjunction with the Client ID to exchange for an access token. This value is typically specific to a constructed IdP App Integration, for example an [Azure App Registration]({{site.baseurl}}/article/oidc-azure/) or [Okta Web App]({{site.baseurl}}/article/oidc-okta/).| +|Client ID|(**Required**) An identifier for the OIDC Client. This value is typically specific to a constructed IdP App Integration, for example an [Azure App Registration]({{site.baseurl}}/oidc-azure/) or [Okta Web App]({{site.baseurl}}/oidc-okta/).| +|Client Secret|(**Required**) The client secret used in conjunction with the Client ID to exchange for an access token. This value is typically specific to a constructed IdP App Integration, for example an [Azure App Registration]({{site.baseurl}}/oidc-azure/) or [Okta Web App]({{site.baseurl}}/oidc-okta/).| |Metadata Address|(**Required if Authority is not valid**) A Metadata URL where Bitwarden can access Authorization Server metadata as a JSON object. For example, `https://your.domain.okta.com/oauth2/default/.well-known/oauth-authorization-server`.| |OIDC Redirect Behavior|(**Required**) Method used by the IdP to response to authentication requests from Bitwarden. Options include **Form POST** and **Redirect GET**.| |Get Claims From User Info Endpoint|Enable this option if you receive URL too long errors (HTTP 414), truncated URLS, and/or failures during SSO.| diff --git a/_articles/login-with-sso/configure-sso-saml.md b/_articles/login-with-sso/configure-sso-saml.md index d67881e7..920741ac 100644 --- a/_articles/login-with-sso/configure-sso-saml.md +++ b/_articles/login-with-sso/configure-sso-saml.md @@ -10,7 +10,7 @@ order: "03" ## Step 1: Set an Organization Identifier -Users who [authenticate their identity using SSO]({{site.baseurl}}/article/sso-access-your-vault/) will be required to enter an **Organization Identifier** that indicates the Organization (and therefore, the SSO integration) to authenticate against. to set a unique Organization Identifier: +Users who [authenticate their identity using SSO]({{site.baseurl}}/sso-access-your-vault/) will be required to enter an **Organization Identifier** that indicates the Organization (and therefore, the SSO integration) to authenticate against. to set a unique Organization Identifier: 1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization. 2. Open the **Settings** tab and enter a unique **Identifier** for your Organizations. @@ -33,7 +33,7 @@ Once you have your Organization Identifier, you can proceed to enabling and conf {% image sso/sso-bp-1.png Business Portal Menu %} 3. Check the **Enabled** checkbox. -4. From the **Type** dropdown menu, select the **SAML 2.0** option. If you intend to use OIDC instead, switch over to the [OIDC Configuration Guide]({{site.baseurl}}/article/configure-sso-oidc). +4. From the **Type** dropdown menu, select the **SAML 2.0** option. If you intend to use OIDC instead, switch over to the [OIDC Configuration Guide]({{site.baseurl}}/configure-sso-oidc). ## Step 3: Configuration @@ -41,21 +41,21 @@ From this point on, **implementation will vary provider-to-provider**. Jump to o |Provider|Guide| |--------|-----| -|AD FS|[AD FS Implementation Guide]({{site.baseurl}}/article/saml-adfs/)| -|Auth0|[Auth0 Implementation Guide]({{site.baseurl}}/article/saml-auth0/)| -|AWS|[AWS Implementation Guide]({{site.baseurl}}/article/saml-aws/)| -|Azure|[Azure Implementation Guide]({{site.baseurl}}/article/saml-azure/)| -|Duo|[Duo Implementation Guide]({{site.baseurl}}/article/saml-duo/)| -|Google|[Google Implementation Guide]({{site.baseurl}}/article/saml-google/)| -|JumpCloud|[JumpCloud Implementation Guide]({{site.baseurl}}/article/saml-jumpcloud/)| -|Keycloak|[Keycloak Implementation Guide]({{site.baseurl}}/article/saml-keycloak/)| -|Okta|[Okta Implementation Guide]({{site.baseurl}}/article/saml-okta/)| -|OneLogin|[OneLogin Implementation Guide]({{site.baseurl}}/article/saml-onelogin/)| -|PingFederate|[PingFederate Implementation Guide]({{site.baseurl}}/article/saml-pingfederate/)| +|AD FS|[AD FS Implementation Guide]({{site.baseurl}}/saml-adfs/)| +|Auth0|[Auth0 Implementation Guide]({{site.baseurl}}/saml-auth0/)| +|AWS|[AWS Implementation Guide]({{site.baseurl}}/saml-aws/)| +|Azure|[Azure Implementation Guide]({{site.baseurl}}/saml-azure/)| +|Duo|[Duo Implementation Guide]({{site.baseurl}}/saml-duo/)| +|Google|[Google Implementation Guide]({{site.baseurl}}/saml-google/)| +|JumpCloud|[JumpCloud Implementation Guide]({{site.baseurl}}/saml-jumpcloud/)| +|Keycloak|[Keycloak Implementation Guide]({{site.baseurl}}/saml-keycloak/)| +|Okta|[Okta Implementation Guide]({{site.baseurl}}/saml-okta/)| +|OneLogin|[OneLogin Implementation Guide]({{site.baseurl}}/saml-onelogin/)| +|PingFederate|[PingFederate Implementation Guide]({{site.baseurl}}/saml-pingfederate/)| ### Configuration Reference Materials -The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal/), agnostic of which IdP you're integration with. Fields that must be configured will be marked (**Required**). +The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/about-business-portal/), agnostic of which IdP you're integration with. Fields that must be configured will be marked (**Required**). {% callout success %} **Unless you're comfortable with SAML 2.0**, we recommend using one of the [above Implementation Guides](#step-3-configuration) instead of the following generic material. @@ -70,9 +70,9 @@ The Business Portal separates configuration into two sections: |Field|Description| |-----|-----------| -|SP Entity ID|(**Automatically generated**) The Bitwarden endpoint for authentication requests. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| -|SAML 2.0 Metadata URL|(**Automatically generated**) Metadata URL for the Bitwarden endpoint. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id`.| -|Assertion Consumer Service (ACS) URL|(**Automatically generated**) Location where the SAML assertion is sent from the IdP. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| +|SP Entity ID|(**Automatically generated**) The Bitwarden endpoint for authentication requests. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| +|SAML 2.0 Metadata URL|(**Automatically generated**) Metadata URL for the Bitwarden endpoint. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id`.| +|Assertion Consumer Service (ACS) URL|(**Automatically generated**) Location where the SAML assertion is sent from the IdP. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| |Name ID Format|Format Bitwarden will request of the SAML assertion. Options include:
-Unspecific (*default*)
-Email Address
-X.509 Subject Name
-Windows Domain Qualified Name
-Kerberos Principal Name
-Entity Identifier
-Persistent
-Transient| |Outbound Signing Algorithm|The algorithm Bitwarden will use to sign SAML requests. Options include:
- (*default*)
-
-
-| |Signing Behavior|Whether/when SAML requests will be signed. Options include:
-If IdP Wants Authn Requests Signed (*default*)
-Always
-Never| diff --git a/_articles/login-with-sso/link-to-sso.md b/_articles/login-with-sso/link-to-sso.md index bc2034ee..e327226f 100644 --- a/_articles/login-with-sso/link-to-sso.md +++ b/_articles/login-with-sso/link-to-sso.md @@ -21,4 +21,4 @@ Users with existing Bitwarden accounts will need to complete the following steps ### Next Steps Now that you've linked your account, you can now: -- [Access your Vault Using SSO](https://bitwarden.com/help/article/sso-access-your-vault/) +- [Access your Vault Using SSO](https://bitwarden.com/help/sso-access-your-vault/) diff --git a/_articles/login-with-sso/oidc-azure.md b/_articles/login-with-sso/oidc-azure.md index 9c01045f..2f5b14d8 100644 --- a/_articles/login-with-sso/oidc-azure.md +++ b/_articles/login-with-sso/oidc-azure.md @@ -9,15 +9,15 @@ tags: [sso, oidc, azure] order: --- -This article contains **Azure-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Azure via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/) or [Azure SAML Implementation]({{site.baseurl}}/article/saml-azure/). +This article contains **Azure-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Azure via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/configure-sso-oidc/) or [Azure SAML Implementation]({{site.baseurl}}/saml-azure/). -Configuration involves working simultaneously within the Bitwarden [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden [Bitwarden Business Portal]({{site.baseurl}}/about-business-portal/) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. ## Open the Business Portal -If you're coming straight from [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/article/configure-sso-oidc/) and return to this guide. +If you're coming straight from [OIDC Configuration]({{site.baseurl}}/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/configure-sso-oidc/) and return to this guide. -Open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +Open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-oidc1.png OIDC Configuration %} @@ -40,7 +40,7 @@ Select **Authentication** from the navigation and select the **Add a platform** Select the **Web** option on the Configure platforms screen and enter your **Callback Path** in the Redirect URIs input. {% callout info %} -Callback Path can be retrieved from the Bitwarden SSO Configuration screen. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`. +Callback Path can be retrieved from the Bitwarden SSO Configuration screen. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`. {% endcallout %} ### Create a Client Secret @@ -80,7 +80,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} -Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Microsoft login screen: +Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Microsoft login screen: {% image sso/cheatsheets/saml-azure/az-login.png Azure login screen %} diff --git a/_articles/login-with-sso/oidc-okta.md b/_articles/login-with-sso/oidc-okta.md index 81217b7a..577820d8 100644 --- a/_articles/login-with-sso/oidc-okta.md +++ b/_articles/login-with-sso/oidc-okta.md @@ -8,15 +8,15 @@ hidden: true tags: [sso, oidc, okta] order: --- -This article contains **Okta-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Okta via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/) or [Okta SAML Implementation]({{site.baseurl}}/article/saml-okta/). +This article contains **Okta-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Okta via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/configure-sso-oidc/) or [Okta SAML Implementation]({{site.baseurl}}/saml-okta/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documentated. +Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documentated. ## Open the Business Portal -If you're coming straight from [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/article/configure-sso-oidc/) and return to this document. +If you're coming straight from [OIDC Configuration]({{site.baseurl}}/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/configure-sso-oidc/) and return to this document. -Open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +Open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-oidc1.png OIDC Configuration %} @@ -34,7 +34,7 @@ On the **New Web App Integration** screen, configure the following fields: |-----|-----------| |App integration name|Give the app a Bitwarden-specific name.| |Grant type|Enable the following [grant types](https://developer.okta.com/docs/concepts/oauth-openid/#choosing-an-oauth-2-0-flow){:target="\_blank"}:

- Client acting on behalf of itself → **Client Credentials**
- Client acting on behalf of a user → **Authorization Code**| -|Sign-in redirect URIs|Set this field to your **Callback Path**, which can be retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.| +|Sign-in redirect URIs|Set this field to your **Callback Path**, which can be retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.| |Sign-out redirect URIs|Set this field to your **Signed Out Callback Path**, which can be retrieved from the Bitwarden SSO Configuration screen.| |Assignments|Use this field to designate whether all or only select groups will be able to use Bitwarden Login with SSO.| diff --git a/_articles/login-with-sso/saml-adfs.md b/_articles/login-with-sso/saml-adfs.md index 3a225c23..5f56b74f 100644 --- a/_articles/login-with-sso/saml-adfs.md +++ b/_articles/login-with-sso/saml-adfs.md @@ -8,9 +8,9 @@ hidden: true tags: [sso, saml, adfs] order: --- -This article contains **Active Directory Federation Services (AD FS)-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **Active Directory Federation Services (AD FS)-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the AD FS Server Manager. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the AD FS Server Manager. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -20,7 +20,7 @@ Configuration involves working simultaneously within the Bitwarden [Business Por ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, refer to that article to create an Organization ID and open your Business Portal to the SSO Configuration section: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, refer to that article to create an Organization ID and open your Business Portal to the SSO Configuration section: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -37,11 +37,11 @@ In the AD FS Server Manager, select **Tools** → **AD FS Management** → - In the **Relying party SAML 2.0 SSO service URL** input, enter the Assertion Consumer Service (ACS) URL retrieved from the Bitwarden SSO Configuration screen. - For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`. + For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`. 6. On the **Choose Access Control Policy** screen, select the 5. On the **Configure Identifiers** screen, add the SP Entity ID (retrieved from the Bitwarden SSO Configuration screen) as a relying party trust identifier. - For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`. + For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`. 6. On the **Choose Access Control Policy** screen, select the desired policy (by default, **Permit Everyone**). 7. On the **Ready to Add Trust** screen, review your selections. @@ -170,7 +170,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} -Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-set-an-organization-identifier) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AD FS SSO login screen. After you authenticate with your AD FS credentials, enter your Bitwarden Master Password to decrypt your Vault! +Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-set-an-organization-identifier) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AD FS SSO login screen. After you authenticate with your AD FS credentials, enter your Bitwarden Master Password to decrypt your Vault! {% comment %} {% image sso/cheatsheets/saml-adfs/saml-adfs2.png %} diff --git a/_articles/login-with-sso/saml-auth0.md b/_articles/login-with-sso/saml-auth0.md index 484b3b20..b9091bc2 100644 --- a/_articles/login-with-sso/saml-auth0.md +++ b/_articles/login-with-sso/saml-auth0.md @@ -8,9 +8,9 @@ hidden: true tags: [sso, saml, auth0] order: --- -This article contains **Auth0-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **Auth0-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Auth0 Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Auth0 Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -20,7 +20,7 @@ Configuration involves working simultaneously within the Bitwarden [Business Por ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -39,8 +39,8 @@ Click the **Settings** tab and configure the following information, some of whic |Name|Give the application a Bitwarden-specific name.| |Application Type|Select **Regular Web Application**.| |Token Endpoint Authentication Method|Select **Post** (HTTP Post), which will map to a **Binding Type** attribute you will [configure later](#identity-provider-configuration).| -|Application Login URI|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| -|Allowed Callback URLS|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| +|Application Login URI|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| +|Allowed Callback URLS|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| #### Grant Types diff --git a/_articles/login-with-sso/saml-aws.md b/_articles/login-with-sso/saml-aws.md index 82fe96b9..1de021a2 100644 --- a/_articles/login-with-sso/saml-aws.md +++ b/_articles/login-with-sso/saml-aws.md @@ -9,9 +9,9 @@ tags: [sso, saml, aws] order: --- -This article contains **AWS-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **AWS-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the AWS Console. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the AWS Console. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -21,8 +21,8 @@ Configuration involves working simultaneously within the Bitwarden [Business Por ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your -[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your +[Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -48,7 +48,7 @@ You'll need the information in this section for a later configuration step. Copy ### Application Properties -In the **Application start URL** field, specify the login URL from which users will access Bitwarden. For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain/#/sso`. +In the **Application start URL** field, specify the login URL from which users will access Bitwarden. For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain/#/sso`. ### Application metadata @@ -60,8 +60,8 @@ Configure the following fields: |Field|Description| |-----|-----------| -|Application ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retreived from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.| -|Application SAML audience|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| +|Application ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retreived from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.| +|Application SAML audience|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| When you're finished, select **Save changes**. @@ -133,7 +133,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} -Enter the [configured Organiztion Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AWS SSO login screen: +Enter the [configured Organiztion Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AWS SSO login screen: {% image sso/cheatsheets/saml-aws/aws-login.png AWS login screen %} diff --git a/_articles/login-with-sso/saml-azure.md b/_articles/login-with-sso/saml-azure.md index ecdc6102..d4c1a170 100644 --- a/_articles/login-with-sso/saml-azure.md +++ b/_articles/login-with-sso/saml-azure.md @@ -9,9 +9,9 @@ tags: [sso, saml, azure] order: --- -This article contains **Azure-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **Azure-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -21,8 +21,8 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your -[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your +[Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -60,9 +60,9 @@ Select the **Edit** button and configure the following fields: |Field|Description| |-----|-----------| -|Identifier (Entity ID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| -|Reply URL (Assertion Consumer Service URL)|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retreived from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.| -|Sign on URL|Set this field to the login URL from which users will access Bitwarden.

For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by you [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your-domain.com/#/sso`.| +|Identifier (Entity ID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| +|Reply URL (Assertion Consumer Service URL)|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retreived from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.| +|Sign on URL|Set this field to the login URL from which users will access Bitwarden.

For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by you [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your-domain.com/#/sso`.| ### User Attributes & Claims @@ -139,7 +139,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} -Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Microsoft login screen: +Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Microsoft login screen: {% image sso/cheatsheets/saml-azure/az-login.png Azure login screen %} diff --git a/_articles/login-with-sso/saml-duo.md b/_articles/login-with-sso/saml-duo.md index 4451e678..4bb3ec96 100644 --- a/_articles/login-with-sso/saml-duo.md +++ b/_articles/login-with-sso/saml-duo.md @@ -8,9 +8,9 @@ hidden: true tags: [sso, saml, duo] order: --- -This article contains **Duo-specific** help for configuring Login with SSO via SAML 2.0 For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **Duo-specific** help for configuring Login with SSO via SAML 2.0 For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously between the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Duo Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously between the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Duo Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -24,7 +24,7 @@ Configuration involves working simultaneously between the Bitwarden [Business Po This article assumes that you have already set up Duo with an Identity Provider. If you haven't, see [Duo's documentation](https://duo.com/docs/sso#saml){:target="\_blank"} for details. {% endcallout %} -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -62,9 +62,9 @@ Select the **Download certificate** button to download your X.509 Certificate, a |Field|Description| |-----|-----------| -|Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso.saml2`.| -|Assertion Consumer Service (ACS) URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| -|Service Provider Login URL|Set this field to the login URL from which users will access Bitwarden.

For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`.| +|Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso.saml2`.| +|Assertion Consumer Service (ACS) URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| +|Service Provider Login URL|Set this field to the login URL from which users will access Bitwarden.

For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`.| ### SAML Response diff --git a/_articles/login-with-sso/saml-google.md b/_articles/login-with-sso/saml-google.md index d605c9b5..d0925d78 100644 --- a/_articles/login-with-sso/saml-google.md +++ b/_articles/login-with-sso/saml-google.md @@ -9,9 +9,9 @@ tags: [sso, saml, google] order: --- -This article contains **Google Workspace-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **Google Workspace-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Google Workspace Admin console. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Google Workspace Admin console. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -21,7 +21,7 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -53,9 +53,9 @@ On the Service provider details screen, configure the following fields: |Field|Description| |-----|-----------| -|ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.| -|Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| -|Start URL|Optionally, set this field to the login URL from which users will access Bitwarden.

For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`.| +|ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.| +|Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| +|Start URL|Optionally, set this field to the login URL from which users will access Bitwarden.

For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`.| |Signed response|Check this box if you want Workspace to sign SAML responses. If not checked, Workspace will sign only the SAML assertion.| |Name ID format|Set this field to the [SAML NameID format](https://docs.oracle.com/cd/E19316-01/820-3886/ggwbz/index.html){:target="\_blank"} for Workspace to use in SAML responses.| |Name ID|Select the Workspace user attribute to populate NameID.| @@ -129,7 +129,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} -Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Google Workspace login screen: +Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Google Workspace login screen: {% image sso/cheatsheets/saml-google/g-login.png Login %} diff --git a/_articles/login-with-sso/saml-jumpcloud.md b/_articles/login-with-sso/saml-jumpcloud.md index ecc56eeb..ee4cbb05 100644 --- a/_articles/login-with-sso/saml-jumpcloud.md +++ b/_articles/login-with-sso/saml-jumpcloud.md @@ -9,9 +9,9 @@ tags: [sso, saml, jumpcloud] order: --- -This article contains **JumpCloud-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **JumpCloud-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the JumpCloud Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the JumpCloud Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -21,7 +21,7 @@ Configuration involves working simultaneously within the Bitwarden [Business Por ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -56,8 +56,8 @@ In the **Single Sign-On Configuration** section, configure the following informa |Field|Description| |-----|-----------| |IdP Entity ID|Set this field to a unique, Bitwarden-specific value, e.g. `bitwardensso_yourcompany`.| -|SP Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| -|ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| +|SP Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| +|ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| #### Custom SAML App Only @@ -69,7 +69,7 @@ If you created a Custom SAML App, you'll also need to configure the following ** |SAMLSubject NameID Format|Specify the format of the NameID sent in SAML responses.| |Signature Algoritm|Select the algorithm to use to sign SAML assertions or reponses.| |Sign Assertion|By default, JumpCloud will sign the SAML response. Check this box the sign the SAML assertion.| -|Login URL|Specify the URL from which your users will login to Bitwarden via SSO. For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`. | +|Login URL|Specify the URL from which your users will login to Bitwarden via SSO. For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`. | ### Attributes diff --git a/_articles/login-with-sso/saml-keycloak.md b/_articles/login-with-sso/saml-keycloak.md index 0f52c79e..295d2ca3 100644 --- a/_articles/login-with-sso/saml-keycloak.md +++ b/_articles/login-with-sso/saml-keycloak.md @@ -8,9 +8,9 @@ hidden: true tags: [sso, saml, keyclock] order: --- -This article contains **Keycloak-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **Keycloak-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal) and the Keycloak Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal) and the Keycloak Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -20,8 +20,8 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your -[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your +[Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -37,7 +37,7 @@ On the **Add Client** screen, configure the following settings: |Field|Description| |-----|-----------| -|Client ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| +|Client ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| |Client Protocol|Select `saml`.| |Client SAML Endpoint|Enter your master SAML processing URL, for example `https:///auth/realms/master/protocol/saml`.| @@ -56,7 +56,7 @@ On the **Settings** tab, configure the following options: |Signature Algorithm|If **Sign Assertions** is enabled, select what algorithm to sign with (`sha-256` by default).| |Name ID Format|Select the Name ID Format for Keycloak to use in SAML responses.| |Valid Redirect URLs|Set this field to the pre-generated Assertion Consumer Service (ACS) URL retreived from the Bitwarden SSO configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your configured server URL, for example `https://your.domain/sso/your-org-id/Acs`.| -|Base URL|Set this field to the login URL from which users will access Bitwarden.

For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by you [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your-domain.com/#/sso`.| +|Base URL|Set this field to the login URL from which users will access Bitwarden.

For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by you [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your-domain.com/#/sso`.| |Master SAML Processing URL|If not automatically filled in, set this field to your master SAML processing URL, for example `https:///auth/realms/master/protocol/saml`.| #### Fine Grain SAML Endpoint Configuration @@ -194,7 +194,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} -Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Keycloak login screen: +Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Keycloak login screen: {% image sso/cheatsheets/saml-keycloak/keycloak-login.png Keycloak Login Screen %} diff --git a/_articles/login-with-sso/saml-okta.md b/_articles/login-with-sso/saml-okta.md index eec54d0a..db8a469b 100644 --- a/_articles/login-with-sso/saml-okta.md +++ b/_articles/login-with-sso/saml-okta.md @@ -9,9 +9,9 @@ tags: [sso, saml, okta] order: --- -This article contains **Okta-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **Okta-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -21,8 +21,8 @@ Configuration involves working simultaneously within the Bitwarden [Business Por ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your -[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your +[Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -54,8 +54,8 @@ On the **Configure SAML** screen, configure the following fields: |Field|Description| |-----|-----------| -|Single sign on URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| -|Audience URI (SP Entity ID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| +|Single sign on URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| +|Audience URI (SP Entity ID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.| |Name ID format|Select the [SAML NameID format](https://docs.oracle.com/cd/E19316-01/820-3886/ggwbz/index.html){:target="\_blank"} to use in SAML assertions. By default, **Unspecified**.| |Application username|Select the Okta attribute users will use to login to Bitwarden.| @@ -145,7 +145,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit {% image sso/sso-button-lg.png Enterprise Single Sign-On button %} -Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Okta login screen: +Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Okta login screen: {% image sso/cheatsheets/saml-okta/okta-login.png Log in with Okta %} diff --git a/_articles/login-with-sso/saml-onelogin.md b/_articles/login-with-sso/saml-onelogin.md index 97b78768..49a658f2 100644 --- a/_articles/login-with-sso/saml-onelogin.md +++ b/_articles/login-with-sso/saml-onelogin.md @@ -8,9 +8,9 @@ hidden: true tags: [sso, saml, onelogin] order: --- -This article contains **OneLogin-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/). +This article contains **OneLogin-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/). -Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the OneLogin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. +Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the OneLogin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented. {% callout success %} **Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own. @@ -20,7 +20,7 @@ Configuration involves working simultaneously within the Bitwarden [Business Por ## Open the Business Portal -If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen: +If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen: {% image sso/sso-saml1.png SAML 2.0 Configuration %} @@ -46,10 +46,10 @@ Select **Configuration** from the left-hand navigation and configure the followi |Application Setting|Description| |----------------|-----------| -|Audience (EntityID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso.saml2`.| +|Audience (EntityID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso.saml2`.| |Recipient|Set this field to the same pre-generated **SP Entity ID** used for the **Audience (Entity ID)** setting.| |ACS (Consumer) URL Validator|Despite being marked **Required** by OneLogin, you don't actually need to enter information into this field to integrate with Bitwarden. Skip to the next field, **ACS (Consumer) URL**.| -|ACS (Consumer) URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| +|ACS (Consumer) URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.

