Individual and Organizational Vault
Before we dive into our session, I want to review some key terms you will hear throughout the session along with day-to-day when using Bitwarden. The first term is Vault, a vault is where all of your items such as your logins, cards, identities, and secure notes are stored and listed. Second is Organization. These bring Bitwarden users and vault items together to share logins, notes, cards, and identities with other Bitwarden users. Third is Collections. These gather logins, notes, cards, and identities together for secure sharing. We view Collections as shared folders. Lastly we have Groups. This is where an individual user will have permissions assigned to them based on which collections they can access and the controls.
Bitwarden allows you to onboard new users, add them directly to a group, and have them automatically inherit that group’s permissions.
Let’s talk about Vault Items. I want to give a high-level introduction on the 4 different item types you can store in Bitwarden which are Logins, cards, identities, and secure notes. Logins are most often used to store usernames and password combinations and also store your TOTP codes. Cards can be used to store debit and credit card information. Identities can be used to store billing info, mailing info, or anything else you might need to have access to when filling out online forms. And Secure Notes can be used to store encrypted freeform text for anything you want protected. More Item Types are coming soon!
Now, let’s talk through the overall Bitwarden architecture. We will explain how we view the overall Bitwarden solution. The way Bitwarden works is to keep your sensitive information inside the client applications, as soon as you put your data in the vault it is end-to-end encrypted with zero knowledge. Vault data can only be decrypted using a key derived from your master password. Bitwarden is a zero knowledge solution, meaning you are the only party with access to your key and the ability to decrypt your Vault data. Bitwarden synchronizes through all of your devices with the Bitwarden cloud or the self-hosted server which means, unlimited devices, unlimited passwords, all synchronized through the Bitwarden server.
Now, every single Bitwarden user starts with their own individual, personal vault. In this vault, you can store all of your personal items which are on a Bitwarden user basis. One thing to note is that all vault data is end-to-end encrypted.
The next layer is for users added to an organization. When you are added to an Organization, you still have your individual vault. Now, you also have access to an Organizational Vault, as well as, specific collections. These collections are part of a shared Organizational vault for you and others to access based on specific permissions granted by your administrator. Moving an item into a collection transfers the item to the Organization and allows it to be shared with other users or groups of users.
Bitwarden users can be assigned to Groups within an Organization for more scalable sharing.
Bitwarden Users can see items that are shared with them or the groups to which they belong.
Bitwarden Administrators and other Organization users cannot see into the individual vault of a user.
The chart on your screen shows the different types of users and the permissions based on each user type. User types define the access a user has to the Organization. Users can be assigned a static role, or a role with customized permissions.
View or download the presentation.