bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2025-12-17 16:53:28 +00:00
Code Issues Releases Wiki Activity

removed /article from URL

Browse Source
This commit is contained in:
DanHillesheim
2021-09-08 14:25:46 -06:00
parent 85b4f0e409
commit 7aaa3d74e9
121 changed files with 685 additions and 685 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_articles/account/account-encryption-key.md
View File

@@ -7,7 +7,7 @@ popular: false
tags: [encryption key, account]
order: "04"
redirect_from:
- /article/update-encryption-key/
- /update-encryption-key/
---
Each unique Bitwarden account has an encryption key derived from your Master Password, according to the methods defined in [Encryption]({% link _articles/security/what-encryption-is-used.md %}). This encryption key is used to encrypt all Vault data.

4
_articles/account/basic-auth-autofill.md
View File

@@ -9,9 +9,9 @@ tags: []
order: "07"
---
Login prompts like the one pictured below, called "basic" or "native" authentication prompts, will be automatically auto-filled by the Bitwarden Browser Extension **if there is only 1 Login item with a** [**matching URI**]({{site.baseurl}}/article/uri-match-detection). You can also use the Browser Extension's {% icon fa-share-square %} **Launch** button to automatically open and log in to a basic auth-protected resource.
Login prompts like the one pictured below, called "basic" or "native" authentication prompts, will be automatically auto-filled by the Bitwarden Browser Extension **if there is only 1 Login item with a** [**matching URI**]({{site.baseurl}}/uri-match-detection). You can also use the Browser Extension's {% icon fa-share-square %} **Launch** button to automatically open and log in to a basic auth-protected resource.
Auto-filling on basic auth prompts will, by default, use the [Host]({{site.baseurl}}/article/uri-match-detection/#host) URI match detection option so that auto-filling is more restrictive. This can be changed by setting the [match detection option]({{site.baseurl}}/article/uri-match-detection/) for the relevant Vault item.
Auto-filling on basic auth prompts will, by default, use the [Host]({{site.baseurl}}/uri-match-detection/#host) URI match detection option so that auto-filling is more restrictive. This can be changed by setting the [match detection option]({{site.baseurl}}/uri-match-detection/) for the relevant Vault item.
If more than one Login item with a matching URI is found, the Browser Extension will not be able to auto-fill your credentials and you will need to manually copy/paste your username and password to log in.

4
_articles/account/forgot-master-password.md
View File

@@ -10,7 +10,7 @@ order: "02"
As described in the [Your Master Password]({% link _articles/account/master-password.md %}) article, Bitwarden has no knowledge of, way to retrieve, or way to reset your Master Password.
If you've already lost your Master Password, there is unfortunately no way for anyone to recover the account or the data stored in your Personal Vault unless you're enrolled in [Organization Master Password Reset]({{site.baseurl}}/article/admin-reset/). You will need to delete your account and start a new one.
If you've already lost your Master Password, there is unfortunately no way for anyone to recover the account or the data stored in your Personal Vault unless you're enrolled in [Organization Master Password Reset]({{site.baseurl}}/admin-reset/). You will need to delete your account and start a new one.
{% callout success %}
Before deleting your account:
@@ -19,7 +19,7 @@ Before deleting your account:
**Second**, if you're having issues logging in with a Bitwarden client application, try logging in using another type of client, or on another device.
**Third**, if you have a designated Trusted Emergency Contact established using [Emergency Access]({{site.baseurl}}/article/emergency-access/), get in contact with them to regain Read or Takeover access to your account.
**Third**, if you have a designated Trusted Emergency Contact established using [Emergency Access]({{site.baseurl}}/emergency-access/), get in contact with them to regain Read or Takeover access to your account.
**Lastly**, if you're using any Bitwarden client applications (Mobile Apps, Browser Extensions, etc.), you should check whether any of these sessions are still logged in prior to deleting your account. If a client application is still logged in, you should manually catalogue your Vault items to preserve your data.
{% endcallout %}

4
_articles/account/managing-items.md
View File

@@ -30,7 +30,7 @@ Effectively managing the items in your Vault is key to making sure that you secu
{% capture logins %}
### Logins
Login items are most often used to store username and password combinations, and support [TOTP seeds]({{site.baseurl}}/article/authenticator-keys/) for Premium users. Whatever plan you're on, we recommend giving every Login a [URI for easy auto-fill]({{site.baseurl}}/article/uri-match-detection):
Login items are most often used to store username and password combinations, and support [TOTP seeds]({{site.baseurl}}/authenticator-keys/) for Premium users. Whatever plan you're on, we recommend giving every Login a [URI for easy auto-fill]({{site.baseurl}}/uri-match-detection):
{% image manage-items/login-item.png Login Vault Item %}
@@ -173,7 +173,7 @@ Master password re-prompt **is not** an encryption mechanism. This feature is an
## Move Items to an Organization
If you're a member of an [Organization]({{site.baseurl}}/article/about-organizations/), you can move Vault items to your Organization for sharing with other Organization members. Learn more about [Organizations]({{site.baseurl}}/article/about-organizations/), [Collections]({{site.baseurl}}/article/about-collections), and [Sharing]({{site.baseurl}}/article/sharing/).
If you're a member of an [Organization]({{site.baseurl}}/about-organizations/), you can move Vault items to your Organization for sharing with other Organization members. Learn more about [Organizations]({{site.baseurl}}/about-organizations/), [Collections]({{site.baseurl}}/about-collections), and [Sharing]({{site.baseurl}}/sharing/).
## Clone Vault Items

2
_articles/account/master-password.md
View File

@@ -7,7 +7,7 @@ popular: false
tags: [master password, account]
order: "01"
redirect_from:
- /article/change-your-master-password/
- /change-your-master-password/
---
## About your Master Password

2
_articles/directory-connector/directory-sync-cli.md
View File

@@ -48,7 +48,7 @@ To get started using the Bitwarden Directory Connector CLI:
### login
Use the `login` command to login to Directory Connector with your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/). There are a few ways to use the `login` command:
Use the `login` command to login to Directory Connector with your [Organization API Key]({{site.baseurl}}/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/user-types-access-control/). There are a few ways to use the `login` command:
- By itself:

10
_articles/directory-connector/directory-sync-desktop.md
View File

@@ -12,7 +12,7 @@ The Directory Connector Desktop App is a standalone desktop application that can
{% image directory-connector/app.png Directory Connector Desktop App %}
Directory Connector is also available as a [CLI Tool]({{site.baseurl}}/article/directory-sync-cli). The Desktop App and CLI [share a database and configurations]({% link _articles/directory-connector/directory-sync-shared.md %}), so you may choose to use both, however simultaneous use is not recommended.
Directory Connector is also available as a [CLI Tool]({{site.baseurl}}/directory-sync-cli). The Desktop App and CLI [share a database and configurations]({% link _articles/directory-connector/directory-sync-shared.md %}), so you may choose to use both, however simultaneous use is not recommended.
## Getting Started
@@ -30,8 +30,8 @@ To get started using the Directory Connector Desktop App:
1. On the Login screen, select **Settings**.
2. In the **Server URL** field, enter the domain name for your self-hosted instance with `https://`. For example, `https://your.domain.bitwarden.com`.
3. Select **Save**.
3. Log in to Directory Connector using your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/).
4. On the {% icon fa-cogs %} **Settings** tab, connect to your directory and configure [sync options]({{site.baseurl}}/article/user-group-filters/). This procedure will vary based on the directory in use, so refer to one of the following articles for instruction:
3. Log in to Directory Connector using your [Organization API Key]({{site.baseurl}}/public-api/#authentication). If you don't have the API Key, reach out to an [Organization Owner]({{site.baseurl}}/user-types-access-control/).
4. On the {% icon fa-cogs %} **Settings** tab, connect to your directory and configure [sync options]({{site.baseurl}}/user-group-filters/). This procedure will vary based on the directory in use, so refer to one of the following articles for instruction:
- [Sync with Active Directory or LDAP]({% link _articles/directory-connector/ldap-directory.md %})
- [Sync with Azure Active Directory]({% link _articles/directory-connector/azure-active-directory.md %})
@@ -39,7 +39,7 @@ To get started using the Directory Connector Desktop App:
- [Sync with Okta]({% link _articles/directory-connector/okta-directory.md %})
- [Sync with OneLogin]({% link _articles/directory-connector/onelogin-directory.md %})
{% callout success %}If you're re-configuring sync options, rather than setting them for the first time, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations ([learn more]({{site.baseurl}}/article/clear-sync-cache/)).{% endcallout %}
{% callout success %}If you're re-configuring sync options, rather than setting them for the first time, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations ([learn more]({{site.baseurl}}/clear-sync-cache/)).{% endcallout %}
5. On the {% icon fa-cogs %} **Settings** tab, select you Organization from the Organization dropdown.
6. **Perform a Test Sync**. To check that your directory connection and sync options are successfully configured and working as expected:
@@ -60,6 +60,6 @@ Synced users will be invited to your Organization, and groups will be immediatel
### Automatic Sync
Automatic syncing will poll your directory based on the **Interval** specified in your [sync options]({{site.baseurl}}/article/user-group-filters/) as long as the application is open. If you exit or close the application, automatic sync polling will stop.
Automatic syncing will poll your directory based on the **Interval** specified in your [sync options]({{site.baseurl}}/user-group-filters/) as long as the application is open. If you exit or close the application, automatic sync polling will stop.
To start automatic sync polling with Directory Connector, open the {% icon fa-dashboard %} **Dashboard** tab and select the {% icon fa-play %} **Start Sync** button.

4
_articles/directory-connector/directory-sync.md
View File

@@ -12,10 +12,10 @@ order: "01"
The Bitwarden Directory Connector application syncs users and groups to a Bitwarden Organization from a selection of directory services. Directory Connector **will automatically provision and de-provision users, groups, and group associations** from the source directory.
Directory Connector will issue invitations to synced users, however it will not automatically construct Bitwarden credentials based on any credentials stored in the source directory. Invited users will be required to follow the normal Organization [onboarding procedure]({{site.baseurl}}/article/managing-users/#onboard-users) and log in with the created Bitwarden Master Password.
Directory Connector will issue invitations to synced users, however it will not automatically construct Bitwarden credentials based on any credentials stored in the source directory. Invited users will be required to follow the normal Organization [onboarding procedure]({{site.baseurl}}/managing-users/#onboard-users) and log in with the created Bitwarden Master Password.
{% callout info %}
Directory Connector functionality is available to **Teams** and **Enterprise** Organizations. To use Directory Connector, you must have access to your [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) which can only be retrieved by an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/) and securely shared using [Bitwarden Send]({{site.baseurl}}/article/about-send/).
Directory Connector functionality is available to **Teams** and **Enterprise** Organizations. To use Directory Connector, you must have access to your [Organization API Key]({{site.baseurl}}/public-api/#authentication) which can only be retrieved by an [Organization Owner]({{site.baseurl}}/user-types-access-control/) and securely shared using [Bitwarden Send]({{site.baseurl}}/about-send/).
{% endcallout %}
{% image directory-connector/dc-diagram.png %}

2
_articles/directory-connector/schedule-directory-sync.md
View File

@@ -18,7 +18,7 @@ In Unix-like environments, including Linux and macOS, use cron to schedule Direc
When running a cron job, we recommend doing so as a dedicated Directory Connector user. Create a `bwdc` user if you haven't already, and add that user to the `etc/cron.allow` list. This will allow a non-Root user to set up and run cron jobs.
In order to continue, you will also need your Organization's [API Key]({{site.baseurl}}/article/public-api/#authentication) `client_id` and `client_secret`, which can be obtained by an Organization **Owner** from the Web Vault by navigating to Organization **Settings** → **My Organization**.
In order to continue, you will also need your Organization's [API Key]({{site.baseurl}}/public-api/#authentication) `client_id` and `client_secret`, which can be obtained by an Organization **Owner** from the Web Vault by navigating to Organization **Settings** → **My Organization**.
### Setup a Sync Script

2
_articles/directory-connector/user-group-filters.md
View File

@@ -29,7 +29,7 @@ Regardless of which directory you're syncing from, enable the **More than 2000 u
{% image directory-connector/largesync.png Signal a Large Sync%}
You may also enable this option directly in the Directory Connector [configuration file]({{site.baseurl}}/article/directory-sync-shared/#config-file) (`data.json`) by setting `"largeImport": true`:
You may also enable this option directly in the Directory Connector [configuration file]({{site.baseurl}}/directory-sync-shared/#config-file) (`data.json`) by setting `"largeImport": true`:
```
"syncConfig": {

6
_articles/faqs/autofill-faqs.md
View File

@@ -34,8 +34,8 @@ order: "10"
**A:** This most commonly occurs on iOS when you make a change to your device's biometrics settings (e.g. adding another finger to Touch ID). To resolve this error:
1. **If you have [PIN Code]({{site.baseurl}}/article/unlock-with-pin/) verification active**, disable it.
1. **If you have [PIN Code]({{site.baseurl}}/unlock-with-pin/) verification active**, disable it.
2. Log out of your Bitwarden mobile app.
3. Check that your device settings are [setup to use Bitwarden for autofill]({{site.baseurl}}/article/auto-fill-ios/#keyboard-auto-fill).
3. Check that your device settings are [setup to use Bitwarden for autofill]({{site.baseurl}}/auto-fill-ios/#keyboard-auto-fill).
4. Log back in to your Bitwarden mobile app.
5. Re-enable [PIN Code]({{site.baseurl}}/article/unlock-with-pin/) verification if you want to use it as a backup for [biometrics]({{site.baseurl}}/article/unlock-with-biometrics/).
5. Re-enable [PIN Code]({{site.baseurl}}/unlock-with-pin/) verification if you want to use it as a backup for [biometrics]({{site.baseurl}}/unlock-with-biometrics/).

8
_articles/faqs/billing-faqs.md
View File

@@ -24,15 +24,15 @@ For help selecting the right Bitwarden plan for you, refer to [What Plan is Righ
### Q: How do I view my billing information?
**A:** Viewing Billing information is different depending on whether you're viewing it for an Individual or Organization subscription. Use [Update Your Billing Information](https://bitwarden.com/help/article/update-billing-info/) to guide you through both processes.
**A:** Viewing Billing information is different depending on whether you're viewing it for an Individual or Organization subscription. Use [Update Your Billing Information](https://bitwarden.com/help/update-billing-info/) to guide you through both processes.
### Q: How do I delete my account?
**A:** We're sad to see you go! Use [Delete Your Account](https://help.bitwarden.com/article/delete-your-account/) to guide you through this process.
**A:** We're sad to see you go! Use [Delete Your Account](https://help.bitwarden.com/delete-your-account/) to guide you through this process.
### Q: How do I upgrade from an Individual subscription to an Organization?
**A:** Use [Upgrade from Individual to Organization](https://bitwarden.com/help/article/upgrade-from-individual-to-org/) to guide you through this process.
**A:** Use [Upgrade from Individual to Organization](https://bitwarden.com/help/upgrade-from-individual-to-org/) to guide you through this process.
### Q: How do I add or remove a user seat from my Organization?
@@ -66,7 +66,7 @@ Legacy Families plans do not automatically provide premium features, so users wo
### Q: Can I pay with Bitcoin?
**A:** Yes! Refer to [Update Your Billing Information](https://bitwarden.com/help/article/update-billing-info/) for more information.
**A:** Yes! Refer to [Update Your Billing Information](https://bitwarden.com/help/update-billing-info/) for more information.
[Contact Us](https://bitwarden.com/contact/) once you have added the credit for the subscription amount. We will generate and send you an invoice and activate the new account. You will also receive an invoice from our payment processor (BitPay) at the time the Bitcoin is sent.

4
_articles/faqs/hosting-faqs.md
View File

@@ -45,7 +45,7 @@ Retrieve an installation id and key from [https://bitwarden.com/host](https://bi
Check that your server name or FQDN has been proliferated to all `globalSettings_baseServiceUri__*` variables in `./bwdata/env/global.override.env`, and that your certificate contains a Subject Alternative Name (SAN) with the new server FQDN
If you are using Let's Encrypt certificate, you'll need to [Manually Update Your Certificate](https://bitwarden.com/help/article/certificates/#manually-update-a-lets-encrypt-certificate){:target="\_blank"}.
If you are using Let's Encrypt certificate, you'll need to [Manually Update Your Certificate](https://bitwarden.com/help/certificates/#manually-update-a-lets-encrypt-certificate){:target="\_blank"}.
## SMTP Configuration
@@ -82,7 +82,7 @@ Check that the custom port values have been proliferated to `./bwdata/env/global
### Q: How do I add Bitwarden to system boot?
**A:** Before adding Bitwarden to system boot, complete [Docker Post-Installation](https://bitwarden.com/help/article/install-on-premise/#docker-post-installation-linux-only) to setup a dedicated `bitwarden` service account.
**A:** Before adding Bitwarden to system boot, complete [Docker Post-Installation](https://bitwarden.com/help/install-on-premise/#docker-post-installation-linux-only) to setup a dedicated `bitwarden` service account.
Then, complete the following steps:

10
_articles/faqs/org-faqs.md
View File

@@ -11,9 +11,9 @@ order: "18"
This article contains Frequently Asked Questions (FAQs) regarding **Organizations**.
For more high-level information about **Organizations**, refer to the following articles:
- [About Organizations](https://bitwarden.com/help/article/about-organizations/)
- [About Collections](https://bitwarden.com/help/article/about-collections/)
- [About Groups](https://bitwarden.com/help/article/about-groups/)
- [About Organizations](https://bitwarden.com/help/about-organizations/)
- [About Collections](https://bitwarden.com/help/about-collections/)
- [About Groups](https://bitwarden.com/help/about-groups/)
## Organizations General
@@ -37,7 +37,7 @@ Paid Organizations (Families, Teams, or Enterprise) automatically include premiu
### Q: What events are audited for my Organization?
**A:** For a full list of what's included in Bitwarden Event Logs, see [Event Logs](https://bitwarden.com/help/article/event-logs/).
**A:** For a full list of what's included in Bitwarden Event Logs, see [Event Logs](https://bitwarden.com/help/event-logs/).
### Q: Can I prevent users from self-registering into my Organization?
@@ -66,7 +66,7 @@ Alternatively, you can unshare items by moving them to a different Collection wi
### Q: How do I hide a password from my Organization's users?
**A:** Use the **Hide Passwords** option in the **Access Control** section when adding new users or editing existing ones in order to hide a given Collection's passwords and hidden fields from them. For more information, see [Access Control](https://bitwarden.com/help/article/user-types-access-control/#access-control).
**A:** Use the **Hide Passwords** option in the **Access Control** section when adding new users or editing existing ones in order to hide a given Collection's passwords and hidden fields from them. For more information, see [Access Control](https://bitwarden.com/help/user-types-access-control/#access-control).
### Q: Does an item I move to the Organization stay after I leave?

4
_articles/faqs/product-faqs.md
View File

@@ -8,7 +8,7 @@ hidden: false
tags: []
order: "16"
redirect_from:
- /article/change-your-email/
- /change-your-email/
---
This article contains Frequently Asked Questions (FAQs) about general Vault Management and Bitwarden functionality.
@@ -105,4 +105,4 @@ Clicking on the number will expose the historical password values in plain text
### Q: Can I print my Vault data?
**A:** Not directly from Bitwarden, however you can [export your Vault data]({{site.baseurl}}/article/export-your-data/) as a `.csv` or `.json` file and print it out from your text editor.
**A:** Not directly from Bitwarden, however you can [export your Vault data]({{site.baseurl}}/export-your-data/) as a `.csv` or `.json` file and print it out from your text editor.

10
_articles/faqs/providers-faqs.md
View File

@@ -17,7 +17,7 @@ order: "08"
### Q: How are Client Organizations billed?
**A:** Currently, each Client Organization is billed separately using the payment method registered during [Client Organization creation]({{site.baseurl}}/article/client-org-setup/). In the future, we'll be developing functionality to aggregate billing across Client Organizations to improve the Provider experience.
**A:** Currently, each Client Organization is billed separately using the payment method registered during [Client Organization creation]({{site.baseurl}}/client-org-setup/). In the future, we'll be developing functionality to aggregate billing across Client Organizations to improve the Provider experience.
### What customer support do MSPs receive?
@@ -41,7 +41,7 @@ The Provider Portal is an all-in-one portal, designed to streamline client manag
### Q: I'm already providing Bitwarden as a service for my clients, what do I need to do to move to the Provider Portal?
**A:** It's quick and easy! [Contact Us](https://bitwarden.com/contact/){:target="\_blank"} and a member of the Bitwarden team will issue you an invitation. Once in the Provider Portal, you can [add existing Client Organizations]({{site.baseurl}}/article/add-existing-client-org/) to begin centralizing client management.
**A:** It's quick and easy! [Contact Us](https://bitwarden.com/contact/){:target="\_blank"} and a member of the Bitwarden team will issue you an invitation. Once in the Provider Portal, you can [add existing Client Organizations]({{site.baseurl}}/add-existing-client-org/) to begin centralizing client management.
### Q: How many clients can I manage through the Provider Portal?
@@ -61,11 +61,11 @@ The Provider Portal is an all-in-one portal, designed to streamline client manag
### Q: Is there a recommended workflow for onboarding new clients?
**A:** Yes! We've outlined one recommended workflow [here]({{site.baseurl}}/article/client-org-setup/).
**A:** Yes! We've outlined one recommended workflow [here]({{site.baseurl}}/client-org-setup/).
### Q: How does an MSP access Client Organizations?
**A:** MSPs can access all Client Organizations under management from the Provider Portal. Learn more [here]({{site.baseurl}}/article/manage-client-orgs/).
**A:** MSPs can access all Client Organizations under management from the Provider Portal. Learn more [here]({{site.baseurl}}/manage-client-orgs/).
### Q: Can an MSP administrator see or manage credentials for all clients?
@@ -73,4 +73,4 @@ The Provider Portal is an all-in-one portal, designed to streamline client manag
### Q: Can we set default Enterprise Policies that apply to all clients?
**A:** Each Client Organization operates independently with individually configured policies. [Learn more about configuring Enterprise Policies]({{site.baseurl}}/article/policies/).
**A:** Each Client Organization operates independently with individually configured policies. [Learn more about configuring Enterprise Policies]({{site.baseurl}}/policies/).

16
_articles/faqs/security-faqs.md
View File

@@ -8,9 +8,9 @@ hidden: false
tags: []
order: "11"
redirect_from:
- /article/why-should-i-trust-bitwarden/
- /article/what-happens-if-bitwarden-is-hacked/
- /article/can-bitwarden-see-my-passwords/
- /why-should-i-trust-bitwarden/
- /what-happens-if-bitwarden-is-hacked/
- /can-bitwarden-see-my-passwords/
---
This article contains Frequently Asked Questions (FAQs) regarding **Security**.
@@ -88,9 +88,9 @@ Bitwarden takes user security and privacy seriously. Bitwarden maintains secure,
- Offline Vault sessions will expire after 30 days.
- **Except** for mobile client applications, which will expire after 90 days.
- [Two-step Login]({{site.baseurl}}/article/setup-two-step-login) **Remember Me** selections will expire after 30 days.
- Directory Connector [sync cache]({{site.baseurl}}/article/clear-sync-cache/) will be cleared after 30 days.
- Organization invites will expire after 5 days. Self-hosted customers can configure this [using an environment variable]({{site.baseurl}}/article/environment-variables/#optional-variables).
- [Two-step Login]({{site.baseurl}}/setup-two-step-login) **Remember Me** selections will expire after 30 days.
- Directory Connector [sync cache]({{site.baseurl}}/clear-sync-cache/) will be cleared after 30 days.
- Organization invites will expire after 5 days. Self-hosted customers can configure this [using an environment variable]({{site.baseurl}}/environment-variables/#optional-variables).
### Questions Regarding Specific Client Apps
@@ -120,7 +120,7 @@ When this **optional feature** is enabled, clipboard clear will clear any Bitwar
### Q: Why does the Browser Extension need `nativeMessaging` permission?
**A:**
Version 1.48.0 of the browser extension enables [Biometric Unlock for Browser Extensions](https://bitwarden.com/help/article/biometrics/#browser-extensions).
Version 1.48.0 of the browser extension enables [Biometric Unlock for Browser Extensions](https://bitwarden.com/help/biometrics/#browser-extensions).
This permission, also known as `nativeMessaging`, is safe to accept and allows the browser extension to communicate with the Bitwarden desktop app, which is required to enabled Unlock with Biometrics.
@@ -128,7 +128,7 @@ Note that when your browser updates to this version, you may be asked to accept
### Q: Is Bitwarden FIPS Compliant?
**A:** Bitwarden uses [FIPS compliant libraries and cryptography](https://bitwarden.com/help/article/what-encryption-is-used/#invoked-crypto-libraries), however the Bitwarden platform has not performed any FIPs certifications. Most FIPS installations of Bitwarden leverage the self-hosting option to make evaluations (i.e. Cybersecurity Maturity Model Certification) easier.
**A:** Bitwarden uses [FIPS compliant libraries and cryptography](https://bitwarden.com/help/what-encryption-is-used/#invoked-crypto-libraries), however the Bitwarden platform has not performed any FIPs certifications. Most FIPS installations of Bitwarden leverage the self-hosting option to make evaluations (i.e. Cybersecurity Maturity Model Certification) easier.
### Q: Can I restrict access to Bitwarden to certain devices?

18
_articles/faqs/send-faqs.md
View File

@@ -22,7 +22,7 @@ Additionally, creation of file Sends requires your Email Address to be verified.
### Q: Why are Sends missing from my Send view?
**A:** By design, Sends are ephemeral. Each created Send has a **maximum lifespan of 31 days**, configurable when you [create a Send]({% link _articles/send/create-send.md %}) or at any time by editing it. When a Send's [Deletion Date]({{site.baseurl}}/article/send-lifespan/#deletion-date) is reached, it will be purged from Bitwarden systems and inaccessible to both the Sender and any recipients.
**A:** By design, Sends are ephemeral. Each created Send has a **maximum lifespan of 31 days**, configurable when you [create a Send]({% link _articles/send/create-send.md %}) or at any time by editing it. When a Send's [Deletion Date]({{site.baseurl}}/send-lifespan/#deletion-date) is reached, it will be purged from Bitwarden systems and inaccessible to both the Sender and any recipients.
### Q: What do the icons next to my Sends indicate?
@@ -30,17 +30,17 @@ Additionally, creation of file Sends requires your Email Address to be verified.
|Icon|Meaning|
|----|-------|
|{% icon fa-key %}|This Send is [protected by a password]({{site.baseurl}}/article/send-privacy/#send-passwords).|
|{% icon fa-warning %}|This Send has been [manually disabled]({{site.baseurl}}/article/send-lifespan/#manually-disable-or-delete).|
|{% icon fa-clock-o %}|This Send has reached it's specified [Expiration Date]({{site.baseurl}}/article/send-lifespan/#expiration-date).|
|{% icon fa-ban %}|This Send has reached it's specified [Maximum Access Count]({{site.baseurl}}/article/send-lifespan/#maximum-access-count).|
|{% icon fa-trash %}|This Send has reached it's specified [Deletion Date]({{site.baseurl}}/article/send-lifespan/#deletion-date) and is **Pending Deletion**.|
|{% icon fa-key %}|This Send is [protected by a password]({{site.baseurl}}/send-privacy/#send-passwords).|
|{% icon fa-warning %}|This Send has been [manually disabled]({{site.baseurl}}/send-lifespan/#manually-disable-or-delete).|
|{% icon fa-clock-o %}|This Send has reached it's specified [Expiration Date]({{site.baseurl}}/send-lifespan/#expiration-date).|
|{% icon fa-ban %}|This Send has reached it's specified [Maximum Access Count]({{site.baseurl}}/send-lifespan/#maximum-access-count).|
|{% icon fa-trash %}|This Send has reached it's specified [Deletion Date]({{site.baseurl}}/send-lifespan/#deletion-date) and is **Pending Deletion**.|
### Q: Why is Send disabled for my Organization?
**A:** Bitwarden Enterprise Organizations include a [Disable Send policy]({{site.baseurl}}/article/policies/#disable-send), which Admins and Owners can use to toggle on/off Send functionality within their Organization. Contact your Admin or Owner to discuss your Organization's policies.
**A:** Bitwarden Enterprise Organizations include a [Disable Send policy]({{site.baseurl}}/policies/#disable-send), which Admins and Owners can use to toggle on/off Send functionality within their Organization. Contact your Admin or Owner to discuss your Organization's policies.
During the initial rollout of Send in March 2021, Organizations that already had the [Personal Ownership policy]({{site.baseurl}}/article/policies/#personal-ownership) enabled will find that the Disable Send policy was enabled for their Organizations. This was to allow for customers with this security profile to opt-in to Send on their own schedule.
During the initial rollout of Send in March 2021, Organizations that already had the [Personal Ownership policy]({{site.baseurl}}/policies/#personal-ownership) enabled will find that the Disable Send policy was enabled for their Organizations. This was to allow for customers with this security profile to opt-in to Send on their own schedule.
If you do want to use Bitwarden Send as an end-to-end encrypted solution for ephemeral sharing within your Organization, all you need to do is turn the Disable Send policy off from the [Business Portal]({% link _articles/organizations/about-business-portal.md %}) or from your Organization's **Manage** → **Policies** page.
@@ -48,4 +48,4 @@ Learn more about Send [here](https://bitwarden.com/products/send).
### Q: Can I disable Send for my Organization?
**A:** Enterprise Organizations can disable Send at any time using the [Disable Send policy]({{site.baseurl}}/article/policies/#disable-send). Admins and Owners can implement this policy from the [Business Portal]({% link _articles/organizations/about-business-portal.md %}) or from your Organization's **Manage** → **Policies** page. Enabling the policy will prevent Organization members from creating or editing any Sends.
**A:** Enterprise Organizations can disable Send at any time using the [Disable Send policy]({{site.baseurl}}/policies/#disable-send). Admins and Owners can implement this policy from the [Business Portal]({% link _articles/organizations/about-business-portal.md %}) or from your Organization's **Manage** → **Policies** page. Enabling the policy will prevent Organization members from creating or editing any Sends.

12
_articles/faqs/sso-faqs.md
View File

@@ -11,8 +11,8 @@ order: "07"
This article contains Frequently Asked Questions (FAQs) regarding **Login with SSO**.
For more high-level information about **Login with SSO**, refer to the following articles:
- [Getting Started with Login with SSO](https://bitwarden.com/help/article/getting-started-with-sso/)
- [About the Business Portal](https://bitwarden.com/help/article/about-business-portal/)
- [Getting Started with Login with SSO](https://bitwarden.com/help/getting-started-with-sso/)
- [About the Business Portal](https://bitwarden.com/help/about-business-portal/)
## Using Login with SSO
@@ -26,7 +26,7 @@ For more high-level information about **Login with SSO**, refer to the following
### Q: Can I still log in with my Master Password if my Organization has SSO enabled?
**A:** By default, yes, you can use your email address and Master Password to login to Bitwarden. However, if your Organization enables both the [Single Organization](https://bitwarden.com/help/article/policies/#single-organization) and [Single Sign-On Authentication](https://bitwarden.com/help/article/policies/#single-sign-on-authentication) policies, all non-administrator users will be required to login with SSO.
**A:** By default, yes, you can use your email address and Master Password to login to Bitwarden. However, if your Organization enables both the [Single Organization](https://bitwarden.com/help/policies/#single-organization) and [Single Sign-On Authentication](https://bitwarden.com/help/policies/#single-sign-on-authentication) policies, all non-administrator users will be required to login with SSO.
### Q: How does Login with SSO work for new users ("just-in-time")?
@@ -53,15 +53,15 @@ For more high-level information about **Login with SSO**, refer to the following
### Q: What plans offer Login with SSO?
**A:** Only our current Enterprise Plan offers this feature. For more information, see [here](https://bitwarden.com/help/article/2020-plan-updates/).
**A:** Only our current Enterprise Plan offers this feature. For more information, see [here](https://bitwarden.com/help/2020-plan-updates/).
### Q: How do I upgrade my plan so that I can use Login with SSO?
**A:** [Contact Us](https://bitwarden.com/contact/) and select **Upgrade/Change Plan** from the **Subject** dropdown menu. We highly recommend you test Login with SSO by starting a [7 Day Enterprise Free Trial](https://bitwarden.com/help/article/enterprise-free-trial).
**A:** [Contact Us](https://bitwarden.com/contact/) and select **Upgrade/Change Plan** from the **Subject** dropdown menu. We highly recommend you test Login with SSO by starting a [7 Day Enterprise Free Trial](https://bitwarden.com/help/enterprise-free-trial).
### Q: I would like to test Login with SSO. If I decide I don't need it, can I revert to my Classic 2019 plan?
**A:** Unfortunately, we aren't able to revert you back to a Classic 2019 plan once you've upgraded. We recommend creating a new Organization to start a [7 Day Enterprise Free Trial](https://bitwarden.com/help/article/enterprise-free-trial/) to test Login with SSO outside of your Primary Organization.
**A:** Unfortunately, we aren't able to revert you back to a Classic 2019 plan once you've upgraded. We recommend creating a new Organization to start a [7 Day Enterprise Free Trial](https://bitwarden.com/help/enterprise-free-trial/) to test Login with SSO outside of your Primary Organization.
## Supportability

4
_articles/faqs/twostep-faqs.md
View File

@@ -17,7 +17,7 @@ This article contains Frequently Asked Questions (FAQs) regarding **Two-step Log
### Q: Can I require my Organization's users to use Two-step Login?
**A:** You can require your Organization's users to use Two-step Login by enabling the [Two-step Login Policy]({{site.baseurl}}/article/policies/#two-step-login). Additionally, you can setup [Organization-wide Duo 2FA]({{site.baseurl}}/article/two-step-login-duo) to ensure that all of your users have a secure Two-step Login method at their disposal.
**A:** You can require your Organization's users to use Two-step Login by enabling the [Two-step Login Policy]({{site.baseurl}}/policies/#two-step-login). Additionally, you can setup [Organization-wide Duo 2FA]({{site.baseurl}}/two-step-login-duo) to ensure that all of your users have a secure Two-step Login method at their disposal.
### Q: Is FIDO U2F or FIDO2 WebAuthn supported on my iOS or Android App?
@@ -27,7 +27,7 @@ This article contains Frequently Asked Questions (FAQs) regarding **Two-step Log
**A:** In most cases, one of two things is happening:
1. You may be already logged in to Bitwarden and only unlocking your Vault. Two-step Login is required to **Log In** but not to **Unlock** your Vault. For more information on the difference between Logging In and Unlocking, see [Vault Timeout Action](https://bitwarden.com/help/article/vault-timeout/#vault-timeout-action).
1. You may be already logged in to Bitwarden and only unlocking your Vault. Two-step Login is required to **Log In** but not to **Unlock** your Vault. For more information on the difference between Logging In and Unlocking, see [Vault Timeout Action](https://bitwarden.com/help/vault-timeout/#vault-timeout-action).
2. You may have previously checked the **Remember me** checkbox on a device when accessing your Vault using Two-step Login.

2
_articles/features/authenticator-keys.md
View File

@@ -12,7 +12,7 @@ The Bitwarden Authenticator is an alternative solution to dedicated authenticati
{% callout info %}Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires Premium or membership to a Paid Organization (Families, Teams, or Enterprise).{% endcallout %}
If you're new to using TOTPs for Two-step Login, refer to the [Field Guide to Two-step Login](https://bitwarden.com/help/article/bitwarden-field-guide-two-step-login/#securing-important-websites) for more information.
If you're new to using TOTPs for Two-step Login, refer to the [Field Guide to Two-step Login](https://bitwarden.com/help/bitwarden-field-guide-two-step-login/#securing-important-websites) for more information.
## Generate TOTP Codes

4
_articles/features/auto-fill-android.md
View File

@@ -42,7 +42,7 @@ To enable the autofill service:
You'll be prompted to confirm you trust Bitwarden. Tapping **OK** will let Bitwarden read content on the screen to know when to offer auto-fill. Learn more from [our blog post](https://bitwarden.com/blog/post/the-oreo-autofill-framework){:target="_blank"}.
**Autofill Service not working?** See [Troubleshooting the Autofill Service]({{site.baseurl}}/article/auto-fill-android-troubleshooting/#troubleshooting-the-autofill-service).
**Autofill Service not working?** See [Troubleshooting the Autofill Service]({{site.baseurl}}/auto-fill-android-troubleshooting/#troubleshooting-the-autofill-service).
#### Inline Autofill
@@ -80,7 +80,7 @@ To enable the accessibility method:
{% callout warning %}
If you're using Android 6+, you must also enable **Draw-Over**.
**Accessibility not working?** See [Troubleshooting the Accessibility Service]({{site.baseurl}}/article/auto-fill-android-troubleshooting/#troubleshooting-the-accessibility-service).
**Accessibility not working?** See [Troubleshooting the Accessibility Service]({{site.baseurl}}/auto-fill-android-troubleshooting/#troubleshooting-the-accessibility-service).
{% endcallout %}
#### Draw-Over

4
_articles/features/auto-fill-browser.md
View File

@@ -11,7 +11,7 @@ tags: [browser, auto-fill, autofill]
{% callout success %}
Most auto-fill functionality relies on the attribution of URIs to Login items. If you're unfamiliar with using URIs, see [Using URIs]({% link _articles/features/uri-match-detection.md %}).
Additionally, **basic authentication prompts** work a little differently than regular auto-fills. See our breakout article on [Basic Auth Prompts]({{site.baseurl}}/article/basic-auth-autofill)
Additionally, **basic authentication prompts** work a little differently than regular auto-fills. See our breakout article on [Basic Auth Prompts]({{site.baseurl}}/basic-auth-autofill)
{% endcallout %}
Bitwarden Browser Extensions have a unique **Tab** view, which automatically detects the URI (e.g. `myturbotax.intuit.com`) of the page displayed in the open tab and surfaces any Vault items with corresponding URIs.
@@ -92,7 +92,7 @@ You can auto-fill items manually that don't have saved URIs by opening them in t
## TOTP Copy
If you use [Bitwarden Authenticator]({{site.baseurl}}/article/authenticator-keys/), Bitwarden will automatically copy a Login item's TOTP code to the clipboard when the Login item is autofilled by any of the above methods.
If you use [Bitwarden Authenticator]({{site.baseurl}}/authenticator-keys/), Bitwarden will automatically copy a Login item's TOTP code to the clipboard when the Login item is autofilled by any of the above methods.
{% callout success %}
You can disable this option and set a custom interval with which to clear your clipboard from the Browser Extension's {% icon fa-cogs %} **Settings** tab:

2
_articles/features/auto-fill-card-id.md
View File

@@ -8,7 +8,7 @@ popular: false
tags: [browser, autofill, auto-fill, identity, card, form fill]
---
Bitwarden can do more than just [auto-fill your usernames and passwords]({% link _articles/features/auto-fill-browser.md %})! **Bitwarden Browser Extensions** can auto-fill [Cards]({{site.baseurl}}/article/managing-items/#cards) and [Identities]({{site.baseurl}}/article/managing-items/#identities) to simplify online purchases, account creation, and more using the [unique Tab view]({% link _articles/features/auto-fill-browser.md %}).
Bitwarden can do more than just [auto-fill your usernames and passwords]({% link _articles/features/auto-fill-browser.md %})! **Bitwarden Browser Extensions** can auto-fill [Cards]({{site.baseurl}}/managing-items/#cards) and [Identities]({{site.baseurl}}/managing-items/#identities) to simplify online purchases, account creation, and more using the [unique Tab view]({% link _articles/features/auto-fill-browser.md %}).
{% callout info %}Currently, Autofill for Cards & Identities is **only available for Browser Extensions**. Mobile platforms including Android and iOS do not currently support this type of auto-fill function.{% endcallout %}

4
_articles/features/auto-fill-ios.md
View File

@@ -24,7 +24,7 @@ Auto-fill on iOS comes in two flavors:
- **Browser App Extension**: Use this option to make Bitwarden auto-fill accessible *only* in Web Browser apps, like Safari, through the Share menu.
{% callout success %}
It is currently not possible to use auto-fill on iOS if the [Vault Timeout Action]({{site.baseurl}}/article/vault-timeout/#vault-timeout-action) for the device is set to **Log Out** and your *only* enabled [Two-step Login Method]({{site.baseurl}}/article/setup-two-step-login) requires NFC (e.g. an NFC YubiKey), as iOS will not allow NFC inputs to interrupt auto-fill workflows.
It is currently not possible to use auto-fill on iOS if the [Vault Timeout Action]({{site.baseurl}}/vault-timeout/#vault-timeout-action) for the device is set to **Log Out** and your *only* enabled [Two-step Login Method]({{site.baseurl}}/setup-two-step-login) requires NFC (e.g. an NFC YubiKey), as iOS will not allow NFC inputs to interrupt auto-fill workflows.
Either change your Vault Timeout Action to **Lock**, or enable another Two-step Login Method.
{% endcallout %}
@@ -50,7 +50,7 @@ To enable keyboard auto-fill on iOS:
If a [matching Login]({% link _articles/features/uri-match-detection.md %}) is displayed, tap it to auto-fill. If the {% icon fa-key %} **Passwords** button is displayed, tap it to browse your Vault for the Login item to use. In cases where the {% icon fa-key %} **Passwords** button is displayed, it's probably because there isn't an item in your Vault with a [matching URI]({% link _articles/features/uri-match-detection.md %}).
{% callout info %}Are you getting a `Biometric unlock disabled pending verification of master password` message? [Learn what to do]({{site.baseurl}}/article/autofill-faqs/#q-what-do-i-do-about-biometric-unlock-disabled-pending-verification-of-master-password).{% endcallout%}
{% callout info %}Are you getting a `Biometric unlock disabled pending verification of master password` message? [Learn what to do]({{site.baseurl}}/autofill-faqs/#q-what-do-i-do-about-biometric-unlock-disabled-pending-verification-of-master-password).{% endcallout%}
### Browser App Extension Auto-fill

2
_articles/features/blacklisting-uris.md
View File

@@ -31,7 +31,7 @@ Auto-fill relies on the attribution of URIs to Login items. If you're unfamiliar
For websites accessed via a web browser, a proper URI will be the `https://..` address of the Login page, for example `https://twitter.com` or `https://twitter.com/login`.
**For Android Apps**, the [URI scheme]({{site.baseurl}}/article/uri-match-detection/#uri-schemes) always starts with `androidapp://` and is usually a bit different from a typical web browser URI. For example,
**For Android Apps**, the [URI scheme]({{site.baseurl}}/uri-match-detection/#uri-schemes) always starts with `androidapp://` and is usually a bit different from a typical web browser URI. For example,
- The Twitter Android app has the URI `androidapp://com.twitter.android`
- The Reddit Android app has the URI `androidapp://com.reddit.frontpage`

2
_articles/features/custom-fields.md
View File

@@ -11,7 +11,7 @@ order: "08"
Custom fields, available for any [Vault item type]({% link _articles/account/managing-items.md %}), allow you to store additional well-structured data fields for a Vault item. Custom fields are saved as `Name:Value` pairs, and can be one of three types:
- **Text**: Field value stores a freeform input (text, numbers, etc.)
- **Hidden**: Field value stores freeform input that is hidden from view (particularly useful for Organizations using the [Hide Password access control](https://bitwarden.com/help/article/user-types-access-control/#granular-access-control)).
- **Hidden**: Field value stores freeform input that is hidden from view (particularly useful for Organizations using the [Hide Password access control](https://bitwarden.com/help/user-types-access-control/#granular-access-control)).
- **Boolean**: Field value stores a boolean value (true/false).
## Custom Fields for Keys

4
_articles/features/disable-browser-autofill.md
View File

@@ -52,7 +52,7 @@ This page will also list any **Saved Passwords** that are being stored by the br
{% image features/chrome-delete-passwords.png Chrome Saved Passwords %}
If you haven't already saved these passwords in Bitwarden, [export them]({{site.baseurl}}/article/import-from-chrome/#export-from-chrome) to prepare for future import to Bitwarden. Once exported, you should delete these passwords from the browser's storage.
If you haven't already saved these passwords in Bitwarden, [export them]({{site.baseurl}}/import-from-chrome/#export-from-chrome) to prepare for future import to Bitwarden. Once exported, you should delete these passwords from the browser's storage.
{% endcapture %}
{{ chrome | markdownify }}
@@ -69,7 +69,7 @@ You should also find out which Logins Firefox has already saved by selecting the
{% image features/firefox-delete.png Firefox Saved Logins %}
If you haven't already saved these passwords in Bitwarden, [export them]({{site.baseurl}}/article/import-from-firefox) for future import to Bitwarden. Once exported, you should {% icon fa-trash %} **Remove** these passwords from Firefox.
If you haven't already saved these passwords in Bitwarden, [export them]({{site.baseurl}}/import-from-firefox) for future import to Bitwarden. Once exported, you should {% icon fa-trash %} **Remove** these passwords from Firefox.
{% endcapture %}
{{ firefox | markdownify }}

10
_articles/features/folders.md
View File

@@ -8,7 +8,7 @@ tags: [categories, folders, sub-folders]
order: "06"
---
Folders are structures used to organize your Personal Vault by gathering together Logins, Cards, Identities, and Secure Notes. Using Folders is a great way to make all Vault items easy to find. Any Vault item can be added to a Folder, including [items shared with you from an Organization]({{site.baseurl}}/article/sharing/).
Folders are structures used to organize your Personal Vault by gathering together Logins, Cards, Identities, and Secure Notes. Using Folders is a great way to make all Vault items easy to find. Any Vault item can be added to a Folder, including [items shared with you from an Organization]({{site.baseurl}}/sharing/).
{% callout success %}
Items added to a Folder will still appear in your Vault when {% icon fa-th %} **All Items** is selected from the Filter menu, and deleting a Folder **will not** delete the items in that Folder.
@@ -98,7 +98,7 @@ To create a Folder, use the command:
bw create folder <foldername>
```
You can edit an existing folder using `bw edit <folderId>` and delete one using `bw delete folder <folderId>`. For more information, refer to our [CLI documentation]({{site.baseurl}}/article/cli).
You can edit an existing folder using `bw edit <folderId>` and delete one using `bw delete folder <folderId>`. For more information, refer to our [CLI documentation]({{site.baseurl}}/cli).
{% endcapture %}
{{ cli_info | markdownify}}
@@ -108,7 +108,7 @@ You can edit an existing folder using `bw edit <folderId>` and delete one using
{% callout info %}
If you're a member of an Organization, **Collections** will be shown below your Folders in the Filters menu.
There are similarities between Folders and Collections. **Folders organize your Personal Vault** (but can include [shared items]({{site.baseurl}}/article/sharing/)) and are unique to you, where Collections are shared between members of Organizations.
There are similarities between Folders and Collections. **Folders organize your Personal Vault** (but can include [shared items]({{site.baseurl}}/sharing/)) and are unique to you, where Collections are shared between members of Organizations.
{% endcallout %}
### Nested Folders
@@ -213,7 +213,7 @@ Using `edit` will require you to:
- Manipulate the JSON object (specifically, the `folderId` attribute) with a [command-line JSON processor like jq](https://stedolan.github.io/jq/){:target="\_blank"}.
- Use the `encode` command to encode changes to the JSON object.
If you're unfamiliar with using any of these parts, refer to our [CLI documentation]({{site.baseurl}}/article/cli).
If you're unfamiliar with using any of these parts, refer to our [CLI documentation]({{site.baseurl}}/cli).
{% endcallout %}
{% endcapture %}
@@ -222,5 +222,5 @@ If you're unfamiliar with using any of these parts, refer to our [CLI documentat
</div>
{% callout success %}
Items [shared with you from an Organization]({{site.baseurl}}/article/sharing/) can be added to your personal Folders, and doing so will only impact how the item appears in your Personal Vault (i.e. adding an item to a Folder won't give anyone access to that Folder, or change whether it's in a Folder in their Vaults).
Items [shared with you from an Organization]({{site.baseurl}}/sharing/) can be added to your personal Folders, and doing so will only impact how the item appears in your Personal Vault (i.e. adding an item to a Folder won't give anyone access to that Folder, or change whether it's in a Folder in their Vaults).
{% endcallout %}