For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.| |SAML initiator|Select **Service Provider**. Login with SSO does not currently support IdP-initiated SAML assertions.| |SAML nameID Format|Set this field to the [SAML NameID Format](https://docs.oracle.com/cd/E19316-01/820-3886/ggwbz/index.html){:target="\_blank"} you want to use for SAML assertions.| |SAML signature element|By default, OneLogin will sign the SAML Response. You can set this to **Assertion** or **Both**, and | diff --git a/_articles/login-with-sso/sso-access-your-vault.md b/_articles/login-with-sso/sso-access-your-vault.md index d0b2ef0e..21a38aca 100644 --- a/_articles/login-with-sso/sso-access-your-vault.md +++ b/_articles/login-with-sso/sso-access-your-vault.md @@ -9,7 +9,7 @@ order: "06" --- ## Before You Begin -If you are an existing Bitwarden user, you must [Link an Existing Account to SSO](https://bitwarden.com/help/article/link-to-sso/) before authenticating into your Vault using Login with SSO. +If you are an existing Bitwarden user, you must [Link an Existing Account to SSO](https://bitwarden.com/help/link-to-sso/) before authenticating into your Vault using Login with SSO. ## Logging in with SSO @@ -39,5 +39,5 @@ In both cases, your account now has an *accepted* status within your Organizatio {% callout info %} - Users that are created via Login with SSO **will still be properly organized into their groups and collections** if leveraging the [Directory Connector](https://bitwarden.com/help/article/directory-sync/) utility. + Users that are created via Login with SSO **will still be properly organized into their groups and collections** if leveraging the [Directory Connector](https://bitwarden.com/help/directory-sync/) utility. {% endcallout %} diff --git a/_articles/miscellaneous/auto-fill-android-troubleshooting.md b/_articles/miscellaneous/auto-fill-android-troubleshooting.md index 351c2a8b..3fa89f5c 100644 --- a/_articles/miscellaneous/auto-fill-android-troubleshooting.md +++ b/_articles/miscellaneous/auto-fill-android-troubleshooting.md @@ -17,7 +17,7 @@ Depending on the version of Android your device is running, there are a few diff |Draw-Over|Android 6+|Accessibility| |Accessibility|All Android Versions|-| -For instructions on setting up auto-fill on Android, see [Auto-fill Logins]({{site.baseurl}}/article/auto-fill-android/). +For instructions on setting up auto-fill on Android, see [Auto-fill Logins]({{site.baseurl}}/auto-fill-android/). ### Troubleshooting the Autofill Service diff --git a/_articles/miscellaneous/cli-auth-challenges.md b/_articles/miscellaneous/cli-auth-challenges.md index bd66dabe..fbb331eb 100644 --- a/_articles/miscellaneous/cli-auth-challenges.md +++ b/_articles/miscellaneous/cli-auth-challenges.md @@ -7,7 +7,7 @@ popular: false tags: [cli, captcha] --- -The August 2021 release of Bitwarden (**2021-08-18**) introduced [Captcha](https://www.hcaptcha.com/about){:target="\_blank"} requirements to increase security against bot traffic. On the CLI, Captcha challenges are substituted with authentication challenges that can validated using your account's [Personal API Key]({{site.baseurl}}/article/personal-api-key) `client_secret`. +The August 2021 release of Bitwarden (**2021-08-18**) introduced [Captcha](https://www.hcaptcha.com/about){:target="\_blank"} requirements to increase security against bot traffic. On the CLI, Captcha challenges are substituted with authentication challenges that can validated using your account's [Personal API Key]({{site.baseurl}}/personal-api-key) `client_secret`. ## Get your Personal API Key @@ -23,7 +23,7 @@ To get your Personal API Key: Depending on your preferences, you can [save an environment variable](#answer-challenges-with-an-environment-variable) to automatically pass authentication challenges or [manually enter](#using-the-prompt) your `client_secret` whenever a challenge is made: {% callout success %} -Aside from using environment variable, any possible challenge is automatically bypassed when using the `bw login --apikey` method. [Learn more]({{site.baseurl}}/article/cli/#using-an-api-key). +Aside from using environment variable, any possible challenge is automatically bypassed when using the `bw login --apikey` method. [Learn more]({{site.baseurl}}/cli/#using-an-api-key). {% endcallout %} ### Answer Challenges with an Environment Variable @@ -41,7 +41,7 @@ env:BW_CLIENTSECRET="client_secret" ``` {% callout warning %} -If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API Key]({{site.baseurl}}/article/personal-api-key/#rotate-your-api-key) since saving the variable. [Use the above steps](#get-your-personal-api-key) to retrieve the correct value. +If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API Key]({{site.baseurl}}/personal-api-key/#rotate-your-api-key) since saving the variable. [Use the above steps](#get-your-personal-api-key) to retrieve the correct value. {% endcallout %} ### Answer Challenges Manually @@ -51,5 +51,5 @@ When an authentication challenge is made and no `BW_CLIENTSECRET` value is found {% image cli/cli-captcha-1-markup.png Login Prompt with Auth Challenge %} {% callout warning %} -If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API Key]({{site.baseurl}}/article/personal-api-key/#rotate-your-api-key) since saving the variable. [Use the above steps](#get-your-personal-api-key) to retrieve the correct value. +If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API Key]({{site.baseurl}}/personal-api-key/#rotate-your-api-key) since saving the variable. [Use the above steps](#get-your-personal-api-key) to retrieve the correct value. {% endcallout %} diff --git a/_articles/miscellaneous/cli.md b/_articles/miscellaneous/cli.md index c463617d..9421aed8 100644 --- a/_articles/miscellaneous/cli.md +++ b/_articles/miscellaneous/cli.md @@ -144,7 +144,7 @@ Logging in with email and password authenticates you with Bitwarden servers, syn bw login ``` -This command will initiate a prompt for your **Email address**, **Master password**, and (if [enabled]({{site.baseurl}}/article/setup-two-step-login/)) a **Two-step login code**. +This command will initiate a prompt for your **Email address**, **Master password**, and (if [enabled]({{site.baseurl}}/setup-two-step-login/)) a **Two-step login code**. {% callout info %} You *can* string this together into a single command as in the following example, however this is not recommended for security reasons. @@ -159,10 +159,10 @@ See [Appendices → Enums](#enums) for `` values. ### Using an API key {% callout success %} -**Getting prompted for additional authentication** or getting a `Your authentication request appears to be coming from a bot.` error? Use your API Key `client_secret` to answer the authentication challenge. [Learn more]({{site.baseurl}}/article/cli-auth-challenges/). +**Getting prompted for additional authentication** or getting a `Your authentication request appears to be coming from a bot.` error? Use your API Key `client_secret` to answer the authentication challenge. [Learn more]({{site.baseurl}}/cli-auth-challenges/). {% endcallout %} -Logging in with a [Personal API Key]({{site.baseurl}}/article/personal-api-key/) authenticates you with Bitwarden servers, syncs your Vault, but **does not unlock your Vault**. After logging in with an API key, you will be required to unlock your Vault using your Master Password. To log in with an API key use: +Logging in with a [Personal API Key]({{site.baseurl}}/personal-api-key/) authenticates you with Bitwarden servers, syncs your Vault, but **does not unlock your Vault**. After logging in with an API key, you will be required to unlock your Vault using your Master Password. To log in with an API key use: ``` bw login --apikey @@ -177,7 +177,7 @@ If you don't want to be prompted for the `client_id` and `client_secret` every t ### Using SSO -Logging in with [SSO]({{site.baseurl}}/article/about-sso/) authenticates you with Bitwarden servers, syncs your Vault, but **does not unlock your Vault**. After logging in with SSO, you will be required to unlock your Vault using your Master Password. To log in with SSO use: +Logging in with [SSO]({{site.baseurl}}/about-sso/) authenticates you with Bitwarden servers, syncs your Vault, but **does not unlock your Vault**. After logging in with SSO, you will be required to unlock your Vault using your Master Password. To log in with SSO use: ``` bw login --sso @@ -187,7 +187,7 @@ This command will initiate the SSO authentication flow in your web browser. ### Two-step login -The CLI currently supports [two-step login]({{site.baseurl}}/article/setup-two-step-login/) via [authenticator]({{site.baseurl}}/article/setup-two-step-login-authenticator/), [email]({{site.baseurl}}/article/setup-two-step-login-email/), or [Yubikey]({{site.baseurl}}/article/setup-two-step-login-yubikey/). If you have one of these methods enabled, you will be required to enter your two-step login code to log in. If you have multiple methods enabled, you will be prompted first to select which method to use. +The CLI currently supports [two-step login]({{site.baseurl}}/setup-two-step-login/) via [authenticator]({{site.baseurl}}/setup-two-step-login-authenticator/), [email]({{site.baseurl}}/setup-two-step-login-email/), or [Yubikey]({{site.baseurl}}/setup-two-step-login-yubikey/). If you have one of these methods enabled, you will be required to enter your two-step login code to log in. If you have multiple methods enabled, you will be prompted first to select which method to use. {% callout info %} You *can* pass your two-step login method and code as options, as in the following example. @@ -418,7 +418,7 @@ The `delete` command deletes an object from your Vault. `delete` takes **only an bw delete (item|attachment|folder|org-collection) [options] ``` -By default, `delete` will "soft delete" an item (i.e. send it to the [Trash]({{site.baseurl}}/article/managing-items/#items-in-the-trash)). You can permanently delete an item using the `-p, --permanent` option. +By default, `delete` will "soft delete" an item (i.e. send it to the [Trash]({{site.baseurl}}/managing-items/#items-in-the-trash)). You can permanently delete an item using the `-p, --permanent` option. ``` bw delete item 7063feab-4b10-472e-b64c-785e2b870b92 --permanent @@ -446,7 +446,7 @@ bw restore item 7063feab-4b10-472e-b64c-785e2b870b92 ### send -The `send` command creates a [Bitwarden Send]({{site.baseurl}}/article/about-send) object for ephemeral sharing. This section will detail simple `send` operations, however Send is a highly flexible tool and we recommend referring to the dedicated article on [Send from CLI]({{site.baseurl}}/article/send-cli). +The `send` command creates a [Bitwarden Send]({{site.baseurl}}/about-send) object for ephemeral sharing. This section will detail simple `send` operations, however Send is a highly flexible tool and we recommend referring to the dedicated article on [Send from CLI]({{site.baseurl}}/send-cli). To create a simple text Send: @@ -462,7 +462,7 @@ bw send -n "A Sensitive File" -d 14 -f /Users/my_account/Documents/sensitive_fil ### receive -The `receive` command accesses a [Bitwarden Send]({{site.baseurl}}/article/about-send) object. To receive a Send object: +The `receive` command accesses a [Bitwarden Send]({{site.baseurl}}/about-send) object. To receive a Send object: ``` bw receive --password passwordforaccess https://vault.bitwarden.com/#/send/yawoill8rk6VM6zCATXv2A/9WN8wD-hzsDJjfnXLeNc2Q @@ -472,7 +472,7 @@ bw receive --password passwordforaccess https://vault.bitwarden.com/#/send/yawoi ### Organization IDs -Accessing an Organization from the CLI frequently requires knowledge of an ID for your Organization, as well as IDs for individual [members]({{site.baseurl}}/article/managing-users/) and [Collections]({{site.baseurl}}/article/about-collections/). +Accessing an Organization from the CLI frequently requires knowledge of an ID for your Organization, as well as IDs for individual [members]({{site.baseurl}}/managing-users/) and [Collections]({{site.baseurl}}/about-collections/). Retrieve this information directly from the CLI using `bw list`, for example: @@ -489,10 +489,10 @@ You can `bw list` both `collections` and `org-collections`. `bw list collections ### move {% callout info %} -**August 2021**: The `share` command has been changed to `move`. [Find out more]({{site.baseurl}}/article/releasenotes/). +**August 2021**: The `share` command has been changed to `move`. [Find out more]({{site.baseurl}}/releasenotes/). {% endcallout %} -The `move` command transfers a Vault item [to an Organization]({{site.baseurl}}/article/sharing/): +The `move` command transfers a Vault item [to an Organization]({{site.baseurl}}/sharing/): ``` bw move [encodedJson] @@ -508,7 +508,7 @@ Upon success, the updated item will be returned. ### confirm -The `confirm` command confirms [invited members]({{site.baseurl}}/article/managing-users/#confirm-invited-users) to your Organization who have accepted their invitation: +The `confirm` command confirms [invited members]({{site.baseurl}}/managing-users/#confirm-invited-users) to your Organization who have accepted their invitation: ``` bw confirm org-member --organizationid @@ -530,7 +530,7 @@ The `config` command specifies settings for the Bitwarden CLI to use: bw config [value] ``` -A primary use of `bw config` is to [connect your CLI to a self-hosted]({{site.baseurl}}/article/change-client-environment/#cli) Bitwarden server: +A primary use of `bw config` is to [connect your CLI to a self-hosted]({{site.baseurl}}/change-client-environment/#cli) Bitwarden server: ``` bw config server https://your.bw.domain.com @@ -590,7 +590,7 @@ bw import lastpasscsv /Users/myaccount/Documents/mydata.csv ``` {% callout success %} -Bitwarden supports lots of formats for import, too many to list here! Use `bw import --formats` to return the list in your CLI, or [see here]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import). +Bitwarden supports lots of formats for import, too many to list here! Use `bw import --formats` to return the list in your CLI, or [see here]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import). {% endcallout %} ### export @@ -759,7 +759,7 @@ The following tables enumerate values required in documented scenarios: #### Two-step Login Methods -Used to specify which [Two-step Login method]({{site.baseurl}}/article/setup-two-step-login/) to use when [logging in](#log-in): +Used to specify which [Two-step Login method]({{site.baseurl}}/setup-two-step-login/) to use when [logging in](#log-in): | Name | Value | |---------------|-------| @@ -773,7 +773,7 @@ FIDO2 and Duo are not supported by the CLI. #### Item Types -Used with the `create` command to specify a [Vault item type]({{site.baseurl}}/article/managing-items/): +Used with the `create` command to specify a [Vault item type]({{site.baseurl}}/managing-items/): | Name | Value | |-------------|-------| @@ -784,7 +784,7 @@ Used with the `create` command to specify a [Vault item type]({{site.baseurl}}/a #### Login URI Match Types -Used with the `create` and `edit` commands to specify [URI match detection]({{site.baseurl}}/article/uri-match-detection/) behavior: +Used with the `create` and `edit` commands to specify [URI match detection]({{site.baseurl}}/uri-match-detection/) behavior: | Name | Value | |--------------------|-------| @@ -797,7 +797,7 @@ Used with the `create` and `edit` commands to specify [URI match detection]({{si #### Field Types -Used with the `create` and `edit` commands to configure [custom fields]({{site.baseurl}}/article/custom-fields/): +Used with the `create` and `edit` commands to configure [custom fields]({{site.baseurl}}/custom-fields/): | Name | Value | |---------|-------| @@ -807,7 +807,7 @@ Used with the `create` and `edit` commands to configure [custom fields]({{site.b #### Organization User Types -Indicates a [user's type]({{site.baseurl}}/article/user-types-access-control/): +Indicates a [user's type]({{site.baseurl}}/user-types-access-control/): | Name | Value | |---------|-------| @@ -818,7 +818,7 @@ Indicates a [user's type]({{site.baseurl}}/article/user-types-access-control/): #### Organization User Statuses -Indicates a user's [status within the Organization]({{site.baseurl}}/article/managing-users/): +Indicates a user's [status within the Organization]({{site.baseurl}}/managing-users/): | Name | Value | |-----------|-------| diff --git a/_articles/miscellaneous/personal-api-key.md b/_articles/miscellaneous/personal-api-key.md index d6ffa0d0..a790faf1 100644 --- a/_articles/miscellaneous/personal-api-key.md +++ b/_articles/miscellaneous/personal-api-key.md @@ -10,7 +10,7 @@ tags: [api key, cli] Your Bitwarden Personal API Key can be used as an alternative method for authenticating into the Command Line Interface (CLI). {% callout info %} -Your Personal API Key is **not the same** as the [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) used to access the [Bitwarden Public API]({{site.baseurl}}/article/public-api/) or [Directory Connector]({{site.baseurl}}/article/directory-sync/). Personal API Keys will have a `client_id` with format `"user.clientId"`, while Organization API Keys will have a `client_id` with format `"organization.ClientId"`. +Your Personal API Key is **not the same** as the [Organization API Key]({{site.baseurl}}/public-api/#authentication) used to access the [Bitwarden Public API]({{site.baseurl}}/public-api/) or [Directory Connector]({{site.baseurl}}/directory-sync/). Personal API Keys will have a `client_id` with format `"user.clientId"`, while Organization API Keys will have a `client_id` with format `"organization.ClientId"`. {% endcallout %} ## Get Your Personal API Key @@ -39,7 +39,7 @@ To use your API Key to authenticate into the CLI, enter the following command: ``` bw login --apikey ``` -which will prompt you to enter the obtained `client_id` and `client_secret` to authenticate. Once you enter these values, enter your Master Password to decrypt your Vault. For more information, see [Bitwarden command line tool (CLI)](https://bitwarden.com/help/article/cli/). +which will prompt you to enter the obtained `client_id` and `client_secret` to authenticate. Once you enter these values, enter your Master Password to decrypt your Vault. For more information, see [Bitwarden command line tool (CLI)](https://bitwarden.com/help/cli/). ### Environment Variables diff --git a/_articles/organizations/about-business-portal.md b/_articles/organizations/about-business-portal.md index 76a2b20a..6916c603 100644 --- a/_articles/organizations/about-business-portal.md +++ b/_articles/organizations/about-business-portal.md @@ -13,6 +13,6 @@ The Bitwarden Business Portal is a dedicated space for administrators to configu {% image organizations/business-portal-button-overlay.png Business Portal button %} -The Bitwarden Business Portal provides access to configuration for [Single Sign-On]({{site.baseurl}}/article/about-sso/) and [Policies]({{site.baseurl}}/article/policies/) for your Organization. +The Bitwarden Business Portal provides access to configuration for [Single Sign-On]({{site.baseurl}}/about-sso/) and [Policies]({{site.baseurl}}/policies/) for your Organization. {% image organizations/business-portal.png Bitwarden Business Portal %} diff --git a/_articles/organizations/about-collections.md b/_articles/organizations/about-collections.md index 2106e204..91132f02 100644 --- a/_articles/organizations/about-collections.md +++ b/_articles/organizations/about-collections.md @@ -7,15 +7,15 @@ popular: false tags: [collections, access control, best practices] order: "02" redirect_from: - - /article/collections/ - - /article/create-collections/ + - /collections/ + - /create-collections/ --- ## What are Collections? -Collections gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/article/sharing/) from an Organization. Think of Collections as Organization-equivalents to the [Folders]({{site.baseurl}}/article/folders/) used to organize a Personal Vault, with a few key differences: +Collections gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/sharing/) from an Organization. Think of Collections as Organization-equivalents to the [Folders]({{site.baseurl}}/folders/) used to organize a Personal Vault, with a few key differences: -- Organizations control access to Organization-owned items by assigning users or [Groups]({{site.baseurl}}/article/about-groups/) to Collections. +- Organizations control access to Organization-owned items by assigning users or [Groups]({{site.baseurl}}/about-groups/) to Collections. - Organization-owned items **must** be included in at least one Collection. ### Using Collections @@ -24,7 +24,7 @@ For many Organizations, using Collections means adding a set of Vault items and {% image organizations/collections-graphic-1.png Using Collections %} -Teams and Enterprise Organizations can also designate access to Collections based on user [Groups]({{site.baseurl}}/article/about-groups/), rather than individual users. Group-Collection associations provide a deeper level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example: +Teams and Enterprise Organizations can also designate access to Collections based on user [Groups]({{site.baseurl}}/about-groups/), rather than individual users. Group-Collection associations provide a deeper level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example: {% image organizations/collections-graphic-2.png Using Collections with Groups%} @@ -32,15 +32,15 @@ Other common methodologies include **Collections by Vendor or System** (i.e. use ## Create a Collection -Organization [Managers (or higher)]({{site.baseurl}}/article/user-types-access-control/) and [Provider Users]({{site.baseurl}}/article/provider-users/provider-user-types) can create and manage Collections. To create a Collection: +Organization [Managers (or higher)]({{site.baseurl}}/user-types-access-control/) and [Provider Users]({{site.baseurl}}/provider-users/provider-user-types) can create and manage Collections. To create a Collection: 1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization. 2. Open the **Manage** tab and select the {% icon fa-plus %} **New Collection** button: {% image organizations/collection-list-overlay.png Select New Collection %} -3. Give your Collection a **Name** and, if you're a Teams or Enterprise Organization, assign **Group Access** to any existing [Group]({{site.baseurl}}/article/about-groups/). +3. Give your Collection a **Name** and, if you're a Teams or Enterprise Organization, assign **Group Access** to any existing [Group]({{site.baseurl}}/about-groups/). - {% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/article/directory-sync/).{% endcallout %} + {% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/directory-sync/).{% endcallout %} 4. Select **Save** to finish creating your Collection. ### Nested Collections diff --git a/_articles/organizations/about-groups.md b/_articles/organizations/about-groups.md index 9bf5ebef..2917ba62 100644 --- a/_articles/organizations/about-groups.md +++ b/_articles/organizations/about-groups.md @@ -7,21 +7,21 @@ popular: false tags: [groups, access control] order: "03" redirect_from: - - /article/groups/ - - /article/create-groups/ + - /groups/ + - /create-groups/ --- ## What are Groups? -Groups relate together individual users, and provide a scalable way to assign permissions, including access to [Collections]({{site.baseurl}}/article/about-collections) and other [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control). When [onboarding new users]({{site.baseurl}}/article/managing-users/), add them to a Group to have them automatically inherit that Group's configured permissions. +Groups relate together individual users, and provide a scalable way to assign permissions, including access to [Collections]({{site.baseurl}}/about-collections) and other [access controls]({{site.baseurl}}/user-types-access-control/#access-control). When [onboarding new users]({{site.baseurl}}/managing-users/), add them to a Group to have them automatically inherit that Group's configured permissions. {% callout info %} -Groups are available to [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations). +Groups are available to [Teams and Enterprise Organizations]({{site.baseurl}}/about-organizations/#types-of-organizations). {% endcallout %} ### Using Groups -Teams and Enterprise Organizations can designate access to [Collections]({{site.baseurl}}/article/about-collections/) based on user Groups, rather than individual users. Group-Collection associations provide a deep level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example: +Teams and Enterprise Organizations can designate access to [Collections]({{site.baseurl}}/about-collections/) based on user Groups, rather than individual users. Group-Collection associations provide a deep level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example: {% image organizations/collections-graphic-2.png Using Collections with Groups%} @@ -29,18 +29,18 @@ Other common methodologies include **Collections by Vendor or System** (i.e. use ## Create a Group -Organization [Admins (or higher)]({{site.baseurl}}/article/user-types-access-control/#user-types) and [Provider Users]({{site.baseurl}}/article/provider-users/provider-user-types) can create and manage Groups. To create a Group: +Organization [Admins (or higher)]({{site.baseurl}}/user-types-access-control/#user-types) and [Provider Users]({{site.baseurl}}/provider-users/provider-user-types) can create and manage Groups. To create a Group: 1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization. 2. Open the **Manage** tab and select **Groups** from the left-hand menu. 3. On the Groups screen, select the {% icon fa-plus %} **New Group** button. {% image organizations/groups-newgroup.png New Group %} -4. Give your Group a **Name** and assign the desired [Access Control]({{site.baseurl}}/article/user-types-access-control/#access-control). +4. Give your Group a **Name** and assign the desired [Access Control]({{site.baseurl}}/user-types-access-control/#access-control). - Access Controls can designate that users can access all items (i.e. all Collections) or only specific Collections, as well as whether [Passwords are hidden or Logins are read-only]({{site.baseurl}}/article/user-types-access-control/#granular-access-control). + Access Controls can designate that users can access all items (i.e. all Collections) or only specific Collections, as well as whether [Passwords are hidden or Logins are read-only]({{site.baseurl}}/user-types-access-control/#granular-access-control). - {% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/article/directory-sync/).{% endcallout %} + {% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/directory-sync/).