Deploying Bitwarden as an MSP
If you are looking for information about the Bitwarden Partner Program, look no further. Bitwarden supports a reseller and managed service provider (MSP) model. You can get started right away (no formal agreement needs to be signed).
This article details one recommended configuration to set partners and their customers up for success, as well as addresses some common questions about our Partner Program.
Create an Organization
Bitwarden Organizations are used for sharing items across multiple users.
An MSP or the client can create an Organizational Vault for the business (Business X). Organizational Vaults will contain the business-specific Logins, Cards, Identity, and Notes.
Some MSPs choose to create the Organization on behalf of their client as a value added service. If the client chooses to launch the Organization, make sure to designate an owner and administrator from the MSP team.
Once the Organization is configured, you should invite other administrators to join. This is an important step for setting a foundation of security for the MSP team, as well as the client team.
Note: Adding a new user to an Organization involves three steps: Invite, Accept, and Confirm. Give users a heads-up once Invite emails are sent, so they are aware they need to accept the invitation to join the Organization.
Administrators can access and manage all Items, Collections, and users in the Organization. You’ll want to share your administrative duties with another person, especially if you have a large number of users.
Continue to create an Organization for each of your clients (Business Y, Business Z).
You will need to select a Subscription Plan for each Organization–either Teams or Enterprise, depending on which features and functionality will suit the client’s needs. For the most robust set of business features, we recommend Enterprise Plans.
Note: An Organization could be a team, company, department, or any other type of group that desires to share items.
Read more: Password Sharing with Organizations
Assign an Administrative Seat to Every Organization
Once an Organization is created for each business, assign one or multiple seats as an Administrative Seat for each Organization. This administrative seat allows MSPs to maintain the account, processes, and organize passwords on behalf of clients.
Further, this administrative role on behalf of a client enables MSPs to provide a wide range of value added services to clients. Some of these services may include Organization design and implementation, onboarding training, Directory services, groups and collection management, and others.
Multiple owners can be assigned to an Organization. We recommend this approach of multiple owners and administrators for redundancy and full coverage.
Once an Organization is configured, start adding passwords and then organizing passwords into Collections.
Collections are a set of related items, such as logins, shared within an Organization’s Vault. Managing Collections is a simple way to separate, grant, or limit access to Vault items in Bitwarden, thereby controlling user visibility of resources.
Share items by creating them within the Organizational Vault, or creating them in a Personal Vault and then sharing them with the Organization. We recommend the former, starting in the Organizational Vault, and putting passwords into a Collection as soon as possible.
Read more: Share within an Organization
These user management strategies apply to MSPs as well as end-users and Clients.
Onboarding and Deprovisioning
Adding a new user to an Organization involves three steps: Invite, Accept, and Confirm. To remove a user from an Organization, select the Remove option from the options menu for that user.
Read more: Managing Users for your Organization
Adding and Removing User Seats
Administrators and owners can add or remove user seats at any time.
Read more: User Seat Management for your Organization
Syncing Users and Groups with a Directory
The Bitwarden Directory Connector synchronizes with outside directories of users and/or groups. This function can save time by automatically provisioning and deprovision users, groups, and group associations from the existing user directory.
Directory Sync can be configured on a per-Organization basis.
Read more: Syncing Users and Groups with a Directory
Best Practices and Other Information
Pricing for Partners
Whether you’re reselling or using Bitwarden on behalf of clients, Bitwarden offers a transparent pricing model. Price is based on per user per month, and is not dependent on the deployment method (cloud, private cloud, or self-host). Volume discounts start at 500 seats.
Bitwarden will invoice based on Organization Seats for yearly subscriptions and an invoice will be sent to the Billing Contact on your Account. With many of our MSPs, they add on or charge for additional services, so they prefer to handle billing their own clients.
Partners have complete flexibility for how they want to structure additional services for Clients. Some examples of services are organization consulting and implementation, onboarding training, Collections management, Support, and Reporting. If you’d like to see an example of how to structure an invoice for your client, contact us.
One of the best parts about Bitwarden is that end-users can access it anytime, anywhere, from any device and any platform.
Encourage clients and end-users to download Bitwarden for the operating systems and browsers they use the most.
Bitwarden is easy-to-use no matter if you are highly technical or more of a typical computer user. There are many training videos on the Bitwarden YouTube channel.
Additionally, Bitwarden hosts webcasts, demos, and Vault hours (our version of “office hours”) to regularly keep in touch with our customers and provide educational opportunities. Stay up-to-date on these events by following us on Twitter.
Company Credentials and Personal Credentials
Bitwarden recommends every end-user take advantage of their personal Vault to store their private information and secrets.
Company credentials should be stored in the Organizational Vault and put into a Collection appropriate for team use. Personal credentials should be stored in personal Vaults. This way, if an end-user parts way with the company, both parties can ensure smooth success. The employee retains access to their personal items, but will not have access to Organizational items.