2
_articles/features/uri-match-detection.md
View File

@@ -30,7 +30,7 @@ Schemes include:
- `androidapp://` references an Android Application Package ID or Name (e.g. `androidapp://com.twitter.android`)
{% callout success %}
An easy way to obtain the proper URI for an Android app is to **use a web browser** to visit the App's page in the Google Play store. The URI for the app will appear in the URL as an `?id=` query parameter (e.g. `https://play.google.com/store/apps/details?id=com.twitter.android`). [Learn more]({{site.baseurl}}/article/blacklisting-uris/#android-app-uris).
An easy way to obtain the proper URI for an Android app is to **use a web browser** to visit the App's page in the Google Play store. The URI for the app will appear in the URL as an `?id=` query parameter (e.g. `https://play.google.com/store/apps/details?id=com.twitter.android`). [Learn more]({{site.baseurl}}/blacklisting-uris/#android-app-uris).
{% endcallout %}
## Match Detection Options

8
_articles/getting-started/create-bitwarden-account.md
View File

@@ -27,7 +27,7 @@ Once you've created your account, prompt Bitwarden to send you a verification em
We recommend using any one of these resources to learn the ropes:
- [Get Started with the Web Vault]({{site.baseurl}}/article/getting-started-webvault/)
- [Get Started with Browser Extensions]({{site.baseurl}}/article/getting-started-browserext/)
- [Get Started with the Mobile Apps]({{site.baseurl}}/article/getting-started-mobile/)
- [Get Started with Desktop Apps]({{site.baseurl}}/article/getting-started-desktop/)
- [Get Started with the Web Vault]({{site.baseurl}}/getting-started-webvault/)
- [Get Started with Browser Extensions]({{site.baseurl}}/getting-started-browserext/)
- [Get Started with the Mobile Apps]({{site.baseurl}}/getting-started-mobile/)
- [Get Started with Desktop Apps]({{site.baseurl}}/getting-started-desktop/)

4
_articles/getting-started/getting-started-mobile.md
View File

@@ -8,8 +8,8 @@ hidden: false
tags: [tutorial, getting started, mobile, android, ios]
order: "04"
redirect_from:
- /article/getting-started-android/
- /article/getting-started-ios/
- /getting-started-android/
- /getting-started-ios/
---
Bitwarden's Mobile App lets you take your password manager on the go. Download Bitwarden from the App Store or Google Play Store, or by navigating to [get.bitwarden.com](https://get.bitwarden.com) on any device.

22
_articles/getting-started/getting-started-organizations.md
View File

@@ -19,25 +19,25 @@ This article will help you get started with a **free 2-person Organization** so
### What are Organizations?
Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/article/sharing/) of Logins, Notes, Cards, and Identities owned by the Organization. Organizations could be a family, team, company or any group of people that needs to securely share data. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/article/user-types-access-control/) can manage the Organization's items, users, and settings:
Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/sharing/) of Logins, Notes, Cards, and Identities owned by the Organization. Organizations could be a family, team, company or any group of people that needs to securely share data. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/user-types-access-control/) can manage the Organization's items, users, and settings:
{% image organizations/org-vault-admin.png Organization Vault %}
#### Comparing Organizations with Premium
The key thing to know is that Organizations enable **secure sharing from Organizations to users**. [Premium Individual plans]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.**
The key thing to know is that Organizations enable **secure sharing from Organizations to users**. [Premium Individual plans]({{site.baseurl}}/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.**
Paid Organizations (Families, Teams, or Enterprise) automatically include those premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), etc.) for **every** user enrolled in the Organization.
## Setup Bitwarden Accounts
Free Bitwarden Organizations allow for 2 users to securely share Organization-owned credentials. You might use a free Organization to share with friend or partner, or to test Organizations before [upgrading to a different plan]({{site.baseurl}}/article/about-bitwarden-plans/).
Free Bitwarden Organizations allow for 2 users to securely share Organization-owned credentials. You might use a free Organization to share with friend or partner, or to test Organizations before [upgrading to a different plan]({{site.baseurl}}/about-bitwarden-plans/).
Bitwarden provides applications on lots of devices, including Browser Extensions, Mobile Apps, Desktop Apps, and a CLI, but for the purposes of this guide we'll focus on the [Web Vault](https://vault.bitwarden.com){:target="\_blank"}. **The Web Vault provides the richest Bitwarden experience** for administering your Organization.
### Sign up for Bitwarden
[Create a Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"}, and make sure that you pick a strong and memorable [Master Password]({{site.baseurl}}/article/master-password/). We even recommend writing down your Master Password and storing it in a safe location.
[Create a Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"}, and make sure that you pick a strong and memorable [Master Password]({{site.baseurl}}/master-password/). We even recommend writing down your Master Password and storing it in a safe location.
{% callout success %}
**Don't forget your Master Password!** Bitwarden is a Zero knowledge/Zero Trust solution, meaning that the team at Bitwarden, as well as Bitwarden systems themselves, have no knowledge of, way to retrieve, or way to reset your Master Password.
@@ -52,7 +52,7 @@ Once your account is created, log in to your [Web Vault](https://vault.bitwarden
In order to use your free 2-person Organization for secure sharing, you'll need to have 2 Bitwarden accounts. Once your first Bitwarden account is setup, follow the same procedure (or help your friend or partner to do so) to setup the other account.
{% callout success %}
Bitwarden Organizations have a deep level of [user-level access controls]({{site.baseurl}}/article/user-types-access-control/). Whichever user you proceed to [setup your Organization](#setup-your-organization) with will be the **Owner**.
Bitwarden Organizations have a deep level of [user-level access controls]({{site.baseurl}}/user-types-access-control/). Whichever user you proceed to [setup your Organization](#setup-your-organization) with will be the **Owner**.
{% endcallout %}
## Setup your Organization
@@ -68,7 +68,7 @@ To setup your Organization:
### Get to know your Organization
Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. As the [Organization Owner]({{site.baseurl}}/article/user-types-access-control/), you'll be able to see your **Vault**, to **Manage** users and [Collections](#get-to-know-collections), to use some Bitwarden **Tools**, and to configure your Organization's **Settings**:
Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. As the [Organization Owner]({{site.baseurl}}/user-types-access-control/), you'll be able to see your **Vault**, to **Manage** users and [Collections](#get-to-know-collections), to use some Bitwarden **Tools**, and to configure your Organization's **Settings**:
{% image getting-started/org-vault.png Organization Vault %}
@@ -79,7 +79,7 @@ Collections are an important part of a Bitwarden Organization; they represent th
{% image getting-started/collections.png Collections %}
{% callout success %}
In a lot of ways, Collections are like the [Folders]({{site.baseurl}}/article/folders/) you might use to organize your Personal Vault. A key difference is that items that [belong to your Organization](#shared-items) **must be included in at least 1 Collection**.
In a lot of ways, Collections are like the [Folders]({{site.baseurl}}/folders/) you might use to organize your Personal Vault. A key difference is that items that [belong to your Organization](#shared-items) **must be included in at least 1 Collection**.
{% endcallout %}
## Add a User to your Organization
@@ -93,7 +93,7 @@ As the Organization Owner, invite a new member:
1. In your Organization Vault, open the **Manage** tab and select the {% icon fa-plus %} **Invite User** button:
{% image organizations/org-people-invite.png %}
2. Enter the **Email** of your second member, which should match the email they [signed up for Bitwarden](#sign-up-for-bitwarden-again) with. You can also choose the [User Type]({{site.baseurl}}/article/user-types-access-control/#user-types) and [Access Controls]({{site.baseurl}}/article/user-types-access-control/#access-control) assigned to this user, including which [Collections](#get-to-know-collections) they can access.
2. Enter the **Email** of your second member, which should match the email they [signed up for Bitwarden](#sign-up-for-bitwarden-again) with. You can also choose the [User Type]({{site.baseurl}}/user-types-access-control/#user-types) and [Access Controls]({{site.baseurl}}/user-types-access-control/#access-control) assigned to this user, including which [Collections](#get-to-know-collections) they can access.
3. Select **Save** to send the invitation to the designated email address.
Once your invitation is sent, inform your new member and help them [accept the invitation](#accept).
@@ -119,7 +119,7 @@ Confirm accepted Organization to complete the loop:
3. Select any `Accepted` users and use the {% icon fa-cog %} gear dropdown to {% icon fa-check %} **Confirm Selected**:
{% image organizations/org-people-options-overlay.png Confirm an Accepted user %}
3. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** &rarr; **My Account**:
3. Verify that the [fingerprint phrase]({{site.baseurl}}/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** &rarr; **My Account**:
{% image fingerprint-phrase.png Sample Fingerprint Phrase %}
@@ -131,7 +131,7 @@ Part of the magic of Bitwarden Organizations is that items that belong to you an
{% image organizations/personal-vault-org-enabled.png Organization-enabled Vault %}
[Collections](#get-to-know-collections) are a lot like [Folders]({{site.baseurl}}/article/folders/) in that they organize the Organization-owned items in your Vault. Like anything else in the **Filters** menu, selecting a Collection will filter listed Vault items down to only the ones in that Collection.
[Collections](#get-to-know-collections) are a lot like [Folders]({{site.baseurl}}/folders/) in that they organize the Organization-owned items in your Vault. Like anything else in the **Filters** menu, selecting a Collection will filter listed Vault items down to only the ones in that Collection.
### Items Shared from an Organization
@@ -143,7 +143,7 @@ Shared items are **owned** by the Organization. This means that anyone with perm
## Move an Item to the Organization
The last step on the road to secure sharing is to create an item and move it to the Organization so it can be shared. An existing [Vault item]({{site.baseurl}}/article/managing-items/#add-a-vault-item) can be moved to the Organization after it's created, but for this guide, we'll focus on creating a **new** Login from your Personal Vault:
The last step on the road to secure sharing is to create an item and move it to the Organization so it can be shared. An existing [Vault item]({{site.baseurl}}/managing-items/#add-a-vault-item) can be moved to the Organization after it's created, but for this guide, we'll focus on creating a **new** Login from your Personal Vault:
1. On the {% icon fa-lock %} **My Vault** page, select the {% icon fa-plus %} **Add Item** button.
2. Fill in all the relevant information for your new Login item (e.g. Username and Password). The item can be anything you want both yourself and the other Organization user to have access to, for example a family streaming account.

36
_articles/getting-started/proof-of-concept.md
View File

@@ -8,28 +8,28 @@ hidden: false
tags: [project guide, poc]
order: "05"
redirect_from:
- /article/bitwarden-proof-of-concept-project-guide/
- /bitwarden-proof-of-concept-project-guide/
---
This guide is designed by our Product, Implementation, and Sales specialists at Bitwarden to help guide your business in running a PoC of Bitwarden. Bitwarden offers a free trial for [Enterprise Organizations]({{site.baseurl}}/article/about-organizations/), and we're confident that spreading out these steps over that time will help shape a successful PoC.
This guide is designed by our Product, Implementation, and Sales specialists at Bitwarden to help guide your business in running a PoC of Bitwarden. Bitwarden offers a free trial for [Enterprise Organizations]({{site.baseurl}}/about-organizations/), and we're confident that spreading out these steps over that time will help shape a successful PoC.
|Day|Action|Key Person|Description|Resource(s)|Duration (hrs)|
|:-:|:----:|:--------:|:---------:|:---------:|:------------:|
|1|Identify an Organization Owner|Organization Owner|[Create a free Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"} for your Organization Owner, who will manage your Organization's settings, structure, and subscription.|[Create your Bitwarden Account]({{site.baseurl}}/article/create-bitwarden-account/)|0.1|
|1|Create your Organization|Organization Owner|[Create a **free Organization** on the Bitwarden Cloud]({{site.baseurl}}/article/getting-started-organizations/#setup-your-organization). Once created, let us know and we'll upgrade you to an Enterprise trial.<br><br>If you're self-hosting, this Organization will be used only for billing purposes.|[Organizations]({{site.baseurl}}/article/about-organizations/)|0.1|
|1|(**Self-hosting only**) Download a License|Organization Owner|If you're self-hosting Bitwarden, a license file enables Enterprise functionality and the right number of seats for your instance.|[License Paid Features]({{site.baseurl}}/article/licensing-on-premise/#organization-license)|0.1|
|1|(**Self-hosting only**) Install Bitwarden|Organization Owner / IT Team|Setup your Bitwarden server. We recommend deploying on Linux for optimal performance and lowest total cost of ownership.|[Install and Deploy]({{site.baseurl}}/article/install-on-premise/)|2.5|
|1|Add Admins|Organization Owners + Admins|Onboard [Admins]({{site.baseurl}}/article/user-types-access-control/) to Bitwarden, who can manage *most* Organization structures. We also recommend adding a second Owner for redundancy.|[User Management]({{site.baseurl}}/article/managing-users/)|0.2|
|2|Create Collections|Organization Owners + Admins|Create [Collections]({{site.baseurl}}/article/about-collections/), which gather items for secure sharing with Groups of users.|[Collections]({{site.baseurl}}/article/about-collections/)|0.25|
|2| Create Groups|Organization Owners + Admins|Create [Groups]({{site.baseurl}}/article/about-groups), which gather users for scalable assignment of permissions and access to Collections.<br><br>If you decide to sync Groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and Group assignments later.|[Groups]({{site.baseurl}}/article/groups/)|0.25|
|2|Assign Groups to Collections|Organization Owners + Admins| Assign Groups to Collections, making shared items available to supersets of users. Test the *Read Only* and *Hide Password* options.|[Collections Assignment]({{site.baseurl}}/article/about-groups/#edit-collections-assignments)|.5|
|2|Share items to Collections|Organization Owners + Admins|[Add items manually]({{site.baseurl}}/article/sharing/#create-an-organization-item) or [import data]({{site.baseurl}}/article/import-to-org/) from another password management application.|[Sharing]({{site.baseurl}}/article/sharing)<br><br>[Import to an Organization]({{site.baseurl}}/article/import-to-org/)|0.25|
|2|Configure Enterprise Policies|Organization Owners + Admins|Enterprise Policies can be used to tailor your Bitwarden Organization to fit your security needs. **Enable and configure desired policies before user onboarding begins.**|[Enterprise Policies]({{site.baseurl}}/article/policies/)|0.1|
|3|Add users to Groups|Organization Owners + Admins|Add a set of users to your Organization manually and assign them to different groups. With these users, you'll broadly test all pre-configured functionality **in the next step**, before moving on to advanced functions like Directory Connector.|[User Management]({{site.baseurl}}/article/managing-users/)<br><br>[Groups]({{site.baseurl}}/article/about-groups/)|0.5|
|3|Download Bitwarden Client Applications|All users|All Organization members should download Bitwarden on an assortment of devices, login, and test access to shared items/Collections/Groups and application of applied Policies. **If you're self-hosting,** users will need to [connect each client to your server]({{site.baseurl}}/article/change-client-environment).|[Download Bitwarden](https://get.bitwarden.com/)|0.5|
|4-6|Configure Login with SSO|Organization Owners + Admins|Configure Bitwarden to authenticate using your SAML 2.0 or OIDC Identity Provider.|[About Login with SSO]({{site.baseurl}}/article/about-sso/)|1.5|
|4-6|Configure and test user onboarding with Directory Connector|Organization Owners + Admins|Download, configure, and test the Bitwarden Directory Connector application, which is used to automatically sync users and groups from your existing directory service (LDAP, AD, etc.)|[About Directory Connector]({{site.baseurl}}/article/directory-sync/)|1.5|
|4-6|Configure Directory Connector for production onboarding|Organization Owners + Admins|Execute on using Directory Connector to invite your remaining users to the Organization.|[Directory Connector Desktop App]({{site.baseurl}}/article/directory-sync-desktop/)|1|
|1|Identify an Organization Owner|Organization Owner|[Create a free Bitwarden account](https://vault.bitwarden.com/#/register){:target="\_blank"} for your Organization Owner, who will manage your Organization's settings, structure, and subscription.|[Create your Bitwarden Account]({{site.baseurl}}/create-bitwarden-account/)|0.1|
|1|Create your Organization|Organization Owner|[Create a **free Organization** on the Bitwarden Cloud]({{site.baseurl}}/getting-started-organizations/#setup-your-organization). Once created, let us know and we'll upgrade you to an Enterprise trial.<br><br>If you're self-hosting, this Organization will be used only for billing purposes.|[Organizations]({{site.baseurl}}/about-organizations/)|0.1|
|1|(**Self-hosting only**) Download a License|Organization Owner|If you're self-hosting Bitwarden, a license file enables Enterprise functionality and the right number of seats for your instance.|[License Paid Features]({{site.baseurl}}/licensing-on-premise/#organization-license)|0.1|
|1|(**Self-hosting only**) Install Bitwarden|Organization Owner / IT Team|Setup your Bitwarden server. We recommend deploying on Linux for optimal performance and lowest total cost of ownership.|[Install and Deploy]({{site.baseurl}}/install-on-premise/)|2.5|
|1|Add Admins|Organization Owners + Admins|Onboard [Admins]({{site.baseurl}}/user-types-access-control/) to Bitwarden, who can manage *most* Organization structures. We also recommend adding a second Owner for redundancy.|[User Management]({{site.baseurl}}/managing-users/)|0.2|
|2|Create Collections|Organization Owners + Admins|Create [Collections]({{site.baseurl}}/about-collections/), which gather items for secure sharing with Groups of users.|[Collections]({{site.baseurl}}/about-collections/)|0.25|
|2| Create Groups|Organization Owners + Admins|Create [Groups]({{site.baseurl}}/about-groups), which gather users for scalable assignment of permissions and access to Collections.<br><br>If you decide to sync Groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and Group assignments later.|[Groups]({{site.baseurl}}/groups/)|0.25|
|2|Assign Groups to Collections|Organization Owners + Admins| Assign Groups to Collections, making shared items available to supersets of users. Test the *Read Only* and *Hide Password* options.|[Collections Assignment]({{site.baseurl}}/about-groups/#edit-collections-assignments)|.5|
|2|Share items to Collections|Organization Owners + Admins|[Add items manually]({{site.baseurl}}/sharing/#create-an-organization-item) or [import data]({{site.baseurl}}/import-to-org/) from another password management application.|[Sharing]({{site.baseurl}}/sharing)<br><br>[Import to an Organization]({{site.baseurl}}/import-to-org/)|0.25|
|2|Configure Enterprise Policies|Organization Owners + Admins|Enterprise Policies can be used to tailor your Bitwarden Organization to fit your security needs. **Enable and configure desired policies before user onboarding begins.**|[Enterprise Policies]({{site.baseurl}}/policies/)|0.1|
|3|Add users to Groups|Organization Owners + Admins|Add a set of users to your Organization manually and assign them to different groups. With these users, you'll broadly test all pre-configured functionality **in the next step**, before moving on to advanced functions like Directory Connector.|[User Management]({{site.baseurl}}/managing-users/)<br><br>[Groups]({{site.baseurl}}/about-groups/)|0.5|
|3|Download Bitwarden Client Applications|All users|All Organization members should download Bitwarden on an assortment of devices, login, and test access to shared items/Collections/Groups and application of applied Policies. **If you're self-hosting,** users will need to [connect each client to your server]({{site.baseurl}}/change-client-environment).|[Download Bitwarden](https://get.bitwarden.com/)|0.5|
|4-6|Configure Login with SSO|Organization Owners + Admins|Configure Bitwarden to authenticate using your SAML 2.0 or OIDC Identity Provider.|[About Login with SSO]({{site.baseurl}}/about-sso/)|1.5|
|4-6|Configure and test user onboarding with Directory Connector|Organization Owners + Admins|Download, configure, and test the Bitwarden Directory Connector application, which is used to automatically sync users and groups from your existing directory service (LDAP, AD, etc.)|[About Directory Connector]({{site.baseurl}}/directory-sync/)|1.5|
|4-6|Configure Directory Connector for production onboarding|Organization Owners + Admins|Execute on using Directory Connector to invite your remaining users to the Organization.|[Directory Connector Desktop App]({{site.baseurl}}/directory-sync-desktop/)|1|
## Deployment Best Practices
@@ -39,7 +39,7 @@ We've seen a lot of deployments and have found that taking the following actions
|:-:|:----:|:--------:|:---------:|:---------:|:------------:|
|4-6|Determine timeline for rollout to first-wave users|Senior Leadership & Security teams|There are lots of different strategies for rolling out Bitwarden. Take things at whatever pace best suits your team.| | |
|7|Craft internal messaging about Bitwarden rollout|Internal Training & Managers|Bitwarden provides a lot of resources to help users quickly adopt, check some out on [Youtube](http://youtube.com/bitwarden) and on the [Help Center](https://bitwarden.com/help/).|[Youtube](http://youtube.com/bitwarden)<br><br>[Help Center](https://bitwarden.com/help/)||
|7|Communicate to internal leaders about Password Management policies|Internal leaders / Security teams|Make sure your teams know about any [Enterprise Policies]({{site.baseurl}}/article/policies), [2FA]({{site.baseurl}}/article/setup-two-step-login-duo/) or [SSO]({{site.baseurl}}/article/about-sso/) requirements, and password management best practices.| | |
|7|Communicate to internal leaders about Password Management policies|Internal leaders / Security teams|Make sure your teams know about any [Enterprise Policies]({{site.baseurl}}/policies), [2FA]({{site.baseurl}}/setup-two-step-login-duo/) or [SSO]({{site.baseurl}}/about-sso/) requirements, and password management best practices.| | |
| | | | | | |
| | | | |**Total Hours (Cloud-hosted)**|**7.35**|
| | | | |**Total Hours (Self-hosted)**|**9.85**|