{% endcallout %} 5. Select **Save** to finish creating your Group. ### Assign Users to Group(s) @@ -59,7 +59,7 @@ You can check which users belong to a Group from the **Manage** → **Groups* ### Edit Collections Assignments -If you want to change the [Collections]({{site.baseurl}}/article/about-collections/) or [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control) assigned to a Group: +If you want to change the [Collections]({{site.baseurl}}/about-collections/) or [access controls]({{site.baseurl}}/user-types-access-control/#access-control) assigned to a Group: 1. In your Organization Vault, open the **Manage** tab and select **Groups** from the left-hand menu. 2. Select the group you want to edit. diff --git a/_articles/organizations/about-organizations.md b/_articles/organizations/about-organizations.md index d9f2ac25..79979467 100644 --- a/_articles/organizations/about-organizations.md +++ b/_articles/organizations/about-organizations.md @@ -7,40 +7,40 @@ popular: true tags: [organizations] order: "01" redirect_from: - - /article/what-is-an-organization/ - - /article/create-an-organization/ + - /what-is-an-organization/ + - /create-an-organization/ --- ## What are Organizations? -Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/article/sharing/) of Logins, Notes, Cards, and Identities. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/article/user-types-access-control/) can manage the Organization's items, users, and settings: +Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/sharing/) of Logins, Notes, Cards, and Identities. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/user-types-access-control/) can manage the Organization's items, users, and settings: {% image organizations/org-vault-admin.png Organization Vault %} -Members of an Organization will find shared items ({% icon fa-cube%}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/article/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/article/folders/) organize personal items: +Members of an Organization will find shared items ({% icon fa-cube%}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/folders/) organize personal items: {% image organizations/personal-vault-org-enabled.png Access shared items %} ### Types of Organizations -Bitwarden offers a variety of types of Organizations to meet your business's or family's needs. For feature-by-feature breakdowns of each Organization type, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/). +Bitwarden offers a variety of types of Organizations to meet your business's or family's needs. For feature-by-feature breakdowns of each Organization type, see [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/). |Type|Description| |----|-----------| -|Free Organizations|Free Organizations allow 2 users to securely share in up to 2 [Collections]({{site.baseurl}}/article/about-collections/).| -|Families Organizations|Families Organizations allow 6 users to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/).| -|Teams Organizations|Teams Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/) and offer a suite of operational tools like [Event Logs]({{site.baseurl}}/article/event-logs/).| -|Enterprise Organizations|Enterprise Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/) and add enterprise-only features like [Login with SSO]({{site.baseurl}}/article/about-sso/) and [Policies]({{site.baseurl}}/article/policies/) to Bitwarden's suite of operational tools.| +|Free Organizations|Free Organizations allow 2 users to securely share in up to 2 [Collections]({{site.baseurl}}/about-collections/).| +|Families Organizations|Families Organizations allow 6 users to securely share in unlimited [Collections]({{site.baseurl}}/about-collections/).| +|Teams Organizations|Teams Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/about-collections/) and offer a suite of operational tools like [Event Logs]({{site.baseurl}}/event-logs/).| +|Enterprise Organizations|Enterprise Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/about-collections/) and add enterprise-only features like [Login with SSO]({{site.baseurl}}/about-sso/) and [Policies]({{site.baseurl}}/policies/) to Bitwarden's suite of operational tools.| ### Comparing Organizations with Premium -The key thing to know is that Organizations enable **secure sharing from Organizations to users**. [Premium Individual plans]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.** +The key thing to know is that Organizations enable **secure sharing from Organizations to users**. [Premium Individual plans]({{site.baseurl}}/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.** Paid Organizations (Families, Teams, or Enterprise) automatically include those premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), etc.) for **every** user enrolled in the Organization. ### Comparing Organizations with Providers -[Providers]({{site.baseurl}}/article/providers) are Vault-administration entities that allow businesses like Managed Service Providers (MSPs) to quickly create and administer **multiple Bitwarden Organizations** on behalf of business customers. +[Providers]({{site.baseurl}}/providers) are Vault-administration entities that allow businesses like Managed Service Providers (MSPs) to quickly create and administer **multiple Bitwarden Organizations** on behalf of business customers. ## Create an Organization @@ -52,16 +52,16 @@ Organizations are created and managed from the [Web Vault](https://vault.bitward 2. Enter an **Organization Name** and a **Billing Email** we can reach you at. Checking the **This account is owned by a business** checkbox will filter your options down to those suitable for businesses, and prompt your for a **Business name** so we know who to thank! -3. **Choose your Plan**. Bitwarden offers Organizations suited to any need. Check out the [feature-by-feature breakdown]({{site.baseurl}}/article/about-bitwarden-plans/#compare-the-plans-1) to figure out which is best for you. +3. **Choose your Plan**. Bitwarden offers Organizations suited to any need. Check out the [feature-by-feature breakdown]({{site.baseurl}}/about-bitwarden-plans/#compare-the-plans-1) to figure out which is best for you. {% callout success %}All paid Organization (Families, Teams, or Enterprise) include premium features for all enrolled users!{% endcallout %} 4. If you chose a **Free Organization**, you're all set! If you chose one of our paid Organizations, - - **Families/Teams/Enterprise:** Your plan comes with 1GB of encrypted [storage for attachments]({{site.baseurl}}/article/attachments/). Add **Additional Storage (GB)** for $0.33 per GB per month. + - **Families/Teams/Enterprise:** Your plan comes with 1GB of encrypted [storage for attachments]({{site.baseurl}}/attachments/). Add **Additional Storage (GB)** for $0.33 per GB per month. - **Teams/Enterprise:** Specify the number of **User Seats** you need for your Organization. You can always add more seats later. - **Teams/Enterprise:** Choose whether you'd like to be billed **Annually** or **Monthly**. Families Organizations can only be billed annually. 5. Once you're happy with your Organization, enter your **Payment Information** and select **Submit**. {% callout success %}New Families, Teams, and Enterprise Organization have a 7 day free trial built in! We won't charge you until your trial is over, and you can cancel your subscription at any time from the Organization **Settings** tab.{% endcallout %} -Once you've created your Organization, create a [collection]({{site.baseurl}}/article/about-collections/), [invite users]({{site.baseurl}}/article/managing-users/), and [start sharing]({{site.baseurl}}/article/sharing). +Once you've created your Organization, create a [collection]({{site.baseurl}}/about-collections/), [invite users]({{site.baseurl}}/managing-users/), and [start sharing]({{site.baseurl}}/sharing). diff --git a/_articles/organizations/admin-reset.md b/_articles/organizations/admin-reset.md index b9d78893..70e1f6ff 100644 --- a/_articles/organizations/admin-reset.md +++ b/_articles/organizations/admin-reset.md @@ -9,16 +9,16 @@ order: "15" --- {% callout info %} -Admin Password Reset is available for **Enterprise Organizations** on a current plan. Like Login with SSO, Password Reset is not available to [Classic 2019 Enterprise Organizations]({{site.baseurl}}/article/2020-plan-updates). +Admin Password Reset is available for **Enterprise Organizations** on a current plan. Like Login with SSO, Password Reset is not available to [Classic 2019 Enterprise Organizations]({{site.baseurl}}/2020-plan-updates). {% endcallout %} ## What is Admin Password Reset? -Admin Password Reset allows [designated administrators](#permissions) to recover Enterprise Organization user accounts and restore access in the event that an employee forgets their [Master Password]({{site.baseurl}}/article/master-password/). Admin Password Reset can be activated for an Organization by [enabling the Admin Password Reset Policy](#activate-admin-password-reset). +Admin Password Reset allows [designated administrators](#permissions) to recover Enterprise Organization user accounts and restore access in the event that an employee forgets their [Master Password]({{site.baseurl}}/master-password/). Admin Password Reset can be activated for an Organization by [enabling the Admin Password Reset Policy](#activate-admin-password-reset). Individual users must be enrolled (either through [self-enrollment](#self-enroll-in-password-reset) or using the [automatic enrollment policy option](#automatic-enrollment)) to be eligible for password reset, as enrollment triggers the key exchange that makes Admin Password Reset secure. -**Admin Password Reset does not bypass Two-step Login or Login with SSO**. If a [Two-step Login method]({{site.baseurl}}/article/setup-two-step-login/) is enabled for the account or if your Organization [requires SSO Authentication]({{site.baseurl}}/article/policies/#single-sign-on-authentication), you will still be required to use that method to access your Vault after password reset. +**Admin Password Reset does not bypass Two-step Login or Login with SSO**. If a [Two-step Login method]({{site.baseurl}}/setup-two-step-login/) is enabled for the account or if your Organization [requires SSO Authentication]({{site.baseurl}}/policies/#single-sign-on-authentication), you will still be required to use that method to access your Vault after password reset. ### Encryption @@ -32,12 +32,12 @@ The key pair is generated and encrypted client-side upon creation of a new Organ - Upgrades from one Organization type to another. {% endcallout %} -When a member of the Organization [enrolls](#automatic-enrollment) in Admin Password Reset, that user's [encryption key]({{site.baseurl}}/article/account-encryption-key) is encrypted with the Organization's public key. The result is stored as the **Password Reset Key**. +When a member of the Organization [enrolls](#automatic-enrollment) in Admin Password Reset, that user's [encryption key]({{site.baseurl}}/account-encryption-key) is encrypted with the Organization's public key. The result is stored as the **Password Reset Key**. When an Admin Password Reset action is taken: 1. The Organization private key is decrypted with the Organization symmetric key. -2. The user's **Reset Password Key** is decrypted with the decrypted Organization private key, resulting in the users's [encryption key]({{site.baseurl}}/article/account-encryption-key). +2. The user's **Reset Password Key** is decrypted with the decrypted Organization private key, resulting in the users's [encryption key]({{site.baseurl}}/account-encryption-key). 3. The user's encryption key and Master Password hash are replaced with a *new* encryption key and *new* Master Password hash, seeded from a new Master Password. 