bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2025-12-10 13:23:16 +00:00
Code Issues Releases Wiki Activity

Organizations rev (#265)

Browse Source 
* Organizations revisions initial commit.

* API doc updates

* Fix absolute link causing build failure.

* Add import to org article, and downstream order changes.

* Bitwarden 101 videos: 1st steps toward proliferating these throughout /help.

* Added 'Create Your Account' article, which references B101 Videos.

* About SSO redirect & promote importing for orgs up the list

* Create Org FAQs & trim Feature FAQs accordingly.

* Image for Org FAQs

* Move 'About the Business Portal' to Orgs category, and re-order accordingly.

* Final edits.

* Update to API doc.

* Returned missing getting-started-organizations article
This commit is contained in:
fred_the_tech_writer
2020-11-06 14:43:15 -05:00
committed by GitHub
parent d6e5009bf4
commit 899c14476d
77 changed files with 974 additions and 500 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_articles/account/setup-two-step-login-duo.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Set up two-step login with Duo Security
categories: [account-management, organizations]
categories: [account-management]
featured: false
popular: false
tags: [two-step login, 2fa, two factor authentication, account, duo, sms]

2
_articles/directory-connector/azure-active-directory.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Configuring directory sync with Azure Active Directory
categories: [organizations]
categories: [directory-connector]
featured: true
popular: false
hidden: false

2
_articles/directory-connector/directory-sync.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Syncing users and groups with a directory
categories: [organizations]
categories: [directory-connector]
featured: true
popular: false
tags: []

2
_articles/directory-connector/gsuite-directory.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Configuring directory sync with G Suite (Google)
categories: [organizations]
categories: [directory-connector]
featured: true
popular: false
hidden: false

2
_articles/directory-connector/ldap-directory.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Configuring directory sync with Active Directory or other LDAP servers
categories: [organizations]
categories: [directory-connector]
featured: true
popular: false
tags: [active directory, ldap, ad]

2
_articles/directory-connector/okta-directory.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Configuring directory sync with Okta
categories: [organizations]
categories: [directory-connector]
featured: true
popular: false
hidden: false

2
_articles/directory-connector/onelogin-directory.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Configuring directory sync with OneLogin
categories: [organizations]
categories: [directory-connector]
featured: true
popular: false
hidden: false

2
_articles/directory-connector/user-group-filters.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Configuring user and group sync filters
categories: [organizations]
categories: [directory-connector]
featured: false
popular: false
hidden: false

59
_articles/faqs/org-faqs.md Normal file
View File

@@ -0,0 +1,59 @@
---
layout: article
title: Organizations FAQs
categories: [organizations, faqs]
featured: true
popular: false
tags: []
order: 17
---
This article contains Frequently Asked Questions (FAQs) regarding **Organizations** in the following categories:
- [Organizations General](#organizations-general)
- [Organization Administration](#organization-administration)
- [Sharing with an Organization](#sharing-with-an-organization)
Or, for more high-level information about **Organizations**, refer to the following articles:
- [About Organizations](https://bitwarden.com/help/article/about-organizations/)
- [About Collections](https://bitwarden.com/help/article/about-collections/)
- [About Groups](https://bitwarden.com/help/article/about-groups/)
## Organizations General
### Q: What's the difference between Organizations and Premium?
**A:** Organizations unlock access to secure sharing between users who are members of that Organization.
Premium Individual plans unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file storage, and more. Premium Individual does not include secure data sharing.
Paid Organizations (Families, Teams, or Enterprise) automatically include premium features (advanced 2FA options, Bitwarden Authenticator, etc.) for every user enrolled in the Organization.
## Organization Administration
### Q: My Organization's Owner is no longer with the company, can a new owner be created?
**A:** Only an Owner can create a new Owner or assign Owner to an existing user. For failover purposes, Bitwarden recommends creating multiple Owner users. If your single Owner has left the company, [Contact Us](https://bitwarden.com/contact).
### Q: I have invited users but they cannot see shared items, what do I do?
**A:** Invited users will receive an email asking them to join the Organization. First, make sure they have accepted the invitation. If they have, a **Admin** or **Owner** should navigate to **Manage** → **People**, hover over that user, open the gear dropdown, and select **Confirm**.
### Q: What events are auditing for my Organization?
**A:** For a full list of what's included in Bitwarden Event Logs, see [Event Logs](https://bitwarden.com/help/article/event-logs/).
## Sharing with an Organization
### Q: How do I "unshare" an item from my Organization?
**A:** To unshare an item:
1. Clone the item back to your Personal Vault by navigating to your Organization Vault and selecting **Clone** from the gear dropdown for the item you want to clone. Only users with User Type **Admin** or higher can only clone items into their Personal Vault by changing the **Ownership** setting.
{% image /organizations/clone-org-item.png %}
2. Delete the item from the Organization Vault by selecting **Delete** from the same gear dropdown.
Alternatively, you can unshare items by moving them to a different Collection with higher Access Control restrictions.
### Q: Does an item I share with the organization stay after I leave?
**A:** It does! When a user shares an item with an Organization, the Organization takes ownership of the item. Even if the user leaves the Organization or deletes their account, that item will remain in the Organization Vault.

36
_articles/faqs/product-faqs.md
View File

@@ -13,11 +13,8 @@ tags: []
- [**Q: Can I install Bitwarden without Google Play?**](#q-can-i-install-bitwarden-without-google-play)
- [**Q: How do I enable Autofill in Android?**](#q-how-do-i-enable-autofill-in-android)
- [**Q: How do I view attachments?**](#q-how-do-i-view-attachments)
- [**Q: What events are audited in my organization?**](#q-what-events-are-audited-in-my-organization)
- [**Q: Can Bitwarden restore my individual vault?**](#q-can-bitwarden-restore-my-individual-vault)
- [**Q: How do I backup my self-hosted server?**](#q-how-do-i-backup-my-self-hosted-server)
- [**Q: I have invited a user to my organization but they cannot see shared items**](#q-i-have-invited-a-user-to-my-organization-but-they-cannot-see-shared-items)
- [**Q: My organization owner is no longer with the company, how can a new owner be created?**](#q-my-organization-owner-is-no-longer-with-the-company-how-can-a-new-owner-be-created)
- [**Q: How do I configure custom fields?**](#q-how-do-i-configure-custom-fields)
- [**Q: How do I import my data if I dont see my service on the import options?**](#q-how-do-i-import-my-data-if-i-dont-see-my-service-on-the-import-options)
- [**Q: How do I delete an item?**](#q-how-do-i-delete-an-item)
@@ -34,17 +31,14 @@ tags: []
- [**Q: Can I see the history of the passwords I have generated?**](#q-can-i-see-the-history-of-the-passwords-i-have-generated)
- [**Q: Can I export/import from iCloud/Mac Keychain?**](#q-can-i-exportimport-from-icloudmac-keychain)
- [**Q: How do I enable iOS AutoFill?**](#q-how-do-i-enable-ios-autofill)
- [**Q: Why does something I shared with the organization stay after I leave?**](#q-why-does-something-i-shared-with-the-organization-stay-after-i-leave)
- [**Q: Why am I getting a New Device Email Message?**](#q-why-am-i-getting-a-new-device-email-message)
- [**Q: Can I use SMS 2FA?**](#q-can-i-use-sms-2fa)
- [**Q: How do I install the Safari Extension?**](#q-how-do-i-install-the-safari-extension)
- [**Q: How do I share items with Organization ?**](#q-how-do-i-share-items-with-organization-)
- [**Q: How can I start Bitwarden when Windows starts?**](#q-how-can-i-start-bitwarden-when-windows-starts)
- [**Q: How do I perform a sync on my application?**](#q-how-do-i-perform-a-sync-on-my-application)
- [**Q: What is TOTP and how can I use it?**](#q-what-is-totp-and-how-can-i-use-it)
- [**Q: Why are my TOTP codes incorrect/not working?**](#q-why-are-my-totp-codes-incorrectnot-working)
- [**Q: Why is U2F Not Supported on my iOS or Android App?**](#q-why-is-u2f-not-supported-on-my-ios-or-android-app)
- [**Q: How do I unshare an item?**](#q-how-do-i-unshare-an-item)
- [**Q: How do I use the web browser extension?**](#q-how-do-i-use-the-web-browser-extension)
- [**Q: How do I add attachments?**](#q-how-do-i-add-attachments)
- [**Q: I am asked for my master password even though I have PIN unlock enabled on iOS / Android**](#q-i-am-asked-for-my-master-password-even-though-i-have-pin-unlock-enabled-on-ios--android)
@@ -78,10 +72,6 @@ One last thing you will want to check is the battery optimization settings on yo
**A:** Here you can see the ways to attach a file in all other clients: <https://help.bitwarden.com/article/attachments/>
### **Q: What events are audited in my organization?**
**A:** You can check to see what events are captured in this article: <https://bitwarden.com/help/article/event-logs/>
### **Q: Can Bitwarden restore my individual vault?**
Bitwarden is unable to restore user vaults. We recommend everyone make regular backups (via export) of their vault data. You can learn more about backing up your vault here:
@@ -91,14 +81,6 @@ Bitwarden is unable to restore user vaults. We recommend everyone make regular b
**A:** Please see this helpful article regarding backup procedures for your self-hosted server: <https://help.bitwarden.com/article/backup-on-premise/>
### **Q: I have invited a user to my organization but they cannot see shared items**
**A:** Once a user has accepted the invitation, an Organization Owner or Admin will need to go to the People management page and "Confirm" the user. This is a very important step as it completes the public-key exchange allowing for the sharing of encrypted information.
### **Q: My organization owner is no longer with the company, how can a new owner be created?**
**A:** We recommend having multiple and dedicated owner accounts to prevent this situation, however, if you need assistance with this, please contact customer success here: <https://bitwarden.com/contact>
### **Q: How do I configure custom fields?**
**A:** Here is an example of how to configure a Custom Field:
@@ -213,10 +195,6 @@ While testing Bitwarden, it is best to only have Bitwarden enabled to avoid any
You can see more about Bitwarden for iOS here: <https://bitwarden.com/help/article/getting-started-ios/>
### **Q: Why does something I shared with the organization stay after I leave?**
**A:** When a user shares an item with an Organization, the Organization takes over ownership of the item. Even if the user account has its association with the Organization removed or if the user account is deleted, the item will remain with the Organization.
### **Q: Why am I getting a New Device Email Message?**
**A:** Typically this occurs for users that have a setting on their browser which clears their local storage and/or cookies whenever they close the browser or while they are using the browser. There are extensions that perform these actions. If this happens, you lose the indicator which tells our servers that it is an existing device. New device notification messages are not contingent on the IP address, only the device itself. We use local storage in the browser or client to label the device with an id. If that id has never logged in before then you will get an email. If a user clears this local storage, a new id is generated for that device and it will get a new email.
@@ -239,14 +217,6 @@ Currently, the Families plan introduced in September 2020, supports premium feat
Be sure to run the application once. If the extension still does not appear, it may just need to be enabled. In Safari, check under Preferences > Extensions
### **Q: How do I share items with Organization ?**
**A:** You will want to log into the Web Vault (<https://vault.bitwarden.com>) and select the small gear menu that appears to the right of an item when mouse over it and select share.
After an item is shared, if you want to adjust the Collections the item is shared with then use the same menu and select Collections.
You can bulk share items by checking the box next to multiple items and then selecting the gear menu at the top next to My Vault and then select Share.
### **Q: How can I start Bitwarden when Windows starts?**
In order to set Bitwarden Desktop to startup, please follow these steps:
@@ -281,12 +251,6 @@ Whenever you auto-fill a website that has TOTP attached, the code will automatic
**A:** At this time, due to platform/OS limitations, FIDO U2F cannot be used with all Bitwarden applications. You should enable another two-step login provider so that you can access your account when FIDO U2F cannot be used. We are expanding our U2F capabilities
### **Q: How do I unshare an item?**
**A:** At this time there isn't an "unshare" option. You will need to manually create or clone the item back into your personal vault and then delete the item from the Organization. You can also use an export/import method if you ever need to move multiple items back to a personal vault.
Alternatively if you want to 'unshare' it just from non-admin users, you can create a collection for admin-owned items and assign the item to *only* that collection.
### **Q: How do I use the web browser extension?**
**A:** Using the Bitwarden Web Browser Extension is a good way to add your passwords to your vault. Anytime it detects a password field on a website that it doesn't have in its database, it will ask to save.

