The Bitwarden Blog

New Enterprise Policies and Options to Customize Vault Behavior and User Management

RL
authored by:Ryan Luibrand
posted:
Link Copied!
  1. Blog
  2. New Enterprise Policies and Options to Customize Vault Behavior and User Management

Businesses everywhere count on tools and protocols to keep company data and end-users safe and secure. The latest release from Bitwarden adds enhanced enterprise policies and user onboarding and management, reflecting a commitment to help customers strengthen company-wide cyber defenses and efficiently manage security at scale for both admins and users.

Add security with new policies

Enterprise Policies are organization-wide controls that help an administrator keep a company secure by enabling additional settings for how their end users use Bitwarden. These policies ensure a uniform standard of security and can reduce the time spent with additional training for end-users by integrating directly into their Bitwarden clients.

Vault timeout policy

The new vault timeout policy allows an admin to set the maximum vault timeout duration for all members of an organization. If desired, the timeout policy can be set quite low, say two minutes, so that the vault will lock after nearly every use. This can be helpful if employees are on-the-go or need to step away from their devices frequently.

Vault Timeout enterprise policy - Set the timeout duration for users

Setting the timeout duration lower could have users unlocking the vault more frequently than before. Enabling the unlock with biometrics feature across Bitwarden mobile, desktop, and browser streamlines this process so users can keep working at speed.

Disable personal vault export policy

This policy to disable personal vault export will make it so that only owners and admin members of an organization can export their personal vault. Since exporting organization vaults is only available to these user types already, all exporting activities will be reserved for owners and admins.

An admin utilizing this policy may also want to look at the personal ownership policy that sets the organization as the owner of any new vault items.

Update to account recovery (formerly admin password reset)

Users will now receive a prompt to create a new master password after their account has been reset and upon logging in with the temporary password. As a reminder, the user will need to get this temporary password from the administrator. It’s recommended that it be shared with the user in a secure channel, such as Bitwarden Send. This update helps save time and improves security by ensuring that the temporary password becomes one-time use while reducing the chances for losing the temporary password and requiring sequential resets.

Update to Admin Password Reset - Requires a new master password to be set by the user

Efficiently manage onboarding and permissions

New enhancements make adding and onboarding new users more efficient, and documentation provides guidance for mass-deploying Bitwarden to managed devices. Also, added customization options for user permissions allow for decentralized user management and more.

Automatically add user seats on invitation

A new option on the Subscription page allows for the automatic addition of new subscription seats when new users are invited to join the organization. This makes it easier to onboard new users without having to preempt modifying the subscription to accommodate them. There’s also an option to limit how high this scaling can go to prevent accidentally exceeding set spend limits. As pricing with Bitwarden for Teams and Enterprise plans is handled on a per-seat basis, any new charges are pro-rated and deleted seats are credited to the account.

Autoscale user seats on invite - Add new subscription seats when a user is invited automatically

Custom Role enhancements

The Custom Role now has more options to allow for more granular control of user permissions. This is offered as an alternative to the typical user types to solve for a specific use case for someone that needs additional control, such as a team lead, but doesn't also need to have the ability to modify SSO settings. Another example might be allowing a team member to assign new-hires to groups or collections their team uses without needing to have access to other teams’ logins.

These new enhancements can reduce admin workload by allowing for decentralized team-level management. There are many possibilities, take some time to thoughtfully explore!

Updates to the Custom User options - More granular permissions allow for flexibility in creating roles

Guide for deploying Bitwarden extensions to managed devices

If a company is managing employee devices and the software installed on them, Bitwarden has developed a guide for automating the deployment of the Bitwarden browser extension and settings across the workforce. This streamlines user onboarding, saves configuration time at scale, and ensures the Bitwarden clients are running with the desired settings. The process varies by operating system and browser, so review the different options and follow the relevant instructions.

Learn More

These new features and those planned demonstrate the commitment that Bitwarden has to supporting businesses and helping them work to bolster their cybersecurity defenses. Just as importantly, providing these defenses in a way that is manageable at scale and adds efficiency to the process.

See more features and details in the release notes, including the addition of a dark mode to the web vault. A special shout-out goes to Bitwarden GitHub community member dlturphy for their contributions to this great feature!

Teams and Enterprise accounts come with a free 7-day trial. Check out our pricing page to learn more about business-centric features and initiate a trial today!

Product Updates
Link Copied!
Back to Blog

Get started with Bitwarden today.

Create your free account

Level up your cybersecurity knowledge.

Subscribe to the newsletter.


© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here