# Critical Capabilities for Enterprise Password Management

## Table of Contents

- [Integrate with your existing environment(s)](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#integrate-with-your-existing-environment-s/)
- [Deployment options](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#deployment-options/)
- [Corporate Password Policies](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#corporate-password-policies/)
- [Client compatibility](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#client-compatibility/)
- [Security and Encryption](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#security-and-encryption/)
- [Auditing and Logging](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#auditing-and-logging/)
- [Integration](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#integration/)
- [Authentication](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#authentication/)
- [Import and Export](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#import-and-export/)
- [Secure Sharing](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#secure-sharing/)
- [Useability, Autofill and Biometrics, Offline access, Search](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#useability-autofill-and-biometrics-offline-access-search/)
- [Secrets Management](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#secrets-management/)
- [Passwordless for developers](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#passwordless-for-developers/)
- [Compliance](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#compliance/)
- [Purchasing](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#purchasing/)
- [Implementation](https://bitwarden.com/en-gb/resources/critical-capabilities-for-enterprise-password-management/#implementation/)

## Critical Capabilities for Enterprise Password Management

Set yourself up for success by including all of the following in an evaluation of enterprise password management.

### Integrate with your existing environment(s)

| **Feature** | **Detail** | **Impact** |
|------|------|------|
| Broad SSO compatibility | SAML | Support wide range of existing identity providers |
| | OIDC | Support modern identity systems |
| | Login with SSO (and decrypt with password manager password) | Additional security via authenticating with SSO and decrypting with main password |
| | SSO with trusted devices | Use trusted devices to store users’ password manager passwords for easy retention |
| | Customer managed encryption | Complete control with a key connector to retain user vault encryption locally with self-hosted deployments |
| | Clear role mapping for users | Tightly managed role assignment for onboarding to ensure utmost security |
| SCIM provisioning | SCIM endpoint for onboarding | Automate user rollout to accelerate your security posture. Operate natively without requiring a bridge |
| Principal User Names | Support accounts without an email address | Establish accounts by User Principal Name (UPN) where desired without requiring a user email ID  |

### Deployment options 

| Feature | Detail | Impact |
|------|------|------|
| Cloud deployment | Simple SaaS service | Easily launch password management for any size organization |
| Self-hosted deployment | On-premises option | Complete control over password management in a private environment |
| Centralized client configuration options | Desktop and mobile deployment and configuration options, compatibility with device and mobility management systems | Central configuration and roll out of the Mac App and extension, the Windows App, the Linux App, the managed Chrome/Edge/Firefox browser extensions, and the mobile apps (preconfigured with optional self-hosted server URL) delivers the enterprise administration companies expect Full client list at [bitwarden.com/download](https://bitwarden.com/en-gb/download/) |

### Corporate Password Policies

| Feature | Detail | Impact |
|------|------|------|
| Generate passwords | Abide by company policy | Ensure employee generated passwords meet company policies |
| Policy options | Length, min numbers, min special chars, upper case, lower case, [passphrase](https://bitwarden.com/en-gb/passphrase-generator/) options | Maintain compliance with existing company policies |
| Main password manager password policy | Policy for master passwords | Ensure employees' passwords for their password manager is strong |
| Account recovery administration | Automatic enrollment | Guarantee that administrators have the ability to help employees when needed with account recovery, ensuring all individual credentials remain accessible |

### Client compatibility

| Feature | Detail | Impact |
|------|------|------|
| Comprehensive browser extension support | Supports all major browsers | Delivers maximum flexibility for broad adoption within any organization, including options to deploy centrally for company-controlled browsers |
| | Chrome | |
| | Firefox | |
| | Safari | |
| | Edge | |
| | Brave | |
| | Opera | |
| | Vivaldi | |
| | DuckDuckGo for Mac | |
| | Tor | |
| Comprehensive mobile app support | Support all major platforms and application download paths | Deliver maximum flexibility for the highest adoption |
| | iOS Apple App Store | |
| | Android Google Play Store | |
| | F-Droid | |
| | Direct from GitHub | |
| Comprehensive desktop app support | Supports all major desktop operating systems | Deliver maximum flexibility for the highest adoption |
| | Windows | |
| | MacOS | |
| | Linux | |
| Web app support | Functions available in stand alone web app | Ensure credential access securely in any environment |
| Command Line Interface (CLI) | Fully featured CLI | Easily enable programmatic actions and integration to fit existing enterprise workflows |