2
_articles/features/folders.md
View File

@@ -10,7 +10,7 @@ tags: [categories, folders, sub-folders]
Folders are a great way to categorize items in your Bitwarden vault.
{% note %}
An [organization's collections]({% link _articles/organizations/collections.md %}) are different than folders. Collections are a way to organize items and control user access within an organization's vault while folders are a way for individual users to organize items within their own personal vault. An individual user may wish to further organize the items being shared with them in their own vault into a personalized folder structure that makes sense just for them.
An Organization's collection are different than folders. Collections are a way to organize items and control user access within an organization's vault while folders are a way for individual users to organize items within their own personal vault. An individual user may wish to further organize the items being shared with them in their own vault into a personalized folder structure that makes sense just for them.
{% endnote %}
## Nested folders (sub-folders)

30
_articles/getting-started/create-bitwarden-account.md Normal file
View File

@@ -0,0 +1,30 @@
---
layout: article
title: Create Your Bitwarden Account
categories: [getting-started]
featured: true
popular: true
tags: [getting started, create account]
---
## Welcome to Bitwarden
We're thrilled to be a part of your secure password management journey. To create a Bitwarden account, click the **Get Started** button on our homepage, or click [**here**](https://vault.bitwarden.com/#/register).
{% image /getting-started/get-started-homepage-overlay.png Bitwarden Homepage%}
## Create Account Screen
Once you've clicked the link, the following screen will appear:
{% image /getting-started/create-account-screen-overlay.png Create Account screen%}
Fill out all fields (*Master Password Hint* is optional) and click **Submit** when you're finished.
## Verify Your Email
Once you've created your account, prompt Bitwarden to send you a verification email by logging in to your [Web Vault](https://vault.bitwarden.com/).
## Congratulations!
For help getting going with Bitwarden, we recommend:
- [Bitwarden 101 Video Series - Getting Started](https://bitwarden.com/help/article/getting-started-videos/)

4
_articles/organizations/getting-started-organizations.md → _articles/getting-started/getting-started-organizations.md
View File

@@ -1,7 +1,7 @@
---
layout: article
title: Getting Started with Bitwarden Organizations
categories: [organizations]
categories: [getting-started]
featured: false
popular: false
hidden: false
@@ -41,7 +41,7 @@ This tutorial walks you through the setup for two basic accounts and sharing in
A Bitwarden organization is an entity that relates users together that want to share items. An organization could be a family, team, company, or any other type of group that desires to share items in Bitwarden.
For more, please see [What are organizations?]({% link _articles/organizations/what-is-an-organization.md %}).
For more, please see [About Organizations](https://bitwarden.com/help/article/about-organizations/).
**Are Organizations Different than a Premium Membership?**

29
_articles/getting-started/getting-started-videos.md Normal file
View File

@@ -0,0 +1,29 @@
---
layout: article
title: Bitwarden 101 Video Series - Getting Started
categories: [getting-started]
featured: true
popular: false
tags: [getting started, videos, bitwarden 101]
order: 16
---
## Bitwarden 101 - Getting Started
Videos in this article are intended to walk you through getting started using Bitwarden
### Jump to Videos:
- [How to create an account and login](#how-to-create-an-account-and-login)
- [Vault Management](#vault-management)
- [How to setup the browser extension](#how-to-setup-the-browser-extension)
### How to create an account and login
<iframe width="800" height="450" src="https://www.youtube.com/embed/W6Miu-TJI1c" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
### Vault Management
<iframe width="800" height="450" src="https://www.youtube.com/embed/xY9mRvOKTCs" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
### How to setup the browser extension
<iframe width="800" height="450" src="https://www.youtube.com/embed/Epx6bLBsYlI" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

4
_articles/login-with-sso/getting-started-with-sso.md → _articles/login-with-sso/about-sso.md
View File

@@ -1,11 +1,13 @@
---
layout: article
title: Getting Started with Login with SSO
title: About Login with SSO
categories: [login-with-sso]
featured: true
popular: true
tags: [saml, saml2.0, single sign-on, sso, oidc, openid, openid connect, idp, identity provider]
order: 01
redirect_from:
- /article/getting-started-with-sso/
---
## What is Login with SSO?

6
_articles/features/about-business-portal.md → _articles/organizations/about-business-portal.md
View File

@@ -1,15 +1,15 @@
---
layout: article
title: About the Business Portal
categories: [login-with-sso]
categories: [organizations]
featured: false
popular: false
tags: [organizations, business portal, sso, policies]
order: 02
order: 12
---
## What is the Business Portal?
The Bitwarden Business Portal is a dedicated space for administrators to configure security controls for their organization. Users with the type **Admin** (and higher) can access the Business Portal by selecting the **Business Portal** button from their Organization screen.
The Bitwarden Business Portal is a dedicated space for administrators to configure security controls for their organization. Users with the User Type **Admin** or higher can access the Business Portal by selecting the **Business Portal** button from their Organization screen.
{% image /organizations/business-portal-button-overlay.png Business Portal button %}

45
_articles/organizations/about-collections.md Normal file
View File

@@ -0,0 +1,45 @@
---
layout: article
title: About Collections
categories: [organizations]
featured: true
popular: false
tags: [collections, access control, best practices]
order: 02
redirect_from:
- /article/collections/
---
## What are Collections?
Collections are structures used by Organizations to gather together Logins, Notes, Cards, and Identities for sharing, similar to the Folders you might use in your Personal Vault. Organizations control access to shared items by assigning users to Collections. Unlike Folders, items in the Organization Vault *must* be placed in one or more Collections.
Users with the User Type **Manager** or higher can create Collections, manage items in each Collection, and manage the users with access to each Collection. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
Create a Collection by navigating to your Organization, opening the **Manage** tab, and selecting the **New Collection** button. For help creating a Collection, see [Create a Collection](https://bitwarden.com/help/article/create-collections/).
{% image organizations/collection-list-overlay.png Select New Collection %}
## Collections Best Practices
Collections are designed to associate related Logins, Notes, Cards, and Identities. You can organize your Collections however best fits your needs, but some common methodologies include:
- Collections by Department (*i.e. users from your Marketing Team are assigned to a **Marketing** Collection*)
- Collections by Function (*i.e. users from your Marketing Team are assigned to a **Social Media** Collection*)
{% image /organizations/collections-graphic-1.png Using Collections %}
For Teams and Enterprise Organizations, using **Groups** alongside Collections provides a deeper level of access control and scalability to sharing resources. When you create a Group, you can gather users from common departments and assign access to Collections at the Group-level instead of the individual-level. For more information, see [About Groups](https://bitwarden.com/help/article/about-groups/).
A common Collection-Group methodology is to create **Groups by Department** and **Collections by Function**, for example:
{% image /organizations/collections-graphic-2.png Using Collections with Groups%}
Other common methodologies include:
- Collections by Vendor or System (*i.e. users in an **Engineering** Group are assigned to a **AWS Credentials** Collection*)
- Groups by Locality (*i.e. users are assigned to a **US Employees** Group or **UK Employees** Group*)
### Next Steps
To get started using Collections, we recommend that you:
- [Create a Collection](https://bitwarden.com/help/article/create-collections)
- [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/)

46
_articles/organizations/about-groups.md Normal file
View File

@@ -0,0 +1,46 @@
---
layout: article
title: About Groups
categories: [organizations]
featured: true
popular: false
tags: [groups, access control]
order: 03
redirect_from:
- /article/groups/
---
## What are Groups?
Groups are structures used by Organizations to together individual users, and provide a scalable way to assign access (including assigning Collections) by configuring Access Controls at the Group-level instead of at the individual-level.
{% note %}
Groups are currently available to Teams Organizations and Enterprise Organizations.
{% endnote %}
When onboarding new users, add them to a Group to have them automatically inherit that Group's Access Controls configuration.
Users with the User Type **Admin** or higher can create Groups, assign users to each Group, and construct Group-Collection associations. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
Create a Group by navigating to your Organization, opening the **Manage** tab, and selecting the **New Group** button. For help creating a Group, see [Create a Group](https://bitwarden.com/help/article/create-groups/).
{% image /organizations/groups-newgroup.png Select New Group %}
## Groups Best Practices
For Teams and Enterprise Organizations, using **Groups** alongside Collections provides a deeper level of access control and scalability to sharing resources. When you create a Group, you can gather users from common departments and assign access to Collections at the Group-level instead of the individual-level.
A common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:
{% image /organizations/collections-graphic-2.png Using Groups %}
Other common methodologies include:
- Collections by Vendor or System (*i.e. users in an **Engineering** Group are assigned to a **AWS Credentials** Collection*)
- Groups by Locality (*i.e. users are assigned to a **US Employees** Group or **UK Employees** Group*)
### Next Steps
To get started using Groups, we recommend that you:
- [Create a Group](https://bitwarden.com/help/article/create-groups/)
- [Learn about User Types and Access Controls](https://bitwarden.com/help/article/user-types-access-control/)

