Enterprise implementation guide
Key takeaways from this article:
Four-phase deployment: Bitwarden enterprise implementation follows structured phases from training through to ongoing support.
Training foundation: Successful Bitwarden deployment begins with administrator training and team member education.
Flexible deployment options: Choose between Bitwarden cloud or self-hosted solutions based on technical resources and data requirements.
Enterprise policy setup: Configure Bitwarden policies, collections, and groups before user onboarding for proper security controls.
Integration capabilities: Bitwarden integrates with existing identity providers and SCIM provisioning systems.
Scalable implementation: Bitwarden enterprise scales from small teams to large organisations through phased rollouts.
Phase 1: Training
Step and Action | Key Person | Help Articles and Links |
|---|---|---|
Step 1: Administrator Training Example special topics include, but are not limited to: Demonstrating the configured SSO login flow Custom fields Custom roles Setting up Bitwarden two-step login (if not configured with the SSO IdP)
| Internal training / managers | Personalised training sessions are also available upon request |
Step 2: Team Member Training A general training session for end users will cover: How to import current passwords into Bitwarden Bitwarden for all devices Setting up the Bitwarden browser extension Creating your account Getting to know the Bitwarden vault How to use the Bitwarden Password Manager Bitwarden Send | All levels | Personalised training sessions are also available upon request |
Step 3: Service desk training Optional dedicated training session to set your service desk team up for success | Service desk, customer success leads | |
Ongoing Education All users can take advantage of monthly new and updated learning content in the Bitwarden Learning Centre New users brought on after initial onboarding can take advantage of the live Bitwarden Weekly Demo and Q&A or watch a pre-recorded version | All levels | Bitwarden Demo for Teams and Enterprises
|
Phase 2: Deployment - Self-hosting (advanced, requires IT investment)
Step and Action | Key Person | Help Articles and Links |
|---|---|---|
Step 1: Confirm your ability to self-host Option 1: Cloud (recommended): Most businesses and users have all their needs served with a Bitwarden cloud deployment. The Bitwarden cloud is a good fit for you if: - You want a turnkey, set-and-forget solution - You do not have the technical resources and experience to self-host - You are looking to deploy immediately without any set-up time If you choose to use Bitwarden cloud, move on to the next section: Phase 2: Deployment - Bitwarden cloud Option 2: Self-host (for advanced businesses): Companies that have specific data sovereignty requirements or wish to configure Bitwarden behind a private firewall or reverse proxy may choose to self-host Bitwarden on premises. Server installation, maintenance, updates, backups, and general security are your responsibility. Note for MSPs: The Bitwarden Provider Portal does not support self-hosted installations. Managing clients' self-hosted servers requires manually adding administrative users to those organisations. What does it mean to self-host? Running Bitwarden on your own servers requires advanced technical knowledge and IT infrastructure. It also means that you are responsible for server maintenance, security, uptime, and updates. Before deciding whether self-hosting is right for you, answer these questions: - Do you already have anything else self-hosted? - Do you have dedicated hardware to run the server? - Is there an IT or DevOps team that will be responsible for the server? - Are you familiar with Docker or Kubernetes and Helm charts? - Are you comfortable installing software using Linux terminal or PowerShell? If any answers are no, then reconsider using the turnkey Bitwarden cloud service instead. Self-hosting Bitwarden is a good fit for you if: - You are subject to specific data controls - You have the technical resources and knowledge to maintain a server - You are confident in your team’s ability to secure and back up the server data - You understand your organisation’s Recovery Time Objective (RTO) and how to achieve the necessary service availability in your own infrastructure If you decide to self-host Bitwarden, follow the steps below. If you decide to use the Bitwarden cloud service, skip to Phase 2: Deployment (Cloud). | IT Director | |
Step 2: Prepare for your installation 1. Configure your domain - Set DNS records for a domain name pointing to your dedicated machine (virtual or physical), and open ports 80 and 443 for that machine. 2. Install Docker and Docker Compose (Linux) or Docker Desktop (Windows) - Docker is used to containerise the various processes for Bitwarden. Ensure the machine for your server has at least 4GB of RAM, 25GB of storage, and a minimum of a dual-core, 2GHz processor. 3.Retrieve your installation ID and key - Visit bitwarden.com/host/ and enter the contact email address of the owner of the Bitwarden self-hosted server to retrieve this information. | IT Specialist Organisation Owner
| |
Step 3: Deploy the Bitwarden server 1. Create Bitwarden local user & directory - Open terminal (Linux) or PowerShell (Windows) and type and enter the series of commands (Bash) in the relevant installation guide on the Bitwarden Help Centre. 2. Install Bitwarden on your machine - Download and run the pre-built scripts to install Bitwarden. This step requires the installation ID, installation key, and an SSL certificate. Review the relevant guide for more details. 3. Configure your environment - Adjust server settings within the environment file, including configuring the connection to your SMTP mail server so that your Bitwarden installation can send emails to users, such as invitations. 4. Start your Bitwarden server - Enter the command to start Bitwarden.Bitwarden will automatically download the necessary images from Docker Hub. Review the Docker containers to ensure they’re running correctly. Visit the web app on your domain and verify that it is accessible. | IT Specialist Organisation Owner | |
Step 4: Create your self-hosted organisation Follow the subtasks below to create your organisation: 1. Start a cloud organisation to use for billing purposes (Step 3 below) 2. Retrieve your licence file from the Bitwarden cloud web app 3. Create your organisation in the web app on your self-hosted server 4. Set up billing and licence sync (optional) After these steps, your Bitwarden organisation is functional. Thoroughly test features such as integrations like SCIM, and SSO to verify successful setup. | Organisation Owner | |
Step 5: Create a maintenance and backup plan Develop a plan and assign ongoing tasks for updating the server and setting up a system for creating backups. Prepare an off-site backup of your server data, and test disaster recovery protocols. | IT Specialist |
|
Once these steps have been completed, move to Step 3: Configure Enterprise Policies in the section below. |
Phase 2: Deployment - Bitwarden cloud (customer preferred)
Step and Action | Key Person | Help Articles and Links |
|---|---|---|
Step 1: Identify Organisation Owner Create a free user account onhttps://vault.bitwarden.com using the email intended for organisation ownership and administration. The Owner is the super-user that can control all aspects of your organisation. Decide if you want the email to be associated with a specific user or a team inbox. Note: If you’re being assisted by a Bitwarden representative, skip this step | Organisation Owner | |
Step 2: Create Organisation Create a free Organisation on Bitwarden Cloud athttps://vault.bitwarden.com. This will be used for billing purposes even if self-hosted.