4. The user's new encryption key is encrypted with the Organization's public key, replacing the previous **Password Reset Key** with a new one. @@ -45,21 +45,21 @@ When an Admin Password Reset action is taken: ### Permissions -Admin Password Reset can be executed by [Owners, Admins, and permitted Custom users]({{site.baseurl}}/article/user-types-access-control/). Admin Password Reset uses a hierarchical permission structure to determine who can reset whose Master Password, meaning: +Admin Password Reset can be executed by [Owners, Admins, and permitted Custom users]({{site.baseurl}}/user-types-access-control/). Admin Password Reset uses a hierarchical permission structure to determine who can reset whose Master Password, meaning: - Any Owner, Admin, or permitted Custom user can reset a **User**, **Manager**, or **Custom User**'s Master Password. - Only an Admin or Owner can reset an **Admin**'s Master Password. - Only an Owner can reset another **Owner**'s Master Password. ### Event Logging -[Events]({{site.baseurl}}/article/event-logs/) are logged when: +[Events]({{site.baseurl}}/event-logs/) are logged when: - A Master Password is reset. - A user enrolls in Admin Password Reset. - A user withdraws from Admin Password Reset. ## Activate Admin Password Reset -To activate Master Password Reset for your Enterprise Organization, navigate to the [Business Portal]({{site.baseurl}}/article/about-business-portal/) and enable the [Master Password Reset Policy]({{site.baseurl}}/article/policies/#master-password-reset): +To activate Master Password Reset for your Enterprise Organization, navigate to the [Business Portal]({{site.baseurl}}/about-business-portal/) and enable the [Master Password Reset Policy]({{site.baseurl}}/policies/#master-password-reset): {% image organizations/pwreset-activate.png Activate Password Reset %} @@ -67,7 +67,7 @@ Users will need to [self-enroll](#self-enroll-in-password-reset) or [be auto-enr ### Automatic Enrollment -Enabling the Automatic Enrollment policy option will automatically enroll new users in Admin Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/article/managing-users/#accept). Users already in the Organization will not be retroactively enrolled in Admin Password Reset, and will be required to [self-enroll](#self-enroll-in-password-reset). +Enabling the Automatic Enrollment policy option will automatically enroll new users in Admin Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/managing-users/#accept). Users already in the Organization will not be retroactively enrolled in Admin Password Reset, and will be required to [self-enroll](#self-enroll-in-password-reset). {% callout success %} If you're automatically enrolling Organization members in Admin Password Reset, we **highly recommend notifying them of this feature**. Many Bitwarden Organization users store personal credentials in their Personal Vault, and should be made aware that Admin Password Reset could allow an administrator to access their Personal Vault. @@ -87,7 +87,7 @@ Once enrolled, you can **Withdraw** from Password Reset from the same dropdown u {% image organizations/pwreset-withdraw.png Withdraw from Password Reset %} -Manually changing your Master Password or [rotating your encryption key]({{site.baseurl}}/article/account-encryption-key/) **will not** withdraw you from Admin Password Reset. +Manually changing your Master Password or [rotating your encryption key]({{site.baseurl}}/account-encryption-key/) **will not** withdraw you from Admin Password Reset. ## Reset a Master Password @@ -103,16 +103,16 @@ To reset a Master Password for a member of your Enterprise Organization: {% image organizations/pwreset-reset.png Reset Password %} -4. On the Reset Password window, create a **New Password** for the user. If your Organization has enabled the [Master Password Policy]({{site.baseurl}}/article/policies/#master-password), you will need to create a password that meets the implemented requirements (e.g. min 8 characters, contains numbers): +4. On the Reset Password window, create a **New Password** for the user. If your Organization has enabled the [Master Password Policy]({{site.baseurl}}/policies/#master-password), you will need to create a password that meets the implemented requirements (e.g. min 8 characters, contains numbers): {% image organizations/pwreset-newpw.png Create a New Password %} - Copy the new Master Password and contact the user to coordinate secure communication of it, for example using [Bitwarden Send]({{site.baseurl}}/article/create-send/). + Copy the new Master Password and contact the user to coordinate secure communication of it, for example using [Bitwarden Send]({{site.baseurl}}/create-send/). 5. Select **Save** to execute the Password Reset. Doing so will log the user out of their current sessions. Active sessions on some client applications, like Mobile Apps, may remain active for up to one hour. ### After a Password Reset -When your Master Password is reset, you will receive an email from Bitwarden to inform you of this. On receiving this email, contact your Organization administrator to obtain your new Master Password through a secure channel like [Bitwarden Send]({{site.baseurl}}/article/create-send/). +When your Master Password is reset, you will receive an email from Bitwarden to inform you of this. On receiving this email, contact your Organization administrator to obtain your new Master Password through a secure channel like [Bitwarden Send]({{site.baseurl}}/create-send/). Once you have regained access to your Vault using the new Master Password, you should immediately change your Master Password to something **strong** and **memorable**. Changing your Master Password after a reset will help to protect your privacy. diff --git a/_articles/organizations/event-logs.md b/_articles/organizations/event-logs.md index 1bac6031..68f52846 100644 --- a/_articles/organizations/event-logs.md +++ b/_articles/organizations/event-logs.md @@ -10,18 +10,18 @@ order: "13" ## What are Event Logs? -Event Logs are timestamped records of events that occur within your Organization. Event Logs are accessible to [Admins and Owners]({{site.baseurl}}/article/event-logs/) from the **Manage** tab of your Organization Vault: +Event Logs are timestamped records of events that occur within your Organization. Event Logs are accessible to [Admins and Owners]({{site.baseurl}}/event-logs/) from the **Manage** tab of your Organization Vault: {% image organizations/event-logs-updated.png Event Logs %} -Events Logs are [exportable](#export-events) and accessible from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/). +Events Logs are [exportable](#export-events) and accessible from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/public-api/). ## Events Event Logs record roughly 40 different types of events. The Event Logs screen captures a **Timestamp** for the event, client app information including application type and IP (accessed by hoving over the {% icon fa-globe %} globe icon), the **User** connected to the event, and an **Event** description. {% callout info %} -Each **Event** is associated with type code (`1000`, `1001`, etc.) that identifies the action captured by the event. Type codes are used by the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/) to identify the action documented by an event. +Each **Event** is associated with type code (`1000`, `1001`, etc.) that identifies the action captured by the event. Type codes are used by the [Bitwarden Public API](https://bitwarden.com/help/public-api/) to identify the action documented by an event. {% endcallout %} All Event types are listed below, with their corresponding type codes: @@ -35,7 +35,7 @@ All Event types are listed below, with their corresponding type codes: - Login attempted failed with incorrect password. (`1005`) - Login attempt failed with incorrect two-step login. (`1006`) - Exported Vault. (`1007`) -- User updated a password issued through [Admin Password Reset]({{site.baseurl}}/article/admin-reset/). (`1008`) +- User updated a password issued through [Admin Password Reset]({{site.baseurl}}/admin-reset/). (`1008`) ### Item Events - Created item *item-identifier*. (`1100`) @@ -79,7 +79,7 @@ All Event types are listed below, with their corresponding type codes: - Master Password was reset for *user-identifier*. (`1508`) - Edited organization settings. (`1600`) - Purged organization vault. (`1601`) -- Organization Vault access by a managing [Provider]({{site.baseurl}}/article/providers/). (`1603`) +- Organization Vault access by a managing [Provider]({{site.baseurl}}/providers/). (`1603`) - Updated a Policy. (`1700`) {% comment %} @@ -91,7 +91,7 @@ https://github.com/bitwarden/web/blob/master/src/locales/en/messages.json ### Provider Events -When any of the above events is executed by a member of an [administering Provider]({{site.baseurl}}/article/providers/), the **User** column will record the name of the Provider. Additionally, a Provider-specific event will record whenever a member of an administering Provider accesses your Organization Vault: +When any of the above events is executed by a member of an [administering Provider]({{site.baseurl}}/providers/), the **User** column will record the name of the Provider. Additionally, a Provider-specific event will record whenever a member of an administering Provider accesses your Organization Vault: {% image organizations/event-logs-provider.png Provider Access Event %} @@ -112,7 +112,7 @@ Edited organization settings.,fa-globe,Web Vault - Chrome,9876dcba-65ed-87fe-19h ## API Responses -Accessing Event Logs from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/) will return a JSON response like the following: +Accessing Event Logs from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/public-api/) will return a JSON response like the following: ``` { @@ -151,4 +151,4 @@ Once you have the unique ID for each member, group, and collection, you can now - Collections - Groups -After gathering this data, you can join rows on their unique Ids to build a reference to all parts of your Bitwarden Organization. For more information on using the Bitwarden CLI, see [The Bitwarden command-line tool (CLI)](https://bitwarden.com/help/article/cli/). +After gathering this data, you can join rows on their unique Ids to build a reference to all parts of your Bitwarden Organization. For more information on using the Bitwarden CLI, see [The Bitwarden command-line tool (CLI)](https://bitwarden.com/help/cli/). diff --git a/_articles/organizations/import-to-org.md b/_articles/organizations/import-to-org.md index 4d8d3bb9..b1c42ddc 100644 --- a/_articles/organizations/import-to-org.md +++ b/_articles/organizations/import-to-org.md @@ -10,7 +10,7 @@ order: "08" Bitwarden provides a data import tool for easy migration from any password management solution to your Organization Vault. You can also use the data import tool to import from one Bitwarden Organization to another, or to import a Bitwarden [Encrypted Export]({% link _articles/importing/encrypted-export.md %}). -For a full list of supported import formats, see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import), or refer to one of these articles for guidance on the most popular solutions: +For a full list of supported import formats, see [What file formats does Bitwarden support for import?]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import), or refer to one of these articles for guidance on the most popular solutions: - [Import from LastPass]({% link _articles/importing/import-from-lastpass.md %}) - [Import from 1Password]({% link _articles/importing/import-from-1password.md %}) @@ -23,13 +23,13 @@ For a full list of supported import formats, see [What file formats does Bitward ## Import to your Organization -Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank".} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import data to an Organization Vault: +Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank".} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import data to an Organization Vault: 1. Open your Organization and navigate to the **Tools** tab: {% image importing/org-tools.png Organization Tools %} 3. Select **Import Data** from the left-hand Tools menu. -3. From the format dropdown, choose a **File Format** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/send-faqs/#q-what-file-formats-does-bitwarden-support-for-import)). +3. From the format dropdown, choose a **File Format** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/send-faqs/#q-what-file-formats-does-bitwarden-support-for-import)). 4. Select the **Choose File** button and add the file to import. {% callout warning %}Import to Bitwarden can't check whether items in the file to import are duplicative of items in your Vault. This means that **importing multiple files will create duplicative** Vault items if an item is already in the Vault and in the file to import.{% endcallout %} diff --git a/_articles/organizations/managing-users.md b/_articles/organizations/managing-users.md index b90c26c0..25f03c26 100644 --- a/_articles/organizations/managing-users.md +++ b/_articles/organizations/managing-users.md @@ -10,10 +10,10 @@ order: "05" ## Manage User Seats -Bitwarden [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations) allow you to add or remove user seats on-the-fly to best fit your business's needs. Only an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/#user-types) or [Provider Service User]({{site.baseurl}}/article/provider-users/#provider-user-types) can add and remove seats, as this directly affects billing. +Bitwarden [Teams and Enterprise Organizations]({{site.baseurl}}/about-organizations/#types-of-organizations) allow you to add or remove user seats on-the-fly to best fit your business's needs. Only an [Organization Owner]({{site.baseurl}}/user-types-access-control/#user-types) or [Provider Service User]({{site.baseurl}}/provider-users/#provider-user-types) can add and remove seats, as this directly affects billing. {% callout info %} -If you have a [Free or Families Organization]({{site.baseurl}}/article/about-organizations/#types-of-organizations), your user seats are pre-loaded and fixed at 2 and 6, respectively. +If you have a [Free or Families Organization]({{site.baseurl}}/about-organizations/#types-of-organizations), your user seats are pre-loaded and fixed at 2 and 6, respectively. {% endcallout %} ### Add Seats @@ -41,13 +41,13 @@ Removing user seats will adjust your future billing totals. The next charge will To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite](#invite) → [Accept](#accept) → [Confirm](#confirm). {% callout success %} -Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the [**Bitwarden Directory Connector**]({{site.baseurl}}/article/directory-sync). +Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the [**Bitwarden Directory Connector**]({{site.baseurl}}/directory-sync). {% endcallout %} ### Invite {% callout success %} -**For Enterprise Organizations**, we recommend configuring [Enterprise Policies]({{site.baseurl}}/article/policies) prior to inviting users to ensure compliance on-entrance to your Organization. +**For Enterprise Organizations**, we recommend configuring [Enterprise Policies]({{site.baseurl}}/policies) prior to inviting users to ensure compliance on-entrance to your Organization. {% endcallout %} To invite users to your Organization: @@ -60,8 +60,8 @@ To invite users to your Organization: 4. On the Invite User panel: - Enter the **Email** address where new users should receive invites. You can add up to 20 users at a time by comma-separating email addresses. - - Select the **User Type** to be applied to new users. [User Type]({{site.baseurl}}/article/user-types-access-control/#user-type) will determine what permissions these users will have at an Organizational level. - - Select the **Access Control** to be applied to new users. [Access Control]({{site.baseurl}}/article/user-types-access-control/#access-control) will determine which Collections these users will have access to, and what level of access within those Collections. + - Select the **User Type** to be applied to new users. [User Type]({{site.baseurl}}/user-types-access-control/#user-type) will determine what permissions these users will have at an Organizational level. + - Select the **Access Control** to be applied to new users. [Access Control]({{site.baseurl}}/user-types-access-control/#access-control) will determine which Collections these users will have access to, and what level of access within those Collections. 