65
_articles/organizations/about-organizations.md Normal file
View File

@@ -0,0 +1,65 @@
---
layout: article
title: About Organizations
categories: [organizations]
featured: true
popular: true
tags: [organizations]
order: 01
redirect_from:
- /article/what-is-an-organization/
---
## What are Organizations?
Organizations relate Bitwarden users together for secure sharing of Logins, Notes, Cards, and Identities. Creating an Organization opens an Organization Vault that exists alongside your Personal Vault. To share items in your Organization Vault, you can invite users to join your Organization.
Organization Vaults are organized into Collections, much like how Personal Vaults can be organized into Folders. Unlike your Personal Vault, items in the Organization Vault *must* be placed in a Collection and will be accessible by *anyone* who is allowed access to that Collection.
You can create an Organization by selecting the **New Organization** button. For help creating your Organization, see [Create an Organization](https://bitwarden.com/help/article/create-an-organization/).
{%image /organizations/new-org-button-overlay.png Select New Organization %}
Once you've created your Organization, invite users to start sharing. Invited users can open the Organization Vault at any time from the top-right **Organizations** card, or quickly access their assigned Collections from the left **Filters** card. For help inviting users to your Organization, see [Add or Remove Users](https://bitwarden.com/help/article/managing-users/).
{% image /organizations/org-use-overlay.png Access shared items %}
### In This Article
- [Types of Organizations](#types-of-organizations)
- [Free Organizations](#free-organizations)
- [Families Organizations](#families-organizations)
- [Teams Organizations](#teams-organizations)
- [Enterprise Organizations](#enterprise-organizations)
- [Organizations vs. Premium](#organizations-vs-premium)
## Types of Organizations
There are a few different types of Organizations available. When you create your Organization, you will be prompted to select one of the following options:
### Free Organizations
Free Organizations allow two users to securely share in up to two Collections. For more information about what features are included in a Free Organization, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#free-organizations).
### Families Organizations
Families Organizations allow 6 users to securely share in unlimited Collections. For more information about what features are included in a Families Organization, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#families-organizations).
### Teams Organizations
Teams Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited Collections and offer a suite of operational tools like Event Logs. For more information about what features are included in a Teams Organization, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#teams-organizations).
### Enterprise Organizations
Enterprise Organizations allow unlimited users (*billed Per User Per Month*) to securely share in unlimited Collections and add enterprise-only features like Login with SSO to Bitwarden's suite of operational tools. For more information about what features are included in an Enterprise Organization, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#enterprise-organizations).
## Organizations vs. Premium
**Organizations unlock access to secure sharing** between users who are members of that Organization.
Premium Individual plans unlock premium password security and management features, including advanced 2FA options, the Bitwarden Authenticator (TOTP), encrypted file storage, and more. **Premium Individual does not include secure data sharing.**
**Paid Organizations** (Families, Teams, or Enterprise) automatically include premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), etc.) for every user enrolled in the Organization.
### Next Steps
To get started with a new Organization, we recommend that you:
- [Create an Organization](https://bitwarden.com/help/article/create-an-organization/)
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users/)
- [Learn About Collections](https://bitwarden.com/help/article/about-collections/)

40
_articles/organizations/collections.md
View File

@@ -1,40 +0,0 @@
---
layout: article
title: Controlling vault access with collections
categories: [organizations]
featured: true
popular: false
tags: [collections, sub-collections, access control]
---
Collections allow you to group related items that are being shared from your organization's vault. A simple personal organization for a family may only want to have one or two collections (ex. Parents and Kids), while a larger organization like a company may have many collections (ex. Servers, Social Media Accounts, Executives, etc).
{% image organizations/collection-listing.png %}
When you add a new user to your organization, you can associate that user to one or more collections within your organization. Once the user has access to your organization, any items that are placed into that user's associated collections will be available in their vault.
When associating a user to a particular collection, you can select options for users and groups that will access the items within the collection.
**Read Only:** Selecting this option will ensure that the user cannot add, edit, or delete any items within that particular collection (they can just view and use them). You can also associate [user groups]({% link _articles/organizations/groups.md %}) to collections in the same way.
**Hide Passwords:** This option will hide all passwords, hidden fields, and TOTP seeds within the collection, from users who are assigned to it. This will also prevent copy and paste actions as well. Credentials in this collection will have to leverage autofill functions for input.
{% note %}
Collections are different than [folders]({% link _articles/features/folders.md %}). Collections are a way to organize items and control user access within an organizations vault while folders are a way for individual users to organize items within their own personal vault. An individual user may wish to further organize the items being shared with them in their own vault into a personalized folder structure that makes sense just for them.
{% endnote %}
## Nested collections (sub-collections)
Nested collections work by using a naming convention with the forward slash character (`/`) as a delimiter. For example, if I have collections with the names "Servers" and "Servers/Production", "Production" will be nested as a sub-collection underneath the "Servers" collection.
{% note %}
Creating sub-collections is only for display purposes. Collection access and permissions are not inherited by their "child" sub-collections.
{% endnote %}
There is no limit on the depth that you can go with nested collections, though the application interface may begin to "break" if you go too deep.
If a collection's name contains the forward slash delimiter, yet no "parent" collection exists (or the user does not have access to the parent collection), its name will be displayed in its entirety.
{% note %}
Nested-collections work similarly to nested folders. You can refer to the [Folders article]({% link _articles/features/folders.md %}) for more information on creating nested structures in your vault.
{% endnote %}

59
_articles/organizations/create-an-organization.md Normal file
View File

@@ -0,0 +1,59 @@
---
layout: article
title: Create an Organization
categories: [organizations]
featured: false
popular: false
hidden: false
tags: [organizations, how to]
order: 04
---
This article will guide you through the process of creating an Organization. For more information about Organizations, see [About Organizations](https://bitwarden.com/help/article/about-organizations).
### Before You Begin
If you're a new user of Bitwarden, you'll need to create an account before you can create your Organization. Create your account for free [**here**](https://vault.bitwarden.com/#/register){:target="\_blank"} or refer to [Create Your Bitwarden Account](https://bitwarden.com/help/article/create-bitwarden-account/) for help.
When you create an Organization, you will be assigned the User Type **Owner**. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
## Create an Organization
Complete the following steps to create an Organization:
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
2. Select the **New Organization** button.
{%image /organizations/new-org-button-overlay.png Select New Organization %}
3. On the New Organization screen, enter an **Organization Name** for your new Organization and the **Billing Email** we can reach you at.
{% note %}Paid Organizations (Families, Teams, or Enterprise) have a 7 Day Free Trial built in. We won't charge you until your trial is over. You can cancel your subscription at any time in the **Settings** tab of your Organization.
{% endnote %}
4. If you're creating an Organization on behalf of a business:
- Check the **This account is owned by a business** checkbox.
- Provide your **Business Name**.
Checking the **This account is owned by a business** checkbox will automatically filter your plan options to those suited to businesses. If you represent a business interested in testing secure sharing using a Free Organization, leave this option unchecked.
5. In the **Choose Your Plan** section, select which type of Organization to create. Options include:
- **Free:** For testing or personal use, to share with 1 other user. [**Learn more.**](https://bitwarden.com/help/article/about-bitwarden-plans/#free-organizations)
- **Families:** For personal use, to share between 6 friends or family members. [**Learn more.**](https://bitwarden.com/help/article/about-bitwarden-plans/#families-organizations)
- **Teams:** For businesses and other team organizations. [**Learn more.**](https://bitwarden.com/help/article/about-bitwarden-plans/#teams-organizations)
- **Enterprise:** For businesses and other large organizations. [**Learn more.**](https://bitwarden.com/help/article/about-bitwarden-plans/#enterprise-organizations)
{% note %}Paid Organizations (Families, Teams, or Enterprise) include premium features for all enrolled users. For more information about premium features, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#compare-the-plans).
{% endnote %}
6. If you selected a Paid Organization, enter the following information:
- For **Teams** or **Enterprise**, enter the number of **User Seats** you need. You can add additional seats later if required.
- For **Families**, **Teams**, or **Enterprise**, enter the amount of **Additional Storage (GB)** you need. You plan comes with 1 GB of shared encrypted file storage, and you can add additional storage later if needed.
- For **Teams** or **Enterprise**, select whether you'd like to be billed **Annually** or **Monthly**. Families Organizations may only be billed annually.
- For any Paid Organization, enter your **Payment Information**
7. Click **Submit** to start using your new Organization.
### Next Steps
Now that you've created your Organization, we recommend that you:
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users)
- [Create a Collection](https://bitwarden.com/help/article/create-collections/)
- [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/)
- [Import Items to an Organization](https://bitwarden.com/help/article/import-to-org/)

54
_articles/organizations/create-collections.md Normal file
View File

@@ -0,0 +1,54 @@
---
layout: article
title: Create a Collection
categories: [organizations]
featured: true
popular: false
tags: [collections, how to]
order: 05
redirect_from:
- /article/how-to-manage-collections/
---
This article will guide you through the process of creating a Collection. For more information about Collections, see [About Collections](https://bitwarden.com/help/article/about-collections/).
### In This Article
- [Create a Collection](#create-a-collection)
- [Create Nested Collections](#create-nested-collections)
## Create A Collection
Complete the following steps to create a collection:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **Collections** from the left menu.
3. On the **Collections** screen, select the **New Collection** button.
{% image organizations/collection-list-overlay.png Select New Collection %}
4. On the **Add Collection** screen:
- Enter a **Name** for your Collection.
- Enter an **External Id** for your Collection. External ids are used to link resources to external systems, like user directories.
- (*Teams and Enterprise Organizations*) Set the **Group Access** configuration for your Collection, including which Groups should be allowed to access this Collection. For more information, see [About Groups](https://bitwarden.com/help/article/about-groups/).
5. Select **Save** to finish creating your Collection.
## Create Nested Collections
Collections be "nested" in order to logically organize them within your Vault. There's no limit to the depth with which you can nest Collections, but creating too many levels may interfere with your Vault's interface.
{% note %}
Nested Collections are designed for in-Vault display purposes only. Nested Collections will not not inherit access or permissions from their "parent" Collection.
{% endnote %}
{% image organizations/collection-nested.png Nested Collection %}
To create a nested Collection, give your new Collection a **Name** that includes the "parent" Collection followed by a forward slash (`/`) delimiter, for example `Collection 1/Collection 1a`.
If there is no Collection with the corresponding "parent" name or if you don't have access to the "parent", the Collection won't nest and instead it's title will be displayed in-full.
{% image organizations/collection-nested-create.png Create a nested Collection %}
### Next Steps
Now that you've created a Collection, we recommend that you:
- [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/)
- [Import Items to an Organization](https://bitwarden.com/help/article/import-to-org/)