### Security and Encryption

| Feature | Detail | Impact |
|------|------|------|
| Trusted open source architecture | Ability to see and examine codebase | Provide the utmost in trust and transparency for a mission critical software solution  |
| Minimum vault encryption 256-bit (AES-CBC or similar) | Including PBKDF2 SHA-256 or Argon2 | Strong encryption protects data should it get into the wrong hands. Advanced algorithms such as Argon 2 provide advanced encryption methods |
| Zero-knowledge encryption | Entire Vault is encrypted | |
| Breach reports | Integrate with services like HIBP | Breach reports help identify potential risk areas, warning users of breached sites and reused passwords |
| | Exposed Passwords report | Identifies passwords that have been uncovered in known data breaches that were released publicly or sold on the dark web by hackers |
| | Reused Passwords report | Identifies non-unique passwords in your vault |
| | Weak Passwords report | Identifies weak passwords that can easily be guessed by hackers and automated tools that are used to crack passwords |
| | Unsecured Websites report | Identifies login items that use unsecured (http://) schemes in URIs/URLs |
| | Inactive 2FA report | Identifies login items where: Two-factor authentication (2FA) via TOTP is available from the service, and you have not stored a TOTP authenticator key |

### Auditing and Logging

| Feature | Detail | Impact |
|------|------|------|
| Full audit trail | Viewable and exportable logs of relevant events | Comprehensive event coverage ensures detail to identify auditable steps |
| SIEM Integration | Easy API access | Integrate with existing systems to collect event log information for fast analysis |

### Integration

| Feature | Detail | Impact |
|------|------|------|
| Fully featured CLI | Command Line Interface | Enable programmatic integrations with existing company workflows, including handling of encrypted items. Easily handle bulk operations |
| Robust API | Application Programming Interface | Enable programmatic integrations for managing members, collections, groups, event logs, and policies |

### Authentication

| Feature | Detail | Impact |
|------|------|------|
| Multifactor authentication for the password manager | Including authenticator app, WebAuthn, Yubico, email, Duo | Adding multifactor authentication delivers an additional layer of security |
| Ability to store MFA tokens | Store TOTP codes within password manager | Allow for multifactor authentication logins to be easily shared while retaining MFA |
| Integration with Duo | Out of box functionality | Additional security with existing multifactor solutions |

### Import and Export

| Feature | Detail | Impact |
|------|------|------|
| Import Passwords  | Import from all major password managers across .csv and .json formats | Quickly consolidate disparate solutions into a unified enterprise password manager |
| Encrypted Exports | Export in account encrypted, independently encrypted, and unencrypted formats | Robust export mechanisms serve as backups and freedom to migrate if desired |

### Secure Sharing

| Feature | Detail | Impact |
|------|------|------|
| Share items with a user or a group of users | Include organization of multiple items in shared folders | Secure sharing keeps sensitive information protected with controlled access |
| Send and receive encrypted passwords externally with a limited lifespan | Handle encrypted sensitive information with automatic removal | Sensitive information shared through email and messaging channels is not encrypted and could be exposed. Using encrypted, limited lifespan methods reduces risk |
| Quickly revoke access when needed | Disassociate user from company credentials | With employee succession, removing access quickly ensures smoother transitions |

### Useability, Autofill and Biometrics, Offline access, Search

| Feature | Detail | Impact |
|------|------|------|
| Client app localization | Language support | |
| Browser extension and mobile apps can autofill [username](https://bitwarden.com/en-gb/username-generator/) and [password](https://bitwarden.com/en-gb/password-generator/) | Including options for managing Uniform Resource Identifiers (URIs) | Autofill provides user convenience and serves as a means to recognize and prevent phishing |
| Browser extension and mobile apps can autofill MFA tokens | For accounts with integrated multifactor authentication | For fast, secure logins |
| Biometric access across mobile, browser extension and desktop apps | Fingerprint or face identification | Convenience and security of biometrics leads to broader adoption and more use |
| Account switching | In-App account selector | Provide simple switching between multiple Bitwarden accounts |
| Offline vault access | Vault remains accessible offline in browser extension, mobile, and desktop apps | Ensure business continuity with read access to the vault even if connection to the server is interrupted  |
| Intelligent Search | Including options for advanced search | Detailed search including wildcards allows for quick retrieval of logins within a large vault |
| Individual vault | User-specific credentials | Allow for an individual vault that cannot be accessed by others |