Note: If you’re being assisted by a Bitwarden representative, skip this step | Organisation Owner | |
Step 3: Configure Enterprise Policies Best practice is to enable and configure all policies before user onboarding begins. Note: Any policies should be enabled before user invitation, as not all policies are retroactive. | Organisation Owners + Admins | |
Step 4: Select collection management settings Choose how collections will behave in the organisation. These settings allow for a spectrum from full admin control to completely self-service, where users can create their own collections. These settings can be used to establish a policy of least privilege. | Owner | |
Step 5: Review and set up integrations Visit the Integrations page in the Admin Console and set up desired integrations, such as Login with SSO. | Organisation Owners + Admins | |
Step 6: Add additional administrators Add Administrators to the Organisation as needed. We also recommend configuring a second Owner for redundancy. | Organisation Owners + Admins | |
Step 7: Create Collections for Administrators and users to share Collections are where secure items are located that are shared with Groups of users. | Organisation Owners + Admins | |
Step 8: Create Groups for managing users Creating Groups allows easy assignment of Collections. Please note: If you decide to sync Groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and Group assignments later. | Organisation Owners + Admins | |
Step 9: Assign Collections to Groups to begin sharing passwords Assign Groups to Collections, making sure to test and demonstrate the 'Read Only' and 'Hide Password' options. | Organisation Owners + Admins | |
Step 10: Add items to test Collections Add items manually or import via CSV or JSON from another password management application. | Organisation Owners + Admins | |
Integration Engineer (Optional) Assistance in further structuring the organisation's policies, collections and groups.
| Organisation Owners + Admins |
Phase 3: Onboarding
Step and Action | Key Person | Help Articles and Links |
|---|---|---|
Step 1: Determine timeline for roll-out to initial wave | Senior leadership / Security teams | |
Step 2: Create internal messaging / memo about Bitwarden roll-out Check out Bitwarden tutorial videos on YouTube and the Bitwarden 101 video series in the Learning Centre. | Internal training / managers | |
Step 3: Use the Customer Activation Kit Use the Customer Activation Kit to access ready-to-use marketing materials such as brand assets, one-pagers and explainer videos. These resources can enhance your internal communications and support end-user activation. | Internal training / managers | |
Step 4: Communicate with internal leaders about Password Management policies | Internal leaders / Security teams | |
Step 5: Download and log in to Bitwarden client applications Download and implement Bitwarden client applications to confirm proper configuration for secure data sharing, that the intended Enterprise Policies are working, and that the onboarding function is successful. Note: Some organisations will already have a policy in place to configure clients through device management software. Note: Self-hosted users will need to set the client's environment:https://bitwarden.com/help/article/change-client-environment/ | All users | |
Step 6: Configure Directory Connector or SCIM to invite users Begin Directory Connector or SCIM integration provisioning to start inviting users to the organisation Provide the script to bypass the user acceptance step that can be input within the CLI (optional). Review secure offboarding procedure | Organisation Owners + Admins | |
Step 7: User Account Migration Instruct users on how to migrate from their current password manager to Bitwarden. | All Users | |
Step 8: Ask your users to disable their browser's built-in password manager Built-in password managers for browsers are more vulnerable to security threats and can interfere with the Bitwarden experience. | All users | |
For larger customers, Bitwarden offers ongoing meetings with Customer Success Engagement Managers and Bitwarden executives Assistance with any further deployment practices Q&A sessions Check-in meetings | Organisation Owners + Admins + Internal leaders / Security teams |
Phase 4: Ongoing support
Step and action | Key person | Help articles and links |
|---|---|---|
Ongoing: Billing support requests Contact Support for expedited billing support assistance | Organisation Owners | |
Ongoing: Technical support requests Contact Support for expedited technical support assistance | All users | |
For larger customers, Bitwarden offers ongoing meetings with a Customer Success Engagement Manager and Bitwarden executives Regular meetings with a Customer Success Engagement Manager Periodic meetings with Bitwarden executives and the product team Review feedback and feature requests from the first two months of deployment | Organisation owners, admins, project managers, service desk teams and end users of larger enterprise customers |
Additional testing and implementation resources
Critical capabilities for enterprise password management
Set yourself up for enterprise password management evaluation success by incorporating this guide
Enterprise features list
Features available to Bitwarden enterprise organisations in several categories
Proof-of-concept checklist
Designed by Bitwarden product, implementation and sales specialists to help guide your business in running a Bitwarden proof-of-concept trial.
Prepare your trial organisation for production
Use this guide to help your business prepare for a production implementation
Test criteria for your free enterprise trial
Bitwarden testing criteria to help your team get the most out of your free Enterprise trial experience.