72
_articles/organizations/create-groups.md Normal file
View File

@@ -0,0 +1,72 @@
---
layout: article
title: Create a Group
categories: [organizations]
featured: true
popular: false
tags: [groups, how to]
order: 06
---
This article will guide you through the process of setting up your first Group. For more information about Groups, see [About Groups](https://bitwarden.com/help/article/about-groups/).
{% note %}
Groups are currently available to Teams Organizations and Enterprise Organizations.
{% endnote %}
### In This Article
- [Create a Group](#create-a-group)
- [Assign Users to a Group](#assign-users-to-a-group)
- [View Users in a Group](#view-users-in-a-group)
- [Associate Groups to Collections](#associate-groups-to-collections)
## Create a Group
Complete the following steps to create a Group:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **Groups** from the left menu.
3. On the **Groups** screen, select the **New Group** button.
{% image /organizations/groups-newgroup.png %}
4. On the **Add Group** screen:
- Enter a **Name** for your Group.
- Enter an **External Id** for your Group. External ids are used to link resources to external systems, like user directories.
- Set the **Access Control** configuration for your Group, including which Collections this Group should have access to. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
Users who are added to this Group will automatically receive access according to this configuration.
5. Select **Save** to finish creating your Group.
## Assign Users to a Group
Complete the following steps to assign users to a Group:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **People** from the left menu.
3. Hover over the user you'd like to add to a Group and select the gear dropdown.
{% image /organizations/org-people-options-updated-overlay.png %}
4. From the dropdown, select **Groups**.
5. In the **Groups Access** panel, select the Group(s) to add this user to and **Save** your selection.
Users that are assigned to multiple Groups will be able to access items from the union of associated Collections.
### View Users in a Group
You can view which users belong to a specific Group at any time by completing the following steps:
1. In your Organization's **Manage** tab, select **Groups** from the left menu.
2. Hover over the Group you want to list users for and select the gear dropdown.
3. From the dropdown menu, select **Users**.
## Associate Groups to Collections
You can select which Collections a Group should have access to when you [Create Groups](#create-a-group), or by doing one of the following:
- Opening the Group from the **Manage** tab of your Organization, and configuring the Access Control section.
- Opening the Collection from the **Manage** tab of your Organization, and configuring the Group Access section.
### Next Steps
Now that you've created a Group, we recommend that you:
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users/)

187
_articles/organizations/event-logs.md
View File

@@ -1,39 +1,96 @@
---
layout: article
title: Organization event logs
title: Event Logs
categories: [organizations]
featured: true
popular: false
tags: [organizations events event logs audit access control]
order: 13
---
## Table of Contents
## What are Event Logs?
- [What are event logs?](#what-are-event-logs-)
- [Where can I access event logs?](#where-can-i-access-event-logs-)
- [What information is contained in event logs?](#what-information-is-contained-in-event-logs-)
* [User events](#user-events)
* [Item events](#item-events)
* [Collection events](#collection-events)
* [Group events](#group-events)
* [Organization events](#organization-events)
- [GitHub Link](#github-link)
Event Logs are timestamped records of everything that occurs within your Organization. Event Logs are accessible to users with the type **Admin** or **Owner** from the **Manage** tab of your Organization.
## What are event logs?
{% image /organizations/event-logs-updated.png %}
Event logs are notes that contain time-stamped, detailed information about what occurs within an organization. These logs are often used to research changes in credentials or configuration, and are also helpful with troubleshooting.
Events Logs are also accessible using Bitwarden's API for Organization Management. For more information, see [RESTful API for Organization Management](https://bitwarden.com/help/article/public-api/).
## Where can I access event logs?
### In This Article
Inside the Web Vault navigate to your Organization &#8594; Manage &#8594; Event logs.
- [Events List](#events-list)
- [API Responses](#API-responses)
- [SIEM and External Systems Integrations](#siem-and-external-systems-integrations)
You can search for up to 30 days of log events that scroll continuously.
## Events List
{% image organizations/event-logs.png Web Vault Management %}
Event Logs record roughly 40 different types of events. In the Web Vault, the action catalogued by each event is described in plain text under the **Event** column.
To gather more data, plans with API access can use the [Bitwarden API](https://bitwarden.com/help/api/). API responses will contain the type of event (enums referenced below) and relevant data.
Each type of event is associated with `type` code (`1000`, `1001`, etc.) that identifies the action captured by the event. Event `type` codes are important to understand when accessing Event Logs via API. For more information, see [RESTful API for Organization Management](https://bitwarden.com/help/article/public-api/).
All Event types are documented below, with their corresponding `type` codes:
{% comment %}
Sources:
https://github.com/bitwarden/server/blob/master/src/Core/Enums/EventType.cs
https://github.com/bitwarden/web/blob/master/src/app/services/event.service.ts
https://github.com/bitwarden/web/blob/master/src/locales/en/messages.json
{% endcomment %}
### User Events
- Logged In. (`1000`)
- Changed account password. (`1001`)
- Enabled/updated two-step login. (`1002`)
- Disabled two-step login. (`1003`)
- Recovered account from two-step login. (`1004`)
- Login attempted failed with incorrect password. (`1005`)
- Login attempt failed with incorrect two-step login. (`1006`)
- Exported Vault. (`1007`)
### Item Events
- Created item *item-identifier*. (`1100`)
- Edited item *item-identifier*. (`1101`)
- Permanently Deleted item *item-identifier*. (`1102`)
- Created attachment for item *item-identifier*. (`1103`)
- Deleted attachment for item *item-identifier*. (`1104`)
- Shared item *item-identifier*. (`1105`)
- Edited collections for item *item-identifier* (`1106`)
- Viewed item *item-identifier*. (`1107`)
- Viewed password for item *item-identifier*. (`1108`)
- Viewed hidden field for item *item-identifier*. (`1109`)
- Viewed security code for item *item-identifier*. (`1110`)
- Copied password for item *item-identifier*. (`1111`)
- Copied hidden field for item *item-identifier*. (`1112`)
- Copied security code for item *item-identifier*. (`1113`)
- Auto-filled item *item-identifier*. (`1114`)
- Sent item *item-identifier* to trash. (`1115`)
- Restored item *item-identifier*. (`1116`)
### Collection Events
- Created collection *collection-identifier*. (`1300`)
- Edited collection *collection-identifier*. (`1301`)
- Deleted collection *collection-identifier*. (`1302`)
### Group Events
- Created group *group-identifier*. (`1400`)
- Edited group *group-identifier*. (`1401`)
- Deleted group *group-identifier*. (`1402`)
### Organization Events
- Invited user *user-identifier*. (`1500`)
- Confirmed user *user-identifier*. (`1501`)
- Edited user *user-identifier*. (`1502`)
- Removed user *user-identifier*. (`1503`)
- Edited groups for user *user-identifier*. (`1504`)
- Unlinked SSO. (`1505`)
- Edited organization settings. (`1600`)
- Purged organization vault. (`1601`)
- Updated a Policy. (`1700`)
## API Responses
Accessing Event Logs via API will return a response like the following. For more information, see [RESTful API for Organization Management](https://bitwarden.com/help/article/public-api/).
Example:
```
{
"object": "list",
@@ -41,91 +98,28 @@ Example:
{
"object": "event",
"type": 1000,
"itemId": "3767a302-8208-4dc6-b842-030428a1cfad",
"collectionId": "bce212a4-25f3-4888-8a0a-4c5736d851e0",
"groupId": "f29a2515-91d2-4452-b49b-5e8040e6b0f4",
"policyId": "f29a2515-91d2-4452-b49b-5e8040e6b0f4",
"memberId": "e68b8629-85eb-4929-92c0-b84464976ba4",
"actingUserId": "a2549f79-a71f-4eb9-9234-eb7247333f94",
"date": "2020-07-06T17:25:50.932Z",
"itemId": "string",
"collectionId": "string",
"groupId": "string",
"policyId": "string",
"memberId": "string",
"actingUserId": "string",
"date": "2020-11-04T15:01:21.698Z",
"device": 0,
"ipAddress": "172.16.254.1"
"ipAddress": "xxx.xx.xxx.x"
}
],
"continuationToken": "string"
}
```
## What information is contained in event logs?
Log data contains different events based on the action and level of action taken. Below are the items currently captured in the Event logs.
### User events
User_LoggedIn = 1000
User_ChangedPassword = 1001
User_Updated2fa = 1002
User_Disabled2fa = 1003
User_Recovered2fa = 1004
User_FailedLogIn = 1005
User_FailedLogIn2fa = 1006
User_ClientExportedVault = 1007
### Item events
Cipher_Created = 1100
Cipher_Updated = 1101
Cipher_Deleted = 1102
Cipher_AttachmentCreated = 1103
Cipher_AttachmentDeleted = 1104
Cipher_Shared = 1105
Cipher_UpdatedCollections = 1106
Cipher_ClientViewed = 1107
Cipher_ClientToggledPasswordVisible = 1108
Cipher_ClientToggledHiddenFieldVisible = 1109
Cipher_ClientToggledCardCodeVisible = 1110
Cipher_ClientCopiedPassword = 1111
Cipher_ClientCopiedHiddenField = 1112
Cipher_ClientCopiedCardCode = 1113
Cipher_ClientAutofilled = 1114
Cipher_SoftDeleted = 1115
Cipher_Restored = 1116
### Collection events
Collection_Created = 1300
Collection_Updated = 1301
Collection_Deleted = 1302
### Group events
Group_Created = 1400
Group_Updated = 1401
Group_Deleted = 1402
### Organization events
OrganizationUser_Invited = 1500
OrganizationUser_Confirmed = 1501
OrganizationUser_Updated = 1502
OrganizationUser_Removed = 1503
OrganizationUser_UpdatedGroups = 1504
Organization_Updated = 1600
Organization_PurgedVault = 1601
Policy_Updated = 1700
### GitHub Link
To see the most current enumerations and data model for event logs, please see the below project file
- [https://github.com/bitwarden/server/blob/master/src/Core/Enums/EventType.cs](https://github.com/bitwarden/server/blob/master/src/Core/Enums/EventType.cs)
## SIEM and external system integrations
## SIEM and External Systems Integrations
When exporting data from Bitwarden into other systems, a combination of data from the API and CLI may be used to gather data.
For example, Bitwarden RESTful APIs gather data around the structure of the organization.
For example, using Bitwarden RESTful APIs gather data around the structure of the organization:
- GET /public/members returns the Members,Ids, and assigned groupIds
- GET /public/members returns the Members, Ids, and assigned groupIds
- GET /public/groups returns all the Groups, Ids, assigned Collections, and their permissions
- GET /public/collections returns all Collections, and their assigned Groups
@@ -136,9 +130,4 @@ Once you have the unique ID for each member, group, and collection, you can now
- Collections
- Groups
After gathering this data, you can join rows on their unique Ids to build a reference to all parts of your Bitwarden Organization.
### Documentation
- API documentation is available [here.](https://bitwarden.com/help/api/)
- CLI documentation is available [here.](https://bitwarden.com/help/article/cli/)
After gathering this data, you can join rows on their unique Ids to build a reference to all parts of your Bitwarden Organization. For more information on using the Bitwarden CLI, see [The Bitwarden command-line tool (CLI)](https://bitwarden.com/help/article/cli/).