56
_articles/getting-started/releasenotes.md
View File

@@ -41,21 +41,21 @@ If you're not ready to start a Provider, the Bitwarden team is eager to support
The latest release of Bitwarden is focused on enabling Managed Service Providers (MSPs) to support their customers' password management needs:
- **Provider Portal**: The Provider Portal allows Managed Service Providers (MSPs) and Resellers to create and administer Organizations on behalf of customers. Using the Portal, Providers can seamlessly support credential management across multiple customers (see [here]({{site.baseurl}}/article/getting-started-providers/) for details).
- **Provider Portal**: The Provider Portal allows Managed Service Providers (MSPs) and Resellers to create and administer Organizations on behalf of customers. Using the Portal, Providers can seamlessly support credential management across multiple customers (see [here]({{site.baseurl}}/getting-started-providers/) for details).
- **Share Verbiage Change**: We've updated the {% icon fa-share-alt %} **Share** button to {% icon fa-arrow-circle-o-right %} **Move to Organization** to make it cleared that shared items are owned by the Organization. Additionally, we've updated the "shared item" indicator ({% icon fa-share-alt %}) to match the Collections indicator ({% icon fa-cube %}).
- **CLI `move` Command**: In keeping with the above item, the CLI `share` command has been changed to `move` (see [here]({{site.baseurl}}/article/cli/#move) for details).
- **CLI `move` Command**: In keeping with the above item, the CLI `share` command has been changed to `move` (see [here]({{site.baseurl}}/cli/#move) for details).
## 2021-06-29
The Bitwarden team is happy to announce the rollout of Admin Password Reset, the latest feature purpose-built to help enterprises seeking to ensure password security at scale. This release includes:
- **Admin Password Reset**: Enterprise Organizations can enroll in Admin Password Reset to allow designated administrators to reset the Master Password of Organization users (see [here]({{site.baseurl}}/article/admin-reset/) for details).
- **Master Password Re-prompt**: Use the new Master Password re-prompt option to require verification of your Master Password to access sensitive Vault items as designated by the user (see [here]({{site.baseurl}}/article/managing-items/#protect-individual-items) for details).
- **Bulk User Management**: Organization Owners and Admins can now re-send invitations, confirm accepted users, and remove users from an Organization in-bulk (see [here]({{site.baseurl}}/article/managing-users/#onboard-users) for details).
- **Event Log Export**: Export event logs directly from the Web Vault (see [here]({{site.baseurl}}/article/event-logs/#export-events) for details).
- **Directory Connector API Key Authentication**: Starting with this release, users of Directory Connector will need to use the [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) to login.
- **Directory Connector Sync Limit Increase**: Directory Connector can now sync an unlimited number of users or groups, where previously the limit was set at 2000 of either. To sync more than 2000 users or groups, toggle the new Sync Option (see [here]({{site.baseurl}}/article/user-group-filters/#large-syncs) for details).
- **Autofill On Page Load Enhancements**: The Browser Extension's Auto-fill on page load feature has been upgraded to more flexibly fit users' unique needs (see [here]({{site.baseurl}}/article/auto-fill-browser/#on-page-load) for details).
- **Admin Password Reset**: Enterprise Organizations can enroll in Admin Password Reset to allow designated administrators to reset the Master Password of Organization users (see [here]({{site.baseurl}}/admin-reset/) for details).
- **Master Password Re-prompt**: Use the new Master Password re-prompt option to require verification of your Master Password to access sensitive Vault items as designated by the user (see [here]({{site.baseurl}}/managing-items/#protect-individual-items) for details).
- **Bulk User Management**: Organization Owners and Admins can now re-send invitations, confirm accepted users, and remove users from an Organization in-bulk (see [here]({{site.baseurl}}/managing-users/#onboard-users) for details).
- **Event Log Export**: Export event logs directly from the Web Vault (see [here]({{site.baseurl}}/event-logs/#export-events) for details).
- **Directory Connector API Key Authentication**: Starting with this release, users of Directory Connector will need to use the [Organization API Key]({{site.baseurl}}/public-api/#authentication) to login.
- **Directory Connector Sync Limit Increase**: Directory Connector can now sync an unlimited number of users or groups, where previously the limit was set at 2000 of either. To sync more than 2000 users or groups, toggle the new Sync Option (see [here]({{site.baseurl}}/user-group-filters/#large-syncs) for details).
- **Autofill On Page Load Enhancements**: The Browser Extension's Auto-fill on page load feature has been upgraded to more flexibly fit users' unique needs (see [here]({{site.baseurl}}/auto-fill-browser/#on-page-load) for details).
- **More CLI Options**: We've added a few new CLI options, including easy retrieval of Vault item notes (`bw get notes <id>`) and the ability to set maximum access count for Sends (`bw send create --maxAccessCount <#>`).
- **Web Developer Autofill Exclusion**: Web Development contributors can now prevent the Browser Extension from auto-filling a given form element by adding a `data-bwignore` attribute (e.g. `data-bwignore="true"`) to an `<input>` element.
@@ -63,19 +63,19 @@ The Bitwarden team is happy to announce the rollout of Admin Password Reset, the
The Bitwarden team is pleased to release a set of features and updates continuing our mission of making password management easy and accessible for individuals and businesses:
- **Privacy & Security Options for Send**: Use a new Send Privacy option to hide your email from recipients (see [here]({{site.baseurl}}/article/send-privacy/#hide-email) for details). To prevent abuse, File Sends will now require a verified email address. Additionally, Enterprise Organizations can implement a new policy to set the availability of the Hide Email option (see [here]({{site.baseurl}}/article/policies/#send-options) for details).
- **FIDO Updates & Expanded Support**: Our FIDO implementation has been upgraded from FIDO U2F to FIDO2 WebAuthn, but existing FIDO U2F keys will retain their integrity. FIDO support has been expanded to more Browser Extensions and the Windows Desktop App (see [here]({{site.baseurl}}/article/setup-two-step-login-fido/) for details).
- **Custom Fields for Keys**: Custom Field values have been upgraded to support up to 5000 characters, allowing storage of keys like RSA 4096-bit SSH keys (see [here]({{site.baseurl}}/article/custom-fields/#custom-fields-for-keys) for details).
- **Privacy & Security Options for Send**: Use a new Send Privacy option to hide your email from recipients (see [here]({{site.baseurl}}/send-privacy/#hide-email) for details). To prevent abuse, File Sends will now require a verified email address. Additionally, Enterprise Organizations can implement a new policy to set the availability of the Hide Email option (see [here]({{site.baseurl}}/policies/#send-options) for details).
- **FIDO Updates & Expanded Support**: Our FIDO implementation has been upgraded from FIDO U2F to FIDO2 WebAuthn, but existing FIDO U2F keys will retain their integrity. FIDO support has been expanded to more Browser Extensions and the Windows Desktop App (see [here]({{site.baseurl}}/setup-two-step-login-fido/) for details).
- **Custom Fields for Keys**: Custom Field values have been upgraded to support up to 5000 characters, allowing storage of keys like RSA 4096-bit SSH keys (see [here]({{site.baseurl}}/custom-fields/#custom-fields-for-keys) for details).
- **File Size Increases**: You can now create File Attachments or File Sends that are up to 500 MB each. Due to device restrictions, the old 100 MB limit is still in place for Mobile Apps.
{% callout warning %}As a result of the Attachment upgrade, Attachments uploaded on the newest clients cannot be opened on older client versions. If you find you're unable to access a recently-created Attachment, upgrade your client to the newest version. (**Hint:** The Cloud Web Vault is *always* on the newest version.)<br><br>**Frozen or legacy client versions**, including the Safari 13 (or earlier) macOS Desktop App & App Extension, will not support accessing these attachments.{% endcallout %}
- **Disable Browser Extension Counter**: Disable the Browser Extension badge counter using a new toggle in the {% icon fa-cogs %} **Settings** &rarr; **Options** menu (see [here]({{site.baseurl}}/article/auto-fill-browser/) for details).
- **Biometrics for Safari**: The Safari Web Extension now includes support for Unlock with Biometrics for Safari 14+ (see [here]({{site.baseurl}}/article/biometrics/) for details).
- **Disable Browser Extension Counter**: Disable the Browser Extension badge counter using a new toggle in the {% icon fa-cogs %} **Settings** &rarr; **Options** menu (see [here]({{site.baseurl}}/auto-fill-browser/) for details).
- **Biometrics for Safari**: The Safari Web Extension now includes support for Unlock with Biometrics for Safari 14+ (see [here]({{site.baseurl}}/biometrics/) for details).
- **Search Internationalization**: Vaults can now be searched against 1 character, improving the experience for languages with 1-character words like Simplified and Traditional Chinese.
- **Sorted Weak Passwords Report**: The Weak Passwords Report is now sorted by the severity of the password's weakness (see [here]({{site.baseurl}}/article/reports/#weak-passwords-report) for details)
- **Sorted Weak Passwords Report**: The Weak Passwords Report is now sorted by the severity of the password's weakness (see [here]({{site.baseurl}}/reports/#weak-passwords-report) for details)
{% callout success %}
Since implementing [Soft Delete]({{site.baseurl}}/article/managing-items/#items-in-the-trash) back in 2020, we've been patient to take out the Trash. **Starting 5/15/2021**, we'll activate the nightly job that will permanently delete items that have been in your trash for 30 days or more.
Since implementing [Soft Delete]({{site.baseurl}}/managing-items/#items-in-the-trash) back in 2020, we've been patient to take out the Trash. **Starting 5/15/2021**, we'll activate the nightly job that will permanently delete items that have been in your trash for 30 days or more.
Prior to 5/15/2021, we recommend digging through your Trash for anything you might want to Restore!
{% endcallout %}
@@ -87,7 +87,7 @@ Bitwarden is proud to announce the release of Bitwarden Send, and end-to-end enc
- **Bitwarden Send**: Bitwarden Send is end-to-end encrypted solution for ephemeral sharing. There's lot of material about Send on our website and Help Center, but you can start [here](https://bitwarden.com/products/send){:target="\_blank"} or [here]({% link _articles/send/about-send.md %}).
- **FIDO U2F Support for Edge**: Two-step Login via FIDO U2F is now available for the Web Vault and Browser Extensions in Microsoft Edge (see [here]({% link _articles/two-step-login/setup-two-step-login-fido.md %}) for details).
- **Domain Exclusion in Browser Extensions**: Bitwarden Browser Extensions can now be configured with domains to explicitly not offer to remember passwords for (see [here]({% link _articles/miscellaneous/exclude-domains.md %}) for details).
- **Improved Import Error Messages**: We've had lots of folks migrating to Bitwarden recently, so we cleaned up an import error message to help you reconcile issues faster (see [here]({{site.baseurl}}/article/import-data/#length-related-import-errors) for details).
- **Improved Import Error Messages**: We've had lots of folks migrating to Bitwarden recently, so we cleaned up an import error message to help you reconcile issues faster (see [here]({{site.baseurl}}/import-data/#length-related-import-errors) for details).
- **Safari Web Extension Port**: Our Safari App Extension has officially been ported to a Web Extension for use with Safari 14+. Due to changes to Safari, Web Extension use is now limited to only those obtained through Mac App Store downloads (see [here]({% link _articles/account/install-safari-app-extension.md %}) for details).
## 2021-01-19 Post-Release Update
@@ -95,7 +95,7 @@ Bitwarden is proud to announce the release of Bitwarden Send, and end-to-end enc
{% callout info %}
Biometric Unlock for Browser Extensions is available for **only Chromium-based browsers** (e.g. Chrome, Edge) with v1.48.0 of the Browser Extension, provided you have the latest version (2021-01-19) of the Desktop App.
When your Browser Extension updates to this version, you may be asked to accept a new permission for Bitwarden to `Communicate with cooperating native applications`. This permission is safe, but **optional**, and will enable the Browser Extension to communicate with the Bitwarden Desktop App, which is required to enable Biometric Unlock (see [here](https://bitwarden.com/help/article/biometrics/#browser-extensions) for details). Declining this permission will allow you to use v1.48.0 without Biometric Unlock functionality.
When your Browser Extension updates to this version, you may be asked to accept a new permission for Bitwarden to `Communicate with cooperating native applications`. This permission is safe, but **optional**, and will enable the Browser Extension to communicate with the Bitwarden Desktop App, which is required to enable Biometric Unlock (see [here](https://bitwarden.com/help/biometrics/#browser-extensions) for details). Declining this permission will allow you to use v1.48.0 without Biometric Unlock functionality.
**Biometric Unlock is currently not available for:**
- Firefox Browser Extensions below version 87.
@@ -109,14 +109,14 @@ The Bitwarden team is investigating these and will provide updates as things pro
For the first major release of 2021, the Bitwarden team combined multiple major enhancements to address the critical needs of all users, including:
- **Emergency Access**: Bitwarden's new Emergency Access feature enables users to designate and manage trusted emergency contacts, who may request access to their Vault in a Zero Knowledge/Zero Trust environment (see [here]({% link _articles/security/emergency-access.md %}) for details).
- **Encrypted Exports**: Personal users and Organizations can now export Vault data in an encrypted `.json` file (see [here]({% link _articles/importing/encrypted-export.md %}) for details).
- **New Role**: A Custom role is now available to allow for granular control over user permissions (see [here](https://bitwarden.com/help/article/user-types-access-control/#custom-role) for details).
- **New Enterprise Policy**: The Personal Ownership policy is now available for use by Enterprise Organization (see [here](https://bitwarden.com/help/article/policies/#personal-ownership) for details).
- **Biometric Unlock for Browser Extensions**: Using an integration with a native Desktop application, you can now use Biometric input to unlock Chromium-based Browser Extensions (see [here](https://bitwarden.com/help/article/biometrics/#browser-extensions) for details).
- **New Role**: A Custom role is now available to allow for granular control over user permissions (see [here](https://bitwarden.com/help/user-types-access-control/#custom-role) for details).
- **New Enterprise Policy**: The Personal Ownership policy is now available for use by Enterprise Organization (see [here](https://bitwarden.com/help/policies/#personal-ownership) for details).
- **Biometric Unlock for Browser Extensions**: Using an integration with a native Desktop application, you can now use Biometric input to unlock Chromium-based Browser Extensions (see [here](https://bitwarden.com/help/biometrics/#browser-extensions) for details).
## 2020-11-12
The latest release of Bitwarden adds SSO-related enhancements to all client applications, including:
- **New Enterprise Policies:** The Single Organization and Single Sign-On Authentication polices are now available for use by Enterprise Organizations (see [here](https://bitwarden.com/help/article/policies/) for details).
- **API Key for CLI:** Authenticate into the Bitwarden CLI using an API Key newly available from your Web Vault (see [here](https://bitwarden.com/help/article/personal-api-key/) for details).
- **New Enterprise Policies:** The Single Organization and Single Sign-On Authentication polices are now available for use by Enterprise Organizations (see [here](https://bitwarden.com/help/policies/) for details).
- **API Key for CLI:** Authenticate into the Bitwarden CLI using an API Key newly available from your Web Vault (see [here](https://bitwarden.com/help/personal-api-key/) for details).
- **Improvements to SSO Onboarding:** We've made some improvements to the way users are onboarded via SSO to prevent potential security risks (see [here](https://github.com/bitwarden/server/pull/945) for details).
- **GDPR Acknowledgement:** From now on, new users of Bitwarden will be asked to acknowledge a Privacy Policy on registration.
- **Android 11 Inline Auto-fill**: For devices using Android 11+, enabling the Auto-fill Service will display suggestions inline for IMEs that also support [this feature](https://developer.android.com/guide/topics/text/ime-autofill#workflow) (see [here](https://github.com/bitwarden/mobile/pull/1145) for details).
@@ -128,8 +128,8 @@ The latest release of Bitwarden adds much-anticipated **Login with SSO** functio
The following items were released between March and September of 2020.
- [Enterprise Policies](https://bitwarden.com/help/article/policies/)
- [Vault Timeout Options](https://bitwarden.com/help/article/vault-timeout/)
- [Trash functionality](https://bitwarden.com/help/article/managing-items/#deleting-an-item)
- [Password View Permissions - "Hide Passwords"](https://bitwarden.com/help/article/user-types-access-control/#granular-access-control)
- [Touch ID / Windows Hello for Desktop Applications](https://bitwarden.com/help/article/biometrics/#desktop-applications)
- [Enterprise Policies](https://bitwarden.com/help/policies/)
- [Vault Timeout Options](https://bitwarden.com/help/vault-timeout/)
- [Trash functionality](https://bitwarden.com/help/managing-items/#deleting-an-item)
- [Password View Permissions - "Hide Passwords"](https://bitwarden.com/help/user-types-access-control/#granular-access-control)
- [Touch ID / Windows Hello for Desktop Applications](https://bitwarden.com/help/biometrics/#desktop-applications)

2
_articles/hosting/backup-on-premise.md
View File

@@ -14,7 +14,7 @@ When self-hosting Bitwarden, you are responsible for implementing your own backu
Bitwarden's Docker containers use volume mapping to persist all important data on the host machine, meaning stopping your containers will not delete any data. Docker containers, on the other hand, are to be considered ephemeral and do not persist data or state.
All Bitwarden data is stored on the host machine in the `./bwdata` directory, relative to the location in which you installed Bitwarden. For more information, see [Install and Deploy](https://bitwarden.com/help/article/install-on-premise/#install-bitwarden).
All Bitwarden data is stored on the host machine in the `./bwdata` directory, relative to the location in which you installed Bitwarden. For more information, see [Install and Deploy](https://bitwarden.com/help/install-on-premise/#install-bitwarden).
## Backup Hosted Data

4
_articles/hosting/configure-clients.md
View File

@@ -46,7 +46,7 @@ Most Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solu
To centrally configure the Desktop app for deployment, first complete the following steps on a single workstation:
1. Install the Desktop app. If you're using Windows, silent install Bitwarden using `installer.exe /S` (see [NSIS documentation](https://nsis.sourceforge.io/Docs/Chapter4.html#silent){:target="\_blank"}).
2. Navigate to the Desktop app's locally stored settings. This directory is different depending on your OS (e.g. `%AppData%\Bitwarden` on Windows, `~/Library/Application Support/Bitwarden` on macOS). [Find your directory.]({{site.baseurl}}/article/data-storage/)
2. Navigate to the Desktop app's locally stored settings. This directory is different depending on your OS (e.g. `%AppData%\Bitwarden` on Windows, `~/Library/Application Support/Bitwarden` on macOS). [Find your directory.]({{site.baseurl}}/data-storage/)
3. In the directory, open the `data.json` file.
4. Edit `data.json` to configure the Desktop app as desired. In particular, create the following object to configure the app with your self-hosted Server URL:
@@ -76,7 +76,7 @@ To centrally configure the Desktop app for deployment, first complete the follo
While it is possible to deploy Bitwarden Browser Extensions using an endpoint management solution like [Jamf](https://www.jamf.com/){:target="\_blank"} or Microsoft Endpoint Manager (formerly SCCM), it is currently **not possible** to alter the configuration in this way.
Instruct your end-users to follow [these steps]({{site.baseurl}}/article/change-client-environment/#browser-extensions-desktop-apps-and-mobile-apps) to connect a Browser Extension to your self-hosted server.
Instruct your end-users to follow [these steps]({{site.baseurl}}/change-client-environment/#browser-extensions-desktop-apps-and-mobile-apps) to connect a Browser Extension to your self-hosted server.
{% endcapture %}
{{ browser_extension | markdownify}}

2
_articles/hosting/environment-variables.md
View File

@@ -22,7 +22,7 @@ The following variables are among those that already exist in `global.override.e
|Variable|Description|
|--------|-----------|
|globalSettings__sqlServer__connectionString=|Use this field to [connect to an exernal MSSQL database]({{site.baseurl}}/article/external-db/).|
|globalSettings__sqlServer__connectionString=|Use this field to [connect to an exernal MSSQL database]({{site.baseurl}}/external-db/).|
|globalSettings__oidcIdentityClientKey=|A randomly generated OpenID Connect client key. For more information, see [OpenID Documentation](https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse){:target="\_blank"}.|
|globalSettings__duo__aKey=|A randomly generated Duo akey. For more information, see [Duo's Documentation](https://duo.com/docs/duoweb#1.-generate-an-akey){:target="\_blank"}.|
|globalSettings__yubico__clientId=|Client ID for YubiCloud Validation Service or Self-hosted Yubico Validation Server.<br><br>If YubiCloud, get your Client ID and Secret Key [here](https://upgrade.yubico.com/getapikey/){:target="\_blank"}.<br><br>If self-hosted, see Optional Variable `globalSettings__yubico__validationUrls`.|

4
_articles/hosting/external-db.md
View File

@@ -8,7 +8,7 @@ tags: [hosting, database, mssql]
order: "12"
---
By default, self-hosted instances of Bitwarden will use a Microsoft SQL Server (MSSQL) database created as a normal part of [installation setup]({{site.baseurl}}/article/install-on-premise), however you configure Bitwarden to use an external MSSQL database.
By default, self-hosted instances of Bitwarden will use a Microsoft SQL Server (MSSQL) database created as a normal part of [installation setup]({{site.baseurl}}/install-on-premise), however you configure Bitwarden to use an external MSSQL database.
{% callout info %}
Currently, self-hosted installations of Bitwarden support **only** MSSQL databases. Stay tuned for future updates on this topic.
@@ -36,7 +36,7 @@ To setup your self-hosted instance with an external database:
{% comment %}
6. Run `./bitwarden.sh updatedb` to migrate the **database schema**.
{% callout success %}`updatedb` does not migrate data, it only migrates the database schema. To move existing data to the new database, [restore a backup]({{site.baseurl}}/article/backup-on-premise/#restore-a-nightly-backup) from `./bwdata/mssql/backups`.{% endcallout %}
{% callout success %}`updatedb` does not migrate data, it only migrates the database schema. To move existing data to the new database, [restore a backup]({{site.baseurl}}/backup-on-premise/#restore-a-nightly-backup) from `./bwdata/mssql/backups`.{% endcallout %}
{% endcomment %}
Once the above steps are complete, you can test the connection by creating a new user through the Web Vault and querying the external `vault` database for creation of the new user.

6
_articles/hosting/install-on-premise.md
View File

@@ -33,7 +33,7 @@ The following is a summary of the Installation Procedure in this article. Links
2. [**Install Docker and Docker Compose**](#install-docker-and-docker-compose) on your machine, and complete the optional [**Docker Post-Installation**](#docker-post-installation-linux-only).
3. Retrieve an installation id and key from [**https://bitwarden.com/host**](https://bitwarden.com/host){:target="_blank"} for use in installation.
For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/article/hosting-faqs/#general).
For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/hosting-faqs/#general).
4. [**Install Bitwarden**](#install-bitwarden) on your machine.
5. [**Configure your Environment**](#configure-your-environment) by adjusting settings in `./bwdata/env/global.override.env`.
{% callout success %}At a minimum, configure the `globalSettings__mail__smtp...` variables to setup an email server for inviting and verifying users.{% endcallout %}
@@ -146,10 +146,10 @@ Bitwarden provides a shell script for easy installation on Linux and macOS (Bash
- **Enter your installation id:**
Retrieve an installation id using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/article/hosting-faqs/#general).
Retrieve an installation id using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/hosting-faqs/#general).
- **Enter your installation key:**
Retrieve an installation key using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/article/hosting-faqs/#general).
Retrieve an installation key using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/help/hosting-faqs/#general).
- **Do you have a SSL certificate to use? (y/n):**
If you already have your own SSL certificate, specify `y` and place the necessary files in the `.bwdata/ssl/your.domain` directory. You will be asked whether it is a trusted SSL certificate (y/n). For more information, see [Certificate Options]({% link _articles/hosting/certificates.md %}).

6
_articles/hosting/licensing-on-premise.md
View File

@@ -28,7 +28,7 @@ To retrieve your license from your Cloud account and apply it to your self-hoste
1. Log in to your self-hosted Web Vault with an email address that matches the Cloud-hosted account from which you downloaded the license.
{% callout success %}If you haven't already, verify your email address before proceeding. You will need to have [configured SMTP-related environment variables]({{site.baseurl}}/article/environment-variables) to do so.{% endcallout %}
{% callout success %}If you haven't already, verify your email address before proceeding. You will need to have [configured SMTP-related environment variables]({{site.baseurl}}/environment-variables) to do so.{% endcallout %}
2. Select the **Settings** tab from the top navigation.
3. Select **Go Premium** from the left menu.
4. In the License File section, select the **Browse...** button and add the downloaded license file.
@@ -39,7 +39,7 @@ To retrieve your license from your Cloud account and apply it to your self-hoste
To retrieve your Organization license from your Cloud Organization and apply it to you self-hosted server:
{% callout info %}
You must be an [Organization Owner]({{site.baseurl}}/article/user-types-access-control) to both retrieve and apply a license.
You must be an [Organization Owner]({{site.baseurl}}/user-types-access-control) to both retrieve and apply a license.
{% endcallout %}
#### Retrieve your License
@@ -65,4 +65,4 @@ Once downloaded, open your self-hosted Web Vault and update the license from the
{% image hosting/update-license.png Update a self-hosting license %}
If you receive a `version not supported` error message, you'll need to update your server before proceeding. Make a backup or copy of the `bwdata` directory, then follow [these instructions]({{site.baseurl}}/article/updating-on-premise/).
If you receive a `version not supported` error message, you'll need to update your server before proceeding. Make a backup or copy of the `bwdata` directory, then follow [these instructions]({{site.baseurl}}/updating-on-premise/).

50
_articles/hosting/migration.md
View File

@@ -29,32 +29,32 @@ This article will walk you through procedures for transitioning from Cloud to Se
To migrate from the Cloud to a self-hosted server:
1. [Install and deploy]({{site.baseurl}}/article/install-on-premise) Bitwarden to your server. At a high-level, this procedure involves:
1. [Install and deploy]({{site.baseurl}}/install-on-premise) Bitwarden to your server. At a high-level, this procedure involves:
1. [Configuring a domain]({{site.baseurl}}/article/install-on-premise/#configure-your-domain) for Bitwarden.
2. Installing [Docker and Docker Compose]({{site.baseurl}}/article/install-on-premise/#install-docker-and-docker-compose).
3. Running the [installation shell script]({{site.baseurl}}/article/install-on-premise/#install-bitwarden).
4. [Configuring your environment]({{site.baseurl}}/article/install-on-premise/#configure-your-environment) to setup the Admin Portal, an SMTP Server connection, and more.
1. [Configuring a domain]({{site.baseurl}}/install-on-premise/#configure-your-domain) for Bitwarden.
2. Installing [Docker and Docker Compose]({{site.baseurl}}/install-on-premise/#install-docker-and-docker-compose).
3. Running the [installation shell script]({{site.baseurl}}/install-on-premise/#install-bitwarden).
4. [Configuring your environment]({{site.baseurl}}/install-on-premise/#configure-your-environment) to setup the Admin Portal, an SMTP Server connection, and more.
2. Start your server by running `./bitwarden.sh start`.
3. Open the Cloud Web Vault and [download your license]({{site.baseurl}}/article/licensing-on-premise).
3. Open the Cloud Web Vault and [download your license]({{site.baseurl}}/licensing-on-premise).
{% callout success %}There are separate files for an [Organization license]({{site.baseurl}}/article/licensing-on-premise/#organization-license) and an [Individual license]({{site.baseurl}}/article/licensing-on-premise/#individual-license). **You don't need both license files.** If you're migrating an Organization, you only need to retrieve the Organization license and must be an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/) to do so.{% endcallout %}
4. Still in the Cloud Web Vault, [export your personal Vault data]({{site.baseurl}}/article/export-your-data/#export-a-personal-vault) or [export your Organization Vault data]({{site.baseurl}}/article/export-your-data/#export-an-organization-vault). If you're migrating an Organization, encourage your end-users to export their Personal Vaults as well.
{% callout success %}There are separate files for an [Organization license]({{site.baseurl}}/licensing-on-premise/#organization-license) and an [Individual license]({{site.baseurl}}/licensing-on-premise/#individual-license). **You don't need both license files.** If you're migrating an Organization, you only need to retrieve the Organization license and must be an [Organization Owner]({{site.baseurl}}/user-types-access-control/) to do so.{% endcallout %}
4. Still in the Cloud Web Vault, [export your personal Vault data]({{site.baseurl}}/export-your-data/#export-a-personal-vault) or [export your Organization Vault data]({{site.baseurl}}/export-your-data/#export-an-organization-vault). If you're migrating an Organization, encourage your end-users to export their Personal Vaults as well.
5. Open your self-hosted Web Vault and create an account. This account **must use the same email address** as the Cloud account you downloaded the license with.
5. Still in your self-hosted Web Vault, upload your [license]({{site.baseurl}}/article/licensing-on-premise).
5. Still in your self-hosted Web Vault, upload your [license]({{site.baseurl}}/licensing-on-premise).
{% callout success %}There are separate locations in which to upload an [Organization license]({{site.baseurl}}/article/licensing-on-premise/#organization-license) versus an [Individual license]({{site.baseurl}}/article/licensing-on-premise/#individual-license). As before, only upload the one that's relevant for you.{% endcallout %}
6. Still in the self-hosted Web Vault, import data to your [Personal Vault]({{site.baseurl}}/article/import-your-data/) or [Organization Vault]({{site.baseurl}}/article/import-to-org/).
{% callout success %}There are separate locations in which to upload an [Organization license]({{site.baseurl}}/licensing-on-premise/#organization-license) versus an [Individual license]({{site.baseurl}}/licensing-on-premise/#individual-license). As before, only upload the one that's relevant for you.{% endcallout %}
6. Still in the self-hosted Web Vault, import data to your [Personal Vault]({{site.baseurl}}/import-your-data/) or [Organization Vault]({{site.baseurl}}/import-to-org/).
{% callout info %}Importing data to an Organization will automatically re-create your [Collections]({{site.baseurl}}/article/about-collections/) and add the relevant Vault items to them.{% endcallout %}
{% callout info %}Importing data to an Organization will automatically re-create your [Collections]({{site.baseurl}}/about-collections/) and add the relevant Vault items to them.{% endcallout %}
#### Organizations-only Next Steps
If you're migrating an Organization to a self-hosted server, continue with the following steps:
1. (**Enterprise Organizations Only**) Re-implement your [Enterprise Policy]({{site.baseurl}}/article/policies) specifications and/or configure [Login with SSO]({{site.baseurl}}/article/about-sso/).
2. Manually [re-create user Groups]({{site.baseurl}}/article/about-groups/#create-a-group) in your self-hosted Web Vault and assign them to the proper Collections.
3. Start [inviting users to your Organization]({{site.baseurl}}/article/managing-users/#invite) manually or using [Directory Connector]({{site.baseurl}}/article/directory-sync).
1. (**Enterprise Organizations Only**) Re-implement your [Enterprise Policy]({{site.baseurl}}/policies) specifications and/or configure [Login with SSO]({{site.baseurl}}/about-sso/).
2. Manually [re-create user Groups]({{site.baseurl}}/about-groups/#create-a-group) in your self-hosted Web Vault and assign them to the proper Collections.
3. Start [inviting users to your Organization]({{site.baseurl}}/managing-users/#invite) manually or using [Directory Connector]({{site.baseurl}}/directory-sync).
{% endcapture %}
{{ mobile_info | markdownify}}
@@ -66,25 +66,25 @@ If you're migrating an Organization to a self-hosted server, continue with the f
To migrate from a self-hosted server to the Cloud:
1. Create a full backup of the `./bwdata` directory of your self-hosted Bitwarden server. In particular, you will need access to `./bwdata/core/attachments` to manually upload [file attachments]({{site.baseurl}}/article/attachments/) to the Cloud (**Step 5**).
1. Create a full backup of the `./bwdata` directory of your self-hosted Bitwarden server. In particular, you will need access to `./bwdata/core/attachments` to manually upload [file attachments]({{site.baseurl}}/attachments/) to the Cloud (**Step 5**).
{% callout success %} If users are exporting their Personal Vaults over a period of time, you may need to re-sync the items from your `./bwdata/core/attachments` directory to your backup location and upload any new items in the event that they change during the cut-over period.{% endcallout %}
2. In your self-hosted Web Vault, [export your personal Vault data]({{site.baseurl}}/article/export-your-data/#export-a-personal-vault) or [export your Organization Vault data]({{site.baseurl}}/article/export-your-data/#export-an-organization-vault). If you're migrating an Organization, encourage your end-users to export their Personal Vaults as well.
2. In your self-hosted Web Vault, [export your personal Vault data]({{site.baseurl}}/export-your-data/#export-a-personal-vault) or [export your Organization Vault data]({{site.baseurl}}/export-your-data/#export-an-organization-vault). If you're migrating an Organization, encourage your end-users to export their Personal Vaults as well.
3. Open the Cloud Web Vault. Most users will have previously created Cloud accounts for billing purposes, so log in to that account. If you were previously a free user without a Cloud account for billing, create an account now.
{% callout success %}If you're migrating an Organization, you'll already have a Cloud Organization established for billing and licensing purposes. For smoothest transition, we recommend using this already-established Organization rather than [creating a new one]({{site.baseurl}}/article/about-organizations/#create-an-organization).{% endcallout %}
4. Still in the self-hosted Web Vault, import data to your [Personal Vault]({{site.baseurl}}/article/import-your-data/) or [Organization Vault]({{site.baseurl}}/article/import-to-org/).
{% callout success %}If you're migrating an Organization, you'll already have a Cloud Organization established for billing and licensing purposes. For smoothest transition, we recommend using this already-established Organization rather than [creating a new one]({{site.baseurl}}/about-organizations/#create-an-organization).{% endcallout %}
4. Still in the self-hosted Web Vault, import data to your [Personal Vault]({{site.baseurl}}/import-your-data/) or [Organization Vault]({{site.baseurl}}/import-to-org/).
{% callout info %}Importing data to an Organization will automatically re-create your [Collections]({{site.baseurl}}/article/about-collections/) and add the relevant Vault items to them.{% endcallout %}
5. Manually upload [file attachments]({{site.baseurl}}/article/attachments/) to your Personal or Organization Vault.
{% callout info %}Importing data to an Organization will automatically re-create your [Collections]({{site.baseurl}}/about-collections/) and add the relevant Vault items to them.{% endcallout %}
5. Manually upload [file attachments]({{site.baseurl}}/attachments/) to your Personal or Organization Vault.
#### Organizations-only Next Steps
If you're migrating an Organization to the Cloud, continue with the following steps:
1. (**Enterprise Organizations Only**) Re-implement your [Enterprise Policy]({{site.baseurl}}/article/policies) specifications and/or configure [Login with SSO]({{site.baseurl}}/article/about-sso/).
2. Manually [re-create user Groups]({{site.baseurl}}/article/about-groups/#create-a-group) in the Cloud and assign them to the proper Collections.
3. Start [inviting users to your Organization]({{site.baseurl}}/article/managing-users/#invite) manually or using [Directory Connector]({{site.baseurl}}/article/directory-sync).
1. (**Enterprise Organizations Only**) Re-implement your [Enterprise Policy]({{site.baseurl}}/policies) specifications and/or configure [Login with SSO]({{site.baseurl}}/about-sso/).
2. Manually [re-create user Groups]({{site.baseurl}}/about-groups/#create-a-group) in the Cloud and assign them to the proper Collections.
3. Start [inviting users to your Organization]({{site.baseurl}}/managing-users/#invite) manually or using [Directory Connector]({{site.baseurl}}/directory-sync).
{% endcapture %}
{{ desktop_info | markdownify}}
@@ -98,7 +98,7 @@ To migrate from one self-hosted Bitwarden server to another:
1. Stop your existing Bitwarden server by running `./bitwarden.sh stop`. When you run this command, Bitwarden will go down for anyone currently using it.
2. Make a full copy of the `./bwdata` directory of the *old* server. This copy will be used to recreate your configuration, database, attachments, etc. on the new server.
3. [Install and deploy]({{site.baseurl}}/article/install-on-premise/) Bitwarden to your new server.
3. [Install and deploy]({{site.baseurl}}/install-on-premise/) Bitwarden to your new server.
4. Once the new Bitwarden server is set up, replace the newly-created `./bwdata` directory with the copy from the old server.
5. Print the new Bitwarden server's UID by running `id -u bitwarden`.
6. Open the file `./bwdata/env/uid.env` and check that the listed values match what was printed in the previous step. If they do not match, replace *both* values with the result of `id -u bitwarden`.

8
_articles/importing/import-data.md
View File

@@ -10,7 +10,7 @@ order: "01"
Bitwarden provides a data import tool for easy migration from any password management solution to your personal Vault or Organization Vault. You can also use the data import tool to import from one Bitwarden Vault to another, or to import a Bitwarden [Encrypted Export]({% link _articles/importing/encrypted-export.md %}).
For a full list of supported import formats, see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import), or use one of these articles for importing from the most popular solutions:
For a full list of supported import formats, see [What file formats does Bitwarden support for import?]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import), or use one of these articles for importing from the most popular solutions:
- [Import from LastPass]({% link _articles/importing/import-from-lastpass.md %})
- [Import from 1Password]({% link _articles/importing/import-from-1password.md %})
@@ -26,11 +26,11 @@ For a full list of supported import formats, see [What file formats does Bitward
## Import to your Personal Vault
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
1. In the Web Vault, select **Tools** from the top navigation bar.
2. Select **Import Data** from the left-hand Tools menu.
3. From the format dropdown, choose a **File Format** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import)).
3. From the format dropdown, choose a **File Format** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import)).
5. Select the **Choose File** button and add the file to import or **copy/paste** the contents of your file into the input box.
@@ -38,7 +38,7 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https:
6. Select the **Import Data** button to complete your import.
7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file).
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file).
## Troubleshooting

4
_articles/importing/import-from-1password.md
View File

@@ -31,7 +31,7 @@ Complete the following steps to export data from the 1Password Desktop App:
## Import to Bitwarden
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
1. In the Web Vault, select **Tools** from the top navigation bar.
2. Select **Import Data** from the left-hand Tools menu.
@@ -46,4 +46,4 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https:
6. Select the **Import Data** button to complete your import.
7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file).
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file).

6
_articles/importing/import-from-chrome.md
View File

@@ -66,11 +66,11 @@ To export passwords from Chrome on your Mobile Device:
## Import to Bitwarden
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
1. In the Web Vault, select **Tools** from the top navigation bar.
2. Select **Import Data** from the left-hand Tools menu.
3. From the format dropdown, choose a **Chrome (csv)** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import)).
3. From the format dropdown, choose a **Chrome (csv)** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import)).
5. Select the **Choose File** button and add the file to import or **copy/paste** the contents of your file into the input box.
@@ -78,4 +78,4 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https:
6. Select the **Import Data** button to complete your import.
7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file).
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file).

4
_articles/importing/import-from-firefox.md
View File

@@ -83,7 +83,7 @@ Some Firefox-based browsers offer login export in a different location than vani
## Import to Bitwarden
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
1. In the Web Vault, select **Tools** from the top navigation bar.
2. Select **Import Data** from the left-hand Tools menu.
@@ -95,4 +95,4 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https:
6. Select the **Import Data** button to complete your import.
7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file).
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file).

4
_articles/importing/import-from-lastpass.md
View File

@@ -79,7 +79,7 @@ To export your data from a LastPass Browser Extension:
## Import to Bitwarden
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
1. In the Web Vault, select **Tools** from the top navigation bar.
2. Select **Import Data** from the left-hand Tools menu.
@@ -91,7 +91,7 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https:
5. Select the **Import Data** button to complete your import.
6. After successful import, delete the source `.csv` file from your computer. This will protect you in the event your computer is compromised.
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file).
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file).
## Import Troubleshooting

4
_articles/importing/import-from-passwordsafe.md
View File

@@ -39,7 +39,7 @@ To prepare the exported file for import, please follow the instructions in this
## Import to Bitwarden
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank"} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import your data:
1. In the Web Vault, select **Tools** from the top navigation bar.
2. Select **Import Data** from the left-hand Tools menu.
@@ -51,4 +51,4 @@ Importing data to Bitwarden **can only be done from the** [**Web Vault**](https:
6. Select the **Import Data** button to complete your import.
7. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised.
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/article/attachments/#attach-a-file).
Currently, file attachments are not included in Bitwarden import operations and will need to be uploaded to your Vault manually. For more information, see [File Attachments]({{site.baseurl}}/attachments/#attach-a-file).