5. Click **Save** to invite the designated users to your Organization. {% callout info %} @@ -69,7 +69,7 @@ To invite users to your Organization: {% image organizations/org-people-reinvite.png Bulk Reinvite %} -If you're self-hosting Bitwarden, you can configure the invitation expiration period [using an environment variable]({{site.baseurl}}/article/environment-variables/). +If you're self-hosting Bitwarden, you can configure the invitation expiration period [using an environment variable]({{site.baseurl}}/environment-variables/). {% endcallout %} ### Accept @@ -86,7 +86,7 @@ To confirm accepted invitations into your Organization: 3. Select any `Accepted` users and use the {% icon fa-cog %} gear dropdown to {% icon fa-check %} **Confirm Selected**: {% image organizations/org-people-options-overlay.png Confirm an Accepted user %} -3. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** → **My Account**: +3. Verify that the [fingerprint phrase]({{site.baseurl}}/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** → **My Account**: {% image fingerprint-phrase.png Sample Fingerprint Phrase %} @@ -108,5 +108,5 @@ To remove users from your Organization: Depending on the particulars of your implementation, you may be able to use one of the following methods to delete a Bitwarden user account that belongs to an offboarded user: -1. If you're self-hosting Bitwarden, an authorized admin can delete the account from the [System Administrator Portal]({{site.baseurl}}/article/admin-portal/). -2. If the account has an `@yourcompany.com` email address that your company controls, you can use the [delete without logging in](https://vault.bitwarden.com/#/recover-delete){:target="\_blank"} tool and confirm deletion within the `@yourcompany.com` inbox. For more information, see [Delete an Account Without Logging In](https://bitwarden.com/help/article/delete-your-account/#without-logging-in). +1. If you're self-hosting Bitwarden, an authorized admin can delete the account from the [System Administrator Portal]({{site.baseurl}}/admin-portal/). +2. If the account has an `@yourcompany.com` email address that your company controls, you can use the [delete without logging in](https://vault.bitwarden.com/#/recover-delete){:target="\_blank"} tool and confirm deletion within the `@yourcompany.com` inbox. For more information, see [Delete an Account Without Logging In](https://bitwarden.com/help/delete-your-account/#without-logging-in). diff --git a/_articles/organizations/onboarding-and-succession.md b/_articles/organizations/onboarding-and-succession.md index 1704979d..72968aba 100644 --- a/_articles/organizations/onboarding-and-succession.md +++ b/_articles/organizations/onboarding-and-succession.md @@ -8,7 +8,7 @@ hidden: false tags: [onboarding] order: "10" redirect_from: - - /article/employee-onboarding-and-succession-white-paper/ + - /employee-onboarding-and-succession-white-paper/ --- {% callout success %} @@ -25,15 +25,15 @@ This guide covers the Bitwarden approach to onboarding and succession planning f The Bitwarden vision is to imagine a world where no one gets hacked. We carry this forward in our mission to help individuals and companies manage their sensitive information easily and securely. Bitwarden believes that: -- Basic password management for individuals can and should be **free**. We provide just that, a [basic free account for individuals]({{site.baseurl}}/article/about-bitwarden-plans/#free-individual). -- Individuals and Families should take an active role in their security using [TOTPs, Emergency Access, and other supporting security features]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual). -- Organizations can greatly improve their security profile through [Organizational password management and secure sharing]({{site.baseurl}}/article/about-bitwarden-plans/#bitwarden-for-your-business). +- Basic password management for individuals can and should be **free**. We provide just that, a [basic free account for individuals]({{site.baseurl}}/about-bitwarden-plans/#free-individual). +- Individuals and Families should take an active role in their security using [TOTPs, Emergency Access, and other supporting security features]({{site.baseurl}}/about-bitwarden-plans/#premium-individual). +- Organizations can greatly improve their security profile through [Organizational password management and secure sharing]({{site.baseurl}}/about-bitwarden-plans/#bitwarden-for-your-business). {% callout success %} -For Bitwarden, [different plans]({{site.baseurl}}/article/about-bitwarden-plans/) and options are connected and complementary, all originating in our vision of a hack-free world. Empowering everyone at work **and** at home with password management gets us one step closer to that goal. +For Bitwarden, [different plans]({{site.baseurl}}/about-bitwarden-plans/) and options are connected and complementary, all originating in our vision of a hack-free world. Empowering everyone at work **and** at home with password management gets us one step closer to that goal. {% endcallout %} -A key aspect of Bitwarden is that, unlike many software applications, everything in every a Vault is [end-to-end encrypted]({{site.baseurl}}/article/what-encryption-is-used/). To maintain this security model, every person using Bitwarden must have a unique account with a unique [Master Password]({{site.baseurl}}/article/master-password). Master Passwords should be **strong** and **memorable**. +A key aspect of Bitwarden is that, unlike many software applications, everything in every a Vault is [end-to-end encrypted]({{site.baseurl}}/what-encryption-is-used/). To maintain this security model, every person using Bitwarden must have a unique account with a unique [Master Password]({{site.baseurl}}/master-password). Master Passwords should be **strong** and **memorable**. Each user is in charge of their Master Password. Bitwarden is a Zero-knowledge encryption solution, meaning that the team at Bitwarden, as well as Bitwarden systems themselves, have no knowledge of, way to retrieve, or way to reset any Master Password. @@ -49,11 +49,11 @@ Security everywhere means security anywhere, so the best password managers provi ### Users' Personal Vaults -Anyone who creates a Bitwarden account will have their own Personal Vault. Accessible from any client application, Personal Vaults are unique to each user and only that user holds the key to access it, using a combination of their Email Address and Master Password. Personal accounts, and the personal [Vault items]({{site.baseurl}}/article/managing-items/) stored therein, are the account owners responsibility. Organization [Owners, Admins, and Managers]({{site.baseurl}}/article/user-types-access-control) cannot see any other user's Personal Vault by design, guaranteeing someone's personal data remains their own. +Anyone who creates a Bitwarden account will have their own Personal Vault. Accessible from any client application, Personal Vaults are unique to each user and only that user holds the key to access it, using a combination of their Email Address and Master Password. Personal accounts, and the personal [Vault items]({{site.baseurl}}/managing-items/) stored therein, are the account owners responsibility. Organization [Owners, Admins, and Managers]({{site.baseurl}}/user-types-access-control) cannot see any other user's Personal Vault by design, guaranteeing someone's personal data remains their own. {% image ../images/onboarding-succession/bitwarden-individual-personal-vault.png Personal Vaults %} -Families, Teams, and Enterprise Organizations automatically provide members individually with premium features, like [Emergency Access]({{site.baseurl}}/article/emergency-access/) and [encrypted Attachment storage]({{site.baseurl}}/article/attachments/), which they can choose to use. A Personal Vault is just that, **Personal**, but Personal Vaults do not enable sharing, [Organization do](#bitwarden-organizations). +Families, Teams, and Enterprise Organizations automatically provide members individually with premium features, like [Emergency Access]({{site.baseurl}}/emergency-access/) and [encrypted Attachment storage]({{site.baseurl}}/attachments/), which they can choose to use. A Personal Vault is just that, **Personal**, but Personal Vaults do not enable sharing, [Organization do](#bitwarden-organizations). {% callout success %} **Why provide Personal Vaults by default?** @@ -73,7 +73,7 @@ Anyone can start an Organization directly from the Web Vault: {% image organizations/new-org-button-overlay.png Create New Organization %} -Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. Whoever launches the Organization will be the [Owner]({{site.baseurl}}/article/user-types-access-control), giving them full control to oversee the **Vault**, to **Manage** users, [Collections](#), [Groups](#), and [Policies](#), to use a suite of Bitwarden **Tools**, and to configure the Organization's **Settings**: +Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. Whoever launches the Organization will be the [Owner]({{site.baseurl}}/user-types-access-control), giving them full control to oversee the **Vault**, to **Manage** users, [Collections](#), [Groups](#), and [Policies](#), to use a suite of Bitwarden **Tools**, and to configure the Organization's **Settings**: {% image getting-started/org-vault.png Organization Vault %} @@ -81,13 +81,13 @@ Once created, you'll land in your Organization Vault, which is the central hub f Bitwarden Organizations manage users and data in a scalable and secure fashion. Managing users and data on an individual basis is inefficient for large businesses and can leave room for error. To solve this, Organizations provide Collections and [Groups](#groups). -**Collections** gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/article/sharing/) within an Organization: +**Collections** gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/sharing/) within an Organization: {% image organizations/collections-graphic-1.png Using Collections %} ### Onboarding Users -Once your Organization is established and Collections are setup to store your data, Owners and Administrators should invite new members. To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding new members, [Invite]({{site.baseurl}}/article/managing-users/#invite) → [Accept]({{site.baseurl}}/article/managing-users/#accept) → [Confirm]({{site.baseurl}}/article/managing-users/#confirm). +Once your Organization is established and Collections are setup to store your data, Owners and Administrators should invite new members. To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding new members, [Invite]({{site.baseurl}}/managing-users/#invite) → [Accept]({{site.baseurl}}/managing-users/#accept) → [Confirm]({{site.baseurl}}/managing-users/#confirm). Users can be onboarded [directly from the Web Vault](#adding-users) or [using the Directory Connector](#directory-connector) application to sync individual users and [Groups](#groups). @@ -95,7 +95,7 @@ Users can be onboarded [directly from the Web Vault](#adding-users) or [using th In the simplest cases, users can be added to your Organization directly from the Web Vault. When adding users, you can designate which [Collection](#collections) to grant them access to, which [role](#comprehensive-role--based-access-controls) to give them, and more. -[Learn step-by-step how to add users to your Organization]({{site.baseurl}}/article/managing-users/#onboard-users). +[Learn step-by-step how to add users to your Organization]({{site.baseurl}}/managing-users/#onboard-users). Once users are fully onboarded to your Organization, you can assign access to your Organization's Vault data by assigning them to [Collections](#collections). Teams and Enterprise Organizations can assign users to [Groups](#groups) for scalable permissions assignment, and construct Group-Collection associations instead of assigning access on the individual level. @@ -112,7 +112,7 @@ Groups relate together individual users, and provide a scaleable way to assign p #### Comprehensive Role-based Access Controls -Bitwarden takes an enterprise-friendly approach to sharing at scale. Users can be added to the Organization with [a number of different roles]({{site.baseurl}}/article/user-types-access-control/), belong to different [Groups](#groups), and have those Groups assigned to various [Collections](#collections) to regulate access. Among the available roles is a [Custom Role]({{site.baseurl}}/article/user-types-access-control/#custom-role) for granular configuration of administrative permissions. +Bitwarden takes an enterprise-friendly approach to sharing at scale. Users can be added to the Organization with [a number of different roles]({{site.baseurl}}/user-types-access-control/), belong to different [Groups](#groups), and have those Groups assigned to various [Collections](#collections) to regulate access. Among the available roles is a [Custom Role]({{site.baseurl}}/user-types-access-control/#custom-role) for granular configuration of administrative permissions. ### Offboarding Users @@ -127,8 +127,8 @@ Alice is a **Manager** in your Organization, which is hosted on the Bitwarden Cl |**Client Applications**|Uses Bitwarden on Mobile and a Browser Extension personally and professionally, and the Web Vault for occasional Organization-related work.