Bitwarden Learning

Individual and Organizational Vault

Important Terms

Before we dive into our session, I want to review some key terms you will hear throughout the session along with day-to-day when using Bitwarden. The first term is Vault, a vault is where all of your items such as your logins, cards, identities, and secure notes are stored and listed. Second is Organization. These bring Bitwarden users and vault items together to share logins, notes, cards, and identities with other Bitwarden users. Third is Collections. These gather logins, notes, cards, and identities together for secure sharing. We view Collections as shared folders. Lastly we have Groups. This is where an individual user will have permissions assigned to them based on which collections they can access and the controls. 

Bitwarden allows you to onboard new users, add them directly to a group, and have them automatically inherit that group’s permissions. 

Vault Items

Let’s talk about Vault Items. I want to give a high-level introduction on the 4 different item types you can store in Bitwarden which are Logins, cards, identities, and secure notes. Logins are most often used to store usernames and password combinations and also store your TOTP codes. Cards can be used to store debit and credit card information. Identities can be used to store billing info, mailing info, or anything else you might need to have access to when filling out online forms. And Secure Notes can be used to store encrypted freeform text for anything you want protected. More Item Types are coming soon!

Bitwarden Clients and Bitwarden Cloud/Server

Now, let’s talk through the overall Bitwarden architecture. We will explain how we view the overall Bitwarden solution. The way Bitwarden works is to keep your sensitive information inside the client applications, as soon as you put your data in the vault it is end-to-end encrypted with zero knowledge. Vault data can only be decrypted using a key derived from your master password. Bitwarden is a zero knowledge solution, meaning you are the only party with access to your key and the ability to decrypt your Vault data. Bitwarden synchronizes through all of your devices with the Bitwarden cloud or the self-hosted server which means, unlimited devices, unlimited passwords, all synchronized through the Bitwarden server.

Individual Vault  

Now, every single Bitwarden user starts with their own individual, personal vault. In this vault, you can store all of your personal items which are on a Bitwarden user basis. One thing to note is that all vault data is end-to-end encrypted.

Organization Vaults and Collections

The next layer is for users added to an organization. When you are added to an Organization, you still have your individual vault. Now, you also have access to an Organizational Vault, as well as, specific collections. These collections are part of a shared Organizational vault for you and others to access based on specific permissions granted by your administrator. Moving an item into a collection transfers the item to the Organization and allows it to be shared with other users or groups of users.

Organization Vaults and Collections

Bitwarden users can be assigned to Groups within an Organization for more scalable sharing. 

Organization Vaults and Collections

Bitwarden Users can see items that are shared with them or the groups to which they belong.

Organization Vaults and Collections

Bitwarden Administrators and other Organization users cannot see into the individual vault of a user.

User Types and Permissions

The chart on your screen shows the different types of users and the permissions based on each user type. User types define the access a user has to the Organization. Users can be assigned a static role, or a role with customized permissions.

For More Information


View or download the presentation.

Back to Learning

Weitere Ressourcen

© 2023 Bitwarden, Inc.