User Management

User seats

Bitwarden Teams and Enterprise organizations will automatically scale up user seats as you invite new users. You can set a seat limit on scaling to prevent your seat count from exceeding a specified number, or manually add seats as desired. Regardless of how you choose to add seats, you will need to manually remove seats you're no longer using.

Adding and removing user seats will adjust your future billing totals. Adding seats will immediately charge your payment method on file at an adjusted rate so that you will only pay for the remainder of the billing cycle (month/year). Removing seats will cause your next charge to be adjusted so that you are credited for time not used by the already-paid-for seat.

Hinweis

Only an an organization owner or provider service user can add or remove seats, as this directly affects billing.

Set a seat limit

To set a limit on the number of seats your organization can scale up to:

  1. Log in to your web vault and open your organization.

  2. Open the Billing tab and select Subscription from the left-hand menu.

  3. Check the Limit Subscription checkbox:

    Set a Seat Limit
    Set a Seat Limit
  4. In the Maximum Seat Limit input, specify a seat limit.

  5. Select Save.

Hinweis

Once the specified limit is reached, you will not be able to invite new users unless you increase the limit.

Manually add or remove seats

To manually add or remove seats to your organization:

  1. Log in to your web vault and open your organization.

  2. Open the Billing tab and select Subscription from the left-hand menu.

  3. In the Subscription Seats input, add or remove seats using the hover-over arrows:

    Add or Remove Users Seats
    Add or Remove Users Seats
  4. Select Save.

Hinweis

If you are increasing your Subscription Seats above a specified Maximum Seat Limit, you must also increase the seat limit so that it is equal to or greater than the desired subscription seat count.

Onboard users

To ensure the security of your organization, Bitwarden applies a 3-step process for onboarding a new member, inviteacceptconfirm.

Tipp

This document covers the manual onboarding flow for adding users to Bitwarden organizations, however Bitwarden offers two methods for automatic user and group provisioning:

Invite

Tipp

For Enterprise organizations, we recommend configuring enterprise policies prior to inviting users to ensure compliance on-entrance to your organization.

To invite users to your organization:

  1. Log in to your web vault and open your organization.

  2. Open the Manage tab and select Members from the left-hand menu.

  3. Select the Invite User button:

    Invite Users
    Invite Users

  4. On the Invite User panel:

    • Enter the Email address where new users should receive invites. You can add up to 20 users at a time by comma-separating email addresses.

    • Select the User Type to be applied to new users. User type will determine what permissions these users will have at an organizational level.

    • Select the Access Control to be applied to new users. Access control will determine which collections these users will have access to, and what level of access within those collections.

  5. Click Save to invite the designated users to your organization.

Hinweis

Invitations expire after 5 days, at which point the user will need to be re-invited. Re-invite users in bulk by selecting each user and using the gear dropdown to Resend Invitations:

Bulk Reinvite
Bulk Reinvite

If you're self-hosting Bitwarden, you can configure the invitation expiration period using an environment variable.

Accept

Invited users will receive an email from Bitwarden inviting them to join the organization. Clicking the link in the email will open a Bitwarden client invitation window. Log In with an existing Bitwarden or Create Account to accept the invitation:

Invitation Window
Invitation Window

When you accept an invitation, you will be notified that you can access the organization once confirmed:

Accepted Invitation
Accepted Invitation

Confirm

To confirm accepted invitations into your organization:

  1. Log in to your web vault and open your organization.

  2. Open the Manage tab and select Members from the left-hand menu.

  3. Select any Accepted users and use the gear dropdown to Confirm Selected:

    Confirm an Accepted user
    Confirm an Accepted user
  4. Verify that the fingerprint phrase on your screen matches the one your new member can find in SettingsMy Account:

    Sample Fingerprint Phrase
    Sample Fingerprint Phrase

Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select Submit.

Offboard users

To remove users from your organization:

  1. Log in to your web vault and open your organization.

  2. Open the Manage tab and select Members from the left menu.

  3. Select the users you want to remove from the organization and use the gear dropdown to Remove:

Remove Users
Remove Users
Tipp

Offline devices cache a read-only copy of vault data, including organizational vault data. If you anticipate malicious exploitation of this, credentials the member had access to should be updated when you remove them from the organization.

Deleting user accounts

Removing a user from your organization does not delete their Bitwarden account. When a user is removed they can no longer access the organization or any shared items and collections, however they will still be able to log in to Bitwarden using their existing master password and access any individual vault items.

Depending on the particulars of your implementation, you may be able to use one of the following methods to delete a Bitwarden user account that belongs to an offboarded user:

  1. If you are self-hosting Bitwarden, an authorized admin can delete the account from the System Administrator Portal.

  2. If the account has an @yourcompany.com email address that your company controls, you can use the delete without logging in workflow and confirm deletion within the @yourcompany.com inbox. For more information, see Delete an Account or Organization.

Revoke access

Tipp

If your organization has an active SCIM integration, user access to your organization is automatically revoked when users are suspended or de-activated in your source directory.

Instead of completely removing users, you can also temporarily revoke access to your organization and its vault items. To revoke access:

  1. Login to your web vault and open your organization.

  2. Open the Manage tab and select Members from the left menu.

  3. Select the users you want to revoke access for and use the gear dropdown to Revoke Access:

    Revoke Access
    Revoke Access

Tipp

Only owners can revoke and restore access to other owners.

Users with revoked access are listed in the Revoked tab and will:

  • Not have access to any organization vault items, collections, and more.

  • Not have the ability to use SSO to login, or Organizational Duo for two-step login.

  • Not be subject to your organization's policies.

  • Not occupy a license seat.

Restore access

To restore access to a user:

  1. Login to your web vault and open your organization.

  2. Open the Manage tab and select Members from the left menu.

  3. Open the Revoked tab.

  4. Select the users you want to restore access for and use the gear dropdown to Restore Access:

    Restore Access
    Restore Access

When you restore access to a user, they don't need to go through the inviteacceptconfirm workflow again.


Sprache
© 2022 Bitwarden, Inc.
NutzungsbedingungenDatenschutzerklärungSitemap