34
_articles/importing/lastpass-enterprise-migration-guide.md
View File

@@ -44,8 +44,8 @@ Data imported into Bitwarden is defined as one of four item types:
Bitwarden currently limits the length of item fields to 1,000 characters, and Secure Notes to 10,000 characters. Items that exceed that criteria should be saved as separate files (text, key, pem, ssh, etc.) and added as attachments to an item.
- [More on Items](https://bitwarden.com/help/article/managing-items/)
- [Attaching a file to an item](https://bitwarden.com/help/article/attachments/)
- [More on Items](https://bitwarden.com/help/managing-items/)
- [Attaching a file to an item](https://bitwarden.com/help/attachments/)
Gathering a full export of your data across your LastPass Organization may require assigning all shared folders to a single user, or performing multiple exports - one for each segment of shared folders.
@@ -55,9 +55,9 @@ Exported data from LastPass will contain data from both your Personal vault, as
Shared or company-level data is stored in a Bitwarden Organization. The best practice is to create this Organization first and import it directly, instead of importing the data into an individual account and then sharing it with the organization secondarily.
For more on creating a Bitwarden Organization, visit [this article.](https://bitwarden.com/help/article/about-organizations/)
For more on creating a Bitwarden Organization, visit [this article.](https://bitwarden.com/help/about-organizations/)
Self-hosted instances will need to create an Organization on the Bitwarden cloud instance to generate their [license key](https://bitwarden.com/host/) and can then proceed with [installing and configuring a Bitwarden Server instance.](https://bitwarden.com/help/article/install-on-premise/)
Self-hosted instances will need to create an Organization on the Bitwarden cloud instance to generate their [license key](https://bitwarden.com/host/) and can then proceed with [installing and configuring a Bitwarden Server instance.](https://bitwarden.com/help/install-on-premise/)
{%callout%}
Self-hosting is available for Enterprise plans.
@@ -67,15 +67,15 @@ Self-hosting is available for Enterprise plans.
Bitwarden Enterprise plans support Login with Single-Sign-On using either SAML 2.0 or OpenID Connect (OIDC).
Each Bitwarden Organization can configure one SSO provider. Configuration for this is located in the [Business Portal](https://bitwarden.com/help/article/about-business-portal/), accessible from the Web Vault by Organization Owners and Administrators.
Each Bitwarden Organization can configure one SSO provider. Configuration for this is located in the [Business Portal](https://bitwarden.com/help/about-business-portal/), accessible from the Web Vault by Organization Owners and Administrators.
For more details on Login with SSO configurations and examples of Identity Provider (IdP) settings and naming conventions, please visit [these help articles](https://bitwarden.com/help/article/about-sso/).
For more details on Login with SSO configurations and examples of Identity Provider (IdP) settings and naming conventions, please visit [these help articles](https://bitwarden.com/help/about-sso/).
### Enabling enterprise policies
Policies are found in the [Business Portal](https://bitwarden.com/help/article/about-business-portal/)
Policies are found in the [Business Portal](https://bitwarden.com/help/about-business-portal/)
Policies allow you to control the actions of users within your Organization. It is recommended to configure these policies prior to onboarding users. For a complete list and details for Enterprise Policies, please see our helpful article [here.](https://bitwarden.com/help/article/policies/)
Policies allow you to control the actions of users within your Organization. It is recommended to configure these policies prior to onboarding users. For a complete list and details for Enterprise Policies, please see our helpful article [here.](https://bitwarden.com/help/policies/)
## Importing data
@@ -88,7 +88,7 @@ Creating a Bitwarden specific CSV from your exported data
The best practice for most Organizations is to format your data into a Bitwarden CSV, or for advanced users, a Bitwarden JSON file for import into your Organization vault.
For instructions on shaping a Bitwarden specific import file, please refer to the guide [here.](https://bitwarden.com/help/article/condition-bitwarden-import/)
For instructions on shaping a Bitwarden specific import file, please refer to the guide [here.](https://bitwarden.com/help/condition-bitwarden-import/)
A collection of data import and export documentation is available [here.](https://bitwarden.com/help/import-export/) to assist with imports from additional sources.
@@ -108,14 +108,14 @@ Bitwarden supports both manual and automated user invitation and boarding. Best
### Manual onboarding
Manual boarding is done via the Web Vault. More information on manual user boarding can be found in this [helpful article](https://bitwarden.com/help/article/managing-users/)
Manual boarding is done via the Web Vault. More information on manual user boarding can be found in this [helpful article](https://bitwarden.com/help/managing-users/)
### Automated onboarding
Automated user boarding is also available when leveraging Bitwarden Directory Connector - a standalone application available in a [Desktop app](https://bitwarden.com/help/article/directory-sync-desktop/) and a [CLI tool](https://bitwarden.com/help/article/directory-sync-cli/) - synchronizing user and group information to the Bitwarden Organization. These users are automatically invited to join the Organization, and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/help/article/cli/#confirm).
Automated user boarding is also available when leveraging Bitwarden Directory Connector - a standalone application available in a [Desktop app](https://bitwarden.com/help/directory-sync-desktop/) and a [CLI tool](https://bitwarden.com/help/directory-sync-cli/) - synchronizing user and group information to the Bitwarden Organization. These users are automatically invited to join the Organization, and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/help/cli/#confirm).
- Learn more about how syncing works [here.](https://bitwarden.com/help/article/directory-sync/)
- Discover how to configure user and group filters for Directory Connector [here.](https://bitwarden.com/help/article/user-group-filters/)
- Learn more about how syncing works [here.](https://bitwarden.com/help/directory-sync/)
- Discover how to configure user and group filters for Directory Connector [here.](https://bitwarden.com/help/user-group-filters/)
- Documentation for multiple Directory Connector options is available [here.](https://bitwarden.com/help/directory-connector/)
## Sharing Collections and items
@@ -138,7 +138,7 @@ Example Bitwarden Organization Import
Collections can be shared with both Groups and Individual users. Limiting the number of individual users that can access a Collection will make management more efficient for Administrators.
For more information on assigning Collections to Users and Groups, please refer to our help article [here.](https://bitwarden.com/help/article/about-collections/)
For more information on assigning Collections to Users and Groups, please refer to our help article [here.](https://bitwarden.com/help/about-collections/)
### Groups
@@ -146,7 +146,7 @@ Leveraging Groups for sharing is the most effective way to provide credential an
As a part of deployment preparations, it is possible to synchronize **just** groups from the LDAP directory before synchronization of Users begins, such that Collections can be assigned to Groups before users begin accessing Bitwarden.
For more information on filtering and synchronization of Users with the Bitwarden Directory Connector, please check out the article [here.](https://bitwarden.com/help/article/user-group-filters/)
For more information on filtering and synchronization of Users with the Bitwarden Directory Connector, please check out the article [here.](https://bitwarden.com/help/user-group-filters/)
### Permissions
@@ -165,7 +165,7 @@ Bitwarden uses an union of permissions to determine final access permissions for
- User A is also a member of the Support Management group, which has access to the Support Collection, with read-write access.
- In this scenario, User A will be able to read-write to the Collection.
More information on permissions can be found on our help site [here.](https://bitwarden.com/help/article/user-types-access-control/#access-control)
More information on permissions can be found on our help site [here.](https://bitwarden.com/help/user-types-access-control/#access-control)
## Migration support
@@ -175,7 +175,7 @@ The Bitwarden Customer Success team is available 24/7 with priority support for
### Organization
- A Bitwarden Organization is the encompassing “object” that relates all data for a given sharing entity. Click [here](https://bitwarden.com/help/article/about-organizations/) for more information on Organizations.
- A Bitwarden Organization is the encompassing “object” that relates all data for a given sharing entity. Click [here](https://bitwarden.com/help/about-organizations/) for more information on Organizations.
### Folders for Individual Vaults

36
_articles/importing/teams-enterprise-migration-guide.md
View File

@@ -23,7 +23,7 @@ If you need assistance during your migration, our [Customer Success team is here
## Scope
This document describes the best practices for migrating secure data from your current password manager(s) to a Bitwarden [Teams or Enterprise Organization]({{site.baseurl}}/article/about-organizations/), building an infrastructure for security based on simple and scalable methods.
This document describes the best practices for migrating secure data from your current password manager(s) to a Bitwarden [Teams or Enterprise Organization]({{site.baseurl}}/about-organizations/), building an infrastructure for security based on simple and scalable methods.
Password management is crucial for organizational security and operational efficiency. Providing insight into the best methods to perform migration and configuration is designed to minimize the trial-and-error approach that is often needed when exchanging enterprise tools.
@@ -31,7 +31,7 @@ Steps in this document **are listed in the recommended order** for ease of use a
## Step 1: Export your Data
Exporting data from another password manager will be different for each solution, and in some cases may be a bit tricky. Use one of our [Import & Export Guides]({{site.baseurl}}/import-export/) for help, for example with exporting from [Lastpass]({{site.baseurl}}/article/import-from-lastpass/#export-from-lastpass) or [1Password]({{site.baseurl}}/article/import-from-1password/#export-from-1password).
Exporting data from another password manager will be different for each solution, and in some cases may be a bit tricky. Use one of our [Import & Export Guides]({{site.baseurl}}/import-export/) for help, for example with exporting from [Lastpass]({{site.baseurl}}/import-from-lastpass/#export-from-lastpass) or [1Password]({{site.baseurl}}/import-from-1password/#export-from-1password).
Gathering a full export of your data may require assigning shared folders or items to a single user for export, or performing multiple exports between users with appropriate permissions. Additionally, exported data may include personal data alongside shared/organizational data, so be sure to remove personal items from the export file before [importing to Bitwarden](#).
@@ -49,20 +49,20 @@ We recommend paying special attention to the location of the following types of
## Step 2: Setup your Bitwarden Organization
Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/article/sharing/) of Logins, Notes, Cards, and Identities.
Bitwarden Organizations relate users and Vault items together for [secure sharing]({{site.baseurl}}/sharing/) of Logins, Notes, Cards, and Identities.
{% callout success %}
It's important that you create your Organization first and [import data to it directly]({{site.baseurl}}/article/import-to-org/), rather than importing the data to an individual account and then [moving items]({{site.baseurl}}/article/sharing/) to the Organization secondarily.
It's important that you create your Organization first and [import data to it directly]({{site.baseurl}}/import-to-org/), rather than importing the data to an individual account and then [moving items]({{site.baseurl}}/sharing/) to the Organization secondarily.
{% endcallout %}
1. **Create your Organization**. Start by creating your Organization. To learn how, check out [this article]({{site.baseurl}}/article/about-organizations/#create-an-organization).
1. **Create your Organization**. Start by creating your Organization. To learn how, check out [this article]({{site.baseurl}}/about-organizations/#create-an-organization).
{% callout note %}To self-host Bitwarden, create an Organization on the Bitwarden cloud, generate a [license key](https://bitwarden.com/host/), and use the key to [unlock Organizations]({{site.baseurl}}/article/licensing-on-premise/#organization-license) on your server.{% endcallout %}
{% callout note %}To self-host Bitwarden, create an Organization on the Bitwarden cloud, generate a [license key](https://bitwarden.com/host/), and use the key to [unlock Organizations]({{site.baseurl}}/licensing-on-premise/#organization-license) on your server.{% endcallout %}
2. **Onboard Administrative Users**. With your Organization created, further setup procedures can be made easier by onboarding some [administrative users]({{siter.baseurl}}/article/user-types-access-control). It's important that you **do not begin end-user onboarding** at this point, as there are a few steps left to prepare your Organization. Learn how to invite admins [here]({{site.baseurl}}/article/managing-users/#onboard-users).
3. **Configure Identity Services**. Bitwarden Enterprise Organizations support [Login with Single-Sign-On]({{site.baseurl}}/article/about-sso/) using either SAML 2.0 or OpenID Connect (OIDC). To configure SSO, navigate to the [Business Portal](https://bitwarden.com/help/article/about-business-portal/), accessible from the Web Vault by [Organization Owners and Administrators]({{site.baseurl}}/article/user-types-access-control/).
2. **Onboard Administrative Users**. With your Organization created, further setup procedures can be made easier by onboarding some [administrative users]({{siter.baseurl}}/user-types-access-control). It's important that you **do not begin end-user onboarding** at this point, as there are a few steps left to prepare your Organization. Learn how to invite admins [here]({{site.baseurl}}/managing-users/#onboard-users).
3. **Configure Identity Services**. Bitwarden Enterprise Organizations support [Login with Single-Sign-On]({{site.baseurl}}/about-sso/) using either SAML 2.0 or OpenID Connect (OIDC). To configure SSO, navigate to the [Business Portal](https://bitwarden.com/help/about-business-portal/), accessible from the Web Vault by [Organization Owners and Administrators]({{site.baseurl}}/user-types-access-control/).
4. **Enable Enterprise Policies**. [Enterprise Policies]({{site.baseurl}}/article/) enable Enterprise Organizations to implement roles for users, for example requiring use of Two-step Login. It is highly recommended that you configure Policies before onboarding users.
4. **Enable Enterprise Policies**. [Enterprise Policies]({{site.baseurl}}/) enable Enterprise Organizations to implement roles for users, for example requiring use of Two-step Login. It is highly recommended that you configure Policies before onboarding users.
## Step 3: Import Data to your Organization
@@ -91,7 +91,7 @@ When importing data to your Organization, you have two options:
1. To import the default file format from your prior password manager.
2. To condition a Bitwarden-specific `.CSV` for import.
We recommend formatting your file for import as a Bitwarden `.CSV` for best results, or for advanced users, as a Bitwarden `.JSON` file. For instructions on shaping a Bitwarden-specific import file, refer to [this import guide]({{site.baseurl}}/article/condition-bitwarden-import/). For more import documentation, see [these articles]({{site.baseurl}}/import-export/).
We recommend formatting your file for import as a Bitwarden `.CSV` for best results, or for advanced users, as a Bitwarden `.JSON` file. For instructions on shaping a Bitwarden-specific import file, refer to [this import guide]({{site.baseurl}}/condition-bitwarden-import/). For more import documentation, see [these articles]({{site.baseurl}}/import-export/).
## Step 4: Onboard Users to the Organization
@@ -99,16 +99,16 @@ Bitwarden supports both manual onboarding via the Web Vault and automated onboar
### Manual Onboarding
To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite](#invite) &rarr; [Accept](#accept) &rarr; [Confirm](#confirm). Learn how to invite new users [here]({{site.baseurl}}/article/managing-users/#onboard-users).
To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite](#invite) &rarr; [Accept](#accept) &rarr; [Confirm](#confirm). Learn how to invite new users [here]({{site.baseurl}}/managing-users/#onboard-users).
### Automated Onboarding
Automated user onboarding is available through [Bitwarden Directory Connector]({{site.baseurl}}/article/directory-sync), a standalone application available in a [Desktop app]({{site.baseurl}}/article/directory-sync-desktop/) and [CLI]({{site.baseurl}}/article/directory-sync-cli/) that will synchronize users and groups from your existing directory service.
Automated user onboarding is available through [Bitwarden Directory Connector]({{site.baseurl}}/directory-sync), a standalone application available in a [Desktop app]({{site.baseurl}}/directory-sync-desktop/) and [CLI]({{site.baseurl}}/directory-sync-cli/) that will synchronize users and groups from your existing directory service.
Users are automatically invited to join the Organization, and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/help/article/cli/#confirm).
Users are automatically invited to join the Organization, and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/help/cli/#confirm).
- Learn more about how syncing works [here]({{site.baseurl}}/article/directory-sync/).
- Discover how to configure user and group filters for Directory Connector [here]({{site.baseurl}}/article/user-group-filters/).
- Learn more about how syncing works [here]({{site.baseurl}}/directory-sync/).
- Discover how to configure user and group filters for Directory Connector [here]({{site.baseurl}}/user-group-filters/).
- See more Directory Connector documentation [here]({{site.baseurl}}/directory-connector/).
## Step 5: Configure Access to Collections and Items
@@ -131,19 +131,19 @@ Example Bitwarden Organization Import:
{%image /migration/bw-import.png Note: shared folders are now in the Collections column %}
Collections can be shared with both Groups and Individual users. Limiting the number of individual users that can access a Collection will make management more efficient for Administrators. Learn more [here]({{site.baseurl}}/article/about-collections/).
Collections can be shared with both Groups and Individual users. Limiting the number of individual users that can access a Collection will make management more efficient for Administrators. Learn more [here]({{site.baseurl}}/about-collections/).
### Groups
Leveraging Groups for sharing is the most effective way to provide credential and secret access. Ideally Groups are mirrored from an LDAP service, however Bitwarden supports automatic Group synchronization via the Directory Connector application, as well as manually created ad-hoc Groups.
As a part of deployment preparations, it is possible to synchronize **just** groups from the LDAP directory before synchronization of Users begins, such that Collections can be assigned to Groups before users begin accessing Bitwarden. Learn more about syncing Groups with Directory Connector [here]({{site.baseurl}}/article/user-group-filters/).
As a part of deployment preparations, it is possible to synchronize **just** groups from the LDAP directory before synchronization of Users begins, such that Collections can be assigned to Groups before users begin accessing Bitwarden. Learn more about syncing Groups with Directory Connector [here]({{site.baseurl}}/user-group-filters/).
### Permissions
Permissions for Bitwarden Collections can be assigned on the Group or User-level. This means that each Group or User can be configured with permissions for the same Collection. Collection permissions include options for **Read Only** and **Hide Passwords**.
Bitwarden uses an union of permissions to determine final access permissions for a User and a Collection Item. Learn more [here]({{site.baseurl}}/article/user-types-access-control/#access-control).
Bitwarden uses an union of permissions to determine final access permissions for a User and a Collection Item. Learn more [here]({{site.baseurl}}/user-types-access-control/#access-control).
**Example:**

20
_articles/login-with-sso/about-sso.md
View File

@@ -7,7 +7,7 @@ popular: true
tags: [saml, saml2.0, single sign-on, sso, oidc, openid, openid connect, idp, identity provider]
order: "01"
redirect_from:
- /article/getting-started-with-sso/
- /getting-started-with-sso/
---
## What is Login with SSO?
@@ -16,9 +16,9 @@ Login with SSO separates user authentication from Vault decryption by leveraging
Login with SSO currently supports SAML 2.0 and OpenID Connect authentication for customers on the current Enterprise Plan.
Users of Bitwarden authenticate into their vaults using the **Enterprise Single Sign-On** button located on the login screen of any Bitwarden client application. For more information, see [Access Your Vault Using SSO](https://bitwarden.com/help/article/sso-access-your-vault/).
Users of Bitwarden authenticate into their vaults using the **Enterprise Single Sign-On** button located on the login screen of any Bitwarden client application. For more information, see [Access Your Vault Using SSO](https://bitwarden.com/help/sso-access-your-vault/).
Administrators can configure Login with SSO in the Business Portal. For more information, see [About the Business Portal](https://bitwarden.com/help/article/about-business-portal/).
Administrators can configure Login with SSO in the Business Portal. For more information, see [About the Business Portal](https://bitwarden.com/help/about-business-portal/).
{% image sso/sso-button-lg.png Enterprise Single Sign-On button %}
@@ -32,7 +32,7 @@ Login with SSO is available for all customers on the current Enterprise plan (fo
<a role="button" class="btn btn-primary" href="https://vault.bitwarden.com/#/register?org=enterprise">Start your Enterprise Free Trial</a>
If you're an experienced Bitwarden user, refer to the [this article]({% link _articles/plans-and-pricing/enterprise-free-trial.md %}) for help. If you're self-hosting Bitwarden, you will need to generate a new license file after starting your 7 Day Free Trial. We recommend using a separate Bitwarden instance for testing Login with SSO. For more information, see [Licensing Paid Features](https://bitwarden.com/help/article/licensing-on-premise).
If you're an experienced Bitwarden user, refer to the [this article]({% link _articles/plans-and-pricing/enterprise-free-trial.md %}) for help. If you're self-hosting Bitwarden, you will need to generate a new license file after starting your 7 Day Free Trial. We recommend using a separate Bitwarden instance for testing Login with SSO. For more information, see [Licensing Paid Features](https://bitwarden.com/help/licensing-on-premise).
## Requirements
@@ -54,7 +54,7 @@ Your Bitwarden client applications require the following versions:
### Self-Hosting Requirements
If you are self-hosting Bitwarden, your installation must be on v1.37+.
For information on updating your self-hosted instance, see [Updating your Self-Hosted Installation](https://bitwarden.com/help/article/updating-on-premise/).
For information on updating your self-hosted instance, see [Updating your Self-Hosted Installation](https://bitwarden.com/help/updating-on-premise/).
## Workflow Diagram
The following diagram is an overview of the workflow used by Bitwarden to authenticate using SSO:
@@ -63,12 +63,12 @@ The following diagram is an overview of the workflow used by Bitwarden to authen
## Next Steps
For administrators configuring Login with SSO, see:
- [Configure Login with SSO (SAML 2.0)](https://bitwarden.com/help/article/configure-sso-saml/)
- [Configure Login with SSO (OIDC)](https://bitwarden.com/help/article/configure-sso-oidc)
- [Configure Login with SSO (SAML 2.0)](https://bitwarden.com/help/configure-sso-saml/)
- [Configure Login with SSO (OIDC)](https://bitwarden.com/help/configure-sso-oidc)
For existing users, see:
- [Link an Existing Account to SSO](https://bitwarden.com/help/article/link-to-sso/)
- [Access Your Vault Using SSO](https://bitwarden.com/help/article/sso-access-your-vault/)
- [Link an Existing Account to SSO](https://bitwarden.com/help/link-to-sso/)
- [Access Your Vault Using SSO](https://bitwarden.com/help/sso-access-your-vault/)
For more information, see:
- [SSO FAQs](https://bitwarden.com/help/article/sso-faqs)
- [SSO FAQs](https://bitwarden.com/help/sso-faqs)

18
_articles/login-with-sso/configure-sso-oidc.md
View File

@@ -10,7 +10,7 @@ order: "04"
## Step 1: Set an Organization Identifier
Users who [authenticate their identity using SSO]({{site.baseurl}}/article/sso-access-your-vault) will be required to enter an **Organization Identifier** that indicates the Organization (and therefore, the SSO integration) to authenticate against. To set a unique Organization Identifier:
Users who [authenticate their identity using SSO]({{site.baseurl}}/sso-access-your-vault) will be required to enter an **Organization Identifier** that indicates the Organization (and therefore, the SSO integration) to authenticate against. To set a unique Organization Identifier:
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Settings** tab and enter a unique **Identifier** for your Organization.
@@ -34,7 +34,7 @@ Once you have your Organization Identifier, you can proceed to enabling and conf
{% image sso/sso-bp-1.png Business Portal Menu%}
3. Check the **Enabled** checkbox.
4. From the **Type** dropdown menu, select the **OpenID Connect** option. If you intend to use SAML instead, switch over the the [SAML Configuration Guide]({{site.baseurl}}/article/configure-sso-saml/).
4. From the **Type** dropdown menu, select the **OpenID Connect** option. If you intend to use SAML instead, switch over the the [SAML Configuration Guide]({{site.baseurl}}/configure-sso-saml/).
## Step 3: Configuration
@@ -42,12 +42,12 @@ From this point on, **implementation will vary provider-to-provider**. Jump to o
|Provider|Guide|
|--------|-----|
|Azure|[Azure Implementation Guide]({{site.baseurl}}/article/oidc-azure/)|
|Okta|[Okta Implementation Guide]({{site.baseurl}}/article/oidc-okta/)|
|Azure|[Azure Implementation Guide]({{site.baseurl}}/oidc-azure/)|
|Okta|[Okta Implementation Guide]({{site.baseurl}}/oidc-okta/)|
### Configuration Reference Materials
The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal), agnostic of which IdP you're integrating with. Fields that must be configured will be marked (**Required**).
The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/about-business-portal), agnostic of which IdP you're integrating with. Fields that must be configured will be marked (**Required**).
{% callout success %}
**Unless you're comfortable with OpenID Connect**, we recommend using one of the [above Implementation Guides](#step-3-configuration) instead of the following generic material.
@@ -55,11 +55,11 @@ The following sections will define fields configured in the [Bitwarden Business
|Field|Description|
|-----|-----------|
|Callback Path|(**Automatically generated**) The URL for authentication automatic redirect. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.|
|Signed Out Callback Path|(**Automatically generated**) The URL for sign-out automatic redirect. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signedout`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signedout`.|
|Callback Path|(**Automatically generated**) The URL for authentication automatic redirect. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.|
|Signed Out Callback Path|(**Automatically generated**) The URL for sign-out automatic redirect. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signedout`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signedout`.|
|Authority|(**Required**) The URL of your Authorization Server ("Authority"), which Bitwarden will perform authentication against. For example, `https://your.domain.okta.com/oauth2/default` or `https://login.microsoft.com/<TENANT_ID>/v2.0`.|
|Client ID|(**Required**) An identifier for the OIDC Client. This value is typically specific to a constructed IdP App Integration, for example an [Azure App Registration]({{site.baseurl}}/article/oidc-azure/) or [Okta Web App]({{site.baseurl}}/article/oidc-okta/).|
|Client Secret|(**Required**) The client secret used in conjunction with the Client ID to exchange for an access token. This value is typically specific to a constructed IdP App Integration, for example an [Azure App Registration]({{site.baseurl}}/article/oidc-azure/) or [Okta Web App]({{site.baseurl}}/article/oidc-okta/).|
|Client ID|(**Required**) An identifier for the OIDC Client. This value is typically specific to a constructed IdP App Integration, for example an [Azure App Registration]({{site.baseurl}}/oidc-azure/) or [Okta Web App]({{site.baseurl}}/oidc-okta/).|
|Client Secret|(**Required**) The client secret used in conjunction with the Client ID to exchange for an access token. This value is typically specific to a constructed IdP App Integration, for example an [Azure App Registration]({{site.baseurl}}/oidc-azure/) or [Okta Web App]({{site.baseurl}}/oidc-okta/).|
|Metadata Address|(**Required if Authority is not valid**) A Metadata URL where Bitwarden can access Authorization Server metadata as a JSON object. For example, `https://your.domain.okta.com/oauth2/default/.well-known/oauth-authorization-server`.|
|OIDC Redirect Behavior|(**Required**) Method used by the IdP to response to authentication requests from Bitwarden. Options include **Form POST** and **Redirect GET**.|
|Get Claims From User Info Endpoint|Enable this option if you receive URL too long errors (HTTP 414), truncated URLS, and/or failures during SSO.|

34
_articles/login-with-sso/configure-sso-saml.md
View File

@@ -10,7 +10,7 @@ order: "03"
## Step 1: Set an Organization Identifier
Users who [authenticate their identity using SSO]({{site.baseurl}}/article/sso-access-your-vault/) will be required to enter an **Organization Identifier** that indicates the Organization (and therefore, the SSO integration) to authenticate against. to set a unique Organization Identifier:
Users who [authenticate their identity using SSO]({{site.baseurl}}/sso-access-your-vault/) will be required to enter an **Organization Identifier** that indicates the Organization (and therefore, the SSO integration) to authenticate against. to set a unique Organization Identifier:
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Settings** tab and enter a unique **Identifier** for your Organizations.
@@ -33,7 +33,7 @@ Once you have your Organization Identifier, you can proceed to enabling and conf
{% image sso/sso-bp-1.png Business Portal Menu %}
3. Check the **Enabled** checkbox.
4. From the **Type** dropdown menu, select the **SAML 2.0** option. If you intend to use OIDC instead, switch over to the [OIDC Configuration Guide]({{site.baseurl}}/article/configure-sso-oidc).
4. From the **Type** dropdown menu, select the **SAML 2.0** option. If you intend to use OIDC instead, switch over to the [OIDC Configuration Guide]({{site.baseurl}}/configure-sso-oidc).
## Step 3: Configuration
@@ -41,21 +41,21 @@ From this point on, **implementation will vary provider-to-provider**. Jump to o
|Provider|Guide|
|--------|-----|
|AD FS|[AD FS Implementation Guide]({{site.baseurl}}/article/saml-adfs/)|
|Auth0|[Auth0 Implementation Guide]({{site.baseurl}}/article/saml-auth0/)|
|AWS|[AWS Implementation Guide]({{site.baseurl}}/article/saml-aws/)|
|Azure|[Azure Implementation Guide]({{site.baseurl}}/article/saml-azure/)|
|Duo|[Duo Implementation Guide]({{site.baseurl}}/article/saml-duo/)|
|Google|[Google Implementation Guide]({{site.baseurl}}/article/saml-google/)|
|JumpCloud|[JumpCloud Implementation Guide]({{site.baseurl}}/article/saml-jumpcloud/)|
|Keycloak|[Keycloak Implementation Guide]({{site.baseurl}}/article/saml-keycloak/)|
|Okta|[Okta Implementation Guide]({{site.baseurl}}/article/saml-okta/)|
|OneLogin|[OneLogin Implementation Guide]({{site.baseurl}}/article/saml-onelogin/)|
|PingFederate|[PingFederate Implementation Guide]({{site.baseurl}}/article/saml-pingfederate/)|
|AD FS|[AD FS Implementation Guide]({{site.baseurl}}/saml-adfs/)|
|Auth0|[Auth0 Implementation Guide]({{site.baseurl}}/saml-auth0/)|
|AWS|[AWS Implementation Guide]({{site.baseurl}}/saml-aws/)|
|Azure|[Azure Implementation Guide]({{site.baseurl}}/saml-azure/)|
|Duo|[Duo Implementation Guide]({{site.baseurl}}/saml-duo/)|
|Google|[Google Implementation Guide]({{site.baseurl}}/saml-google/)|
|JumpCloud|[JumpCloud Implementation Guide]({{site.baseurl}}/saml-jumpcloud/)|
|Keycloak|[Keycloak Implementation Guide]({{site.baseurl}}/saml-keycloak/)|
|Okta|[Okta Implementation Guide]({{site.baseurl}}/saml-okta/)|
|OneLogin|[OneLogin Implementation Guide]({{site.baseurl}}/saml-onelogin/)|
|PingFederate|[PingFederate Implementation Guide]({{site.baseurl}}/saml-pingfederate/)|
### Configuration Reference Materials
The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal/), agnostic of which IdP you're integration with. Fields that must be configured will be marked (**Required**).
The following sections will define fields configured in the [Bitwarden Business Portal]({{site.baseurl}}/about-business-portal/), agnostic of which IdP you're integration with. Fields that must be configured will be marked (**Required**).
{% callout success %}
**Unless you're comfortable with SAML 2.0**, we recommend using one of the [above Implementation Guides](#step-3-configuration) instead of the following generic material.
@@ -70,9 +70,9 @@ The Business Portal separates configuration into two sections:
|Field|Description|
|-----|-----------|
|SP Entity ID|(**Automatically generated**) The Bitwarden endpoint for authentication requests. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|SAML 2.0 Metadata URL|(**Automatically generated**) Metadata URL for the Bitwarden endpoint. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id`.|
|Assertion Consumer Service (ACS) URL|(**Automatically generated**) Location where the SAML assertion is sent from the IdP. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|SP Entity ID|(**Automatically generated**) The Bitwarden endpoint for authentication requests. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|SAML 2.0 Metadata URL|(**Automatically generated**) Metadata URL for the Bitwarden endpoint. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id`.|
|Assertion Consumer Service (ACS) URL|(**Automatically generated**) Location where the SAML assertion is sent from the IdP. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|Name ID Format|Format Bitwarden will request of the SAML assertion. Options include:<br>-Unspecific (*default*)<br>-Email Address<br>-X.509 Subject Name<br>-Windows Domain Qualified Name<br>-Kerberos Principal Name<br>-Entity Identifier<br>-Persistent<br>-Transient|
|Outbound Signing Algorithm|The algorithm Bitwarden will use to sign SAML requests. Options include:<br>-<http://www.w3.org/2001/04/xmldsig-more#rsa-sha256> (*default*)<br>-<http://www.w3.org/2000/09/xmldsig#rsa-sha1><br>-<http://www.w3.org/2000/09/xmldsig#rsa-sha384><br>-<http://www.w3.org/2000/09/xmldsig#rsa-sha512>|
|Signing Behavior|Whether/when SAML requests will be signed. Options include:<br>-If IdP Wants Authn Requests Signed (*default*)<br>-Always<br>-Never|

2
_articles/login-with-sso/link-to-sso.md
View File

@@ -21,4 +21,4 @@ Users with existing Bitwarden accounts will need to complete the following steps
### Next Steps
Now that you've linked your account, you can now:
- [Access your Vault Using SSO](https://bitwarden.com/help/article/sso-access-your-vault/)
- [Access your Vault Using SSO](https://bitwarden.com/help/sso-access-your-vault/)

12
_articles/login-with-sso/oidc-azure.md
View File

@@ -9,15 +9,15 @@ tags: [sso, oidc, azure]
order:
---
This article contains **Azure-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Azure via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/) or [Azure SAML Implementation]({{site.baseurl}}/article/saml-azure/).
This article contains **Azure-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Azure via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/configure-sso-oidc/) or [Azure SAML Implementation]({{site.baseurl}}/saml-azure/).
Configuration involves working simultaneously within the Bitwarden [Bitwarden Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously within the Bitwarden [Bitwarden Business Portal]({{site.baseurl}}/about-business-portal/) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
## Open the Business Portal
If you're coming straight from [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/article/configure-sso-oidc/) and return to this guide.
If you're coming straight from [OIDC Configuration]({{site.baseurl}}/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/configure-sso-oidc/) and return to this guide.
Open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
Open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-oidc1.png OIDC Configuration %}
@@ -40,7 +40,7 @@ Select **Authentication** from the navigation and select the **Add a platform**
Select the **Web** option on the Configure platforms screen and enter your **Callback Path** in the Redirect URIs input.
{% callout info %}
Callback Path can be retrieved from the Bitwarden SSO Configuration screen. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.
Callback Path can be retrieved from the Bitwarden SSO Configuration screen. For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.
{% endcallout %}
### Create a Client Secret
@@ -80,7 +80,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit
{% image sso/sso-button-lg.png Enterprise Single Sign-On button %}
Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Microsoft login screen:
Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Microsoft login screen:
{% image sso/cheatsheets/saml-azure/az-login.png Azure login screen %}

10
_articles/login-with-sso/oidc-okta.md
View File

@@ -8,15 +8,15 @@ hidden: true
tags: [sso, oidc, okta]
order:
---
This article contains **Okta-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Okta via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/) or [Okta SAML Implementation]({{site.baseurl}}/article/saml-okta/).
This article contains **Okta-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Okta via SAML 2.0, see [OIDC Configuration]({{site.baseurl}}/configure-sso-oidc/) or [Okta SAML Implementation]({{site.baseurl}}/saml-okta/).
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documentated.
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documentated.
## Open the Business Portal
If you're coming straight from [OIDC Configuration]({{site.baseurl}}/article/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/article/configure-sso-oidc/) and return to this document.
If you're coming straight from [OIDC Configuration]({{site.baseurl}}/configure-sso-oidc/), you should already have an **Organization ID** created and SSO **Enabled**. If you don't, follow [steps 1 and 2 of that document]({{site.baseurl}}/configure-sso-oidc/) and return to this document.
Open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
Open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-oidc1.png OIDC Configuration %}
@@ -34,7 +34,7 @@ On the **New Web App Integration** screen, configure the following fields:
|-----|-----------|
|App integration name|Give the app a Bitwarden-specific name.|
|Grant type|Enable the following [grant types](https://developer.okta.com/docs/concepts/oauth-openid/#choosing-an-oauth-2-0-flow){:target="\_blank"}:<br><br>- Client acting on behalf of itself &rarr; **Client Credentials**<br>- Client acting on behalf of a user &rarr; **Authorization Code**|
|Sign-in redirect URIs|Set this field to your **Callback Path**, which can be retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.|
|Sign-in redirect URIs|Set this field to your **Callback Path**, which can be retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/oidc-signin`.|
|Sign-out redirect URIs|Set this field to your **Signed Out Callback Path**, which can be retrieved from the Bitwarden SSO Configuration screen.|
|Assignments|Use this field to designate whether all or only select groups will be able to use Bitwarden Login with SSO.|