### Secrets Management

| Feature | Detail | Impact |
|------|------|------|
| Secrets Management Option | i.e. non human interaction for certificates or API key handling | Availability of a secrets management platform for use cases beyond general password management |

### Passwordless for developers

| Feature | Detail | Impact |
|------|------|------|
| Passwordless and passkey infrastructure | Passkey software development kit to enable websites and enterprise apps | Rapidly transform your company to a passwordless organization, freeing employee and IT time to focus on their primary objectives |

### Compliance

| Feature | Detail | Impact |
|------|------|------|
| SOC 2 and SOC 3 reports | Third party audits | Audited validation of business practices |
| HIPAA | Including the option to sign a business associates agreement | Compliance for healthcare related companies  |
| GDPR | Data privacy | Assure data privacy |
| Annual security assessments | Network and security scans | Audited security reports showcase detailed attention to security  |
| Independent security researcher program | Such as HackerOne | Proactively identify potential issues |

### Purchasing

| Feature | Detail | Impact |
|------|------|------|
| Simple purchasing process | Direct or through channel | Easy to procure |
| Billed via invoice | 30-day terms | Flexibility of an invoiced model |
| Complimentary Family plan for Enterprise users | Employee benefit | Security at work and at home leads to better overall habits |

### Implementation

| Feature | Detail | Impact |
|------|------|------|
| Comprehensive documentation | Publicly accessible on web | Easily understand product operations and self-serve product knowledge |
| Online training | Pre-recorded and live | Provide accelerated ramp for administrators as well as end users |
| Onboarding templates | Admin enablement | Pre-built email templates facilitate employee onboarding |
| 24x7x365 Support | Business and end user | Support for Administrators and Users around the clock |
| Integration support | Deployment success | Detailed technical expertise ensures smooth deployments |

Have questions or comments on this list? Please contact us via [bitwarden.com/help.](https://bitwarden.com/en-gb/help/)

Want to see Bitwarden in action? Join our live demo via [bitwarden.com/weekly](https://bitwarden.com/en-gb/bitwarden-demo/).

## Get powerful, trusted password security now. Pick your plan.

## Personal

### Just getting started?

*Get basic password management today. Always free.*

[Create Free Account](https://bitwarden.com/go/start-free/)

---

### Premium

**$1.65** *per month*

*Billed annually at $19.80*

Enjoy premium features

- Integrated authenticator
- File attachments
- Emergency access
- Phishing blocker
- Security reports and more

Share vault items with one other user

[Create Premium Account](https://bitwarden.com/go/start-premium/)

---

### Families

**$3.99** *per month*

*Up to 6 users, billed annually at $47.88*

Secure your family logins

- 6 premium accounts
- Unlimited sharing
- Unlimited collections
- Organisation storage

Share vault items between six people

[Start Free Families Trial](https://bitwarden.com/go/start-families-trial/)

---

Pricing shown in USD and based on an annual subscription. Taxes not included.

## Business

### Teams

*For teams and growing companies that need to move quickly.*

**$4** *per month / per user, billed annually*

**No compromise**

All Premium features, plus advanced capabilities such as:

- Share credentials securely
- Audit activity with event logs
- Synchronise your existing directory
- Automate provisioning with SCIM

[Start Free Trial](https://bitwarden.com/go/start-teams-trial/)

---

### Enterprise

*For businesses that need advanced protection and control.*

**$6** *per month / per user, billed annually*

**Maximum protection**

All Premium and Teams features, plus enterprise-level capabilities such as:

- Granular access control
- Passwordless SSO integration
- Easy account recovery
- Flexibility to self-host
- Access Intelligence risk remediation [new]
- Free Families plan for all users

[Start Free Trial](https://bitwarden.com/go/start-enterprise-trial/)

---

### Talk to Sales

*For large organisations, talk to an expert about a tailored plan and learn how Bitwarden can:*

*per month*

- Reduce cyber security risk
- Boost productivity
- Integrate seamlessly

Bitwarden scales with businesses of any size to bring password security to your organisation

[Talk to Sales](https://bitwarden.com/talk-to-sales)

---

Pricing shown in USD and based on an annual subscription. Taxes not included.