| |**Email & Master Password**|Logs in to Bitwarden using `alice@company.com` and `p@ssw0rD`.| |**Personal Items**|Stores assorted personal items, including Logins and Credit Cards, in her Personal Vault.| -|**Permissions in the Organization**|As a [Manager]({{site.baseurl}}/articles/user-types-access-control/), Jane can manage many aspects of Collections.| -|**Two-step Login**|Uses Organization-wide [Duo 2FA]({{site.baseurl}}/article/setup-two-step-login-duo).| +|**Permissions in the Organization**|As a [Manager]({{site.baseurl}}s/user-types-access-control/), Jane can manage many aspects of Collections.| +|**Two-step Login**|Uses Organization-wide [Duo 2FA]({{site.baseurl}}/setup-two-step-login-duo).| |**Created Collections**|Created a Collection for her team, "Jane's Team Collection".| |**Shared Items**|Created and shared several Vault items that are owned by by the Organization and reside in her team's Collection.| @@ -199,7 +199,7 @@ The **Personal Ownership** policy, for example, fits into earlier discussion reg ### Event Logs -Bitwarden Organizations include access to [Event Logs]({{site.baseurl}}/article/event-logs), which can be viewed directly from the Web Vault or [exported to be analyzed]({{site.baseurl}}/article/event-logs/#siem-and-external-systems-integrations) within security information and event management (SIEM) systems like Splunk. Event Logs include information about: +Bitwarden Organizations include access to [Event Logs]({{site.baseurl}}/event-logs), which can be viewed directly from the Web Vault or [exported to be analyzed]({{site.baseurl}}/event-logs/#siem-and-external-systems-integrations) within security information and event management (SIEM) systems like Splunk. Event Logs include information about: - User-Item interactions - Changes made to Vault items @@ -208,7 +208,7 @@ Bitwarden Organizations include access to [Event Logs]({{site.baseurl}}/article/ - Much, much more {% callout success%} -In addition to these benefits, customers appreciate the ability to tightly integrate Bitwarden into their existing systems. Bitwarden offers a robust public [API](https://bitwarden.com/help/api/) and a fully-featured command line interface ([CLI](https://bitwarden.com/help/article/cli/)) for further integration into existing Organization workflows. +In addition to these benefits, customers appreciate the ability to tightly integrate Bitwarden into their existing systems. Bitwarden offers a robust public [API](https://bitwarden.com/help/api/) and a fully-featured command line interface ([CLI](https://bitwarden.com/help/cli/)) for further integration into existing Organization workflows. {% endcallout %} ### Self-hosting @@ -247,4 +247,4 @@ Directory Connector, Login with SSO, Enterprise Policies, and your Vault work we #### Q: Can we prevent employees from duplicating credentials from the company Organization to their Personal Vault -**A:** Yes! Using our [comprehensive suite of role-based access controls]({{site.baseurl}}/article/user-types-access-control/#access-control) you can make credentials **Read Only** to prevent duplication. +**A:** Yes! Using our [comprehensive suite of role-based access controls]({{site.baseurl}}/user-types-access-control/#access-control) you can make credentials **Read Only** to prevent duplication. diff --git a/_articles/organizations/policies.md b/_articles/organizations/policies.md index 4c87cbf1..430f44bb 100644 --- a/_articles/organizations/policies.md +++ b/_articles/organizations/policies.md @@ -24,7 +24,7 @@ Bitwarden highly recommends setting Enterprise Policies prior to inviting users Policies can be set in two locations: - In your Organization, open the **Manage** tab and select **Policies** from the left menu. -- Navigate to the Business Portal, and select the **Policies** button. For more information, see [About the Business Portal](https://bitwarden.com/help/article/about-business-portal/). +- Navigate to the Business Portal, and select the **Policies** button. For more information, see [About the Business Portal](https://bitwarden.com/help/about-business-portal/). ## Available Policies @@ -87,7 +87,7 @@ Users who are removed as a result of this policy will be notified via email, and ### Single Sign-On Authentication -Enabling the **Single Sign-On Authentication** policy will require non-Owner/non-Admin users to log in with Enterprise Single Sign-On. For more information, see [Access Your Vault using SSO](https://bitwarden.com/help/article/sso-access-your-vault/). +Enabling the **Single Sign-On Authentication** policy will require non-Owner/non-Admin users to log in with Enterprise Single Sign-On. For more information, see [Access Your Vault using SSO](https://bitwarden.com/help/sso-access-your-vault/). {% callout info %} The **Single Organization** policy must be enabled before activating this policy. @@ -117,16 +117,16 @@ Enabling the **Send Options** policy will allow Owners and Admins to specify opt |Option|Description| |------|-----------| -|Do not allow users to hide their email address|Enabling this option disables the [Hide Email option]({{site.baseurl}}/article/send-privacy/#hide-email), meaning that all [received Sends]({{site.baseurl}}/article/receive-send) will include whom they are sent from.| +|Do not allow users to hide their email address|Enabling this option disables the [Hide Email option]({{site.baseurl}}/send-privacy/#hide-email), meaning that all [received Sends]({{site.baseurl}}/receive-send) will include whom they are sent from.| ### Master Password Reset -Enabling the **Master Password Reset** policy will allow Owners and Admins to use [Password Reset]({{site.baseurl}}/article/admin-reset/) to reset the master password of enrolled users. By default, users will need to [self-enroll in Password Reset]({{site.baseurl}}/article/admin-reset/#self-enroll-in-password-reset), however the [Automatic Enrollment](#automatic-enrollment) option can be used to automatically enroll invited users: +Enabling the **Master Password Reset** policy will allow Owners and Admins to use [Password Reset]({{site.baseurl}}/admin-reset/) to reset the master password of enrolled users. By default, users will need to [self-enroll in Password Reset]({{site.baseurl}}/admin-reset/#self-enroll-in-password-reset), however the [Automatic Enrollment](#automatic-enrollment) option can be used to automatically enroll invited users: #### Automatic Enrollment -Enabling the **Automatic Enrollment** option will automatically enroll new users in Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/article/managing-users/#accept). +Enabling the **Automatic Enrollment** option will automatically enroll new users in Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/managing-users/#accept). {% callout info %} -Users already in the Organization will not be retroactively enrolled in Password Reset, and will be required to [self-enroll]({{site.baseurl}}/article/admin-reset/#self-enroll-in-password-reset). +Users already in the Organization will not be retroactively enrolled in Password Reset, and will be required to [self-enroll]({{site.baseurl}}/admin-reset/#self-enroll-in-password-reset). {% endcallout %} diff --git a/_articles/organizations/public-api.md b/_articles/organizations/public-api.md index b0ad5bf6..b3ab9830 100644 --- a/_articles/organizations/public-api.md +++ b/_articles/organizations/public-api.md @@ -11,7 +11,7 @@ order: "16" The Bitwarden Public API provides Organizations a suite of tools for managing members, collections, groups, event logs, and policies. {% callout success %} -For automating **management of Vault items**, we recommend using the [CLI]({{site.baseurl}}/article/cli/). Access to Vault items relies on Vault decryption, which must be done with a Username and Master Password rather than an [API Key](#authentication). +For automating **management of Vault items**, we recommend using the [CLI]({{site.baseurl}}/cli/). Access to Vault items relies on Vault decryption, which must be done with a Username and Master Password rather than an [API Key](#authentication). {% endcallout %} The Public API is a RESTful API with predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs. @@ -21,7 +21,7 @@ The Public API is compatible with the OpenAPI Specification (OAS3) and publishes - For Self-hosted instances: https://your.domain.com/api/docs/ {% callout info %} -Access to the Bitwarden Public API is available customers on the following plans, **Classic 2019 Enterprise Organizations**, current **Enterprise Organizations**, and current **Teams Organizations**. For more information, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#compare-the-plans-1). +Access to the Bitwarden Public API is available customers on the following plans, **Classic 2019 Enterprise Organizations**, current **Enterprise Organizations**, and current **Teams Organizations**. For more information, see [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/#compare-the-plans-1). {% endcallout %} ## Endpoints @@ -46,7 +46,7 @@ The API Key `client_id` and `client_secret` can be obtained by an **Owner** from {% image organizations/org-api-key.png Get Organization API Key %} -If, as an owner, you want to share the API Key with an Admin or other user, use a secure communication method like [Bitwarden Send]({{site.baseurl}}/article/about-send/). +If, as an owner, you want to share the API Key with an Admin or other user, use a secure communication method like [Bitwarden Send]({{site.baseurl}}/about-send/). {% callout warning %} Your API key enables full access to your Organization. Keep your API key private. If you believe your API key has been compromised, select the **Rotate API Key** button on this screen. Active uses of your current API key will need to be reconfigured with the new key before use. @@ -135,4 +135,4 @@ The Bitwarden Public API uses conventional HTTP response codes to indicate the s For more information about using the Bitwarden Public API, see the following articles: - [Bitwarden Public API OAS Specification](https://bitwarden.com/help/api/){:target="\_blank"} -- [Event Logs](https://bitwarden.com/help/article/event-logs/) +- [Event Logs](https://bitwarden.com/help/event-logs/) diff --git a/_articles/organizations/sharing.md b/_articles/organizations/sharing.md index 0fc52c4a..6dbe2f25 100644 --- a/_articles/organizations/sharing.md +++ b/_articles/organizations/sharing.md @@ -8,11 +8,11 @@ hidden: false tags: [sharing, how to] order: "04" redirect_from: - - /article/share-to-a-collection/ + - /share-to-a-collection/ --- {% callout info %} -In order to share items you need to be a member of an Organization. Learn more about [Organizations]({% link _articles/organizations/about-organizations.md %}) or learn how to [start your own two-person Organization]({{site.baseurl}}/article/getting-started-organizations/). +In order to share items you need to be a member of an Organization. Learn more about [Organizations]({% link _articles/organizations/about-organizations.md %}) or learn how to [start your own two-person Organization]({{site.baseurl}}/getting-started-organizations/). {% endcallout %} Sharing items with Bitwarden means moving them into an Organization and Collection, a structure used to gather together Logins, Notes, Cards, and Identities for access by multiple users. There are a few different ways you can create Organization items for sharing: @@ -39,7 +39,7 @@ Moving an item to an Organization **will transfer ownership to the Organization* ## Create an Organization Item -Organization members can create new items directly for any assigned Collection(s) unless they're given [**Read Only** access](https://bitwarden.com/help/article/user-types-access-control/) to that Collection. Shared items can only be created **from the Web Vault**, either in your My Vault view or in the Organization view: +Organization members can create new items directly for any assigned Collection(s) unless they're given [**Read Only** access](https://bitwarden.com/help/user-types-access-control/) to that Collection. Shared items can only be created **from the Web Vault**, either in your My Vault view or in the Organization view: