help/_articles/organizations/about-groups.md

---
layout: article
title: Groups
categories: [organizations]
featured: true
popular: false
tags: [groups, access control]
order: 03
redirect_from:
  - /article/groups/
  - /article/create-groups/
---

## What are Groups?

Groups relate together individual users, and provide a scalable way to assign permissions, including access to [Collections]({{site.baseurl}}/article/about-collections) and other [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control). When [onboarding new users]({{site.baseurl}}/article/managing-users/), add them to a Group to have them automatically inherit that Group's configured permissions.

{% callout info %}
Groups are available to [Teams and Enterprise Organizations]({{site.baseurl}}/article/about-organizations/#types-of-organizations).
{% endcallout %}

### Using Groups

Teams and Enterprise Organizations can designate access to [Collections]({{site.baseurl}}/article/about-collections/) based on user Groups, rather than individual users. Group-Collection associations provide a deep level of access control and scalability to sharing resources. One common Group-Collection methodology is to create **Groups by Department** and **Collections by Function**, for example:

{% image /organizations/collections-graphic-2.png Using Collections with Groups%}

Other common methodologies include **Collections by Vendor or System** (i.e. users in an **Engineering** Group are assigned to a **AWS Credentials** Collection) and **Groups by Locality** (i.e. users are assigned to a **US Employees** Group or **UK Employees** Group).

## Create a Group

Users with the [Admin role (or higher)]({{site.baseurl}}/article/user-types-access-control/#user-types) can create and manage Groups. To create a Group:

1. Log in to your [Web Vault](https://vault.bitwarden.com){:target="\_blank"} and open your Organization.
2. Open the **Manage** tab and select **Groups** from the left-hand menu.
3. On the Groups screen, select the {% icon fa-plus %} **New Group** button.

   {% image /organizations/groups-newgroup.png New Group %}
4. Give your Group a **Name** and assign the desired [Access Control]({{site.baseurl}}/article/user-types-access-control/#access-control).

   Access Controls can designate that users can access all items (i.e. all Collections) or only specific Collections, as well as whether [Passwords are hidden or Logins are read-only]({{site.baseurl}}/article/user-types-access-control/#granular-access-control).

   {% callout success %}The **External Id** field is only relevant if you're using [Directory Connector]({{site.baseurl}}/article/directory-sync/).{% endcallout %}
5. Select **Save** to finish creating your Group.

### Assign Users to Group(s)

Once your Groups are created and configured, add users to them:

1. In your Organization Vault open the **Manage** tab and select **People** from the left-hand menu.
2. Hover over the user you want to add and use the {% icon fa-cog %} gear dropdown to select **Groups**:

   {% image /organizations/org-people-options-updated-overlay.png %}
3. Select the Group(s) to add this user to and **Save** your selection.

{% callout success %}
You can check which users belong to a Group from the **Manage** → **Groups** screen by using the {% icon fa-cog %} gear dropdown to select **Users**.
{% endcallout %}

### Edit Collections Assignments

If you want to change the [Collections]({{site.baseurl}}/article/about-collections/) or [access controls]({{site.baseurl}}/article/user-types-access-control/#access-control) assigned to a Group:

1. In your Organization Vault, open the **Manage** tab and select **Groups** from the left-hand menu.
2. Select the group you want to edit.
3. Configure the Access Control settings as you did when the Group was [initially created](#create-a-group).