32
_articles/organizations/groups.md
View File

@@ -1,32 +0,0 @@
---
layout: article
title: User groups
categories: [organizations]
featured: true
popular: false
tags: [groups, access control]
---
In addition to [collections]({% link _articles/organizations/collections.md %}), groups are a way for organizations to further control user access. They are particularly useful to larger organizations where user access can be difficult to manage.
{% note %}
User groups are only available to enterprise organizations.
{% endnote %}
## User Assignment
After creating a user, you can assign that user to one or more groups. From the users listing (People) page, Select the **Groups** option for a particular user to make your group selections.
You can also view which users belong to a specific group by navigating to the groups listing page and selecting the **Users** option for a specific group. Users can be removed from the group from this page as well, however, adding a new user to a group must be done from the individual user.
{% image organizations/user-groups.png %}
## Collection Assignment
Access control for a group is done by assigning collections to a group (or vice versa). You can assign which collections a group can access by editing the group from the group listing page.
{% image organizations/group-edit.png %}
Alternatively, you can edit a collection from the collections listing page to choose which groups can access it.
Organization users will only be able to access items that belong to the groups (and therefore collections) that they are members of. If a user belongs to multiple groups, that user will be able to access items from the _union_ of all collections for their groups plus any individual collections that they have been assigned to.

5
_articles/organizations/how-to-manage-collections.md
View File

@@ -1,10 +1,11 @@
---
layout: article
title: How to Effectively Manage Bitwarden Collections
categories: [organizations]
title: Collections & Groups Best Practices
categories: []
featured: true
popular: false
tags: [collections, groups, access control]
order:
---
As your organizations use of Bitwarden grows, it helps to have users who can manage collections independently, without requiring access to everything within the organizational vault.

45
_articles/organizations/import-to-org.md Normal file
View File

@@ -0,0 +1,45 @@
---
layout: article
title: Import Items to an Organization
categories: [organizations]
featured: true
popular: false
tags: [organizations, import]
order: 08
---
Importing data directly into a Bitwarden Organization is a simple procedure:
1. Open your Organization and navigate to the **Tools** tab.
2. From the left menu, select the **Import Data** option.
3. From the first dropdown, **select the format of the import file**.
Any option that you select will populate instructions for how to obtain the file for import. This article will focus on importing generic `.CSV` files. For information on other file formats, see:
- [Import your data from 1Password](https://bitwarden.com/help/article/import-from-1password/)
- [Import your data from Firefox](https://bitwarden.com/help/article/import-from-firefox/)
- [Import your data from Google Chrome](https://bitwarden.com/help/article/import-from-chrome/)
- [Import your data from Lastpass](https://bitwarden.com/help/article/import-from-lastpass/)
When importing a generic `.CSV`, create a UTF-8 encoded plaintext file with the following header to set the format:
```
collections,type,name,notes,fields,login_uri,login_username,login_password,login_totp
```
For example,
```
collections,type,name,notes,fields,login_uri,login_username,login_password,login_totp
"Social,Marketing",login,Twitter,,,twitter.com,me@example.com,password123,
"Finance",login,My Bank,Bank PIN is 1234,"PIN: 1234",https://www.wellsfargo.com/home.jhtml,john.smith,password123456,
,login,EVGA,,,https://www.evga.com/support/login.asp,hello@bitwarden.com,fakepassword,TOTPSEED123
,note,My Note,"This is a secure note.",,,,,
```
4. Select the **Browse...** button and select the file for import from your file navigator, or paste the contents of the file for import into the provided text input field.
5. Select the **Import Data** button.
## Troubleshooting
If you get the following error:
`Ciphers[X].Login: The field **yyyy** exceeds the maximum encrypted value of **zzzz** characters.`
An item in your `.CSV` exceeds the size limit allowed for items stored in the Bitwarden Vault. Remove the offending item from your file for import, or reduce its size. You can open the `.CSV` in a text editor or spreadsheet program for easy editing, and locate the offending item at `index[X]` as referenced in the error message.

74
_articles/organizations/managing-users.md
View File

@@ -1,38 +1,76 @@
---
layout: article
title: Managing users for your organization
title: Add or Remove Users
categories: [organizations]
featured: true
popular: false
tags: []
order: 09
---
This article will guide you through the process of inviting or removing users from your Organization.
## Onboarding Users
Adding new users to your organization involves a three step process: invite, accept, and confirm.
To **invite** a user to your organization simply enter their email address, select what type of user they are (normal user, admin, or owner) and select the collection(s) that they should have access to (you can change this later by editing the user). You can also designate a user as having access to all items for the organization and collection assignment will not be necessary.
Teams and Enterprise Organizations can sync Bitwarden to an existing user directory to automatically add or remove new users using the **Bitwarden Directory Connector**. For more information, see [Syncing users and groups with a directory](https://bitwarden.com/help/article/directory-sync/).
{% note %}
Enterprise organizations can sync their existing user directory with their Bitwarden organization to automatically invite new users into Bitwarden.
**Free** Organizations and **Families** Organizations have a maximum number of users; 2 and 6 respectively.
**Teams** Organizations and **Enterprise** Organizations must ensure that there are available users seats for their account before inviting users. For more information, see [Add or Remove User Seats for your Organization](https://bitwarden.com/help/article/user-seats/).
{% endnote %}
{% image organizations/invite-modal.png %}
### In This Article
- [Invite Users](#add-users)
- [Invited Users](#invited-users)
- [Confirm Invited Users](#confirm-invited-users)
- [Remove Users](#remove-users)
Once you invite a user they will receive an email where they will need to click a link to **accept** the invitation. After clicking the accept link the user will be prompted to create a new Bitwarden account or log into the an existing account registered at that email address.
## Invite Users
{% image organizations/user-accept.png %}
{% warning %}
**For Enterprise Organizations**, Bitwarden recommends configuring Enterprise Policies prior to inviting users to ensure compliance on-entrance to your Organization. For more information, see [Enterprise Policies](https://bitwarden.com/help/article/policies/).
{% endwarning %}
After the user has successfully accepted the organization invite, an organization admin will then need to **confirm** the user from the same area in the web vault that you invited the user from (Organization Admin &rarr; People). Only after the user is confirmed will they then have access to that organization and the items being shared with them.
Complete the following steps to invite users to your Organization:
{% image organizations/org-people-options.png %}
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **People** from the left menu.
3. On the **People** screen, select the **Invite User** button.
## Removing Users
{% image /organizations/org-people-invite.png Select Invite User %}
4. On the **Invite User** panel:
- Enter the **Email** address where new users should receive invites. You can add up to 20 users at a time by comma-separating email addresses.
- Select the **User Type** to be applied to new users. User Type will determine what permissions these users will have at an Organizational level. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
- Select the **Access Control** to be applied to new users. Access Control will determine which Collections these users will have access to, and what level of access within those Collections. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
5. Click **Save** to invite the designated users to your Organization.
{% note %}
Enterprise organizations can sync their existing user directory with their Bitwarden organization to automatically remove users when they are disabled or deleted from the directory.
{% endnote %}
Once users have accepted the invitation, you will need to [Confirm Invited Users](#confirm-invited-users).
To remove a user from your organization, select the **Remove** option from the options menu for that user. Once a user is removed from your organization, they will no longer have access to any shared logins.
### Invited Users
{% image organizations/org-people-options.png %}
Invited users will receive an email from Bitwarden asking them to join the Organization. Clicking the **Join Organization Now** button in the email invitation will open a screen prompting users to **Log In** or **Create Account**.
{% image organizations/user-accept-updated.png %}
### Confirm Invited Users
Once a user has accepted the invitation to join the Organization, you'll need to **Confirm** their acceptance.
On the **People** screen for your Organization, users who have accepted invitations will have an `Accepted` status indicator next to their email address. Users who are invited but have not yet accepted will have an `Invited` status indicator next to their email address.
Confirm an `Accepted` user by hovering over the user, selecting the gear dropdown, and selecting **Confirm** from the dropdown menu.
{% image organizations/org-people-options-overlay.png Confirm an Accepted user %}
Selecting **Confirm** will open a panel asking you to verify the user's fingerprint phrase. For added security, ask the user to verify the fingerprint phrase before confirming them into your Organization. Once confirmed, the user will have access to all assigned Collections within the Organization.
## Remove A User
Complete the following steps to remove a user from your Organization:
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Manage** tab and select **People** from the left menu.
3. On the **People** screen, hover over the user you want to remove and select the gear dropdown.
4. From the gear dropdown, select the **Remove** option.
{% image organizations/org-people-options-updated-overlay.png Remove a user %}
Once a user is removed they can no longer access any shared items or Collections.

24
_articles/organizations/organization-videos.md
View File

@@ -1,17 +1,18 @@
---
layout: article
title: Videos - Getting Started with your Bitwarden Organization
title: Bitwarden 101 Video Series - Organizations
categories: [organizations]
featured: true
popular: false
tags: [organizations,videos,tutorial]
tags: [organizations, videos, bitwarden 101]
order: 16
---
Videos on getting started with your Bitwarden Account and Organization:
## Bitwarden 101 - Organizations
Jump to a specific video:
- [How to create an account and login](#how-to-create-an-account-and-login)
- [Vault Management](#vault-management)
Videos in this article are intended to walk you through the key aspects of using a Bitwarden Organization:
### Jump to Videos:
- [How to manage organizations](#how-to-manage-organizations)
- [How to manage collections](#how-to-manage-collections)
- [How to organize groups](#how-to-organize-groups)
@@ -19,13 +20,6 @@ Jump to a specific video:
- [Account Management](#account-management)
- [How to setup the browser extension](#how-to-setup-the-browser-extension)
### How to create an account and login
<iframe width="800" height="450" src="https://www.youtube.com/embed/W6Miu-TJI1c" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
### Vault Management
<iframe width="800" height="450" src="https://www.youtube.com/embed/xY9mRvOKTCs" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
### How to manage organizations
<iframe width="800" height="450" src="https://www.youtube.com/embed/2qJYi_xDTIE" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
@@ -44,7 +38,3 @@ Jump to a specific video:
### Account Management
<iframe width="800" height="450" src="https://www.youtube.com/embed/eZZOSkr9PV0" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
### How to setup the browser extension
<iframe width="800" height="450" src="https://www.youtube.com/embed/Epx6bLBsYlI" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