12
_articles/login-with-sso/saml-adfs.md
View File

@@ -8,9 +8,9 @@ hidden: true
tags: [sso, saml, adfs]
order:
---
This article contains **Active Directory Federation Services (AD FS)-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **Active Directory Federation Services (AD FS)-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the AD FS Server Manager. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the AD FS Server Manager. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -20,7 +20,7 @@ Configuration involves working simultaneously within the Bitwarden [Business Por
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, refer to that article to create an Organization ID and open your Business Portal to the SSO Configuration section:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, refer to that article to create an Organization ID and open your Business Portal to the SSO Configuration section:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -37,11 +37,11 @@ In the AD FS Server Manager, select **Tools** &rarr; **AD FS Management** &rarr;
- In the **Relying party SAML 2.0 SSO service URL** input, enter the Assertion Consumer Service (ACS) URL retrieved from the Bitwarden SSO Configuration screen.
For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.
For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.
6. On the **Choose Access Control Policy** screen, select the
5. On the **Configure Identifiers** screen, add the SP Entity ID (retrieved from the Bitwarden SSO Configuration screen) as a relying party trust identifier.
For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.
For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured Server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.
6. On the **Choose Access Control Policy** screen, select the desired policy (by default, **Permit Everyone**).
7. On the **Ready to Add Trust** screen, review your selections.
@@ -170,7 +170,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit
{% image sso/sso-button-lg.png Enterprise Single Sign-On button %}
Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-set-an-organization-identifier) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AD FS SSO login screen. After you authenticate with your AD FS credentials, enter your Bitwarden Master Password to decrypt your Vault!
Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-set-an-organization-identifier) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AD FS SSO login screen. After you authenticate with your AD FS credentials, enter your Bitwarden Master Password to decrypt your Vault!
{% comment %}
{% image sso/cheatsheets/saml-adfs/saml-adfs2.png %}

10
_articles/login-with-sso/saml-auth0.md
View File

@@ -8,9 +8,9 @@ hidden: true
tags: [sso, saml, auth0]
order:
---
This article contains **Auth0-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **Auth0-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Auth0 Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Auth0 Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -20,7 +20,7 @@ Configuration involves working simultaneously within the Bitwarden [Business Por
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -39,8 +39,8 @@ Click the **Settings** tab and configure the following information, some of whic
|Name|Give the application a Bitwarden-specific name.|
|Application Type|Select **Regular Web Application**.|
|Token Endpoint Authentication Method|Select **Post** (HTTP Post), which will map to a **Binding Type** attribute you will [configure later](#identity-provider-configuration).|
|Application Login URI|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Allowed Callback URLS|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|Application Login URI|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Allowed Callback URLS|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
#### Grant Types

16
_articles/login-with-sso/saml-aws.md
View File

@@ -9,9 +9,9 @@ tags: [sso, saml, aws]
order:
---
This article contains **AWS-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **AWS-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the AWS Console. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the AWS Console. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -21,8 +21,8 @@ Configuration involves working simultaneously within the Bitwarden [Business Por
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your
[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your
[Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -48,7 +48,7 @@ You'll need the information in this section for a later configuration step. Copy
### Application Properties
In the **Application start URL** field, specify the login URL from which users will access Bitwarden. For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain/#/sso`.
In the **Application start URL** field, specify the login URL from which users will access Bitwarden. For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain/#/sso`.
### Application metadata
@@ -60,8 +60,8 @@ Configure the following fields:
|Field|Description|
|-----|-----------|
|Application ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retreived from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.|
|Application SAML audience|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Application ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retreived from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.|
|Application SAML audience|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
When you're finished, select **Save changes**.
@@ -133,7 +133,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit
{% image sso/sso-button-lg.png Enterprise Single Sign-On button %}
Enter the [configured Organiztion Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AWS SSO login screen:
Enter the [configured Organiztion Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AWS SSO login screen:
{% image sso/cheatsheets/saml-aws/aws-login.png AWS login screen %}

16
_articles/login-with-sso/saml-azure.md
View File

@@ -9,9 +9,9 @@ tags: [sso, saml, azure]
order:
---
This article contains **Azure-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **Azure-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal) and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -21,8 +21,8 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your
[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your
[Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -60,9 +60,9 @@ Select the **Edit** button and configure the following fields:
|Field|Description|
|-----|-----------|
|Identifier (Entity ID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Reply URL (Assertion Consumer Service URL)|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retreived from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.|
|Sign on URL|Set this field to the login URL from which users will access Bitwarden.<br><br>For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by you [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your-domain.com/#/sso`.|
|Identifier (Entity ID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Reply URL (Assertion Consumer Service URL)|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retreived from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.|
|Sign on URL|Set this field to the login URL from which users will access Bitwarden.<br><br>For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by you [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your-domain.com/#/sso`.|
### User Attributes & Claims
@@ -139,7 +139,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit
{% image sso/sso-button-lg.png Enterprise Single Sign-On button %}
Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Microsoft login screen:
Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Microsoft login screen:
{% image sso/cheatsheets/saml-azure/az-login.png Azure login screen %}

12
_articles/login-with-sso/saml-duo.md
View File

@@ -8,9 +8,9 @@ hidden: true
tags: [sso, saml, duo]
order:
---
This article contains **Duo-specific** help for configuring Login with SSO via SAML 2.0 For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **Duo-specific** help for configuring Login with SSO via SAML 2.0 For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously between the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Duo Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously between the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Duo Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -24,7 +24,7 @@ Configuration involves working simultaneously between the Bitwarden [Business Po
This article assumes that you have already set up Duo with an Identity Provider. If you haven't, see [Duo's documentation](https://duo.com/docs/sso#saml){:target="\_blank"} for details.
{% endcallout %}
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -62,9 +62,9 @@ Select the **Download certificate** button to download your X.509 Certificate, a
|Field|Description|
|-----|-----------|
|Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso.saml2`.|
|Assertion Consumer Service (ACS) URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|Service Provider Login URL|Set this field to the login URL from which users will access Bitwarden.<br><br>For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`.|
|Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso.saml2`.|
|Assertion Consumer Service (ACS) URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|Service Provider Login URL|Set this field to the login URL from which users will access Bitwarden.<br><br>For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`.|
### SAML Response

14
_articles/login-with-sso/saml-google.md
View File

@@ -9,9 +9,9 @@ tags: [sso, saml, google]
order:
---
This article contains **Google Workspace-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **Google Workspace-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Google Workspace Admin console. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Google Workspace Admin console. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -21,7 +21,7 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -53,9 +53,9 @@ On the Service provider details screen, configure the following fields:
|Field|Description|
|-----|-----------|
|ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.|
|Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Start URL|Optionally, set this field to the login URL from which users will access Bitwarden.<br><br>For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`.|
|ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain/sso/your-org-id/Acs`.|
|Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Start URL|Optionally, set this field to the login URL from which users will access Bitwarden.<br><br>For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`.|
|Signed response|Check this box if you want Workspace to sign SAML responses. If not checked, Workspace will sign only the SAML assertion.|
|Name ID format|Set this field to the [SAML NameID format](https://docs.oracle.com/cd/E19316-01/820-3886/ggwbz/index.html){:target="\_blank"} for Workspace to use in SAML responses.|
|Name ID|Select the Workspace user attribute to populate NameID.|
@@ -129,7 +129,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit
{% image sso/sso-button-lg.png Enterprise Single Sign-On button %}
Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Google Workspace login screen:
Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Google Workspace login screen:
{% image sso/cheatsheets/saml-google/g-login.png Login %}

12
_articles/login-with-sso/saml-jumpcloud.md
View File

@@ -9,9 +9,9 @@ tags: [sso, saml, jumpcloud]
order:
---
This article contains **JumpCloud-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **JumpCloud-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the JumpCloud Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the JumpCloud Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -21,7 +21,7 @@ Configuration involves working simultaneously within the Bitwarden [Business Por
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -56,8 +56,8 @@ In the **Single Sign-On Configuration** section, configure the following informa
|Field|Description|
|-----|-----------|
|IdP Entity ID|Set this field to a unique, Bitwarden-specific value, e.g. `bitwardensso_yourcompany`.|
|SP Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|SP Entity ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|ACS URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
#### Custom SAML App Only
@@ -69,7 +69,7 @@ If you created a Custom SAML App, you'll also need to configure the following **
|SAMLSubject NameID Format|Specify the format of the NameID sent in SAML responses.|
|Signature Algoritm|Select the algorithm to use to sign SAML assertions or reponses.|
|Sign Assertion|By default, JumpCloud will sign the SAML response. Check this box the sign the SAML assertion.|
|Login URL|Specify the URL from which your users will login to Bitwarden via SSO. For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`. |
|Login URL|Specify the URL from which your users will login to Bitwarden via SSO. For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/#/sso`. |
### Attributes

14
_articles/login-with-sso/saml-keycloak.md
View File

@@ -8,9 +8,9 @@ hidden: true
tags: [sso, saml, keyclock]
order:
---
This article contains **Keycloak-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **Keycloak-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal) and the Keycloak Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously with the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal) and the Keycloak Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -20,8 +20,8 @@ Configuration involves working simultaneously with the Bitwarden [Business Porta
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your
[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your
[Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -37,7 +37,7 @@ On the **Add Client** screen, configure the following settings:
|Field|Description|
|-----|-----------|
|Client ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Client ID|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Client Protocol|Select `saml`.|
|Client SAML Endpoint|Enter your master SAML processing URL, for example `https://<keycloak_domain>/auth/realms/master/protocol/saml`.|
@@ -56,7 +56,7 @@ On the **Settings** tab, configure the following options:
|Signature Algorithm|If **Sign Assertions** is enabled, select what algorithm to sign with (`sha-256` by default).|
|Name ID Format|Select the Name ID Format for Keycloak to use in SAML responses.|
|Valid Redirect URLs|Set this field to the pre-generated Assertion Consumer Service (ACS) URL retreived from the Bitwarden SSO configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your configured server URL, for example `https://your.domain/sso/your-org-id/Acs`.|
|Base URL|Set this field to the login URL from which users will access Bitwarden.<br><br>For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by you [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your-domain.com/#/sso`.|
|Base URL|Set this field to the login URL from which users will access Bitwarden.<br><br>For Cloud-hosted customers, this is always `https://vault.bitwarden.com/#/sso`. For self-hosted instances, this is determined by you [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your-domain.com/#/sso`.|
|Master SAML Processing URL|If not automatically filled in, set this field to your master SAML processing URL, for example `https://<keycloak_domain>/auth/realms/master/protocol/saml`.|
#### Fine Grain SAML Endpoint Configuration
@@ -194,7 +194,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit
{% image sso/sso-button-lg.png Enterprise Single Sign-On button %}
Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Keycloak login screen:
Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Keycloak login screen:
{% image sso/cheatsheets/saml-keycloak/keycloak-login.png Keycloak Login Screen %}

14
_articles/login-with-sso/saml-okta.md
View File

@@ -9,9 +9,9 @@ tags: [sso, saml, okta]
order:
---
This article contains **Okta-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **Okta-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -21,8 +21,8 @@ Configuration involves working simultaneously within the Bitwarden [Business Por
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your
[Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your
[Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -54,8 +54,8 @@ On the **Configure SAML** screen, configure the following fields:
|Field|Description|
|-----|-----------|
|Single sign on URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|Audience URI (SP Entity ID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Single sign on URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|Audience URI (SP Entity ID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2`.|
|Name ID format|Select the [SAML NameID format](https://docs.oracle.com/cd/E19316-01/820-3886/ggwbz/index.html){:target="\_blank"} to use in SAML assertions. By default, **Unspecified**.|
|Application username|Select the Okta attribute users will use to login to Bitwarden.|
@@ -145,7 +145,7 @@ Once your configuration is complete, test it by navigating to [https://vault.bit
{% image sso/sso-button-lg.png Enterprise Single Sign-On button %}
Enter the [configured Organization Identifier]({{site.baseurl}}/article/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Okta login screen:
Enter the [configured Organization Identifier]({{site.baseurl}}/configure-sso-saml/#step-1-enabling-login-with-sso) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Okta login screen:
{% image sso/cheatsheets/saml-okta/okta-login.png Log in with Okta %}

10
_articles/login-with-sso/saml-onelogin.md
View File

@@ -8,9 +8,9 @@ hidden: true
tags: [sso, saml, onelogin]
order:
---
This article contains **OneLogin-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/article/configure-sso-saml/).
This article contains **OneLogin-specific** help for configuring Login with SSO via SAML 2.0. For help configuring Login with SSO for another IdP, refer to [SAML 2.0 Configuration]({{site.baseurl}}/configure-sso-saml/).
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/article/about-business-portal/) and the OneLogin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
Configuration involves working simultaneously within the Bitwarden [Business Portal]({{site.baseurl}}/about-business-portal/) and the OneLogin Portal. As you proceed, we recommend having both readily available and completing steps in the order they're documented.
{% callout success %}
**Already an SSO expert?** Skip the instructions in this article and download screenshots of sample configurations to compare against your own.
@@ -20,7 +20,7 @@ Configuration involves working simultaneously within the Bitwarden [Business Por
## Open the Business Portal
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/article/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/article/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/article/about-business-portal/) and navigate to the SSO Configuration screen:
If you're coming straight from [SAML 2.0 Configuration]({{site.baseurl}}/sso-configure-saml/), you should already have an [Organization ID created](https://bitwarden.com/help/configure-sso-saml/#step-1-enabling-login-with-sso) and the SSO Configuration screen open. If you don't, open your [Business Portal]({{site.baseurl}}/about-business-portal/) and navigate to the SSO Configuration screen:
{% image sso/sso-saml1.png SAML 2.0 Configuration %}
@@ -46,10 +46,10 @@ Select **Configuration** from the left-hand navigation and configure the followi
|Application Setting|Description|
|----------------|-----------|
|Audience (EntityID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso.saml2`.|
|Audience (EntityID)|Set this field to the pre-generated **SP Entity ID** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso.saml2`.|
|Recipient|Set this field to the same pre-generated **SP Entity ID** used for the **Audience (Entity ID)** setting.|
|ACS (Consumer) URL Validator|Despite being marked **Required** by OneLogin, you don't actually need to enter information into this field to integrate with Bitwarden. Skip to the next field, **ACS (Consumer) URL**.|
|ACS (Consumer) URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/article/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|ACS (Consumer) URL|Set this field to the pre-generated **Assertion Consumer Service (ACS) URL** retrieved from the Bitwarden SSO Configuration screen.<br><br>For Cloud-hosted customers, this is always `https://sso.bitwarden.com/saml2/your-org-id/Acs`. For self-hosted instances, this is determined by your [configured server URL]({{site.baseurl}}/install-on-premise/#configure-your-domain), for example `https://your.domain.com/sso/saml2/your-org-id/Acs`.|
|SAML initiator|Select **Service Provider**. Login with SSO does not currently support IdP-initiated SAML assertions.|
|SAML nameID Format|Set this field to the [SAML NameID Format](https://docs.oracle.com/cd/E19316-01/820-3886/ggwbz/index.html){:target="\_blank"} you want to use for SAML assertions.|
|SAML signature element|By default, OneLogin will sign the SAML Response. You can set this to **Assertion** or **Both**, and |

4
_articles/login-with-sso/sso-access-your-vault.md
View File

@@ -9,7 +9,7 @@ order: "06"
---
## Before You Begin
If you are an existing Bitwarden user, you must [Link an Existing Account to SSO](https://bitwarden.com/help/article/link-to-sso/) before authenticating into your Vault using Login with SSO.
If you are an existing Bitwarden user, you must [Link an Existing Account to SSO](https://bitwarden.com/help/link-to-sso/) before authenticating into your Vault using Login with SSO.
## Logging in with SSO
@@ -39,5 +39,5 @@ In both cases, your account now has an *accepted* status within your Organizatio
{% callout info %}
Users that are created via Login with SSO **will still be properly organized into their groups and collections** if leveraging the [Directory Connector](https://bitwarden.com/help/article/directory-sync/) utility.
Users that are created via Login with SSO **will still be properly organized into their groups and collections** if leveraging the [Directory Connector](https://bitwarden.com/help/directory-sync/) utility.
{% endcallout %}

2
_articles/miscellaneous/auto-fill-android-troubleshooting.md
View File

@@ -17,7 +17,7 @@ Depending on the version of Android your device is running, there are a few diff
|Draw-Over|Android 6+|Accessibility|
|Accessibility|All Android Versions|-|
For instructions on setting up auto-fill on Android, see [Auto-fill Logins]({{site.baseurl}}/article/auto-fill-android/).
For instructions on setting up auto-fill on Android, see [Auto-fill Logins]({{site.baseurl}}/auto-fill-android/).
### Troubleshooting the Autofill Service

8
_articles/miscellaneous/cli-auth-challenges.md
View File

@@ -7,7 +7,7 @@ popular: false
tags: [cli, captcha]
---
The August 2021 release of Bitwarden (**2021-08-18**) introduced [Captcha](https://www.hcaptcha.com/about){:target="\_blank"} requirements to increase security against bot traffic. On the CLI, Captcha challenges are substituted with authentication challenges that can validated using your account's [Personal API Key]({{site.baseurl}}/article/personal-api-key) `client_secret`.
The August 2021 release of Bitwarden (**2021-08-18**) introduced [Captcha](https://www.hcaptcha.com/about){:target="\_blank"} requirements to increase security against bot traffic. On the CLI, Captcha challenges are substituted with authentication challenges that can validated using your account's [Personal API Key]({{site.baseurl}}/personal-api-key) `client_secret`.
## Get your Personal API Key
@@ -23,7 +23,7 @@ To get your Personal API Key:
Depending on your preferences, you can [save an environment variable](#answer-challenges-with-an-environment-variable) to automatically pass authentication challenges or [manually enter](#using-the-prompt) your `client_secret` whenever a challenge is made:
{% callout success %}
Aside from using environment variable, any possible challenge is automatically bypassed when using the `bw login --apikey` method. [Learn more]({{site.baseurl}}/article/cli/#using-an-api-key).
Aside from using environment variable, any possible challenge is automatically bypassed when using the `bw login --apikey` method. [Learn more]({{site.baseurl}}/cli/#using-an-api-key).
{% endcallout %}
### Answer Challenges with an Environment Variable
@@ -41,7 +41,7 @@ env:BW_CLIENTSECRET="client_secret"
```
{% callout warning %}
If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API Key]({{site.baseurl}}/article/personal-api-key/#rotate-your-api-key) since saving the variable. [Use the above steps](#get-your-personal-api-key) to retrieve the correct value.
If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API Key]({{site.baseurl}}/personal-api-key/#rotate-your-api-key) since saving the variable. [Use the above steps](#get-your-personal-api-key) to retrieve the correct value.
{% endcallout %}
### Answer Challenges Manually
@@ -51,5 +51,5 @@ When an authentication challenge is made and no `BW_CLIENTSECRET` value is found
{% image cli/cli-captcha-1-markup.png Login Prompt with Auth Challenge %}
{% callout warning %}
If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API Key]({{site.baseurl}}/article/personal-api-key/#rotate-your-api-key) since saving the variable. [Use the above steps](#get-your-personal-api-key) to retrieve the correct value.
If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API Key]({{site.baseurl}}/personal-api-key/#rotate-your-api-key) since saving the variable. [Use the above steps](#get-your-personal-api-key) to retrieve the correct value.
{% endcallout %}

40
_articles/miscellaneous/cli.md
View File

@@ -144,7 +144,7 @@ Logging in with email and password authenticates you with Bitwarden servers, syn
bw login
```
This command will initiate a prompt for your **Email address**, **Master password**, and (if [enabled]({{site.baseurl}}/article/setup-two-step-login/)) a **Two-step login code**.
This command will initiate a prompt for your **Email address**, **Master password**, and (if [enabled]({{site.baseurl}}/setup-two-step-login/)) a **Two-step login code**.
{% callout info %}
You *can* string this together into a single command as in the following example, however this is not recommended for security reasons.
@@ -159,10 +159,10 @@ See [Appendices &rarr; Enums](#enums) for `<method>` values.
### Using an API key
{% callout success %}
**Getting prompted for additional authentication** or getting a `Your authentication request appears to be coming from a bot.` error? Use your API Key `client_secret` to answer the authentication challenge. [Learn more]({{site.baseurl}}/article/cli-auth-challenges/).
**Getting prompted for additional authentication** or getting a `Your authentication request appears to be coming from a bot.` error? Use your API Key `client_secret` to answer the authentication challenge. [Learn more]({{site.baseurl}}/cli-auth-challenges/).
{% endcallout %}
Logging in with a [Personal API Key]({{site.baseurl}}/article/personal-api-key/) authenticates you with Bitwarden servers, syncs your Vault, but **does not unlock your Vault**. After logging in with an API key, you will be required to unlock your Vault using your Master Password. To log in with an API key use:
Logging in with a [Personal API Key]({{site.baseurl}}/personal-api-key/) authenticates you with Bitwarden servers, syncs your Vault, but **does not unlock your Vault**. After logging in with an API key, you will be required to unlock your Vault using your Master Password. To log in with an API key use:
```
bw login --apikey
@@ -177,7 +177,7 @@ If you don't want to be prompted for the `client_id` and `client_secret` every t
### Using SSO
Logging in with [SSO]({{site.baseurl}}/article/about-sso/) authenticates you with Bitwarden servers, syncs your Vault, but **does not unlock your Vault**. After logging in with SSO, you will be required to unlock your Vault using your Master Password. To log in with SSO use:
Logging in with [SSO]({{site.baseurl}}/about-sso/) authenticates you with Bitwarden servers, syncs your Vault, but **does not unlock your Vault**. After logging in with SSO, you will be required to unlock your Vault using your Master Password. To log in with SSO use:
```
bw login --sso
@@ -187,7 +187,7 @@ This command will initiate the SSO authentication flow in your web browser.
### Two-step login
The CLI currently supports [two-step login]({{site.baseurl}}/article/setup-two-step-login/) via [authenticator]({{site.baseurl}}/article/setup-two-step-login-authenticator/), [email]({{site.baseurl}}/article/setup-two-step-login-email/), or [Yubikey]({{site.baseurl}}/article/setup-two-step-login-yubikey/). If you have one of these methods enabled, you will be required to enter your two-step login code to log in. If you have multiple methods enabled, you will be prompted first to select which method to use.
The CLI currently supports [two-step login]({{site.baseurl}}/setup-two-step-login/) via [authenticator]({{site.baseurl}}/setup-two-step-login-authenticator/), [email]({{site.baseurl}}/setup-two-step-login-email/), or [Yubikey]({{site.baseurl}}/setup-two-step-login-yubikey/). If you have one of these methods enabled, you will be required to enter your two-step login code to log in. If you have multiple methods enabled, you will be prompted first to select which method to use.
{% callout info %}
You *can* pass your two-step login method and code as options, as in the following example.
@@ -418,7 +418,7 @@ The `delete` command deletes an object from your Vault. `delete` takes **only an
bw delete (item|attachment|folder|org-collection) <id> [options]
```
By default, `delete` will "soft delete" an item (i.e. send it to the [Trash]({{site.baseurl}}/article/managing-items/#items-in-the-trash)). You can permanently delete an item using the `-p, --permanent` option.
By default, `delete` will "soft delete" an item (i.e. send it to the [Trash]({{site.baseurl}}/managing-items/#items-in-the-trash)). You can permanently delete an item using the `-p, --permanent` option.
```
bw delete item 7063feab-4b10-472e-b64c-785e2b870b92 --permanent
@@ -446,7 +446,7 @@ bw restore item 7063feab-4b10-472e-b64c-785e2b870b92
### send
The `send` command creates a [Bitwarden Send]({{site.baseurl}}/article/about-send) object for ephemeral sharing. This section will detail simple `send` operations, however Send is a highly flexible tool and we recommend referring to the dedicated article on [Send from CLI]({{site.baseurl}}/article/send-cli).
The `send` command creates a [Bitwarden Send]({{site.baseurl}}/about-send) object for ephemeral sharing. This section will detail simple `send` operations, however Send is a highly flexible tool and we recommend referring to the dedicated article on [Send from CLI]({{site.baseurl}}/send-cli).
To create a simple text Send:
@@ -462,7 +462,7 @@ bw send -n "A Sensitive File" -d 14 -f /Users/my_account/Documents/sensitive_fil
### receive
The `receive` command accesses a [Bitwarden Send]({{site.baseurl}}/article/about-send) object. To receive a Send object:
The `receive` command accesses a [Bitwarden Send]({{site.baseurl}}/about-send) object. To receive a Send object:
```
bw receive --password passwordforaccess https://vault.bitwarden.com/#/send/yawoill8rk6VM6zCATXv2A/9WN8wD-hzsDJjfnXLeNc2Q
@@ -472,7 +472,7 @@ bw receive --password passwordforaccess https://vault.bitwarden.com/#/send/yawoi
### Organization IDs
Accessing an Organization from the CLI frequently requires knowledge of an ID for your Organization, as well as IDs for individual [members]({{site.baseurl}}/article/managing-users/) and [Collections]({{site.baseurl}}/article/about-collections/).
Accessing an Organization from the CLI frequently requires knowledge of an ID for your Organization, as well as IDs for individual [members]({{site.baseurl}}/managing-users/) and [Collections]({{site.baseurl}}/about-collections/).
Retrieve this information directly from the CLI using `bw list`, for example:
@@ -489,10 +489,10 @@ You can `bw list` both `collections` and `org-collections`. `bw list collections
### move
{% callout info %}
**August 2021**: The `share` command has been changed to `move`. [Find out more]({{site.baseurl}}/article/releasenotes/).
**August 2021**: The `share` command has been changed to `move`. [Find out more]({{site.baseurl}}/releasenotes/).
{% endcallout %}
The `move` command transfers a Vault item [to an Organization]({{site.baseurl}}/article/sharing/):
The `move` command transfers a Vault item [to an Organization]({{site.baseurl}}/sharing/):
```
bw move <itemid> <organizationid> [encodedJson]
@@ -508,7 +508,7 @@ Upon success, the updated item will be returned.
### confirm
The `confirm` command confirms [invited members]({{site.baseurl}}/article/managing-users/#confirm-invited-users) to your Organization who have accepted their invitation:
The `confirm` command confirms [invited members]({{site.baseurl}}/managing-users/#confirm-invited-users) to your Organization who have accepted their invitation:
```
bw confirm org-member <id> --organizationid <orgid>
@@ -530,7 +530,7 @@ The `config` command specifies settings for the Bitwarden CLI to use:
bw config <setting> [value]
```
A primary use of `bw config` is to [connect your CLI to a self-hosted]({{site.baseurl}}/article/change-client-environment/#cli) Bitwarden server:
A primary use of `bw config` is to [connect your CLI to a self-hosted]({{site.baseurl}}/change-client-environment/#cli) Bitwarden server:
```
bw config server https://your.bw.domain.com
@@ -590,7 +590,7 @@ bw import lastpasscsv /Users/myaccount/Documents/mydata.csv
```
{% callout success %}
Bitwarden supports lots of formats for import, too many to list here! Use `bw import --formats` to return the list in your CLI, or [see here]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import).
Bitwarden supports lots of formats for import, too many to list here! Use `bw import --formats` to return the list in your CLI, or [see here]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import).
{% endcallout %}
### export
@@ -759,7 +759,7 @@ The following tables enumerate values required in documented scenarios:
#### Two-step Login Methods
Used to specify which [Two-step Login method]({{site.baseurl}}/article/setup-two-step-login/) to use when [logging in](#log-in):
Used to specify which [Two-step Login method]({{site.baseurl}}/setup-two-step-login/) to use when [logging in](#log-in):
| Name | Value |
|---------------|-------|
@@ -773,7 +773,7 @@ FIDO2 and Duo are not supported by the CLI.
#### Item Types
Used with the `create` command to specify a [Vault item type]({{site.baseurl}}/article/managing-items/):
Used with the `create` command to specify a [Vault item type]({{site.baseurl}}/managing-items/):
| Name | Value |
|-------------|-------|
@@ -784,7 +784,7 @@ Used with the `create` command to specify a [Vault item type]({{site.baseurl}}/a
#### Login URI Match Types
Used with the `create` and `edit` commands to specify [URI match detection]({{site.baseurl}}/article/uri-match-detection/) behavior:
Used with the `create` and `edit` commands to specify [URI match detection]({{site.baseurl}}/uri-match-detection/) behavior:
| Name | Value |
|--------------------|-------|
@@ -797,7 +797,7 @@ Used with the `create` and `edit` commands to specify [URI match detection]({{si
#### Field Types
Used with the `create` and `edit` commands to configure [custom fields]({{site.baseurl}}/article/custom-fields/):
Used with the `create` and `edit` commands to configure [custom fields]({{site.baseurl}}/custom-fields/):
| Name | Value |
|---------|-------|
@@ -807,7 +807,7 @@ Used with the `create` and `edit` commands to configure [custom fields]({{site.b
#### Organization User Types
Indicates a [user's type]({{site.baseurl}}/article/user-types-access-control/):
Indicates a [user's type]({{site.baseurl}}/user-types-access-control/):
| Name | Value |
|---------|-------|
@@ -818,7 +818,7 @@ Indicates a [user's type]({{site.baseurl}}/article/user-types-access-control/):
#### Organization User Statuses
Indicates a user's [status within the Organization]({{site.baseurl}}/article/managing-users/):
Indicates a user's [status within the Organization]({{site.baseurl}}/managing-users/):
| Name | Value |
|-----------|-------|

4
_articles/miscellaneous/personal-api-key.md
View File

@@ -10,7 +10,7 @@ tags: [api key, cli]
Your Bitwarden Personal API Key can be used as an alternative method for authenticating into the Command Line Interface (CLI).
{% callout info %}
Your Personal API Key is **not the same** as the [Organization API Key]({{site.baseurl}}/article/public-api/#authentication) used to access the [Bitwarden Public API]({{site.baseurl}}/article/public-api/) or [Directory Connector]({{site.baseurl}}/article/directory-sync/). Personal API Keys will have a `client_id` with format `"user.clientId"`, while Organization API Keys will have a `client_id` with format `"organization.ClientId"`.
Your Personal API Key is **not the same** as the [Organization API Key]({{site.baseurl}}/public-api/#authentication) used to access the [Bitwarden Public API]({{site.baseurl}}/public-api/) or [Directory Connector]({{site.baseurl}}/directory-sync/). Personal API Keys will have a `client_id` with format `"user.clientId"`, while Organization API Keys will have a `client_id` with format `"organization.ClientId"`.
{% endcallout %}
## Get Your Personal API Key
@@ -39,7 +39,7 @@ To use your API Key to authenticate into the CLI, enter the following command:
```
bw login --apikey
```
which will prompt you to enter the obtained `client_id` and `client_secret` to authenticate. Once you enter these values, enter your Master Password to decrypt your Vault. For more information, see [Bitwarden command line tool (CLI)](https://bitwarden.com/help/article/cli/).
which will prompt you to enter the obtained `client_id` and `client_secret` to authenticate. Once you enter these values, enter your Master Password to decrypt your Vault. For more information, see [Bitwarden command line tool (CLI)](https://bitwarden.com/help/cli/).
### Environment Variables

2
_articles/organizations/about-business-portal.md
View File

@@ -13,6 +13,6 @@ The Bitwarden Business Portal is a dedicated space for administrators to configu
{% image organizations/business-portal-button-overlay.png Business Portal button %}
The Bitwarden Business Portal provides access to configuration for [Single Sign-On]({{site.baseurl}}/article/about-sso/) and [Policies]({{site.baseurl}}/article/policies/) for your Organization.
The Bitwarden Business Portal provides access to configuration for [Single Sign-On]({{site.baseurl}}/about-sso/) and [Policies]({{site.baseurl}}/policies/) for your Organization.
{% image organizations/business-portal.png Bitwarden Business Portal %}

16
_articles/organizations/about-collections.md
View File

@@ -7,15 +7,15 @@ popular: false
tags: [collections, access control, best practices]
order: "02"
redirect_from:
- /article/collections/
- /article/create-collections/
- /collections/
- /create-collections/
---
## What are Collections?
Collections gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/article/sharing/) from an Organization. Think of Collections as Organization-equivalents to the [Folders]({{site.baseurl}}/article/folders/) used to organize a Personal Vault, with a few key differences:
Collections gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/sharing/) from an Organization. Think of Collections as Organization-equivalents to the [Folders]({{site.baseurl}}/folders/) used to organize a Personal Vault, with a few key differences:
- Organizations control access to Organization-owned items by assigning users or [Groups]({{site.baseurl}}/article/about-groups/) to Collections.
- Organizations control access to Organization-owned items by assigning users or [Groups]({{site.baseurl}}/about-groups/) to Collections.
- Organization-owned items **must** be included in at least one Collection.
### Using Collections
@@ -24,7 +24,7 @@ For many Organizations, using Collections means adding a set of Vault items and
{% image organizations/collections-graphic-1.png Using Collections %}
Teams and Enterprise Organizations can also designate access to Collections based on user [Groups]({{site.baseurl}}/article/about-groups/), rather than individual users. Group-Collection associations provide a deeper level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:
Teams and Enterprise Organizations can also designate access to Collections based on user [Groups]({{site.baseurl}}/about-groups/), rather than individual users. Group-Collection associations provide a deeper level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:
{% image organizations/collections-graphic-2.png Using Collections with Groups%}
@@ -32,15 +32,15 @@ Other common methodologies include **Collections by Vendor or System** (i.e. use
## Create a Collection
Organization [Managers (or higher)]({{site.baseurl}}/article/user-types-access-control/) and [Provider Users]({{site.baseurl}}/article/provider-users/provider-user-types) can create and manage Collections. To create a Collection:
Organization [Managers (or higher)]({{site.baseurl}}/user-types-access-control/) and [Provider Users]({{site.baseurl}}/provider-users/provider-user-types) can create and manage Collections. To create a Collection:
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Manage** tab and select the {% icon fa-plus %} **New Collection** button:
{% image organizations/collection-list-overlay.png Select New Collection %}
3. Give your Collection a **Name** and, if you're a Teams or Enterprise Organization, assign **Group Access** to any existing [Group]({{site.baseurl}}/article/about-groups/).
3. Give your Collection a **Name** and, if you're a Teams or Enterprise Organization, assign **Group Access** to any existing [Group]({{site.baseurl}}/about-groups/).
{% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/article/directory-sync/).{% endcallout %}
{% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/directory-sync/).{% endcallout %}
4. Select **Save** to finish creating your Collection.
### Nested Collections

20
_articles/organizations/about-groups.md
View File

@@ -7,21 +7,21 @@ popular: false
tags: [groups, access control]
order: "03"
redirect_from:
- /article/groups/
- /article/create-groups/
- /groups/
- /create-groups/
---
## What are Groups?
Groups relate together individual users, and provide a scalable way to assign permissions, including access to [Collections]({{site.baseurl}}/article/about-collections) and other [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control). When [onboarding new users]({{site.baseurl}}/article/managing-users/), add them to a Group to have them automatically inherit that Group's configured permissions.
Groups relate together individual users, and provide a scalable way to assign permissions, including access to [Collections]({{site.baseurl}}/about-collections) and other [access controls]({{site.baseurl}}/user-types-access-control/#access-control). When [onboarding new users]({{site.baseurl}}/managing-users/), add them to a Group to have them automatically inherit that Group's configured permissions.
{% callout info %}
Groups are available to [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations).
Groups are available to [Teams and Enterprise Organizations]({{site.baseurl}}/about-organizations/#types-of-organizations).
{% endcallout %}
### Using Groups
Teams and Enterprise Organizations can designate access to [Collections]({{site.baseurl}}/article/about-collections/) based on user Groups, rather than individual users. Group-Collection associations provide a deep level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:
Teams and Enterprise Organizations can designate access to [Collections]({{site.baseurl}}/about-collections/) based on user Groups, rather than individual users. Group-Collection associations provide a deep level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:
{% image organizations/collections-graphic-2.png Using Collections with Groups%}
@@ -29,18 +29,18 @@ Other common methodologies include **Collections by Vendor or System** (i.e. use
## Create a Group
Organization [Admins (or higher)]({{site.baseurl}}/article/user-types-access-control/#user-types) and [Provider Users]({{site.baseurl}}/article/provider-users/provider-user-types) can create and manage Groups. To create a Group:
Organization [Admins (or higher)]({{site.baseurl}}/user-types-access-control/#user-types) and [Provider Users]({{site.baseurl}}/provider-users/provider-user-types) can create and manage Groups. To create a Group:
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Manage** tab and select **Groups** from the left-hand menu.
3. On the Groups screen, select the {% icon fa-plus %} **New Group** button.
{% image organizations/groups-newgroup.png New Group %}
4. Give your Group a **Name** and assign the desired [Access Control]({{site.baseurl}}/article/user-types-access-control/#access-control).
4. Give your Group a **Name** and assign the desired [Access Control]({{site.baseurl}}/user-types-access-control/#access-control).
Access Controls can designate that users can access all items (i.e. all Collections) or only specific Collections, as well as whether [Passwords are hidden or Logins are read-only]({{site.baseurl}}/article/user-types-access-control/#granular-access-control).
Access Controls can designate that users can access all items (i.e. all Collections) or only specific Collections, as well as whether [Passwords are hidden or Logins are read-only]({{site.baseurl}}/user-types-access-control/#granular-access-control).
{% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/article/directory-sync/).{% endcallout %}
{% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/directory-sync/).{% endcallout %}
5. Select **Save** to finish creating your Group.
### Assign Users to Group(s)
@@ -59,7 +59,7 @@ You can check which users belong to a Group from the **Manage** &rarr; **Groups*
### Edit Collections Assignments
If you want to change the [Collections]({{site.baseurl}}/article/about-collections/) or [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control) assigned to a Group:
If you want to change the [Collections]({{site.baseurl}}/about-collections/) or [access controls]({{site.baseurl}}/user-types-access-control/#access-control) assigned to a Group:
1. In your Organization Vault, open the **Manage** tab and select **Groups** from the left-hand menu.
2. Select the group you want to edit.

28
_articles/organizations/about-organizations.md
View File

@@ -7,40 +7,40 @@ popular: true
tags: [organizations]
order: "01"
redirect_from:
- /article/what-is-an-organization/
- /article/create-an-organization/
- /what-is-an-organization/
- /create-an-organization/
---
## What are Organizations?
Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/article/sharing/) of Logins, Notes, Cards, and Identities. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/article/user-types-access-control/) can manage the Organization's items, users, and settings:
Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/sharing/) of Logins, Notes, Cards, and Identities. Organizations have a unique Vault, where [administrators]({{site.baseurl}}/user-types-access-control/) can manage the Organization's items, users, and settings:
{% image organizations/org-vault-admin.png Organization Vault %}
Members of an Organization will find shared items ({% icon fa-cube%}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/article/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/article/folders/) organize personal items:
Members of an Organization will find shared items ({% icon fa-cube%}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/folders/) organize personal items:
{% image organizations/personal-vault-org-enabled.png Access shared items %}
### Types of Organizations
Bitwarden offers a variety of types of Organizations to meet your business's or family's needs. For feature-by-feature breakdowns of each Organization type, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/).
Bitwarden offers a variety of types of Organizations to meet your business's or family's needs. For feature-by-feature breakdowns of each Organization type, see [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/).
|Type|Description|
|----|-----------|
|Free Organizations|Free Organizations allow 2 users to securely share in up to 2 [Collections]({{site.baseurl}}/article/about-collections/).|
|Families Organizations|Families Organizations allow 6 users to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/).|
|Teams Organizations|Teams Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/) and offer a suite of operational tools like [Event Logs]({{site.baseurl}}/article/event-logs/).|
|Enterprise Organizations|Enterprise Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/article/about-collections/) and add enterprise-only features like [Login with SSO]({{site.baseurl}}/article/about-sso/) and [Policies]({{site.baseurl}}/article/policies/) to Bitwarden's suite of operational tools.|
|Free Organizations|Free Organizations allow 2 users to securely share in up to 2 [Collections]({{site.baseurl}}/about-collections/).|
|Families Organizations|Families Organizations allow 6 users to securely share in unlimited [Collections]({{site.baseurl}}/about-collections/).|
|Teams Organizations|Teams Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/about-collections/) and offer a suite of operational tools like [Event Logs]({{site.baseurl}}/event-logs/).|
|Enterprise Organizations|Enterprise Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited [Collections]({{site.baseurl}}/about-collections/) and add enterprise-only features like [Login with SSO]({{site.baseurl}}/about-sso/) and [Policies]({{site.baseurl}}/policies/) to Bitwarden's suite of operational tools.|
### Comparing Organizations with Premium
The key thing to know is that Organizations enable **secure sharing from Organizations to users**. [Premium Individual plans]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.**
The key thing to know is that Organizations enable **secure sharing from Organizations to users**. [Premium Individual plans]({{site.baseurl}}/about-bitwarden-plans/#premium-individual) unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium Individual **does not include secure data sharing.**
Paid Organizations (Families, Teams, or Enterprise) automatically include those premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), etc.) for **every** user enrolled in the Organization.
### Comparing Organizations with Providers
[Providers]({{site.baseurl}}/article/providers) are Vault-administration entities that allow businesses like Managed Service Providers (MSPs) to quickly create and administer **multiple Bitwarden Organizations** on behalf of business customers.
[Providers]({{site.baseurl}}/providers) are Vault-administration entities that allow businesses like Managed Service Providers (MSPs) to quickly create and administer **multiple Bitwarden Organizations** on behalf of business customers.
## Create an Organization
@@ -52,16 +52,16 @@ Organizations are created and managed from the [Web Vault](https://vault.bitward
2. Enter an **Organization Name** and a **Billing Email** we can reach you at.
Checking the **This account is owned by a business** checkbox will filter your options down to those suitable for businesses, and prompt your for a **Business name** so we know who to thank!
3. **Choose your Plan**. Bitwarden offers Organizations suited to any need. Check out the [feature-by-feature breakdown]({{site.baseurl}}/article/about-bitwarden-plans/#compare-the-plans-1) to figure out which is best for you.
3. **Choose your Plan**. Bitwarden offers Organizations suited to any need. Check out the [feature-by-feature breakdown]({{site.baseurl}}/about-bitwarden-plans/#compare-the-plans-1) to figure out which is best for you.
{% callout success %}All paid Organization (Families, Teams, or Enterprise) include premium features for all enrolled users!{% endcallout %}
4. If you chose a **Free Organization**, you're all set! If you chose one of our paid Organizations,
- **Families/Teams/Enterprise:** Your plan comes with 1GB of encrypted [storage for attachments]({{site.baseurl}}/article/attachments/). Add **Additional Storage (GB)** for $0.33 per GB per month.
- **Families/Teams/Enterprise:** Your plan comes with 1GB of encrypted [storage for attachments]({{site.baseurl}}/attachments/). Add **Additional Storage (GB)** for $0.33 per GB per month.
- **Teams/Enterprise:** Specify the number of **User Seats** you need for your Organization. You can always add more seats later.
- **Teams/Enterprise:** Choose whether you'd like to be billed **Annually** or **Monthly**. Families Organizations can only be billed annually.
5. Once you're happy with your Organization, enter your **Payment Information** and select **Submit**.
{% callout success %}New Families, Teams, and Enterprise Organization have a 7 day free trial built in! We won't charge you until your trial is over, and you can cancel your subscription at any time from the Organization **Settings** tab.{% endcallout %}
Once you've created your Organization, create a [collection]({{site.baseurl}}/article/about-collections/), [invite users]({{site.baseurl}}/article/managing-users/), and [start sharing]({{site.baseurl}}/article/sharing).
Once you've created your Organization, create a [collection]({{site.baseurl}}/about-collections/), [invite users]({{site.baseurl}}/managing-users/), and [start sharing]({{site.baseurl}}/sharing).

26
_articles/organizations/admin-reset.md
View File

@@ -9,16 +9,16 @@ order: "15"
---
{% callout info %}
Admin Password Reset is available for **Enterprise Organizations** on a current plan. Like Login with SSO, Password Reset is not available to [Classic 2019 Enterprise Organizations]({{site.baseurl}}/article/2020-plan-updates).
Admin Password Reset is available for **Enterprise Organizations** on a current plan. Like Login with SSO, Password Reset is not available to [Classic 2019 Enterprise Organizations]({{site.baseurl}}/2020-plan-updates).
{% endcallout %}
## What is Admin Password Reset?
Admin Password Reset allows [designated administrators](#permissions) to recover Enterprise Organization user accounts and restore access in the event that an employee forgets their [Master Password]({{site.baseurl}}/article/master-password/). Admin Password Reset can be activated for an Organization by [enabling the Admin Password Reset Policy](#activate-admin-password-reset).
Admin Password Reset allows [designated administrators](#permissions) to recover Enterprise Organization user accounts and restore access in the event that an employee forgets their [Master Password]({{site.baseurl}}/master-password/). Admin Password Reset can be activated for an Organization by [enabling the Admin Password Reset Policy](#activate-admin-password-reset).
Individual users must be enrolled (either through [self-enrollment](#self-enroll-in-password-reset) or using the [automatic enrollment policy option](#automatic-enrollment)) to be eligible for password reset, as enrollment triggers the key exchange that makes Admin Password Reset secure.
**Admin Password Reset does not bypass Two-step Login or Login with SSO**. If a [Two-step Login method]({{site.baseurl}}/article/setup-two-step-login/) is enabled for the account or if your Organization [requires SSO Authentication]({{site.baseurl}}/article/policies/#single-sign-on-authentication), you will still be required to use that method to access your Vault after password reset.
**Admin Password Reset does not bypass Two-step Login or Login with SSO**. If a [Two-step Login method]({{site.baseurl}}/setup-two-step-login/) is enabled for the account or if your Organization [requires SSO Authentication]({{site.baseurl}}/policies/#single-sign-on-authentication), you will still be required to use that method to access your Vault after password reset.
### Encryption
@@ -32,12 +32,12 @@ The key pair is generated and encrypted client-side upon creation of a new Organ
- Upgrades from one Organization type to another.
{% endcallout %}
When a member of the Organization [enrolls](#automatic-enrollment) in Admin Password Reset, that user's [encryption key]({{site.baseurl}}/article/account-encryption-key) is encrypted with the Organization's public key. The result is stored as the **Password Reset Key**.
When a member of the Organization [enrolls](#automatic-enrollment) in Admin Password Reset, that user's [encryption key]({{site.baseurl}}/account-encryption-key) is encrypted with the Organization's public key. The result is stored as the **Password Reset Key**.
When an Admin Password Reset action is taken:
1. The Organization private key is decrypted with the Organization symmetric key.
2. The user's **Reset Password Key** is decrypted with the decrypted Organization private key, resulting in the users's [encryption key]({{site.baseurl}}/article/account-encryption-key).
2. The user's **Reset Password Key** is decrypted with the decrypted Organization private key, resulting in the users's [encryption key]({{site.baseurl}}/account-encryption-key).
3. The user's encryption key and Master Password hash are replaced with a *new* encryption key and *new* Master Password hash, seeded from a new Master Password.
4. The user's new encryption key is encrypted with the Organization's public key, replacing the previous **Password Reset Key** with a new one.
@@ -45,21 +45,21 @@ When an Admin Password Reset action is taken:
### Permissions
Admin Password Reset can be executed by [Owners, Admins, and permitted Custom users]({{site.baseurl}}/article/user-types-access-control/). Admin Password Reset uses a hierarchical permission structure to determine who can reset whose Master Password, meaning:
Admin Password Reset can be executed by [Owners, Admins, and permitted Custom users]({{site.baseurl}}/user-types-access-control/). Admin Password Reset uses a hierarchical permission structure to determine who can reset whose Master Password, meaning:
- Any Owner, Admin, or permitted Custom user can reset a **User**, **Manager**, or **Custom User**'s Master Password.
- Only an Admin or Owner can reset an **Admin**'s Master Password.
- Only an Owner can reset another **Owner**'s Master Password.
### Event Logging
[Events]({{site.baseurl}}/article/event-logs/) are logged when:
[Events]({{site.baseurl}}/event-logs/) are logged when:
- A Master Password is reset.
- A user enrolls in Admin Password Reset.
- A user withdraws from Admin Password Reset.
## Activate Admin Password Reset
To activate Master Password Reset for your Enterprise Organization, navigate to the [Business Portal]({{site.baseurl}}/article/about-business-portal/) and enable the [Master Password Reset Policy]({{site.baseurl}}/article/policies/#master-password-reset):
To activate Master Password Reset for your Enterprise Organization, navigate to the [Business Portal]({{site.baseurl}}/about-business-portal/) and enable the [Master Password Reset Policy]({{site.baseurl}}/policies/#master-password-reset):
{% image organizations/pwreset-activate.png Activate Password Reset %}
@@ -67,7 +67,7 @@ Users will need to [self-enroll](#self-enroll-in-password-reset) or [be auto-enr
### Automatic Enrollment
Enabling the Automatic Enrollment policy option will automatically enroll new users in Admin Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/article/managing-users/#accept). Users already in the Organization will not be retroactively enrolled in Admin Password Reset, and will be required to [self-enroll](#self-enroll-in-password-reset).
Enabling the Automatic Enrollment policy option will automatically enroll new users in Admin Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/managing-users/#accept). Users already in the Organization will not be retroactively enrolled in Admin Password Reset, and will be required to [self-enroll](#self-enroll-in-password-reset).
{% callout success %}
If you're automatically enrolling Organization members in Admin Password Reset, we **highly recommend notifying them of this feature**. Many Bitwarden Organization users store personal credentials in their Personal Vault, and should be made aware that Admin Password Reset could allow an administrator to access their Personal Vault.
@@ -87,7 +87,7 @@ Once enrolled, you can **Withdraw** from Password Reset from the same dropdown u
{% image organizations/pwreset-withdraw.png Withdraw from Password Reset %}
Manually changing your Master Password or [rotating your encryption key]({{site.baseurl}}/article/account-encryption-key/) **will not** withdraw you from Admin Password Reset.
Manually changing your Master Password or [rotating your encryption key]({{site.baseurl}}/account-encryption-key/) **will not** withdraw you from Admin Password Reset.
## Reset a Master Password
@@ -103,16 +103,16 @@ To reset a Master Password for a member of your Enterprise Organization:
{% image organizations/pwreset-reset.png Reset Password %}
4. On the Reset Password window, create a **New Password** for the user. If your Organization has enabled the [Master Password Policy]({{site.baseurl}}/article/policies/#master-password), you will need to create a password that meets the implemented requirements (e.g. min 8 characters, contains numbers):
4. On the Reset Password window, create a **New Password** for the user. If your Organization has enabled the [Master Password Policy]({{site.baseurl}}/policies/#master-password), you will need to create a password that meets the implemented requirements (e.g. min 8 characters, contains numbers):
{% image organizations/pwreset-newpw.png Create a New Password %}
Copy the new Master Password and contact the user to coordinate secure communication of it, for example using [Bitwarden Send]({{site.baseurl}}/article/create-send/).
Copy the new Master Password and contact the user to coordinate secure communication of it, for example using [Bitwarden Send]({{site.baseurl}}/create-send/).
5. Select **Save** to execute the Password Reset. Doing so will log the user out of their current sessions. Active sessions on some client applications, like Mobile Apps, may remain active for up to one hour.
### After a Password Reset
When your Master Password is reset, you will receive an email from Bitwarden to inform you of this. On receiving this email, contact your Organization administrator to obtain your new Master Password through a secure channel like [Bitwarden Send]({{site.baseurl}}/article/create-send/).
When your Master Password is reset, you will receive an email from Bitwarden to inform you of this. On receiving this email, contact your Organization administrator to obtain your new Master Password through a secure channel like [Bitwarden Send]({{site.baseurl}}/create-send/).
Once you have regained access to your Vault using the new Master Password, you should immediately change your Master Password to something **strong** and **memorable**. Changing your Master Password after a reset will help to protect your privacy.