146
_articles/organizations/policies.md
View File

@@ -5,116 +5,80 @@ categories: [organizations]
featured: true
popular: false
hidden: false
tags: [organizations, policies, access control, enterprise]
tags: [organizations, enterprise, policies]
order: 14
---
## Table of contents
- [What are Organizations?](#what-are-organizations)
- [What are Enterprise Policies?](#what-are-enterprise-policies)
- [Available Policies](#available-policies)
* [Two-Step Login](#two-step-login)
+ [Setting the Policy](#setting-the-policy)
* [Password Generator](#password-generator)
+ [Generator Options](#generator-options)
+ [Setting the Policy](#setting-the-policy-1)
* [Master Password](#master-password)
+ [Setting the Policy](#setting-the-policy-2)
## What are Organizations?
A Bitwarden organization is an entity that relates users together that want to share items. An organization could be a family, team, company, or any other type of group that desires to share items in Bitwarden.
An individual user account can create and/or belong to many different organizations, allowing you to manage your items from a single account.
You can create a new Bitwarden organization from the web vault or request that an admin of an existing organization send you an invite.
## What are Enterprise Policies?
Bitwarden client applications have many settings for users to customize their environments. When users are members of an Enterprise Organization such as a company, the Company may want all users to maintain certain settings such as two-factor authentication and password parameters.
Enterprise Polices enable Enterprise Organizations to enforce security rules for all users, for example mandating use of Two-step Login.
Enterprise Policies allow owners or administrators of an organization to set and enforce parameters for all members of their organization.
Enterprise Policies can be set by users with the User Type **Admin** or **Owner**.
{% warning %}
Bitwarden highly recommends setting Enterprise Policies prior to inviting users to your Organization. Some Policies will remove non-compliant users on enabling, and some are not retroactively enforceable.
{% endwarning %}
### In This Article
- [Setting Enterprise Policies](#setting-enterprise-policies)
- [Available Policies](#available-policies)
- [Two-Step Login Policy](#two-step-login)
- [Master Password Policy](#master-password)
- [Password Generator Policy](#password-generator)
## Setting Enterprise Policies
Policies can be set in two locations:
- In your Organization, open the **Manage** tab and select **Policies** from the left menu.
- Navigate to the Business Portal, and select the **Policies** button. For more information, see [About the Business Portal](https://bitwarden.com/help/article/about-business-portal/).
## Available Policies
Bitwarden currently supports the following Organization Policies
- Two-step Login
- Password Generator
- Master Password
### Two-Step Login
{% image policies/policies-enable.png %}
Enabling the **Two-step Login** policy will require users to use any two-step login method to access their Vaults.
{%note%}
For Bitwarden server versions 1.37+ you will use the business portal to configure policies.
{%endnote%}
{% warning %}
**Users in the Organization who do not have two-step login enabled will be removed from the Organization when you enable this policy.**
{% image policies/policies-business-portal.png Enter the business portal to manage policies %}
Users who are removed as a result of this policy will be notified via email, and must be re-invited to the Organization.
- Existing users will not be able to accept the invitation until two-step login is enabled for their Vault.
- New users will be automatically setup with email-based two-step login, but can change this at any time.
{% endwarning %}
{% image policies/policies-menu-business-portal.png Choose Policies to enable and configure enterprise policies %}
### Master Password
## Two-Step Login
Enabling the **Master Password** policy will enforce a configurable set of minimum requirements for users' Master Password strength. Organizations can enforce:
- Minimum Master Password complexity
- Minimum Master Password length
- Types of characters required
When this policy is set, members will need to have two-step login configured on their user account in order to join the organization.
Password complexity is calculated on a scale from 0 (Weak) to 4 (Strong). Bitwarden calculates password complexity using [the zxcvbn library](https://github.com/dropbox/zxcvbn).
{% image policies/policies-two-step.png %}
{% warning %}
Existing non-compliant users **will not** have their Master Passwords changed when this policy is enabled, nor will they be removed from the Organization. The next time this group of users changes their Master Password, this policy will be enforced.
{% endwarning %}
### Setting the Policy
### Password Generator
Ideally, this policy is set before any users are invited to join an organization. The following events will occur when an Organization enabled the two-step policy for the first time:
Enabling the **Password Generator** policy will enforce a configurable set of minimum requirements for any user-generated passwords. Organizations can enforce:
- Password , Passphrase, or User Preference
- The administrator will receive a warning that Organization members, in confirmed status, who dont have two-step for their account will be removed from the organization and will receive an email notifying them about the change.
- If the administrator proceeds to enable the two-step login policy Confirmed members of the organization who do not have two-step login enabled will lose access to the organization.
- Members who lose access to an organization will receive an email informing them of such.
- Once the user enables two-step login on their account they can then be re-join to the organization through a new invite.
- Newly invited members will not be able to accept their invitation to the organization until they enabled two-step login on their user account.
- If a newly invited member currently has a Bitwarden account using the invited email address, they will be notified and must enable two-step login before accepting their invitation.
- If a newly invited member does not have an account, they will default to using email-based two-step login but will be able to change this configuration at any time.
- If a member of the organization later disables two-step login on their account, they will be removed from the organization.
**For Passwords:**
- Minimum Password Length
- Minimum Number (0-9) count
- Minimum Special Character (!@#$%^&*) count
- Types of characters required
## Password Generator
When this policy is set, administrators can choose and permanently set the parameters within the Bitwarden Password Generator.
The Bitwarden Password Generator offers options for password and passphrase generation.
### Generator Options
**Default type**
- User defined
- Password
- Passphrase
**Password options:**
- Length
- Minimum Numbers
- Minimum Special
- Uppercase letters
- Lowercase letters
- Numbers
- Symbols/Special
**Passphrase Options:**
**For Passphrases:**
- Minimum number of words
- Capitalization
- Include Number
- Whether to capitalize
- Whether to include numbers
{% image policies/policies-password-generator.png %}
{% warning %}
Existing non-compliant passwords **will not** be changed when this policy is enabled, nor will the items be removed from the Organization. When changing or generating a password after this policy is enabled, configured policy rules will be enforced.
### Setting the Policy
Ideally, this policy is set before any users are invited to join an organization.
If the policy is set after users have joined the organization, prior generated passwords that may be outside the enforced parameters of the policy will remain in place. Any new passwords using the Password Generator will conform with the policy.
If the user is affected by the policy, we will show a banner on the Bitwarden Password Generator informing them as such.
## Master Password
When this policy is set, organization administrators can choose and permanently set the complexity required for a users Master Password. Password complexity is calculated using the [zxcvbn](https://github.com/dropbox/zxcvbn) library on a scale from 0 to 4, with 4 being the most complex.
{% image policies/policies-master-password.png %}
### Setting the Policy
Ideally, this policy is set before any users are invited to join an organization.
If users have already joined an organization or already have a Bitwarden account, their master password - regardless of complexity - will remain in place unless it is changed, at which point it will need to conform with the policy.
A banner will appear to users on the Password Generator screen indicating that a policy will affect their generator settings.
{% endwarning %}

130
_articles/organizations/public-api.md
View File

@@ -1,58 +1,61 @@
---
layout: article
title: RESTful API for managing your organization
title: Bitwarden Public API
categories: [organizations]
featured: true
popular: false
tags: [api]
tags: [public api, oas, organizations]
order: 15
---
Bitwarden provides a full-featured RESTful API for managing your organization. You can use the API to manage your organization's members, collections, groups, event logs, and more. The API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
The Bitwarden Public API provides Organizations a suite of tools for managing members, collections, groups, event logs, and policies.
The Public API is a RESTful API with predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
The Public API is compatible with the OpenAPI Specification (OAS3) and publishes a compliant [`swagger.json`](https://bitwarden.com/help/api/specs/public/swagger.json) definition file. Explore the OpenAPI Specification using the Swagger UI:
- For Public Cloud-hosted instances: [https://bitwarden.com/help/api/](https://bitwarden.com/help/api/){:target="\_blank"}
- For Self-hosted instances: https://your.domain.com/api/docs/
{% note %}
API access is available for the following plans:
- Classic 2019 Enterprise
- Current Enterprise
- Current Teams
Access to the Bitwarden Public API is available for customers on the following plans, **Classic 2019 Enterprise Organizations**, current **Enterprise Organizations**, and current **Teams Organizations**. For more information, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#compare-the-plans-1).
{% endnote %}
## Table of Contents
### In This Article
- [Endpoints](#endpoints)
- [Content Types](#content-types)
- [Authentication](#authentication)
- [Errors](#errors)
- [Explore the API](#explore-the-api)
- [Content Types](#content-types)
- [Sample Request](#sample-request)
- [Status](#status)
- [Response Codes](#response-codes)
- [Further Reading](#further-reading)
## Endpoints
The following endpoints are used when accessing the API:
### Base URL
**Public Cloud Server API**
For Cloud-hosted, `https://api.bitwarden.com`.
- Authentication: `https://identity.bitwarden.com/connect/token`
- Base URL: `https://api.bitwarden.com`
For Self-hosted, `https://your.domain.com/api`.
**On-premises Server API**
### Authentication Endpoints
- Authentication: `https://your.server.com/identity/connect/token`
- Base URL: `https://your.server.com/api`
For Cloud-hosted, `https://identity.bitwarden.com/connect/token`.
## Content Types
The Bitwarden RESTful API communicates with `application/json` requests and responses. The only exception is the authentication endpoint, which expects a `application/x-www-form-urlencoded` request. The authentication endpoint will respond with `application/json`.
For Self-hosted, `https://your.domain.com/identity/connect/token`.
## Authentication
The Bitwarden RESTful API uses bearer access tokens to authenticate with protected API endpoints. An [OAuth2 client credentials](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/){:target="_blank"} (application) flow is used to obtain a bearer access token from the authentication endpoint. You can obtain your `client_id` and `client_secret` from your organization through the web vault. Navigate to your organization's administrative area, then **Settings** &rarr; **My Organization** &rarr; **API Key**.
The API uses bearer access tokens to authenticate with protected API endpoints. Bitwarden uses an [OAuth2 Client Credentials](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/){:target="_blank"} application request flow to grant bearer access tokens from the endpoint.
{% note %}
Your API Key (specifically the `client_secret`) should be kept private. If you believe that this key has been compromised, you can always invalidate and rotate the key from the organization's administrative area.
{% endnote %}
Authentication requests take `client_id` and `client_secret` as required parameters. `client_id` and `client_secret` can be obtained by an **Owner** from the Web Vault by navigating to the **Settings** tab &rarr; **My Organization** and scrolling down to the **API Key** section.
To obtain a bearer access token, make a `application/x-www-form-urlencoded` `POST` request with your `client_id` and `client_secret` to the authentication endpoint. For access to the organization APIs, you will use the `api.organization` scope.
{% warning %}
Your API key enables full access to your Organization. Keep your API key private. If you believe your API key has been compromised, select the **Rotate API Key** button on this screen. Active uses of your current API key will need to be reconfigured with the new key before use.
{% endwarning %}
Example request:
### Bearer Access Tokens
To obtain a bearer access token, make a `POST` request with `Content-Type: application/x-www-form-urlencoded` with your `client_id` and `client_secret` to the [Authentication Endpoint](#authentication-endpoints). When using the API for Organization Management, you will always use `grant_type=client_credentials` and `scope=api.organization`. For example:
```
curl -X POST \
@@ -61,9 +64,7 @@ curl -X POST \
-d 'grant_type=client_credentials&scope=api.organization&client_id=<ID>&client_secret=<SECRET>'
```
A bearer access token with a expiration value (in seconds, from now) will be returned.
Example response:
This request will result in the following response:
```
{
@@ -73,39 +74,66 @@ Example response:
}
```
You can then use this bearer token in the `Authorization` header to make authorized calls to API endpoints.
In this response, `3600` represents the expiration value (in seconds), meaning this token is valid for 6 minutes after being issued. Making an API call with an expired token will return a `401 Unauthorized` [response code](#response-codes).
Example:
## Content Types
The Bitwarden Public API communicates with `application/json` requests and responses, with one exception:
The [Authentication Endpoint](#authentication-endpoints) expects a `application/x-www-form-urlencoded` request, however will respond with `application/json`.
## Sample Request
```
curl -X GET \
https://api.bitwarden.com/public/collections \
-H 'Authorization: Bearer <TOKEN>'
```
Where `<TOKEN>` is the value for the `access_token:` key in the obtained [bearer access token](#bearer-access-tokens).
You will need to keep track of the token's expiration and renew it whenever it nears expiration or has expired. Calling API endpoints that require authorization without a bearer token or with an expired token will return a `401 Unauthorized` status code.
This request will result in a response:
## Errors
```
{
"object": "list",
"data": [
{
"object": "event",
"type": 1000,
"itemId": "string",
"collectionId": "string",
"groupId": "string",
"policyId": "string",
"memberId": "string",
"actingUserId": "string",
"date": "2020-11-04T15:01:21.698Z",
"device": 0,
"ipAddress": "xxx.xx.xxx.x"
}
],
"continuationToken": "string"
}
```
The Bitwarden RESTful API uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the `2xx` range indicate success. Codes in the `4xx` range indicate an error that failed given the information provided. Codes in the `5xx` range indicate an error with Bitwarden's servers (these are rare).
## Status
- `200` - OK: Everything worked as expected.
- `400` - Bad Request: The request was unacceptable, often due to missing or malformed parameter.
- `401` - Unauthorized: No valid bearer token provided.
- `404` - Not Found: The requested resource doesn't exist.
- `429` - Too Many Requests: Too many requests hit the API too quickly. We recommend an exponential backoff of your requests.
- `500, 502, 503, 504` - Server Errors: Something went wrong on Bitwarden's end. (These are rare.)
Bitwarden has a public [status page](https://status.bitwarden.com), where you can find information about service health and incidents for all services including the Public API.
## Explore the API
## Response Codes
The Bitwarden RESTful API is compatible with the OpenAPI specification and publishes a compliant [`swagger.json`](https://bitwarden.com/help/api/specs/public/swagger.json) definition file.
The Bitwarden Public API uses conventional HTTP response codes to indicate the success or failure of an API request:
You can explore and execute the API endpoints and their definitions using Swagger UI at:
|Status Code|Description|
|-----------|-----------|
|`200 OK`|Everything worked as expected.|
|`400 Bad Request`|The request was unacceptable, possibly due to missing or malformed parameter(s).|
|`401 Unauthorized`|The bearer access token was missing, invalid, or expired.|
|`404 Not Found`|The requested resource doesn't exist.|
|`429 Too Many Requests`|Too many requests hit the API too quickly. We recommend scaling back the number of requests.|
|`500, 502, 503, 504 Server Error`|Something went wrong on Bitwarden's end. These are rare, but [Contact Us](https://bitwarden.com/contact/) if they occur.|
**Public Cloud Server API**
## Further Reading
- [https://bitwarden.com/help/api/](https://bitwarden.com/help/api/){:target="_blank"}
**On-premises Server API**
- https://your.domain.com/api/docs/
For more information about using the Bitwarden Public API, see the following articles:
- [Bitwarden Public API OAS Specification](https://bitwarden.com/help/api/){:target="\_blank"}
- [Event Logs](https://bitwarden.com/help/article/event-logs/)