16
_articles/organizations/event-logs.md
View File

@@ -10,18 +10,18 @@ order: "13"
## What are Event Logs?
Event Logs are timestamped records of events that occur within your Organization. Event Logs are accessible to [Admins and Owners]({{site.baseurl}}/article/event-logs/) from the **Manage** tab of your Organization Vault:
Event Logs are timestamped records of events that occur within your Organization. Event Logs are accessible to [Admins and Owners]({{site.baseurl}}/event-logs/) from the **Manage** tab of your Organization Vault:
{% image organizations/event-logs-updated.png Event Logs %}
Events Logs are [exportable](#export-events) and accessible from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/).
Events Logs are [exportable](#export-events) and accessible from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/public-api/).
## Events
Event Logs record roughly 40 different types of events. The Event Logs screen captures a **Timestamp** for the event, client app information including application type and IP (accessed by hoving over the {% icon fa-globe %} globe icon), the **User** connected to the event, and an **Event** description.
{% callout info %}
Each **Event** is associated with type code (`1000`, `1001`, etc.) that identifies the action captured by the event. Type codes are used by the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/) to identify the action documented by an event.
Each **Event** is associated with type code (`1000`, `1001`, etc.) that identifies the action captured by the event. Type codes are used by the [Bitwarden Public API](https://bitwarden.com/help/public-api/) to identify the action documented by an event.
{% endcallout %}
All Event types are listed below, with their corresponding type codes:
@@ -35,7 +35,7 @@ All Event types are listed below, with their corresponding type codes:
- Login attempted failed with incorrect password. (`1005`)
- Login attempt failed with incorrect two-step login. (`1006`)
- Exported Vault. (`1007`)
- User updated a password issued through [Admin Password Reset]({{site.baseurl}}/article/admin-reset/). (`1008`)
- User updated a password issued through [Admin Password Reset]({{site.baseurl}}/admin-reset/). (`1008`)
### Item Events
- Created item *item-identifier*. (`1100`)
@@ -79,7 +79,7 @@ All Event types are listed below, with their corresponding type codes:
- Master Password was reset for *user-identifier*. (`1508`)
- Edited organization settings. (`1600`)
- Purged organization vault. (`1601`)
- Organization Vault access by a managing [Provider]({{site.baseurl}}/article/providers/). (`1603`)
- Organization Vault access by a managing [Provider]({{site.baseurl}}/providers/). (`1603`)
- Updated a Policy. (`1700`)
{% comment %}
@@ -91,7 +91,7 @@ https://github.com/bitwarden/web/blob/master/src/locales/en/messages.json
### Provider Events
When any of the above events is executed by a member of an [administering Provider]({{site.baseurl}}/article/providers/), the **User** column will record the name of the Provider. Additionally, a Provider-specific event will record whenever a member of an administering Provider accesses your Organization Vault:
When any of the above events is executed by a member of an [administering Provider]({{site.baseurl}}/providers/), the **User** column will record the name of the Provider. Additionally, a Provider-specific event will record whenever a member of an administering Provider accesses your Organization Vault:
{% image organizations/event-logs-provider.png Provider Access Event %}
@@ -112,7 +112,7 @@ Edited organization settings.,fa-globe,Web Vault - Chrome,9876dcba-65ed-87fe-19h
## API Responses
Accessing Event Logs from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/article/public-api/) will return a JSON response like the following:
Accessing Event Logs from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/help/public-api/) will return a JSON response like the following:
```
{
@@ -151,4 +151,4 @@ Once you have the unique ID for each member, group, and collection, you can now
- Collections
- Groups
After gathering this data, you can join rows on their unique Ids to build a reference to all parts of your Bitwarden Organization. For more information on using the Bitwarden CLI, see [The Bitwarden command-line tool (CLI)](https://bitwarden.com/help/article/cli/).
After gathering this data, you can join rows on their unique Ids to build a reference to all parts of your Bitwarden Organization. For more information on using the Bitwarden CLI, see [The Bitwarden command-line tool (CLI)](https://bitwarden.com/help/cli/).

6
_articles/organizations/import-to-org.md
View File

@@ -10,7 +10,7 @@ order: "08"
Bitwarden provides a data import tool for easy migration from any password management solution to your Organization Vault. You can also use the data import tool to import from one Bitwarden Organization to another, or to import a Bitwarden [Encrypted Export]({% link _articles/importing/encrypted-export.md %}).
For a full list of supported import formats, see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import), or refer to one of these articles for guidance on the most popular solutions:
For a full list of supported import formats, see [What file formats does Bitwarden support for import?]({{site.baseurl}}/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import), or refer to one of these articles for guidance on the most popular solutions:
- [Import from LastPass]({% link _articles/importing/import-from-lastpass.md %})
- [Import from 1Password]({% link _articles/importing/import-from-1password.md %})
@@ -23,13 +23,13 @@ For a full list of supported import formats, see [What file formats does Bitward
## Import to your Organization
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank".} or [CLI]({{site.baseurl}}/article/cli/#import). Data is [encrypted]({{site.baseurl}}/article/what-encryption-is-used/) locally before being sent to the server for storage. To import data to an Organization Vault:
Importing data to Bitwarden **can only be done from the** [**Web Vault**](https://vault.bitwarden.com){:target="\_blank".} or [CLI]({{site.baseurl}}/cli/#import). Data is [encrypted]({{site.baseurl}}/what-encryption-is-used/) locally before being sent to the server for storage. To import data to an Organization Vault:
1. Open your Organization and navigate to the **Tools** tab:
{% image importing/org-tools.png Organization Tools %}
3. Select **Import Data** from the left-hand Tools menu.
3. From the format dropdown, choose a **File Format** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/article/send-faqs/#q-what-file-formats-does-bitwarden-support-for-import)).
3. From the format dropdown, choose a **File Format** (see [What file formats does Bitwarden support for import?]({{site.baseurl}}/send-faqs/#q-what-file-formats-does-bitwarden-support-for-import)).
4. Select the **Choose File** button and add the file to import.
{% callout warning %}Import to Bitwarden can't check whether items in the file to import are duplicative of items in your Vault. This means that **importing multiple files will create duplicative** Vault items if an item is already in the Vault and in the file to import.{% endcallout %}

20
_articles/organizations/managing-users.md
View File

@@ -10,10 +10,10 @@ order: "05"
## Manage User Seats
Bitwarden [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations) allow you to add or remove user seats on-the-fly to best fit your business's needs. Only an [Organization Owner]({{site.baseurl}}/article/user-types-access-control/#user-types) or [Provider Service User]({{site.baseurl}}/article/provider-users/#provider-user-types) can add and remove seats, as this directly affects billing.
Bitwarden [Teams and Enterprise Organizations]({{site.baseurl}}/about-organizations/#types-of-organizations) allow you to add or remove user seats on-the-fly to best fit your business's needs. Only an [Organization Owner]({{site.baseurl}}/user-types-access-control/#user-types) or [Provider Service User]({{site.baseurl}}/provider-users/#provider-user-types) can add and remove seats, as this directly affects billing.
{% callout info %}
If you have a [Free or Families Organization]({{site.baseurl}}/article/about-organizations/#types-of-organizations), your user seats are pre-loaded and fixed at 2 and 6, respectively.
If you have a [Free or Families Organization]({{site.baseurl}}/about-organizations/#types-of-organizations), your user seats are pre-loaded and fixed at 2 and 6, respectively.
{% endcallout %}
### Add Seats
@@ -41,13 +41,13 @@ Removing user seats will adjust your future billing totals. The next charge will
To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding a new member, [Invite](#invite) &rarr; [Accept](#accept) &rarr; [Confirm](#confirm).
{% callout success %}
Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the [**Bitwarden Directory Connector**]({{site.baseurl}}/article/directory-sync).
Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the [**Bitwarden Directory Connector**]({{site.baseurl}}/directory-sync).
{% endcallout %}
### Invite
{% callout success %}
**For Enterprise Organizations**, we recommend configuring [Enterprise Policies]({{site.baseurl}}/article/policies) prior to inviting users to ensure compliance on-entrance to your Organization.
**For Enterprise Organizations**, we recommend configuring [Enterprise Policies]({{site.baseurl}}/policies) prior to inviting users to ensure compliance on-entrance to your Organization.
{% endcallout %}
To invite users to your Organization:
@@ -60,8 +60,8 @@ To invite users to your Organization:
4. On the Invite User panel:
- Enter the **Email** address where new users should receive invites. You can add up to 20 users at a time by comma-separating email addresses.
- Select the **User Type** to be applied to new users. [User Type]({{site.baseurl}}/article/user-types-access-control/#user-type) will determine what permissions these users will have at an Organizational level.
- Select the **Access Control** to be applied to new users. [Access Control]({{site.baseurl}}/article/user-types-access-control/#access-control) will determine which Collections these users will have access to, and what level of access within those Collections.
- Select the **User Type** to be applied to new users. [User Type]({{site.baseurl}}/user-types-access-control/#user-type) will determine what permissions these users will have at an Organizational level.
- Select the **Access Control** to be applied to new users. [Access Control]({{site.baseurl}}/user-types-access-control/#access-control) will determine which Collections these users will have access to, and what level of access within those Collections.
5. Click **Save** to invite the designated users to your Organization.
{% callout info %}
@@ -69,7 +69,7 @@ To invite users to your Organization:
{% image organizations/org-people-reinvite.png Bulk Reinvite %}
If you're self-hosting Bitwarden, you can configure the invitation expiration period [using an environment variable]({{site.baseurl}}/article/environment-variables/).
If you're self-hosting Bitwarden, you can configure the invitation expiration period [using an environment variable]({{site.baseurl}}/environment-variables/).
{% endcallout %}
### Accept
@@ -86,7 +86,7 @@ To confirm accepted invitations into your Organization:
3. Select any `Accepted` users and use the {% icon fa-cog %} gear dropdown to {% icon fa-check %} **Confirm Selected**:
{% image organizations/org-people-options-overlay.png Confirm an Accepted user %}
3. Verify that the [fingerprint phrase]({{site.baseurl}}/article/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** &rarr; **My Account**:
3. Verify that the [fingerprint phrase]({{site.baseurl}}/fingerprint-phrase) on your screen matches the one your new member can find in **Settings** &rarr; **My Account**:
{% image fingerprint-phrase.png Sample Fingerprint Phrase %}
@@ -108,5 +108,5 @@ To remove users from your Organization:
Depending on the particulars of your implementation, you may be able to use one of the following methods to delete a Bitwarden user account that belongs to an offboarded user:
1. If you're self-hosting Bitwarden, an authorized admin can delete the account from the [System Administrator Portal]({{site.baseurl}}/article/admin-portal/).
2. If the account has an `@yourcompany.com` email address that your company controls, you can use the [delete without logging in](https://vault.bitwarden.com/#/recover-delete){:target="\_blank"} tool and confirm deletion within the `@yourcompany.com` inbox. For more information, see [Delete an Account Without Logging In](https://bitwarden.com/help/article/delete-your-account/#without-logging-in).
1. If you're self-hosting Bitwarden, an authorized admin can delete the account from the [System Administrator Portal]({{site.baseurl}}/admin-portal/).
2. If the account has an `@yourcompany.com` email address that your company controls, you can use the [delete without logging in](https://vault.bitwarden.com/#/recover-delete){:target="\_blank"} tool and confirm deletion within the `@yourcompany.com` inbox. For more information, see [Delete an Account Without Logging In](https://bitwarden.com/help/delete-your-account/#without-logging-in).

36
_articles/organizations/onboarding-and-succession.md
View File

@@ -8,7 +8,7 @@ hidden: false
tags: [onboarding]
order: "10"
redirect_from:
- /article/employee-onboarding-and-succession-white-paper/
- /employee-onboarding-and-succession-white-paper/
---
{% callout success %}
@@ -25,15 +25,15 @@ This guide covers the Bitwarden approach to onboarding and succession planning f
The Bitwarden vision is to imagine a world where no one gets hacked. We carry this forward in our mission to help individuals and companies manage their sensitive information easily and securely. Bitwarden believes that:
- Basic password management for individuals can and should be **free**. We provide just that, a [basic free account for individuals]({{site.baseurl}}/article/about-bitwarden-plans/#free-individual).
- Individuals and Families should take an active role in their security using [TOTPs, Emergency Access, and other supporting security features]({{site.baseurl}}/article/about-bitwarden-plans/#premium-individual).
- Organizations can greatly improve their security profile through [Organizational password management and secure sharing]({{site.baseurl}}/article/about-bitwarden-plans/#bitwarden-for-your-business).
- Basic password management for individuals can and should be **free**. We provide just that, a [basic free account for individuals]({{site.baseurl}}/about-bitwarden-plans/#free-individual).
- Individuals and Families should take an active role in their security using [TOTPs, Emergency Access, and other supporting security features]({{site.baseurl}}/about-bitwarden-plans/#premium-individual).
- Organizations can greatly improve their security profile through [Organizational password management and secure sharing]({{site.baseurl}}/about-bitwarden-plans/#bitwarden-for-your-business).
{% callout success %}
For Bitwarden, [different plans]({{site.baseurl}}/article/about-bitwarden-plans/) and options are connected and complementary, all originating in our vision of a hack-free world. Empowering everyone at work **and** at home with password management gets us one step closer to that goal.
For Bitwarden, [different plans]({{site.baseurl}}/about-bitwarden-plans/) and options are connected and complementary, all originating in our vision of a hack-free world. Empowering everyone at work **and** at home with password management gets us one step closer to that goal.
{% endcallout %}
A key aspect of Bitwarden is that, unlike many software applications, everything in every a Vault is [end-to-end encrypted]({{site.baseurl}}/article/what-encryption-is-used/). To maintain this security model, every person using Bitwarden must have a unique account with a unique [Master Password]({{site.baseurl}}/article/master-password). Master Passwords should be **strong** and **memorable**.
A key aspect of Bitwarden is that, unlike many software applications, everything in every a Vault is [end-to-end encrypted]({{site.baseurl}}/what-encryption-is-used/). To maintain this security model, every person using Bitwarden must have a unique account with a unique [Master Password]({{site.baseurl}}/master-password). Master Passwords should be **strong** and **memorable**.
Each user is in charge of their Master Password. Bitwarden is a Zero-knowledge encryption solution, meaning that the team at Bitwarden, as well as Bitwarden systems themselves, have no knowledge of, way to retrieve, or way to reset any Master Password.
@@ -49,11 +49,11 @@ Security everywhere means security anywhere, so the best password managers provi
### Users' Personal Vaults
Anyone who creates a Bitwarden account will have their own Personal Vault. Accessible from any client application, Personal Vaults are unique to each user and only that user holds the key to access it, using a combination of their Email Address and Master Password. Personal accounts, and the personal [Vault items]({{site.baseurl}}/article/managing-items/) stored therein, are the account owners responsibility. Organization [Owners, Admins, and Managers]({{site.baseurl}}/article/user-types-access-control) cannot see any other user's Personal Vault by design, guaranteeing someone's personal data remains their own.
Anyone who creates a Bitwarden account will have their own Personal Vault. Accessible from any client application, Personal Vaults are unique to each user and only that user holds the key to access it, using a combination of their Email Address and Master Password. Personal accounts, and the personal [Vault items]({{site.baseurl}}/managing-items/) stored therein, are the account owners responsibility. Organization [Owners, Admins, and Managers]({{site.baseurl}}/user-types-access-control) cannot see any other user's Personal Vault by design, guaranteeing someone's personal data remains their own.
{% image ../images/onboarding-succession/bitwarden-individual-personal-vault.png Personal Vaults %}
Families, Teams, and Enterprise Organizations automatically provide members individually with premium features, like [Emergency Access]({{site.baseurl}}/article/emergency-access/) and [encrypted Attachment storage]({{site.baseurl}}/article/attachments/), which they can choose to use. A Personal Vault is just that, **Personal**, but Personal Vaults do not enable sharing, [Organization do](#bitwarden-organizations).
Families, Teams, and Enterprise Organizations automatically provide members individually with premium features, like [Emergency Access]({{site.baseurl}}/emergency-access/) and [encrypted Attachment storage]({{site.baseurl}}/attachments/), which they can choose to use. A Personal Vault is just that, **Personal**, but Personal Vaults do not enable sharing, [Organization do](#bitwarden-organizations).
{% callout success %}
**Why provide Personal Vaults by default?**
@@ -73,7 +73,7 @@ Anyone can start an Organization directly from the Web Vault:
{% image organizations/new-org-button-overlay.png Create New Organization %}
Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. Whoever launches the Organization will be the [Owner]({{site.baseurl}}/article/user-types-access-control), giving them full control to oversee the **Vault**, to **Manage** users, [Collections](#), [Groups](#), and [Policies](#), to use a suite of Bitwarden **Tools**, and to configure the Organization's **Settings**:
Once created, you'll land in your Organization Vault, which is the central hub for all things sharing and Organization administration. Whoever launches the Organization will be the [Owner]({{site.baseurl}}/user-types-access-control), giving them full control to oversee the **Vault**, to **Manage** users, [Collections](#), [Groups](#), and [Policies](#), to use a suite of Bitwarden **Tools**, and to configure the Organization's **Settings**:
{% image getting-started/org-vault.png Organization Vault %}
@@ -81,13 +81,13 @@ Once created, you'll land in your Organization Vault, which is the central hub f
Bitwarden Organizations manage users and data in a scalable and secure fashion. Managing users and data on an individual basis is inefficient for large businesses and can leave room for error. To solve this, Organizations provide Collections and [Groups](#groups).
**Collections** gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/article/sharing/) within an Organization:
**Collections** gather together Logins, Notes, Cards, and Identities for [secure sharing]({{site.baseurl}}/sharing/) within an Organization:
{% image organizations/collections-graphic-1.png Using Collections %}
### Onboarding Users
Once your Organization is established and Collections are setup to store your data, Owners and Administrators should invite new members. To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding new members, [Invite]({{site.baseurl}}/article/managing-users/#invite) &rarr; [Accept]({{site.baseurl}}/article/managing-users/#accept) &rarr; [Confirm]({{site.baseurl}}/article/managing-users/#confirm).
Once your Organization is established and Collections are setup to store your data, Owners and Administrators should invite new members. To ensure the security of your Organization, Bitwarden applies a 3-step process for onboarding new members, [Invite]({{site.baseurl}}/managing-users/#invite) &rarr; [Accept]({{site.baseurl}}/managing-users/#accept) &rarr; [Confirm]({{site.baseurl}}/managing-users/#confirm).
Users can be onboarded [directly from the Web Vault](#adding-users) or [using the Directory Connector](#directory-connector) application to sync individual users and [Groups](#groups).
@@ -95,7 +95,7 @@ Users can be onboarded [directly from the Web Vault](#adding-users) or [using th
In the simplest cases, users can be added to your Organization directly from the Web Vault. When adding users, you can designate which [Collection](#collections) to grant them access to, which [role](#comprehensive-role--based-access-controls) to give them, and more.
[Learn step-by-step how to add users to your Organization]({{site.baseurl}}/article/managing-users/#onboard-users).
[Learn step-by-step how to add users to your Organization]({{site.baseurl}}/managing-users/#onboard-users).
Once users are fully onboarded to your Organization, you can assign access to your Organization's Vault data by assigning them to [Collections](#collections). Teams and Enterprise Organizations can assign users to [Groups](#groups) for scalable permissions assignment, and construct Group-Collection associations instead of assigning access on the individual level.
@@ -112,7 +112,7 @@ Groups relate together individual users, and provide a scaleable way to assign p
#### Comprehensive Role-based Access Controls
Bitwarden takes an enterprise-friendly approach to sharing at scale. Users can be added to the Organization with [a number of different roles]({{site.baseurl}}/article/user-types-access-control/), belong to different [Groups](#groups), and have those Groups assigned to various [Collections](#collections) to regulate access. Among the available roles is a [Custom Role]({{site.baseurl}}/article/user-types-access-control/#custom-role) for granular configuration of administrative permissions.
Bitwarden takes an enterprise-friendly approach to sharing at scale. Users can be added to the Organization with [a number of different roles]({{site.baseurl}}/user-types-access-control/), belong to different [Groups](#groups), and have those Groups assigned to various [Collections](#collections) to regulate access. Among the available roles is a [Custom Role]({{site.baseurl}}/user-types-access-control/#custom-role) for granular configuration of administrative permissions.
### Offboarding Users
@@ -127,8 +127,8 @@ Alice is a **Manager** in your Organization, which is hosted on the Bitwarden Cl
|**Client Applications**|Uses Bitwarden on Mobile and a Browser Extension personally and professionally, and the Web Vault for occasional Organization-related work.|
|**Email & Master Password**|Logs in to Bitwarden using `alice@company.com` and `p@ssw0rD`.|
|**Personal Items**|Stores assorted personal items, including Logins and Credit Cards, in her Personal Vault.|
|**Permissions in the Organization**|As a [Manager]({{site.baseurl}}/articles/user-types-access-control/), Jane can manage many aspects of Collections.|
|**Two-step Login**|Uses Organization-wide [Duo 2FA]({{site.baseurl}}/article/setup-two-step-login-duo).|
|**Permissions in the Organization**|As a [Manager]({{site.baseurl}}s/user-types-access-control/), Jane can manage many aspects of Collections.|
|**Two-step Login**|Uses Organization-wide [Duo 2FA]({{site.baseurl}}/setup-two-step-login-duo).|
|**Created Collections**|Created a Collection for her team, "Jane's Team Collection".|
|**Shared Items**|Created and shared several Vault items that are owned by by the Organization and reside in her team's Collection.|
@@ -199,7 +199,7 @@ The **Personal Ownership** policy, for example, fits into earlier discussion reg
### Event Logs
Bitwarden Organizations include access to [Event Logs]({{site.baseurl}}/article/event-logs), which can be viewed directly from the Web Vault or [exported to be analyzed]({{site.baseurl}}/article/event-logs/#siem-and-external-systems-integrations) within security information and event management (SIEM) systems like Splunk. Event Logs include information about:
Bitwarden Organizations include access to [Event Logs]({{site.baseurl}}/event-logs), which can be viewed directly from the Web Vault or [exported to be analyzed]({{site.baseurl}}/event-logs/#siem-and-external-systems-integrations) within security information and event management (SIEM) systems like Splunk. Event Logs include information about:
- User-Item interactions
- Changes made to Vault items
@@ -208,7 +208,7 @@ Bitwarden Organizations include access to [Event Logs]({{site.baseurl}}/article/
- Much, much more
{% callout success%}
In addition to these benefits, customers appreciate the ability to tightly integrate Bitwarden into their existing systems. Bitwarden offers a robust public [API](https://bitwarden.com/help/api/) and a fully-featured command line interface ([CLI](https://bitwarden.com/help/article/cli/)) for further integration into existing Organization workflows.
In addition to these benefits, customers appreciate the ability to tightly integrate Bitwarden into their existing systems. Bitwarden offers a robust public [API](https://bitwarden.com/help/api/) and a fully-featured command line interface ([CLI](https://bitwarden.com/help/cli/)) for further integration into existing Organization workflows.
{% endcallout %}
### Self-hosting
@@ -247,4 +247,4 @@ Directory Connector, Login with SSO, Enterprise Policies, and your Vault work we
#### Q: Can we prevent employees from duplicating credentials from the company Organization to their Personal Vault
**A:** Yes! Using our [comprehensive suite of role-based access controls]({{site.baseurl}}/article/user-types-access-control/#access-control) you can make credentials **Read Only** to prevent duplication.
**A:** Yes! Using our [comprehensive suite of role-based access controls]({{site.baseurl}}/user-types-access-control/#access-control) you can make credentials **Read Only** to prevent duplication.

12
_articles/organizations/policies.md
View File

@@ -24,7 +24,7 @@ Bitwarden highly recommends setting Enterprise Policies prior to inviting users
Policies can be set in two locations:
- In your Organization, open the **Manage** tab and select **Policies** from the left menu.
- Navigate to the Business Portal, and select the **Policies** button. For more information, see [About the Business Portal](https://bitwarden.com/help/article/about-business-portal/).
- Navigate to the Business Portal, and select the **Policies** button. For more information, see [About the Business Portal](https://bitwarden.com/help/about-business-portal/).
## Available Policies
@@ -87,7 +87,7 @@ Users who are removed as a result of this policy will be notified via email, and
### Single Sign-On Authentication
Enabling the **Single Sign-On Authentication** policy will require non-Owner/non-Admin users to log in with Enterprise Single Sign-On. For more information, see [Access Your Vault using SSO](https://bitwarden.com/help/article/sso-access-your-vault/).
Enabling the **Single Sign-On Authentication** policy will require non-Owner/non-Admin users to log in with Enterprise Single Sign-On. For more information, see [Access Your Vault using SSO](https://bitwarden.com/help/sso-access-your-vault/).
{% callout info %}
The **Single Organization** policy must be enabled before activating this policy.
@@ -117,16 +117,16 @@ Enabling the **Send Options** policy will allow Owners and Admins to specify opt
|Option|Description|
|------|-----------|
|Do not allow users to hide their email address|Enabling this option disables the [Hide Email option]({{site.baseurl}}/article/send-privacy/#hide-email), meaning that all [received Sends]({{site.baseurl}}/article/receive-send) will include whom they are sent from.|
|Do not allow users to hide their email address|Enabling this option disables the [Hide Email option]({{site.baseurl}}/send-privacy/#hide-email), meaning that all [received Sends]({{site.baseurl}}/receive-send) will include whom they are sent from.|
### Master Password Reset
Enabling the **Master Password Reset** policy will allow Owners and Admins to use [Password Reset]({{site.baseurl}}/article/admin-reset/) to reset the master password of enrolled users. By default, users will need to [self-enroll in Password Reset]({{site.baseurl}}/article/admin-reset/#self-enroll-in-password-reset), however the [Automatic Enrollment](#automatic-enrollment) option can be used to automatically enroll invited users:
Enabling the **Master Password Reset** policy will allow Owners and Admins to use [Password Reset]({{site.baseurl}}/admin-reset/) to reset the master password of enrolled users. By default, users will need to [self-enroll in Password Reset]({{site.baseurl}}/admin-reset/#self-enroll-in-password-reset), however the [Automatic Enrollment](#automatic-enrollment) option can be used to automatically enroll invited users:
#### Automatic Enrollment
Enabling the **Automatic Enrollment** option will automatically enroll new users in Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/article/managing-users/#accept).
Enabling the **Automatic Enrollment** option will automatically enroll new users in Password Reset when their [invitation to the Organization is accepted]({{site.baseurl}}/managing-users/#accept).
{% callout info %}
Users already in the Organization will not be retroactively enrolled in Password Reset, and will be required to [self-enroll]({{site.baseurl}}/article/admin-reset/#self-enroll-in-password-reset).
Users already in the Organization will not be retroactively enrolled in Password Reset, and will be required to [self-enroll]({{site.baseurl}}/admin-reset/#self-enroll-in-password-reset).
{% endcallout %}

8
_articles/organizations/public-api.md
View File

@@ -11,7 +11,7 @@ order: "16"
The Bitwarden Public API provides Organizations a suite of tools for managing members, collections, groups, event logs, and policies.
{% callout success %}
For automating **management of Vault items**, we recommend using the [CLI]({{site.baseurl}}/article/cli/). Access to Vault items relies on Vault decryption, which must be done with a Username and Master Password rather than an [API Key](#authentication).
For automating **management of Vault items**, we recommend using the [CLI]({{site.baseurl}}/cli/). Access to Vault items relies on Vault decryption, which must be done with a Username and Master Password rather than an [API Key](#authentication).
{% endcallout %}
The Public API is a RESTful API with predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
@@ -21,7 +21,7 @@ The Public API is compatible with the OpenAPI Specification (OAS3) and publishes
- For Self-hosted instances: https://your.domain.com/api/docs/
{% callout info %}
Access to the Bitwarden Public API is available customers on the following plans, **Classic 2019 Enterprise Organizations**, current **Enterprise Organizations**, and current **Teams Organizations**. For more information, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#compare-the-plans-1).
Access to the Bitwarden Public API is available customers on the following plans, **Classic 2019 Enterprise Organizations**, current **Enterprise Organizations**, and current **Teams Organizations**. For more information, see [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/#compare-the-plans-1).
{% endcallout %}
## Endpoints
@@ -46,7 +46,7 @@ The API Key `client_id` and `client_secret` can be obtained by an **Owner** from
{% image organizations/org-api-key.png Get Organization API Key %}
If, as an owner, you want to share the API Key with an Admin or other user, use a secure communication method like [Bitwarden Send]({{site.baseurl}}/article/about-send/).
If, as an owner, you want to share the API Key with an Admin or other user, use a secure communication method like [Bitwarden Send]({{site.baseurl}}/about-send/).
{% callout warning %}
Your API key enables full access to your Organization. Keep your API key private. If you believe your API key has been compromised, select the **Rotate API Key** button on this screen. Active uses of your current API key will need to be reconfigured with the new key before use.
@@ -135,4 +135,4 @@ The Bitwarden Public API uses conventional HTTP response codes to indicate the s
For more information about using the Bitwarden Public API, see the following articles:
- [Bitwarden Public API OAS Specification](https://bitwarden.com/help/api/){:target="\_blank"}
- [Event Logs](https://bitwarden.com/help/article/event-logs/)
- [Event Logs](https://bitwarden.com/help/event-logs/)

6
_articles/organizations/sharing.md
View File

@@ -8,11 +8,11 @@ hidden: false
tags: [sharing, how to]
order: "04"
redirect_from:
- /article/share-to-a-collection/
- /share-to-a-collection/
---
{% callout info %}
In order to share items you need to be a member of an Organization. Learn more about [Organizations]({% link _articles/organizations/about-organizations.md %}) or learn how to [start your own two-person Organization]({{site.baseurl}}/article/getting-started-organizations/).
In order to share items you need to be a member of an Organization. Learn more about [Organizations]({% link _articles/organizations/about-organizations.md %}) or learn how to [start your own two-person Organization]({{site.baseurl}}/getting-started-organizations/).
{% endcallout %}
Sharing items with Bitwarden means moving them into an Organization and Collection, a structure used to gather together Logins, Notes, Cards, and Identities for access by multiple users. There are a few different ways you can create Organization items for sharing:
@@ -39,7 +39,7 @@ Moving an item to an Organization **will transfer ownership to the Organization*
## Create an Organization Item
Organization members can create new items directly for any assigned Collection(s) unless they're given [**Read Only** access](https://bitwarden.com/help/article/user-types-access-control/) to that Collection. Shared items can only be created **from the Web Vault**, either in your My Vault view or in the Organization view:
Organization members can create new items directly for any assigned Collection(s) unless they're given [**Read Only** access](https://bitwarden.com/help/user-types-access-control/) to that Collection. Shared items can only be created **from the Web Vault**, either in your My Vault view or in the Organization view:
<ul class="nav nav-tabs" id="myTab" role="tablist">
<li class="nav-item" role="presentation">

2
_articles/organizations/user-types-access-control.md
View File

@@ -8,7 +8,7 @@ tags: [user types, access control]
order: "06"
---
Users in Bitwarden Organizations can be granted a variety of User Types and Access Controls in order to manage their permissions and access. You can set User Types and Access Controls when you [invite users to your Organization]({{site.baseurl}}/article/managing-users/), or at any time from the **Manage** &rarr; **People** screen in your Organization:
Users in Bitwarden Organizations can be granted a variety of User Types and Access Controls in order to manage their permissions and access. You can set User Types and Access Controls when you [invite users to your Organization]({{site.baseurl}}/managing-users/), or at any time from the **Manage** &rarr; **People** screen in your Organization:
{% image organizations/user-types-access-control.png Editing User Types and Access Control %}

12
_articles/plans-and-pricing/2020-plan-updates.md
View File

@@ -16,11 +16,11 @@ You **will not** be moved to a current plan automatically, and are **not require
## Free Individual
There have been no changes made to the **Free** plan for individual users. For more information on what this plan includes, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/).
There have been no changes made to the **Free** plan for individual users. For more information on what this plan includes, see [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/).
## Premium Individual
There have been no changes made to the **Premium** plan for individual users. For more information on what this plan includes, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/).
There have been no changes made to the **Premium** plan for individual users. For more information on what this plan includes, see [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/).
## Families Organizations
@@ -65,7 +65,7 @@ There is no longer a minimum number of users required for a Teams Organization (
## Enterprise Organizations
Upgrading from Classic 2019 to the current Enterprise plan unlocks the highly anticipated Login with SSO feature-set, simplifying access for enterprise users by fully integrating with your existing Identity Management solution. It also unlocks [Admin Password Reset]({{site.baseurl}}/article/admin-reset/), allowing designated administrators to recover Enterprise Organization user accounts and restore access in the event that an employee forgets their Master Password.
Upgrading from Classic 2019 to the current Enterprise plan unlocks the highly anticipated Login with SSO feature-set, simplifying access for enterprise users by fully integrating with your existing Identity Management solution. It also unlocks [Admin Password Reset]({{site.baseurl}}/admin-reset/), allowing designated administrators to recover Enterprise Organization user accounts and restore access in the event that an employee forgets their Master Password.
As before, all members of your Enterprise Organization will automatically get all premium features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more.
@@ -77,7 +77,7 @@ As before, there is no limit to the number of users in your Enterprise Organizat
|--------|------------|---------------|
|Pre-existing Enterprise functionality, including:<br><br>-Premium features for all users<br>-Event Logs<br>-User Groups<br>-API access<br>-Directory Connector<br>-Enterprise Policies|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|
|Login with SSO|-|<i class="fa fa-check" aria-hidden="true"></i>|
|[Admin Password Reset]({{site.baseurl}}/article/admin-reset/)|-|<i class="fa fa-check" aria-hidden="true"></i>|
|[Admin Password Reset]({{site.baseurl}}/admin-reset/)|-|<i class="fa fa-check" aria-hidden="true"></i>|
|Cost|$3 Per User Per Month, billed annually|$5 Per User Per Month, billed annually|
{% callout info %}
@@ -108,8 +108,8 @@ Additional enterprise-only capabilities are planned which will only be available
#### Q: I have an Enterprise Organization, how do I upgrade my plan so that I can use Login with SSO?
**A:** [Contact Us](https://bitwarden.com/contact/) and select **Upgrade/Change Plan** from the **Subject** dropdown menu. We highly recommend you test Login with SSO by starting a [7 Day Enterprise Free Trial](https://bitwarden.com/help/article/enterprise-free-trial).
**A:** [Contact Us](https://bitwarden.com/contact/) and select **Upgrade/Change Plan** from the **Subject** dropdown menu. We highly recommend you test Login with SSO by starting a [7 Day Enterprise Free Trial](https://bitwarden.com/help/enterprise-free-trial).
#### Q: I would like to test Login with SSO. If I decide I don't need it, can I revert to my Classic 2019 plan?
**A:** Unfortunately, we aren't able to revert you back to a Classic 2019 plan once you've upgraded. We recommend creating a new Organization to start a [7 Day Enterprise Free Trial](https://bitwarden.com/help/article/enterprise-free-trial/) to test Login with SSO outside of your Primary Organization.
**A:** Unfortunately, we aren't able to revert you back to a Classic 2019 plan once you've upgraded. We recommend creating a new Organization to start a [7 Day Enterprise Free Trial](https://bitwarden.com/help/enterprise-free-trial/) to test Login with SSO outside of your Primary Organization.

18
_articles/plans-and-pricing/about-bitwarden-plans.md
View File

@@ -7,12 +7,12 @@ popular: false
tags: [free, personal, organization, enterprise, teams, family, plans, subscription]
order: "01"
redirect_from:
- /article/choosing-the-right-subscription-plan/
- /choosing-the-right-subscription-plan/
---
In this article, we'll define each Bitwarden subscription plan to help you along your password management and secure data storage journey.
*This article reflects current Bitwarden plans, updated on September 06, 2020. Users who created accounts prior to that date can learn how to opt-in to the updates **[here](https://bitwarden.com/help/article/2020-plan-updates/)**.*
*This article reflects current Bitwarden plans, updated on September 06, 2020. Users who created accounts prior to that date can learn how to opt-in to the updates **[here](https://bitwarden.com/help/2020-plan-updates/)**.*
## Bitwarden For You
@@ -51,7 +51,7 @@ In the following table, "premium features" (included for **Premium Individual**
|Secure Password Generator|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|
|Cloud or Self-hosting|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|
|[Encrypted Export]({% link _articles/importing/encrypted-export.md %})|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|
|[Bitwarden Send]({{site.baseurl}}/article/about-send/)|Text Sharing|Text + File Sharing|Text + File Sharing|
|[Bitwarden Send]({{site.baseurl}}/about-send/)|Text Sharing|Text + File Sharing|Text + File Sharing|
|*[Two-step login]({% link _articles/two-step-login/setup-two-step-login.md %})|via authenticator apps or email|via authenticator apps, email, Yubikey, FIDO2, and Duo|via authenticator apps, email, Yubikey, FIDO2, and Duo (does not include [Duo for Organizations]({% link _articles/two-step-login/setup-two-step-login-duo.md %}))|
|*[Encrypted file attachments]({% link _articles/features/attachments.md %})|-|1 GB|1 GB per user + 1 GB shared|
|*[Bitwarden Authenticator]({% link _articles/features/authenticator-keys.md %}) (TOTP)|-|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|
@@ -96,7 +96,7 @@ In the following table, "premium features" (included for **Teams Organizations**
|Max no. of users|2|Unlimited|Unlimited|
|Max no. of Collections|2|Unlimited|Unlimited|
|[Encrypted Export]({% link _articles/importing/encrypted-export.md %})|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|
|[Bitwarden Send]({{site.baseurl}}/article/about-send/)|Text Sharing|Text + File Sharing|Text + File Sharing|
|[Bitwarden Send]({{site.baseurl}}/about-send/)|Text Sharing|Text + File Sharing|Text + File Sharing|
|*[Two-step login]({% link _articles/two-step-login/setup-two-step-login.md %})|via authenticator apps or email|via authenticator apps, email, Yubikey, FIDO2, and Duo|via authenticator apps, email, Yubikey, FIDO2, and Duo|
|[Duo for Organizations]({% link _articles/two-step-login/setup-two-step-login-duo.md %})|-|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|
|*[Encrypted file attachments]({% link _articles/features/attachments.md %})|-|1 GB per user + 1 GB shared|1 GB per user + 1 GB shared|
@@ -110,7 +110,7 @@ In the following table, "premium features" (included for **Teams Organizations**
|[Directory Connector]({% link _articles/directory-connector/directory-sync.md %})|-|<i class="fa fa-check" aria-hidden="true"></i>|<i class="fa fa-check" aria-hidden="true"></i>|
|[Login with SSO]({% link _articles/login-with-sso/about-sso.md %})|-|-|<i class="fa fa-check" aria-hidden="true"></i>|
|[Enterprise Policies]({% link _articles/organizations/policies.md %})|-|-|<i class="fa fa-check" aria-hidden="true"></i>|
|[Admin Password Reset]({{site.baseurl}}/article/admin-reset/)|-|-|<i class="fa fa-check" aria-hidden="true"></i>|
|[Admin Password Reset]({{site.baseurl}}/admin-reset/)|-|-|<i class="fa fa-check" aria-hidden="true"></i>|
|[Custom Management Role]({% link _articles/organizations/user-types-access-control.md %})|-|-|<i class="fa fa-check" aria-hidden="true"></i>|
|[Self-host option]({% link _articles/hosting/install-on-premise.md %})|-|-|<i class="fa fa-check" aria-hidden="true"></i>|
|Cost to you|Free|$3 Per User Per Month, billed annually<br>or<br>$4 Per User Per Month, billed monthly|$5 Per User Per Month, billed annually<br>or<br>$6 Per User Per Month, billed monthly|
@@ -118,13 +118,13 @@ In the following table, "premium features" (included for **Teams Organizations**
### Next Steps
For help choosing the right plan, see:
- [What Plan is Right for Me?](https://bitwarden.com/help/article/what-plan-is-right-for-me/)
- [What Plan is Right for Me?](https://bitwarden.com/help/what-plan-is-right-for-me/)
For help moving from an individual plan to an Organization, see:
- [Upgrade From Individual to Organization](https://bitwarden.com/help/article/upgrade-from-individual-to-org/)
- [Upgrade From Individual to Organization](https://bitwarden.com/help/upgrade-from-individual-to-org/)
For help starting a free trial of Bitwarden Enterprise, see:
- [Start a Free Trial of Bitwarden Enterprise](https://bitwarden.com/help/article/enterprise-free-trial/)
- [Start a Free Trial of Bitwarden Enterprise](https://bitwarden.com/help/enterprise-free-trial/)
Still can't find what you're looking for?
- Try our [Billing FAQs](https://bitwarden.com/help/article/billing-faqs/)
- Try our [Billing FAQs](https://bitwarden.com/help/billing-faqs/)

52
_articles/plans-and-pricing/enterprise-feature-list.md
View File

@@ -17,52 +17,52 @@ This document describes and references the features available to Bitwarden Enter
|-------------------|-----------|
|Deployment Options|Cloud, Private Cloud, and Self-hosted.|
|Web Application|Fully encrypted cloud web app at [https://vault.bitwarden.com](https://vault.bitwarden.com){:target="\_blank"}, or on your self-hosted server|
|Mobile Apps (with Mobile Login Controls)|Available for iOS and Android. [Learn more]({{site.baseurl}}/article/getting-started-mobile/).|
|Browser Extensions|Available for Chrome, Firefox, Opera, Edge, Vivaldi, Brave, Tor, and Safari. [Learn more]({{site.baseurl}}/article/getting-started-browserext/).|
|Desktop Applications|Available for Windows, Mac, and Linux. [Learn more]({{site.baseurl}}/article/directory-sync-desktop/).|
|CLI|Fully featured and self-documented command-line tool. [Learn more]({{site.baseurl}}/article/cli/).
|Mobile Apps (with Mobile Login Controls)|Available for iOS and Android. [Learn more]({{site.baseurl}}/getting-started-mobile/).|
|Browser Extensions|Available for Chrome, Firefox, Opera, Edge, Vivaldi, Brave, Tor, and Safari. [Learn more]({{site.baseurl}}/getting-started-browserext/).|
|Desktop Applications|Available for Windows, Mac, and Linux. [Learn more]({{site.baseurl}}/directory-sync-desktop/).|
|CLI|Fully featured and self-documented command-line tool. [Learn more]({{site.baseurl}}/cli/).
|Streamlined UI Design|Simple and uniform interfaces across apps for complete ease-of-use.|
#### Administrative Features and Capabilities
|Enterprise Features|Description|
|-------------------|-----------|
|Simple User Management|Add or remove seats and onboard or offboard users directly from the Web Vault. [Learn more]({{site.baseurl}}/article/managing-users/).|
|Role Based Access Control|Assign role-based access for Organization users, including a custom role and granular permissions (e.g. Hide Passwords, Read-Only). [Learn more]({{site.baseurl}}/article/user-types-access-control/).|
|Directory Sync|Synchronize your Bitwarden Organization with your existing user directory. Provision and de-provision users, groups, and group associations. [Learn more]({{site.baseurl}}/article/directory-sync/).|
|Admin Password Reset |Designated administrators can reset Master Password of end-user accounts if an employee loses or forgets their Master Password. [Learn more]({{site.baseurl}}/article/admin-reset/).|
|Enterprise Policies|Enforce security rules for all users, for example mandating use of Two-step Login. [Learn more]({{site.baseurl}}/article/policies/).|
|Temporary Password Sharing and Generation| Create and share ephemeral data using Bitwarden Send. [Learn more]({{site.baseurl}}/article/about-send/).|
|Simple User Management|Add or remove seats and onboard or offboard users directly from the Web Vault. [Learn more]({{site.baseurl}}/managing-users/).|
|Role Based Access Control|Assign role-based access for Organization users, including a custom role and granular permissions (e.g. Hide Passwords, Read-Only). [Learn more]({{site.baseurl}}/user-types-access-control/).|
|Directory Sync|Synchronize your Bitwarden Organization with your existing user directory. Provision and de-provision users, groups, and group associations. [Learn more]({{site.baseurl}}/directory-sync/).|
|Admin Password Reset |Designated administrators can reset Master Password of end-user accounts if an employee loses or forgets their Master Password. [Learn more]({{site.baseurl}}/admin-reset/).|
|Enterprise Policies|Enforce security rules for all users, for example mandating use of Two-step Login. [Learn more]({{site.baseurl}}/policies/).|
|Temporary Password Sharing and Generation| Create and share ephemeral data using Bitwarden Send. [Learn more]({{site.baseurl}}/about-send/).|
#### Reporting
|Enterprise Features|Description|
|-------------------|-----------|
|Vault Health Reports|Run reports for Exposed Passwords, Reused Passwords, Weak Passwords, and more. [Learn more]({{site.baseurl}}/article/reports/).|
|Data Breach Reports|Run reports for data compromised in knwon breaches (e.g. Email Addresses, Passwords, Credit Cards, DoB, etc.). [Learn more]({{site.baseurl}}/article/reports/).|
|Event Logs|Get timestamped records of events that occur within your Organization Vault for easy use in the Web Vault or ingestion by other systems. [Learn more]({{site.baseurl}}/article/event-logs/).|
|Vault Health Reports|Run reports for Exposed Passwords, Reused Passwords, Weak Passwords, and more. [Learn more]({{site.baseurl}}/reports/).|
|Data Breach Reports|Run reports for data compromised in knwon breaches (e.g. Email Addresses, Passwords, Credit Cards, DoB, etc.). [Learn more]({{site.baseurl}}/reports/).|
|Event Logs|Get timestamped records of events that occur within your Organization Vault for easy use in the Web Vault or ingestion by other systems. [Learn more]({{site.baseurl}}/event-logs/).|
#### Authentication
|Enterprise Features|Description|
|-------------------|-----------|
|2FA for Individuals|A robust set of 2FA options for any Bitwarden user. [Learn more]({{site.baseurl}}/article/setup-two-step-login/).|
|2FA at Organization-level|Enable 2FA via Duo for your entire Organization. [Learn more]({{site.baseurl}}/article/setup-two-step-login-duo/).|
|Biometric Authentication|Available for:<br>-Android (fingerprint unlock or face unlock) and iOS (Touch ID and Face ID)<br>-Windows Desktop Apps (Windows Hello using PIN, Facial Recognition, and more) and macOS Desktop Apps (Touch ID)<br>-Chromium, Firefox 87+, and Safari Browser Extensions<br><br>[Learn more]({{site.baseurl}}/article/biometrics/).|
|Login with SSO|Leverage your existing Identity Provider to authenticate your Bitwarden Organization users via SAML 2.0 or OpenID Connect (OIDC). [Learn more]({{site.baseurl}}/article/about-sso/).|
|2FA for Individuals|A robust set of 2FA options for any Bitwarden user. [Learn more]({{site.baseurl}}/setup-two-step-login/).|
|2FA at Organization-level|Enable 2FA via Duo for your entire Organization. [Learn more]({{site.baseurl}}/setup-two-step-login-duo/).|
|Biometric Authentication|Available for:<br>-Android (fingerprint unlock or face unlock) and iOS (Touch ID and Face ID)<br>-Windows Desktop Apps (Windows Hello using PIN, Facial Recognition, and more) and macOS Desktop Apps (Touch ID)<br>-Chromium, Firefox 87+, and Safari Browser Extensions<br><br>[Learn more]({{site.baseurl}}/biometrics/).|
|Login with SSO|Leverage your existing Identity Provider to authenticate your Bitwarden Organization users via SAML 2.0 or OpenID Connect (OIDC). [Learn more]({{site.baseurl}}/about-sso/).|
#### Security
|Enterprise Features|Description|
|-------------------|-----------|
|Secure storage for Logins, Notes, Cards, and Identities|Bitwarden [Vault items]({{site.baseurl}}/article/managing-items/) are encrypted before being stored anywhere. [Learn more]({{site.baseurl}}/article/what-encryption-is-used/).|
|Secure storage for Logins, Notes, Cards, and Identities|Bitwarden [Vault items]({{site.baseurl}}/managing-items/) are encrypted before being stored anywhere. [Learn more]({{site.baseurl}}/what-encryption-is-used/).|