78
_articles/organizations/share-to-a-collection.md Normal file
View File

@@ -0,0 +1,78 @@
---
layout: article
title: Share Items to a Collection
categories: [organizations]
featured: false
popular: false
hidden: false
tags: [sharing, how to]
order: 07
---
Collections are structures used by Organizations to gather together Logins, Notes, Cards, and Identities for sharing. There are a few different ways you can share an item to a Collection:
### In This Article
- [Share Existing Items From Your Personal Vault](#share-existing-items-from-your-personal-vault)
- [Create a New Shared Item For Your Organization](#create-a-new-shared-item-for-your-organization)
## Share Existing Items From Your Personal Vault
All users can share items to an assigned Collection from their personal Vault, unless given **Read Only** access to that Collection. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
{% image /organizations/share-from-vault-overlay.png %}
Complete the following steps to share an item from your personal Vault:
1. Hover over the item you want to share and select the gear dropdown.
2. From the gear dropdown, select the **Share** option.
3. On the **Share** screen, select the Organization you want to share this item with.
4. Check the checkboxes of each Collection you want to share this item in. You must select *at least* one Collection.
Users cannot share to Collections for which they are given **Read Only** access.
5. Click **Save** to finishing sharing this item.
Shared items will have a **Shared** icon next to the item name:
{% image /organizations/collection-shared-item.png Shared Item icon %}
{% note %}
Sharing an item with an Organization will transfer ownership to the Organization. This means that anyone with permission can alter the item or delete it, thereby removing it from your Vault.
{% endnote %}
## Create a New Shared Item For Your Organization
All users can create shared items for an assigned Collection, unless given **Read Only** access to that Collection. For more information, see [User Types and Access Control](https://bitwarden.com/help/article/user-types-access-control/).
You can create a shared item from either your Personal Vault, or from the Organization view:
### From Your Personal Vault
Complete the following steps to create a shared item from your personal Vault:
1. Select the **Add Item** button.
2. Fill in all relevant fields for the shared item.
3. In the **Ownership** section at the bottom of the panel, select the Organization you want to share this item with.
4. Check the checkboxes of each Collection you want to share this item in. You must select *at least* one Collection.
Users cannot create shared items for Collections for which they are given **Read Only** access.
5. Click **Save** to finishing creating the shared item.
Shared items will have a **Shared** icon next to the item name:
{% image /organizations/collection-shared-item.png Shared Item icon %}
### From the Organization view
Complete the following steps to create a shared item from your Organization view:
1. Open your Organization.
2. Select the **Add Item** button.
3. Fill in all relevant fields for the shared item.
3. In the **Collections** section at the bottom of the panel, check the checkboxes of each collection you want to share this item with. You must select *at least* one Collection.
Users cannot create shared items for Collections for which they are given **Read Only** access.
4. Click **Save** to finish creating the shared item.
Shared items will have a **Shared** icon next to the item name:
{% image /organizations/collection-shared-item.png Shared Item icon %}

29
_articles/organizations/user-seats.md
View File

@@ -1,26 +1,35 @@
---
layout: article
title: User Seat Management for your Organization
title: Add or Remove User Seats
categories: [organizations]
featured: true
popular: false
tags: []
order: 10
---
This article will guide you through the process of adding or removing user seats from your Bitwarden Teams or Enterprise Organization.
### In This Article
- [Add User Seats](#add-user-seats)
- [Remove User Seats](#remove-user-seats)
## Add User Seats
You can add user seats at any time by logging into the **Web Vault** (https://vault.bitwarden.com) and going to **Settings** &rarr; **Organizations** &rarr; {YOUR ORG NAME} &rarr; {% icon fa-cog %} **Settings** sub-tab &rarr; **Subscription**. There you can locate the **User Seats** section and select the **Add Seats** button.
Complete the following steps to add user seats to your Organization:
{% note %}
The cost will be automatically prorated and debited based on the billing cycle.
{% endnote %}
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Settings** tab and select **Subscription** from the left menu.
3. In the **User Seats** section, select the **Add Seats** button.
{% image organizations/user-seats.png %}
Adding user seats will result in adjustments to your billing totals and immediately charge your payment method on file. The first charge will be prorated for the remainder of the current billing cycle.
## Remove User Seats
You can remove user seats at any time by logging into the **Web Vault** (https://vault.bitwarden.com) and going to **Settings** &rarr; **Organizations** &rarr; {YOUR ORG NAME} &rarr; {% icon fa-cog %} **Settings** sub-tab &rarr; **Subscription**. There you can locate the **User Seats** section and select the **Remove Seats** button.
Complete the following steps to remove user seats from your Organization:
{% note %}
A credit for any unused time will be automatically issued to the account balance.
{% endnote %}
1. Login to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. In your Organization, open the **Settings** tab and select **Subscription** from the left menu.
3. In the **User Seats** section, select the **Remove Seats** button.
Removing user seats will result in adjustments to your billing totals that will be prorated as credits toward your next billing charge.

96
_articles/organizations/user-types-access-control.md
View File

@@ -5,63 +5,59 @@ categories: [organizations]
featured: true
popular: false
tags: [user types, access control]
order: 11
---
Users in Bitwarden Organizations can be granted a variety of User Types and Access Controls in order to manage their permissions.
You can designate User Type and Access Control when you invite users to your Organization (see [Add or Remove Users From Your Organization](https://bitwarden.com/help/article/managing-users/)), or at any time from the **Manage** &rarr; **People** screen in your Organization.
### In This Article
- [User Types](#user-types)
- [Access Control](#access-control)
- [Granular Access Control](#granular-access-control)
## User Types
When adding users to your Bitwarden Organization, you can grant certain levels of access by user type. Options include Owner, Admin, Manager and User. See further details below:
User Type determines the level of access that a user will have within your Organization. User Type is configured at the Organization level.
### User
- Most common user type
- Only have access to assigned collections
- Consumers of shared items in addition to their individual vault items
- Only work with items under collections they have been associated with
- Unable to create collections
Options include:
### Manager
- Only administer a collection it is associated with by an Owner or Admin
- Access and manage assigned collections in an organization
- Create new collections and modify the assigned collections
- Able to set user access for assigned collections
### Admin
- Access and manage all items, collections, and users in your organization
- Invite and confirm users to join an organization
- Manage Enterprise Policies
- Manage Groups
- View Event Logs
- Export organization vault data
- Normally only a few select Admins in an organization
### Owner
- Highest level of access
- Manage all aspects of the organization
- Manage billing, subscription, and integration mechanisms
- Normally only a few select Owners in an organization
{% note %}
Once the user or users group is saved with their Collections access, the user will inherit those items into their Vault view.
{% endnote %}
## Access Control
In addition to defining the User Type, Access Control determines a full or partial view of the collections within an organization.
Choose **all items** or **selected collections** to set the appropriate access for the user.
{% note %}
Admin and Owner user-types can access all collections regardless of assignment when accessing Bitwarden from the Organization View. Assignments will control client access and display of collections.
{% endnote %}
### Item Access and Control
**Read Only**
- Selecting this option will prevent users assigned to this collection from adding new items, and editing or deleting existing items.
**Hide Passwords**
- This option hides passwords, TOTP seeds, and any custom fields of type *hidden* in this collection. This also disables the ability for an end-user to copy a password. In this configuration, an item may only be used with auto-fill.
|User Type|Permissions|
|---------|-----------|
|User|Access shared items in assigned Collections<br>Add, edit, or remove items from assigned Collections (unless **Read Only**)|
|Manager|All of the above,<br>+ Assign Users to Collections<br>+ Assign User Groups to Collections<br>+ Create or delete new Collections|
|Admin|All of the above,<br>+ Assign Users to User Groups<br>+ Create or delete User Groups<br>+ Invite and confirm new Users<br>+ Manage Enterprise Policies<br>+ View Event Logs<br>+ Export Organization Vault data<br><br>**Admin Users automatically have access to all Collections.**|
|Owner|All of the above,<br>+ Manage Billing, Subscription, and Integrations<br><br>**Owner Users automatically have access to all Collections.**|
{% warning %}
Enabling hidden passwords prevents the easy copy and paste of hidden items, however it does not completely prevent user access to this information. Please treat hidden passwords as you would any shared credential.
**Only an Owner** can create a new Owner or assign Owner to an existing user. For failover purposes, Bitwarden recommends creating multiple Owner users.
{% endwarning %}
{% image organizations/user-types-access-control.png %}
## Access Control
Access Control determines the Collection assignment of **Users** and **Managers**, as well as permissions within a given Collection. Access Control is configured at the Collection level.
Assigning **Admins** and **Owners** to Collections via Access Control will only impact which Collections appear readily in the **Filters** section of their Vault. Admins and Owners will always be able to access "un-assigned" Collections via the Organization view.
{% image /organizations/collection-access-control.png Configure Access Control options %}
Selecting **This user can access and modify all items** will allow users to use all Collections in your Organization.
Selecting **This user can access only the selected collections** will restrict users to only the assigned Collections, and activate Granular Access Control:
### Granular Access Control
To assign users to only selected Collections, check the checkbox to the left of each desired Collection. For each checked Collection, you may also configure:
**Hide Passwords**
Selecting **Hide Password** prevents users from seeing or copying all passwords, TOTP seeds, or *Hidden* custom fields. Users with **Hide Passwords** active may only use items in the Collection via Auto-Fill.
{% warning %}
Enabling **Hide Passwords** prevents easy copy-and-paste of hidden items, however it does not completely prevent user access to this information. Treat hidden passwords as you would any shared credential.
{% endwarning %}
**Read Only**
Selecting **Read Only** prevents users from adding, editing, or removing items within the Collection. Users with **Read Only** active may still see and use all passwords, TOTP seeds, and *Hidden* custom fields.

22
_articles/organizations/what-is-an-organization.md
View File

@@ -1,22 +0,0 @@
---
layout: article
title: What are organizations?
categories: [organizations]
featured: true
popular: true
tags: []
---
A Bitwarden organization is an entity that relates users together that want to share items. An organization could be a family, team, company, or any other type of group that desires to share items in Bitwarden.
An individual user account can create and/or belong to many different organizations, allowing you to manage your items from a single account.
You can create a new Bitwarden organization from the [web vault](https://vault.bitwarden.com) or request an admin of an existing organization to send you an invite.
## Are organizations different from a premium membership?
Yes. Whereas an organization is used for sharing items across multiple users, a premium membership gives your individual user account additional premium features (called **premium access**). Some of these features may also exist within an organization (ex. file storage and TOTP), however, they only apply to items that are actually store/shared within the organization itself. If you also want premium access on your personal user account, you will additionally need a premium membership for that account.
Some organization plans, such as the Enterprise plan, and current Teams and Families plans, also grant premium access to its users. Users that are granted premium access by an organization that they are a member of would not need to purchase a separate premium membership (unless they leave that organization).
Classic 2019 Families and Teams plans require the seperate purchase of a Premium membership, per user. To upgrade to a new Teams or Family plan, [contact us](https://bitwarden.com/contact)

4
_articles/plans-and-pricing/enterprise-free-trial.md
View File

@@ -12,7 +12,7 @@ Paid Organizations, including Enterprise, have a 7 Day Free Trial built in. To l
Complete the following steps to start your 7 Day Free Trial of Bitwarden Enterprise:
1. Log in to your [Web Vault](https://vault.bitwarden.com).
1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"}.
2. Select the **New Organization** button.
{%image /organizations/new-org-button-overlay.png Select New Organization %}
@@ -36,7 +36,7 @@ Complete the following steps to start your 7 Day Free Trial of Bitwarden Enterpr
Now that you've created your trial Enterprise Organization, we recommend that you:
- [Add Users to your Organization](https://bitwarden.com/help/article/managing-users/)
- [Create a Collection for your Organization](https://bitwarden.com/help/article/collections/)
- [Create a Collection](https://bitwarden.com/help/article/create-collections/)
- Use the [Business Portal](https://bitwarden.com/help/article/about-business-portal) to:
- Set up [Login with SSO](https://bitwarden.com/help/article/getting-started-with-sso)
- Create [Enterprise Policies](https://bitwarden.com/help/article/policies)

22
_articles/plans-and-pricing/upgrade-from-individual-to-org.md
View File

@@ -19,7 +19,7 @@ This article will guide existing individual Bitwarden users ([**Free**](https://
Complete the following steps to start your Organization:
1. Log in to your [Web Vault](https://vault.bitwarden.com/).
1. Log in to your [Web Vault](https://vault.bitwarden.com/){:target="\_blank"}.
2. Select the **New Organization** button.
{%image /organizations/new-org-button-overlay.png Select New Organization %}
@@ -33,6 +33,7 @@ Complete the following steps to start your Organization:
- Check the **This account is owned by a business** checkbox.
- Provide your **Business Name**.
Checking the **This account is owned by a business** checkbox will automatically filter your plan options to those suited to businesses. If you represent a business interested in testing secure sharing using a Free Organization, leave this option unchecked.
5. In the **Choose Your Plan** section, select which type of Organization to create. Options include:
- **Free:** For testing or personal users to share with 1 other user. **[Learn more](https://bitwarden.com/help/article/about-bitwarden-plans/#free-organizations)**.
- **Families:** For personal use, to share with family & friends. **[Learn more](https://bitwarden.com/help/article/about-bitwarden-plans/#families-organizations)**.
@@ -41,14 +42,12 @@ Complete the following steps to start your Organization:
{% note %}Paid Organizations (Families, Teams, or Enterprise) include premium features for all enrolled users. For more information about Premium features, see [About Bitwarden Plans](https://bitwarden.com/help/article/about-bitwarden-plans/#compare-the-plans/).
{% endnote %}
6. Enter the following information:
- If you selected **Teams** or **Enterprise**, enter the number of Bitwarden **User Seats** you need. You can add additional seats later if required.
- If you selected **Families**, **Teams**, or **Enterprise**, enter the amount of **Additional Storage (GB)** you need. Your plan comes with 1 GB of shared encrypted file storage, and you can add additional storage later if needed.
7. In the **Summary** section, select whether you'd like to be billed **Annually** or **Monthly**.
Families Organizations may only be billed **Annually**.
8. Enter your **Payment Information** and select **Submit**.
6. If you selected a Paid Organization, enter the following information:
- For **Teams** or **Enterprise**, enter the number of **User Seats** you need. You can add additional seats later if required.
- For **Families**, **Teams**, or **Enterprise**, enter the amount of **Additional Storage (GB)** you need. You plan comes with 1 GB of shared encrypted file storage, and you can add additional storage later if needed.
- For **Teams** or **Enterprise**, select whether you'd like to be billed **Annually** or **Monthly**. Families Organizations may only be billed annually.
- For any Paid Organization, enter your **Payment Information**
7. Click **Submit** to start using your new Organization.
## Cancel Premium Individual Plan
@@ -70,5 +69,6 @@ Complete the following steps to cancel your Premium Individual subscription:
Now that you've created your Organization, we recommend that you:
- [Add Users to your Organization](https://bitwarden.com/help/article/managing-users/)
- [Create a Collection for your Organization](https://bitwarden.com/help/article/collections/)
- [Invite Users to Your Organization](https://bitwarden.com/help/article/managing-users)
- [Create a Collection](https://bitwarden.com/help/article/create-collections/)
- [Share Items to a Collection](https://bitwarden.com/help/article/share-to-a-collection/)

5
_categories/directory-connector.md Normal file
View File

@@ -0,0 +1,5 @@
---
layout: category
title: Directory Connector
featured: true
---

BIN
images/getting-started/create-account-screen-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 134 KiB

BIN
images/getting-started/create-account-screen.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

BIN
images/getting-started/get-started-homepage-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 166 KiB

BIN
images/getting-started/get-started-homepage.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 161 KiB

BIN
images/organizations/clone-org-item.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
images/organizations/collection-access-control.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
images/organizations/collection-list-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
images/organizations/collection-list.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
images/organizations/collection-nested-create.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
images/organizations/collection-nested.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
images/organizations/collection-shared-item.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
images/organizations/collections-graphic-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
images/organizations/collections-graphic-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
images/organizations/collections-graphic.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
images/organizations/collections-groups.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

BIN
images/organizations/event-logs-updated.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

BIN
images/organizations/event-logs.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 129 KiB

After

Width:  |  Height:  |  Size: 129 KiB

BIN
images/organizations/group-add.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
images/organizations/group-create-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
images/organizations/groups-newgroup.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
images/organizations/groups.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
images/organizations/new-org-button-overlay.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 39 KiB

After

Width:  |  Height:  |  Size: 40 KiB

BIN
images/organizations/new-org-button.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 36 KiB

BIN
images/organizations/org-people-dropdown-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
images/organizations/org-people-dropdown.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
images/organizations/org-people-invite.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
images/organizations/org-people-options-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

BIN
images/organizations/org-people-options-updated-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 78 KiB

BIN
images/organizations/org-people-options-updated.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

BIN
images/organizations/org-people-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
images/organizations/org-people.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
images/organizations/org-use-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

BIN
images/organizations/org-use.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

BIN
images/organizations/organization-use-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
images/organizations/share-from-vault-overlay.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

BIN
images/organizations/share-from-vault.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
images/organizations/user-accept-updated.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
images/organizations/user-accept.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 29 KiB

BIN
images/policies/policies-master-password.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 79 KiB

After

Width:  |  Height:  |  Size: 32 KiB