|Zero Knowledge Encryption |All Vault data is end-to-end encrypted. [Learn more](https://bitwarden.com/blog/post/bitwarden-network-security-assessment-2020/).|
|Secure Password Generator|Generate secure, random, and unique passwords for every Vault item. [Learn more](https://bitwarden.com/password-generator/).|
|Encrypted Export|Download encrypted exports for secure storage of Vault data backups. [Learn more]({{site.baseurl}}/article/encrypted-exports/).|
|Biometric Authentication|Available for:<br>-Android (fingerprint unlock or face unlock) and iOS (Touch ID and Face ID)<br>-Windows Desktop Apps (Windows Hello using PIN, Facial Recognition, and more) and macOS Desktop Apps (Touch ID)<br>-Chromium, Firefox 87+, and Safari Browser Extensions<br><br>[Learn more]({{site.baseurl}}/article/biometrics/).|
|Emergency Access|Users can designate and manage trusted emergency contacts, who may request access to their Vault in case of emergency. [Learn more]({{site.baseurl}}/article/emergency-access/).|
|Account Fingerprint Phrase|Security measure that uniquely and securely identifies a Bitwarden user account when encryption-related or onboarding operations are performed. [Learn more]({{site.baseurl}}/article/fingerprint-phrase/).|
|Subprocessors|See our full list of subprocessors: [Bitwarden Subprocessors](https://bitwarden.com/help/article/subprocessors/).|
|Encrypted Export|Download encrypted exports for secure storage of Vault data backups. [Learn more]({{site.baseurl}}/encrypted-exports/).|
|Biometric Authentication|Available for:<br>-Android (fingerprint unlock or face unlock) and iOS (Touch ID and Face ID)<br>-Windows Desktop Apps (Windows Hello using PIN, Facial Recognition, and more) and macOS Desktop Apps (Touch ID)<br>-Chromium, Firefox 87+, and Safari Browser Extensions<br><br>[Learn more]({{site.baseurl}}/biometrics/).|
|Emergency Access|Users can designate and manage trusted emergency contacts, who may request access to their Vault in case of emergency. [Learn more]({{site.baseurl}}/emergency-access/).|
|Account Fingerprint Phrase|Security measure that uniquely and securely identifies a Bitwarden user account when encryption-related or onboarding operations are performed. [Learn more]({{site.baseurl}}/fingerprint-phrase/).|
|Subprocessors|See our full list of subprocessors: [Bitwarden Subprocessors](https://bitwarden.com/help/subprocessors/).|
#### Compliance, Audits, Certifications
@@ -80,12 +80,12 @@ This document describes and references the features available to Bitwarden Enter
|Enterprise Features|Description|
|-------------------|-----------|
|Programmatically Accessible|Public and Private APIs for Organizations. [Learn more]({{site.baseurl}}/article/public-api/).|
|Command Line Interface|Fully featured and self-documented command-line tool. [Learn more]({{site.baseurl}}/article/cli/)|
|Programmatically Accessible|Public and Private APIs for Organizations. [Learn more]({{site.baseurl}}/public-api/).|
|Command Line Interface|Fully featured and self-documented command-line tool. [Learn more]({{site.baseurl}}/cli/)|
|Extensibility Support|Automate workflows by combining API and CLI.|
#### Resiliciency
|Enterprise Features|Description|
|-------------------|-----------|
|Local Cache & Offline Access|[Learn more]({{site.baseurl}}/article/security-faqs/).|
|Local Cache & Offline Access|[Learn more]({{site.baseurl}}/security-faqs/).|

12
_articles/plans-and-pricing/enterprise-free-trial.md
View File

@@ -14,7 +14,7 @@ If you're new to Bitwarden, we'd love to help you through the process of setting
<a role="button" class="btn btn-primary" href="https://vault.bitwarden.com/#/register?org=enterprise">Start your Enterprise Free Trial</a>
Or, to learn more about the Bitwarden Enterprise offering, see [Bitwarden Plans and Pricing](https://bitwarden.com/pricing/business) or [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#enterprise-organizations).
Or, to learn more about the Bitwarden Enterprise offering, see [Bitwarden Plans and Pricing](https://bitwarden.com/pricing/business) or [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/#enterprise-organizations).
## Already a User?
@@ -43,8 +43,8 @@ If you already have a Bitwarden account, complete the following steps to start y
Now that you've created your trial Enterprise Organization, we recommend that you:
- [Add Users to your Organization](https://bitwarden.com/help/article/managing-users/)
- [Create a Collection](https://bitwarden.com/help/article/about-collections/#create-a-collection)
- Use the [Business Portal](https://bitwarden.com/help/article/about-business-portal) to:
- Set up [Login with SSO](https://bitwarden.com/help/article/getting-started-with-sso)
- Create [Enterprise Policies](https://bitwarden.com/help/article/policies)
- [Add Users to your Organization](https://bitwarden.com/help/managing-users/)
- [Create a Collection](https://bitwarden.com/help/about-collections/#create-a-collection)
- Use the [Business Portal](https://bitwarden.com/help/about-business-portal) to:
- Set up [Login with SSO](https://bitwarden.com/help/getting-started-with-sso)
- Create [Enterprise Policies](https://bitwarden.com/help/policies)

8
_articles/plans-and-pricing/organization-renewal.md
View File

@@ -11,18 +11,18 @@ order: "07"
Organization subscriptions renew automatically on an annual or monthly basis. You can check your renewal date from your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} by navigating to Organization **Settings** &rarr; **Subscription**.
As your renewal date approaches, Bitwarden recommends that you validate the payment method by navigating to Organization **Settings** &rarr; **Billing**. For help updating your payment method, see [Update Your Billing Information](https://bitwarden.com/help/article/update-billing-info/#update-billing-information-for-organizations).
As your renewal date approaches, Bitwarden recommends that you validate the payment method by navigating to Organization **Settings** &rarr; **Billing**. For help updating your payment method, see [Update Your Billing Information](https://bitwarden.com/help/update-billing-info/#update-billing-information-for-organizations).
{% callout warning %}
If we cannot process your payment method, or if you have cancelled your subscription, your Organization will be disabled. For **self-hosted customers**, there is a 2 month grace period between expiration of your [license]({{site.baseurl}}/article/licensing-on-premise/#organization-license) and disabling of your Organization. In either case, a disabled Organization will result in the following:
If we cannot process your payment method, or if you have cancelled your subscription, your Organization will be disabled. For **self-hosted customers**, there is a 2 month grace period between expiration of your [license]({{site.baseurl}}/licensing-on-premise/#organization-license) and disabling of your Organization. In either case, a disabled Organization will result in the following:
**Organization-owned Vault Items**
[Owners]({{site.baseurl}}/article/user-types-access-control/) will retain access to [shared Vault items]({{site.baseurl}}/article/sharing), however all other users will lose access to these items. Organization Vault items and existing [Collections]({{site.baseurl}}/article/about-collections/) **will not be deleted**.
[Owners]({{site.baseurl}}/user-types-access-control/) will retain access to [shared Vault items]({{site.baseurl}}/sharing), however all other users will lose access to these items. Organization Vault items and existing [Collections]({{site.baseurl}}/about-collections/) **will not be deleted**.
**Organization Users**
Users and existing [Groups]({{site.baseurl}}/article/about-groups/) **will not be removed** from the Organization. When your Organization is [re-enabled](#re-enabling-a-disabled-organization), users will not need to take any action.
Users and existing [Groups]({{site.baseurl}}/about-groups/) **will not be removed** from the Organization. When your Organization is [re-enabled](#re-enabling-a-disabled-organization), users will not need to take any action.
{% endcallout %}

4
_articles/plans-and-pricing/premium-renewal.md
View File

@@ -11,10 +11,10 @@ order: "06"
Premium Individual subscriptions renew automatically on an annual basis. You can check your renewal date from your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} by navigating to **Settings** &rarr; **Premium Membership**.
As your renewal date approaches, Bitwarden recommends that you validate the payment method by navigating to **Settings** &rarr; **Billing**. For help updating your payment method, see [Update Your Billing Information](https://bitwarden.com/help/article/update-billing-info/).
As your renewal date approaches, Bitwarden recommends that you validate the payment method by navigating to **Settings** &rarr; **Billing**. For help updating your payment method, see [Update Your Billing Information](https://bitwarden.com/help/update-billing-info/).
{% callout warning %}
If we cannot process your payment method, or if you have cancelled your subscription, your account will revert to [Free Individual](https://bitwarden.com/help/article/about-bitwarden-plans/#free-individual). Until you re-instate your Premium subscription, this will result in the following:
If we cannot process your payment method, or if you have cancelled your subscription, your account will revert to [Free Individual](https://bitwarden.com/help/about-bitwarden-plans/#free-individual). Until you re-instate your Premium subscription, this will result in the following:
**Two-step Login**

18
_articles/plans-and-pricing/upgrade-from-individual-to-org.md
View File

@@ -8,7 +8,7 @@ hidden: false
tags: [account, individual, organization, premium, subscription]
order: "03"
---
This article will guide existing individual Bitwarden users ([**Free**](https://bitwarden.com/help/article/about-bitwarden-plans/#free-individual) or [**Premium**](https://bitwarden.com/help/article/about-bitwarden-plans/#premium-individual)) through the process of transitioning to an Organizations plan ([**Free**](https://bitwarden.com/help/article/about-bitwarden-plans/#free-organizations), [**Families**](https://bitwarden.com/help/article/about-bitwarden-plans/#families-organizations), [**Teams**](https://bitwarden.com/help/article/about-bitwarden-plans/#teams-organizations), or [**Enterprise**](https://bitwarden.com/help/article/about-bitwarden-plans/#enterprise-organizations)) in order to start securely sharing data from Organizations with friends, family, co-workers, a department, or an entire company.
This article will guide existing individual Bitwarden users ([**Free**](https://bitwarden.com/help/about-bitwarden-plans/#free-individual) or [**Premium**](https://bitwarden.com/help/about-bitwarden-plans/#premium-individual)) through the process of transitioning to an Organizations plan ([**Free**](https://bitwarden.com/help/about-bitwarden-plans/#free-organizations), [**Families**](https://bitwarden.com/help/about-bitwarden-plans/#families-organizations), [**Teams**](https://bitwarden.com/help/about-bitwarden-plans/#teams-organizations), or [**Enterprise**](https://bitwarden.com/help/about-bitwarden-plans/#enterprise-organizations)) in order to start securely sharing data from Organizations with friends, family, co-workers, a department, or an entire company.
## Start Your Organization
@@ -30,12 +30,12 @@ Complete the following steps to start your Organization:
Checking the **This account is owned by a business** checkbox will automatically filter your plan options to those suited to businesses. If you represent a business interested in testing secure sharing using a Free Organization, leave this option unchecked.
5. In the **Choose Your Plan** section, select which type of Organization to create. Options include:
- **Free:** For testing or personal users to share with 1 other user. **[Learn more](https://bitwarden.com/help/article/about-bitwarden-plans/#free-organizations)**.
- **Families:** For personal use, to share with family & friends. **[Learn more](https://bitwarden.com/help/article/about-bitwarden-plans/#families-organizations)**.
- **Teams:** For businesses and other team organizations. **[Learn more](https://bitwarden.com/help/article/about-bitwarden-plans/#teams-organizations)**.
- **Enterprise:** For businesses and other large organizations. **[Learn more](https://bitwarden.com/help/article/about-bitwarden-plans/#enterprise-organizations)**.
- **Free:** For testing or personal users to share with 1 other user. **[Learn more](https://bitwarden.com/help/about-bitwarden-plans/#free-organizations)**.
- **Families:** For personal use, to share with family & friends. **[Learn more](https://bitwarden.com/help/about-bitwarden-plans/#families-organizations)**.
- **Teams:** For businesses and other team organizations. **[Learn more](https://bitwarden.com/help/about-bitwarden-plans/#teams-organizations)**.
- **Enterprise:** For businesses and other large organizations. **[Learn more](https://bitwarden.com/help/about-bitwarden-plans/#enterprise-organizations)**.
{% callout info %}Paid Organizations (Families, Teams, or Enterprise) include premium features for all enrolled users. For more information about Premium features, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#compare-the-plans/).
{% callout info %}Paid Organizations (Families, Teams, or Enterprise) include premium features for all enrolled users. For more information about Premium features, see [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/#compare-the-plans/).
{% endcallout %}
6. If you selected a Paid Organization, enter the following information:
- For **Teams** or **Enterprise**, enter the number of **User Seats** you need. You can add additional seats later if required.
@@ -64,6 +64,6 @@ Complete the following steps to cancel your Premium Individual subscription:
Now that you've created your Organization, we recommend that you:
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users)
- [Create a Collection](https://bitwarden.com/help/article/about-collections/#create-a-collection)
- [Share Items to a Collection](https://bitwarden.com/help/article/sharing/)
- [Invite Users to Your Organization](https://bitwarden.com/help/managing-users)
- [Create a Collection](https://bitwarden.com/help/about-collections/#create-a-collection)
- [Share Items to a Collection](https://bitwarden.com/help/sharing/)

8
_articles/plans-and-pricing/what-plan-is-right-for-me.md
View File

@@ -8,7 +8,7 @@ hidden: false
tags: [free, personal, organization, enterprise, teams, family, plans, subscription]
order: "02"
redirect_from:
- /article/picking-bitwarden-for-personal-or-business/
- /picking-bitwarden-for-personal-or-business/
---
Hi there! Bitwarden is here to help you take your first steps, whether you're a convert from another solution or new to password managers all-together.
@@ -62,7 +62,7 @@ Bitwarden is a great way to securely share data like Logins, Notes, Cards, and I
|If your answer is "Family & Friends"...|If your answer is "Business"...|If your answer is "Not sure...|
|--------------------|--------------------|--------------------|
|...we recommend a Families Organization for:<br><br>- Premium features for up to 6 users<br>- Unlimited sharing between up to 6 users<br><br>[**Create your Families Organization.**](https://bitwarden.com/help/article/upgrade-from-individual-to-org/)|...we have one last question.<br><br>**Continue to:** [What tools will you need?](#what-tools-will-you-need)|...we recommend trying a Free Organization for:<br><br>- Core Bitwarden features for 2 users<br>- Limited sharing between 2 users<br><br>[**Create your Free Organization.**](https://bitwarden.com/help/article/upgrade-from-individual-to-org/)|
|...we recommend a Families Organization for:<br><br>- Premium features for up to 6 users<br>- Unlimited sharing between up to 6 users<br><br>[**Create your Families Organization.**](https://bitwarden.com/help/upgrade-from-individual-to-org/)|...we have one last question.<br><br>**Continue to:** [What tools will you need?](#what-tools-will-you-need)|...we recommend trying a Free Organization for:<br><br>- Core Bitwarden features for 2 users<br>- Limited sharing between 2 users<br><br>[**Create your Free Organization.**](https://bitwarden.com/help/upgrade-from-individual-to-org/)|
## What tools will you need?
@@ -82,8 +82,8 @@ However, only Enterprise Organizations include:
|If your answer is "Almost all of them"...|If your answer is "I need all of them"...|
|------------------------------------------------|------------------------------------------------|
|...we recommend a Teams Organization.<br><br>[**Create your Teams Organization.**](https://bitwarden.com/help/article/upgrade-from-individual-to-org/)|...we recommend an Enterprise Organization.<br><br>[**Create your Enterprise Organization.**](https://bitwarden.com/help/article/upgrade-from-individual-to-org/)|
|...we recommend a Teams Organization.<br><br>[**Create your Teams Organization.**](https://bitwarden.com/help/upgrade-from-individual-to-org/)|...we recommend an Enterprise Organization.<br><br>[**Create your Enterprise Organization.**](https://bitwarden.com/help/upgrade-from-individual-to-org/)|
## Still not sure?
If you're still not sure which plan is right for you, you can find comparisons of each plan at [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/). Or, [Contact Us](https://bitwarden.com/contact/) at any time for further help.
If you're still not sure which plan is right for you, you can find comparisons of each plan at [About Bitwarden Plans](https://bitwarden.com/help/about-bitwarden-plans/). Or, [Contact Us](https://bitwarden.com/contact/) at any time for further help.

2
_articles/plans-and-pricing/why-choose-bitwarden-for-your-team.md
View File

@@ -8,7 +8,7 @@ hidden: false
tags: [organization, enterprise, teams, plans, subscription]
order: "02"
---
Use a Bitwarden Teams [Organization]({{site.baseurl}}/article/about-organizaations) to securely share data with coworkers, department, or an entire company. With many choices out there, Bitwarden stands apart with a comprehensive Teams offering.
Use a Bitwarden Teams [Organization]({{site.baseurl}}/about-organizaations) to securely share data with coworkers, department, or an entire company. With many choices out there, Bitwarden stands apart with a comprehensive Teams offering.
## Comparing Bitwarden Teams and Others

6
_articles/providers/add-existing-client-org.md
View File

@@ -11,7 +11,7 @@ order: "05"
MSPs, Resellers, and other Bitwarden Partners that are already administering Organizations on behalf of their clients can add pre-existing Organizations to their Provider Portal.
When Bitwarden detects that a [Provider Admin's]({{site.baseurl}}/article/provider-users/#provider-user-types) account is the **Owner of a non-Provider Organization**, the Provider Portal will display an {% icon fa-plus %} **Add Existing Organization** button:
When Bitwarden detects that a [Provider Admin's]({{site.baseurl}}/provider-users/#provider-user-types) account is the **Owner of a non-Provider Organization**, the Provider Portal will display an {% icon fa-plus %} **Add Existing Organization** button:
{% image /providers/add-existing-client-1.png %}
@@ -24,6 +24,6 @@ Once added, the Organization will appear in the {% icon fa-bank %} **Clients** l
{% callout success %}
**Once you've added the existing Organization to the Provider**, you (the Provider Admin and Organization Owner) can be removed from the Organization. Doing so will free up the User Seat previously taken up by your account. As a member of the Provider, you will retain all permission over the Client Organization:
1. Organizations may not be Owner-less, so [add a backup Owner to the Organization]({{site.baseurl}}/article/managing-users/#invite).
2. Once the new Owner is Invited, Accepted, and Confirmed, ask them to [remove you from the Organization]({{site.baseurl}}/article/managing-users/#offboard-users).
1. Organizations may not be Owner-less, so [add a backup Owner to the Organization]({{site.baseurl}}/managing-users/#invite).
2. Once the new Owner is Invited, Accepted, and Confirmed, ask them to [remove you from the Organization]({{site.baseurl}}/managing-users/#offboard-users).
{% endcallout %}

26
_articles/providers/client-org-setup.md
View File

@@ -14,30 +14,30 @@ This article will walk you through the [creation of a Client Organization](#crea
## Create a Client Organization
{% callout success %}
**Already have an Organization setup for your customer?** You can [add an existing Organization to the Provider Portal]({{site.baseurl}}/article/providers-faqs/#q-can-i-add-an-existing-organizations-to-my-provider).
**Already have an Organization setup for your customer?** You can [add an existing Organization to the Provider Portal]({{site.baseurl}}/providers-faqs/#q-can-i-add-an-existing-organizations-to-my-provider).
{% endcallout %}
To create a Client Organization you must be a [Provider Admin]({{site.baseurl}}/article/provider-users/#provider-user-types):
To create a Client Organization you must be a [Provider Admin]({{site.baseurl}}/provider-users/#provider-user-types):
1. Navigate to the Provider Portal and select the {% icon fa-plus %} **New Client Organization** button:
{% image providers/provider-add-client.png Create a Client Organization %}
2. On the New Client Organization screen, enter an **Organization Name**, **Billing Email**, and **Client Owner Email**.
{% callout info %}An invitation will automatically be sent to the **Client Owner Email** to join the Organization as an [Owner]({{site.baseurl}}/article/user-types-access-control).{% endcallout %}
3. From the **Choose Your Plan** list, select the [type of Organization]({{site.baseurl}}/article/about-bitwarden-plans/#compare-the-plans-1) to create.
{% callout info %}An invitation will automatically be sent to the **Client Owner Email** to join the Organization as an [Owner]({{site.baseurl}}/user-types-access-control).{% endcallout %}
3. From the **Choose Your Plan** list, select the [type of Organization]({{site.baseurl}}/about-bitwarden-plans/#compare-the-plans-1) to create.
{% callout success %}Teams and Enterprise Organizations include premium features for all enrolled users.{% endcallout %}
4. Set the following options for the Organization:
- **User Seats**: Specify the number of User Seats you need for the Client Organization. You can always add more seats later.
- **Additional Storage (GB)**: Organizations come with 1GB of encrypted [storage for attachments]({{site.baseurl}}/article/attachments/). Add additional storage for $0.33 per GB per month.
- **Additional Storage (GB)**: Organizations come with 1GB of encrypted [storage for attachments]({{site.baseurl}}/attachments/). Add additional storage for $0.33 per GB per month.
- **Billing Cadence**: Choose whether you'd like to be billed for this Organization Annually or Monthly.
5. Once you're happy with the Organization, enter your **Payment Information** and select **Submit**.
5. Select **Submit** to finishing creating the Organization.
Once created, navigating to the Client Organization from the Provider Portal will bring you to the Organization Vault, from which you can fully complete [initial setup](#initial-setup-procedure) and engage in [ongoing administration]({{site.baseurl}}/article/manage-client-orgs/):
Once created, navigating to the Client Organization from the Provider Portal will bring you to the Organization Vault, from which you can fully complete [initial setup](#initial-setup-procedure) and engage in [ongoing administration]({{site.baseurl}}/manage-client-orgs/):
{% image providers/client-org-manage.png Client Organization Vault %}
@@ -45,23 +45,23 @@ Once created, navigating to the Client Organization from the Provider Portal wil
With your newly-created Client Organization, you're ready to start building the perfect solution for your customer. Exact setup will be different for each Client Organization depending on your customers' needs, but typically will involve the following steps:
1. **Create Collections**. A good first step is to [create a set of Collections]({{site.baseurl}}/article/about-collections/#create-a-collection), which provide an organizing structure for the Vault items you'll add to the Vault in the next step.
1. **Create Collections**. A good first step is to [create a set of Collections]({{site.baseurl}}/about-collections/#create-a-collection), which provide an organizing structure for the Vault items you'll add to the Vault in the next step.
Common Collections patterns include **Collections by Department** (i.e. users in the client's Marketing Team are assigned to a **Marketing** Collection) or **Collections by Function** (i.e. users from the client's Marketing Team are assigned to a **Social Media** Collection):
{% image organizations/collections-graphic-1.png %}
2. **Populate the Organization Vault**. Once the structure of how you'll store Vault items is in place, you can begin populating the Organization with your client's Logins, Notes, Cards, and Identities.
{% callout success %}You can [create shared items from scratch]({{site.baseurl}}/article/sharing/#create-a-shared-item), but we recommend [importing a file that contains all their Vault items]({{site.baseurl}}/article/import-to-org/).{% endcallout %}
3. **Configure Enterprise Policies**. Before beginning the user management portion of setup, [configure Enterprise Policies]({{site.baseurl}}/article/policies/) in order to set rules-of-use for things like [Master Password complexity]({{site.baseurl}}/article/policies/#master-password), [use of Two-step Login]({{site.baseurl}}/article/policies/#two-step-login), and [Admin Password Reset]({{site.baseurl}}/article/admin-reset/).
{% callout success %}You can [create shared items from scratch]({{site.baseurl}}/sharing/#create-a-shared-item), but we recommend [importing a file that contains all their Vault items]({{site.baseurl}}/import-to-org/).{% endcallout %}
3. **Configure Enterprise Policies**. Before beginning the user management portion of setup, [configure Enterprise Policies]({{site.baseurl}}/policies/) in order to set rules-of-use for things like [Master Password complexity]({{site.baseurl}}/policies/#master-password), [use of Two-step Login]({{site.baseurl}}/policies/#two-step-login), and [Admin Password Reset]({{site.baseurl}}/admin-reset/).
{% callout info %}Enterprise Policies are **only available to Enterprise Organizations**.{% endcallout %}
4. **Setup Login with SSO**. If your customer uses Single Sign-On (SSO) to authenticate with other applications, [connect Bitwarden with their IdP]({{site.baseurl}}/article/about-sso/) to allow authentication with Bitwarden using end-users' SSO credentials.
5. **Create User Groups**. For Teams and Enterprise Organizations, [create a set of Groups]({{site.baseurl}}/article/about-groups/#create-a-group) for scalable permissions assignment. When you start adding users, add them to Groups to have each user automatically inherit the Group's configured permissions (e.g. access to which Collections).
4. **Setup Login with SSO**. If your customer uses Single Sign-On (SSO) to authenticate with other applications, [connect Bitwarden with their IdP]({{site.baseurl}}/about-sso/) to allow authentication with Bitwarden using end-users' SSO credentials.
5. **Create User Groups**. For Teams and Enterprise Organizations, [create a set of Groups]({{site.baseurl}}/about-groups/#create-a-group) for scalable permissions assignment. When you start adding users, add them to Groups to have each user automatically inherit the Group's configured permissions (e.g. access to which Collections).
One common Group-Collection pattern is to create **Groups by Department** and **Collections by Function**, for example:
{% image organizations/collections-graphic-2.png %}
6. **Start Inviting Users**. Now that the infrastructure for securely and scalably sharing credentials is in place for your client, you can begin [inviting users to the Organization]({{site.baseurl}}/article/managing-users/#onboard-users). To ensure the security of the Organization, Bitwarden applies a 3-step process for onboarding new users, Invite &rarr; Accept &rarr; Confirm.
6. **Start Inviting Users**. Now that the infrastructure for securely and scalably sharing credentials is in place for your client, you can begin [inviting users to the Organization]({{site.baseurl}}/managing-users/#onboard-users). To ensure the security of the Organization, Bitwarden applies a 3-step process for onboarding new users, Invite &rarr; Accept &rarr; Confirm.
{% callout success %}**If your customer uses directory service** (Active Directory, an LDAP, Okta, etc.), use [Directory Connector]({{site.baseurl}}/article/directory-sync/) to automatically sync Organization users from the source directory and automatically issue invitations.{% endcallout %}
{% callout success %}**If your customer uses directory service** (Active Directory, an LDAP, Okta, etc.), use [Directory Connector]({{site.baseurl}}/directory-sync/) to automatically sync Organization users from the source directory and automatically issue invitations.{% endcallout %}

24
_articles/providers/getting-started-providers.md
View File

@@ -8,7 +8,7 @@ hidden: false
tags: []
order: "02"
redirect_from:
- /article/deploying-bitwarden-as-a-msp/
- /deploying-bitwarden-as-a-msp/
---
{% callout success %}
@@ -45,7 +45,7 @@ Selecting the **Setup Provider Now** button will prompt you to log in to Bitward
As the creator of the Provider, you'll be automatically given [Provider Admin]({{site.baseurl}}/provider-users/#provider-user-types) status, allowing you to fully manage all aspects of the Provider and all [Client Organizations](#client-organizations). Bitwarden strongly recommends that you provision a second Provider Admin for failover purposes.
Now, begin adding your employees as [Service Users]({{site.baseurl}}/article/provider-users/#provider-user-types), which will allow them to fully administer all Client Organizations and create new ones or manage the Provider itself:
Now, begin adding your employees as [Service Users]({{site.baseurl}}/provider-users/#provider-user-types), which will allow them to fully administer all Client Organizations and create new ones or manage the Provider itself:
1. **Invite Users**. From the Provider Portal {% icon fa-sliders %} **Manage** tab, invite users as Service Users (or invite additional Provider Admins):
@@ -61,19 +61,19 @@ With an assembled team of Service Users, you're ready to start setting up [Clien
## Client Organizations
Client Organizations are any [Organization]({{site.baseurl}}/article/about-organizations/) that is attached to or administered by a Provider. To your customers, there's no difference between a "Client" Organization and a "regular" Organization except for who is conducting administration.
Client Organizations are any [Organization]({{site.baseurl}}/about-organizations/) that is attached to or administered by a Provider. To your customers, there's no difference between a "Client" Organization and a "regular" Organization except for who is conducting administration.
Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/article/sharing/) of Logins, Cards, Notes, and Identities. Organizations have a unique Vault, where Provider Service Users can manage the Organization's items, users, and settings:
Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/sharing/) of Logins, Cards, Notes, and Identities. Organizations have a unique Vault, where Provider Service Users can manage the Organization's items, users, and settings:
{% image providers/client-org.png %}
Members of a Client Organization (i.e. your customer's end-users) will find shared items ({% icon fa-cube %}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/article/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/article/folders/) organize personal items:
Members of a Client Organization (i.e. your customer's end-users) will find shared items ({% icon fa-cube %}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/folders/) organize personal items:
{% image organizations/personal-vault-org-enabled.png End-user Vault %}
### Create a Client Organization
To create a new Client Organization, you must be a [Provider Admin]({{site.baseurl}}/article/provider-users/#provider-user-types). Navigate to the {% icon fa-bank %} **Clients** tab of the Provider Portal and select the {% icon fa-plus %} **New Client Organization** button:
To create a new Client Organization, you must be a [Provider Admin]({{site.baseurl}}/provider-users/#provider-user-types). Navigate to the {% icon fa-bank %} **Clients** tab of the Provider Portal and select the {% icon fa-plus %} **New Client Organization** button:
{% image providers/provider-add-client.png Create a Client Organization %}
@@ -81,19 +81,19 @@ To create a new Client Organization, you must be a [Provider Admin]({{site.baseu
With your newly-created Client Organization, start building the perfect solution for your customer. Exact setup will be different for each Client Organization based on your customers' needs, but will typically involve:
1. **Create Collections**. A good first step is to [create a set of Collections]({{site.baseurl}}/article/about-collections/#create-a-collection), which provide an organizing structure for the Vault items you'll add to the Vault in the next step.
1. **Create Collections**. A good first step is to [create a set of Collections]({{site.baseurl}}/about-collections/#create-a-collection), which provide an organizing structure for the Vault items you'll add to the Vault in the next step.
Common Collections patterns include **Collections by Department** (i.e. users in the client's Marketing Team are assigned to a **Marketing** Collection) or **Collections by Function** (i.e. users from the client's Marketing Team are assigned to a **Social Media** Collection):
{% image organizations/collections-graphic-1.png %}
2. **Populate the Organization Vault**. Once the structure of how you'll store Vault items is in place, you can begin populating the Organization with your client's Logins, Notes, Cards, and Identities.
{% callout success %}You can [create shared items from scratch]({{site.baseurl}}/article/sharing/#create-a-shared-item), but we recommend [importing a file that contains all their Vault items]({{site.baseurl}}/article/import-to-org/).{% endcallout %}
3. **Configure Enterprise Policies**. Before beginning the user management portion of setup, [configure Enterprise Policies]({{site.baseurl}}/article/policies/) in order to set rules-of-use for things like [Master Password complexity]({{site.baseurl}}/article/policies/#master-password), [use of Two-step Login]({{site.baseurl}}/article/policies/#two-step-login), and [Admin Password Reset]({{site.baseurl}}/article/admin-reset/).
{% callout success %}You can [create shared items from scratch]({{site.baseurl}}/sharing/#create-a-shared-item), but we recommend [importing a file that contains all their Vault items]({{site.baseurl}}/import-to-org/).{% endcallout %}
3. **Configure Enterprise Policies**. Before beginning the user management portion of setup, [configure Enterprise Policies]({{site.baseurl}}/policies/) in order to set rules-of-use for things like [Master Password complexity]({{site.baseurl}}/policies/#master-password), [use of Two-step Login]({{site.baseurl}}/policies/#two-step-login), and [Admin Password Reset]({{site.baseurl}}/admin-reset/).
{% callout info %}Enterprise Policies are **only available to Enterprise Organizations**.{% endcallout %}
4. **Setup Login with SSO**. If your customer uses Single Sign-On (SSO) to authenticate with other applications, [connect Bitwarden with their IdP]({{site.baseurl}}/article/about-sso/) to allow authentication with Bitwarden using end-users' SSO credentials.
5. **Create User Groups**. For Teams and Enterprise Organizations, [create a set of Groups]({{site.baseurl}}/article/about-groups/#create-a-group) for scalable permissions assignment. When you start adding users, add them to Groups to have each user automatically inherit the Group's configured permissions (e.g. access to which Collections).
4. **Setup Login with SSO**. If your customer uses Single Sign-On (SSO) to authenticate with other applications, [connect Bitwarden with their IdP]({{site.baseurl}}/about-sso/) to allow authentication with Bitwarden using end-users' SSO credentials.
5. **Create User Groups**. For Teams and Enterprise Organizations, [create a set of Groups]({{site.baseurl}}/about-groups/#create-a-group) for scalable permissions assignment. When you start adding users, add them to Groups to have each user automatically inherit the Group's configured permissions (e.g. access to which Collections).
One common Group-Collection pattern is to create **Groups by Department** and **Collections by Function**, for example:
@@ -107,6 +107,6 @@ With the infrastructure for securely and scalably sharing credentials in place,
{% image organizations/org-people-invite.png %}
2. **For larger customers** who leverage a directory service (Active Directory, LDAP, Okta, etc.), use [Directory Connector]({{site.baseurl}}/article/directory-sync) to sync Organization users from the source directory and automatically issue invitations.
2. **For larger customers** who leverage a directory service (Active Directory, LDAP, Okta, etc.), use [Directory Connector]({{site.baseurl}}/directory-sync) to sync Organization users from the source directory and automatically issue invitations.
Regardless of whether you've invited users from the Organization Vault or using Directory Connector, the same 3-step process (Invite &rarr; Accept &rarr; Confirm) that you followed when [onboarding Provider users](#onboard-users) will apply here as well.

22
_articles/providers/manage-client-orgs.md
View File

@@ -9,7 +9,7 @@ tags: []
order: "06"
---
To access a [Client Organization]({{site.baseurl}}/article/providers/#client-organizations) as a [Service User]({{site.baseurl}}/article/provider-users/#provider-user-types), select **Provider** from the top navigation and select your Provider from the Providers list. In the Provider Portal, select the Client Organization to administer from the {% icon fa-bank %} **Clients** tab:
To access a [Client Organization]({{site.baseurl}}/providers/#client-organizations) as a [Service User]({{site.baseurl}}/provider-users/#provider-user-types), select **Provider** from the top navigation and select your Provider from the Providers list. In the Provider Portal, select the Client Organization to administer from the {% icon fa-bank %} **Clients** tab:
{% image providers/provider-as-serviceuser.png Provider Portal %}
@@ -17,14 +17,14 @@ Once in the Organization Vault you can fully administer the Client Organization,
|Task|Description|Resources|
|----|-----------|---------|
|Add and Remove Users|Onboard and offboard users from Bitwarden as they join and leave the customers' Organization.|[User Onboarding]({{site.baseurl}}/article/managing-users/#onboard)<br><br>[User Offboarding]({{site.baseurl}}/article/managing-users/#offboard)|
|Change User Permissions|When end-users change roles, change their permissions as appropriate.|[User Types and Access Control]({{site.baseurl}}/article/user-types-access-control/)|
|Add and Remove User Seats|As the customers' business grows, manage the number of user seats for the Client Organization.|[Manage User Seats]({{site.baseurl}}/article/managing-users/#manage-user-seats)|
|Reset Users' Master Passwords|If enabled, use Admin Password Reset to recover end-user accounts if they forget their Master Password.|[Admin Password Reset]({{site.baseurl}}/article/admin-reset)|
|Create & Share Vault Items|Add and share new Vault items on-the-fly when users need access to new systems.|[Sharing]({{site.baseurl}}/article/sharing/)|
|Secure one-time Sharing|Use Bitwarden for secure one-time sharing of credentials, documents, and more.|[Create a Send]({{site.baseurl}}/article/create-send)|
|Monitor Vault Health|Use Organization Vault Health Reports and Event Logs to keep an eye on the overall health of the Client Organization.|[Vault Health Reports]({{site.baseurl}}/article/reports/)<br><br>[Event Logs]({{site.baseurl}}/article/events/)|
|Manage Billing|Make changes to the billing information for the Client Organization, if you ever need to.|[Update Billing Info]({{site.baseurl}}/article/update-billing-info/#update-billing-information-for-organizations)|
|Add and Remove Users|Onboard and offboard users from Bitwarden as they join and leave the customers' Organization.|[User Onboarding]({{site.baseurl}}/managing-users/#onboard)<br><br>[User Offboarding]({{site.baseurl}}/managing-users/#offboard)|
|Change User Permissions|When end-users change roles, change their permissions as appropriate.|[User Types and Access Control]({{site.baseurl}}/user-types-access-control/)|
|Add and Remove User Seats|As the customers' business grows, manage the number of user seats for the Client Organization.|[Manage User Seats]({{site.baseurl}}/managing-users/#manage-user-seats)|
|Reset Users' Master Passwords|If enabled, use Admin Password Reset to recover end-user accounts if they forget their Master Password.|[Admin Password Reset]({{site.baseurl}}/admin-reset)|
|Create & Share Vault Items|Add and share new Vault items on-the-fly when users need access to new systems.|[Sharing]({{site.baseurl}}/sharing/)|
|Secure one-time Sharing|Use Bitwarden for secure one-time sharing of credentials, documents, and more.|[Create a Send]({{site.baseurl}}/create-send)|
|Monitor Vault Health|Use Organization Vault Health Reports and Event Logs to keep an eye on the overall health of the Client Organization.|[Vault Health Reports]({{site.baseurl}}/reports/)<br><br>[Event Logs]({{site.baseurl}}/events/)|
|Manage Billing|Make changes to the billing information for the Client Organization, if you ever need to.|[Update Billing Info]({{site.baseurl}}/update-billing-info/#update-billing-information-for-organizations)|
Additionally, **if your Service Users help to train customers' end-users to use Bitwarden**, the following resources may be helpful:
@@ -32,7 +32,7 @@ Additionally, **if your Service Users help to train customers' end-users to use
|----|-----------|---------|
|User Registration|Help end-users register for Bitwarden accounts.|[Register](https://vault.bitwarden.com/#/register)|
|Watch Training Videos|Pass along some of the trainings we've conducted in the past.|[Getting Started with Bitwarden](https://bitwarden.com/getting-started)|
|Help users import their data|If permitted by your customer, give users instructions for importing their personal data to Bitwarden.|[Import Data to your Vault]({{site.baseurl}}/article/import-data/)|
|Help setup Two-step Login|Give users instructions to help facilitate setup of Two-step Login.|[Two-step Login Methods]({{site.baseurl}}/article/setup-two-step-login/)|
|Help users import their data|If permitted by your customer, give users instructions for importing their personal data to Bitwarden.|[Import Data to your Vault]({{site.baseurl}}/import-data/)|
|Help setup Two-step Login|Give users instructions to help facilitate setup of Two-step Login.|[Two-step Login Methods]({{site.baseurl}}/setup-two-step-login/)|
|Demonstrate Bitwarden apps|Help users understand the benefits of Bitwarden mobile apps, browser extensions, and other apps.|[Getting Started Guides]({{site.baseurl}}/getting-started/)|
|Register for Demos|Encourage Power Users to learn independently by attending a Weekly Demo.|[Bitwarden Events](https://www.crowdcast.io/bitwarden)|

8
_articles/providers/provider-events.md
View File

@@ -11,7 +11,7 @@ order: "07"
## What are Event Logs?
Event logs are timestamped records of events that occur within your Provider. Event logs for the Provider are accessible only to [Provider Admins]({{site.baseurl}}/article/provider-users/) from the {% icon fa-sliders %} **Manage** tab of the Provider Portal:
Event logs are timestamped records of events that occur within your Provider. Event logs for the Provider are accessible only to [Provider Admins]({{site.baseurl}}/provider-users/) from the {% icon fa-sliders %} **Manage** tab of the Provider Portal:
{% image providers/provider-events.png Provider Event Logs %}
@@ -28,10 +28,10 @@ Event Logs record several different types of events for Providers. The Event Log
- Edited user *user-identifier*
- Removed user *user-identifier*
- Accessed *organization-identifier* organization vault.
- Created organization *organization-identifier* (triggered when [a new Organization is created within Provider]({{site.baseurl}}/article/client-org-setup/#create-a-client-organization))
- Added organization *organization-identifier* (triggered when [an existing Organization is added to Provider]({{site.baseurl}}/article/providers-faqs/#q-can-i-add-an-existing-organizations-to-my-provider))
- Created organization *organization-identifier* (triggered when [a new Organization is created within Provider]({{site.baseurl}}/client-org-setup/#create-a-client-organization))
- Added organization *organization-identifier* (triggered when [an existing Organization is added to Provider]({{site.baseurl}}/providers-faqs/#q-can-i-add-an-existing-organizations-to-my-provider))
- Removed organization *organization-identifier*
{% callout success %}
Provider Events do not currently roll up the events logged for each [Client Organization]({{site.baseurl}}/article/providers/#client-organizations). Provider users can access Organization Event Logs from the Client Organization's Vault. [Learn more]({{site.baseurl}}/article/event-logs/).
Provider Events do not currently roll up the events logged for each [Client Organization]({{site.baseurl}}/providers/#client-organizations). Provider users can access Organization Event Logs from the Client Organization's Vault. [Learn more]({{site.baseurl}}/event-logs/).
{% endcallout %}

8
_articles/providers/provider-users.md
View File

@@ -25,7 +25,7 @@ To invite users to your Provider:
4. On the Invite User panel:
- Enter the **Email** address where new users should receive their invites. You can add up to 20 users at a time by comma-separating email addresses.
- Select the **User Type** to be applied to this batch of users. [User Type](#provider-user-types) will determine what access these users will have to the Provider. **Both User Types** will be able to fully administer any [Client Organization]({{site.baseurl}}/article/client-orgs/).
- Select the **User Type** to be applied to this batch of users. [User Type](#provider-user-types) will determine what access these users will have to the Provider. **Both User Types** will be able to fully administer any [Client Organization]({{site.baseurl}}/client-orgs/).
5. Click **Save** to invite the designated users to join the Provider.
{% callout info %}
@@ -49,7 +49,7 @@ To confirm accepted invitations to your Provider:
3. Select any `Accepted` users and use the {% icon fa-cog %} gear dropdown to {% icon fa-check %} **Confirm Selected**:
{% image /providers/provider-confirm.png Confirm Provider Users %}
4. On the panel that appears, verify that the [fingerprint phrases]({{site.baseurl}}/article/fingerprint-phrase) for new users match those they can find in their **Settings** &rarr; **My Account** screen.
4. On the panel that appears, verify that the [fingerprint phrases]({{site.baseurl}}/fingerprint-phrase) for new users match those they can find in their **Settings** &rarr; **My Account** screen.
Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select **Confirm**.
@@ -66,7 +66,7 @@ To remove users from your Provider:
## Provider User Types
{% callout success %}
**Managing a Client Organization's users?** Organizations have a set of [User Types and Access Controls]({{site.baseurl}}/article/user-types-access-control/) that are distinct from Provider User Types.
**Managing a Client Organization's users?** Organizations have a set of [User Types and Access Controls]({{site.baseurl}}/user-types-access-control/) that are distinct from Provider User Types.
{% endcallout %}
Bitwarden Provider Users can be granted one of two User Types to manage their access to the Provider. **Both User Types will be able to fully administer any Client Organization.** Bitwarden strongly recommends that you provision a second user with a Provider Admin role for failover purposes.
@@ -75,5 +75,5 @@ You can set User Types when you [invite](#invite) Provider users, or at any time
|Role|Description|
|----|-----------|
|Service User|Service Users can access and manage all [Client Organizations]({{site.baseurl}}/article/client-orgs/), including:<br><br>- Access shared items stored in the Organization Vault<br>- Add, edit, or remove items from all Collections<br>- Create or delete Collections<br>- Assign Users and User Groups to Collections<br>- Assign Users to User Groups<br>- Create or delete User Groups<br>- Invite and confirm new users<br>- Manage Enterprise Policies<br>- View Event Logs<br>- Export Organization Vault data<br>- Manage Password Reset<br>- Manage Billing, Subscription, and Integrations|
|Service User|Service Users can access and manage all [Client Organizations]({{site.baseurl}}/client-orgs/), including:<br><br>- Access shared items stored in the Organization Vault<br>- Add, edit, or remove items from all Collections<br>- Create or delete Collections<br>- Assign Users and User Groups to Collections<br>- Assign Users to User Groups<br>- Create or delete User Groups<br>- Invite and confirm new users<br>- Manage Enterprise Policies<br>- View Event Logs<br>- Export Organization Vault data<br>- Manage Password Reset<br>- Manage Billing, Subscription, and Integrations|
|Provider Admin|Provider Admins manage all aspects of the Provider and all Client Organizations. Provider admins can do all of the above, plus:<br><br>- Create new Client Organizations<br>- Add existing Organizations to the Provider<br>- Invite and confirm new Service Users and Provider Admins<br>- View Provider Event Logs<br>- Edit Provider Settings|

12
_articles/providers/providers.md
View File

@@ -38,22 +38,22 @@ Providers are built with two distinct [user types]({{site.baseurl}}/artice/provi
## Client Organizations
Client Organizations are any [Organization]({{site.baseurl}}/article/about-organizations/) that is attached to or administered by a [Provider](#what-are-providers). To your customers, there's no difference between a "Client" Organization and a "regular" Organization except for who is conducting administration. All Provider members have **full** access to all Client Organizations:
Client Organizations are any [Organization]({{site.baseurl}}/about-organizations/) that is attached to or administered by a [Provider](#what-are-providers). To your customers, there's no difference between a "Client" Organization and a "regular" Organization except for who is conducting administration. All Provider members have **full** access to all Client Organizations:
{% image providers/provider-diagram.png Structure of a Provider %}
{% callout info %}
**As denoted in the above diagram**, if Providers want to use an [Organization]({{site.baseurl}}/article/about-organizations) to manage their own credentials, they **should not** include it as a Client Organization that's administered by the Provider.
**As denoted in the above diagram**, if Providers want to use an [Organization]({{site.baseurl}}/about-organizations) to manage their own credentials, they **should not** include it as a Client Organization that's administered by the Provider.
Creating an independent Organization for this case will ensure users can be given the appropriate [user types and access controls]({{site.baseurl}}/article/user-types-access-control) over credentials.
Creating an independent Organization for this case will ensure users can be given the appropriate [user types and access controls]({{site.baseurl}}/user-types-access-control) over credentials.
{% endcallout %}
Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/article/sharing/) of Logins, Cards, Notes, and Identities. Organizations have a unique Vault, where Provider Service Users can manage the Organization's items, users, and settings:
Organizations relate Bitwarden users and Vault items together for [secure sharing]({{site.baseurl}}/sharing/) of Logins, Cards, Notes, and Identities. Organizations have a unique Vault, where Provider Service Users can manage the Organization's items, users, and settings:
{% image /providers/client-org.png Client Organization Vault %}
Members of a Client Organization (i.e. your customer's end-users) will find shared items ({% icon fa-cube %}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/article/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/article/folders/) organize personal items:
Members of a Client Organization (i.e. your customer's end-users) will find shared items ({% icon fa-cube %}) in their **My Vault** view alongside personal items, as well as filters for assigned [Collections]({{site.baseurl}}/about-collections/), which group Organization items similarly to how [Folders]({{site.baseurl}}/folders/) organize personal items:
{% image organizations/personal-vault-org-enabled.png End-user Vault %}
Once you've filled out the [Provider Registration form](#) and been setup with a Provider by a member of the Bitwarden team, [start a Client Organization]({{site.baseurl}}/article/client-org-setup).
Once you've filled out the [Provider Registration form](#) and been setup with a Provider by a member of the Bitwarden team, [start a Client Organization]({{site.baseurl}}/client-org-setup).

Some files were not shown because too many files have changed in this diff Show More