Bitwarden for Enterprise - Feature List

Category: Plans and Pricing
On this page:
    Application range and ease-of-use  
    Wide download and deployment options Cloud, private cloud, self-hosted, mobile, desktop, CLI
    Mobile Apps (with Mobile Login Controls) Available for iOS and Android
    Browser extensions Chrome, Firefox, Opera, Edge, Vivaldi, Brave, Tor, Safari
    Desktop applications Windows, Mac, Linux
    Web Vault Fully encrypted web application at
    Streamlined UI design  
    Administrative features and capabilities  
    Directory Connector Synchronize with your existing directory. Provision, de-provision users, groups, group associations
    User type access controls Custom role, granular controls (hide passwords, read only), password inheritance and custodianship, LDAP group permissions, Personal and Company Vaults
    User management Add/remove seats, onboard/offboard users (flags and assistance)
    Secure storage for Logins, Notes, Cards, and Identities Bitwarden Vault items
    Secure password generator Generate secure, random passwords
    Encrypted export Download encrypted exports from Bitwarden clients
    Biometrics, mobile Android (Google Play or FDroid); iOS (Touch ID, Face ID)
    Biometrics, desktop Windows (Windows Hello using PIN, Facial Recognition, or other hardware that meets Windows Hello biometric requirements); macOS (Touch ID)
    Biometrics, browser extensions Chromium-based browsers (Chrome, Edge, Opera, Brave, etc.), Firefox 87+, and Safari 14+
    Emergency Access Users can designate and manage trusted emergency contacts
    Zero knowledge encryption All Vault data is end-to-end encrypted
    Account fingerprint phrase Uniquely and securely identifies a Bitwarden user account when encryption-related operations are performed.
    Subprocessors Full list:
    Two factor authentication
    Login with SSO Use your existing Identity Provider to perform authentication for Bitwarden via SAML or OPENID
    Two-step login Duo for Organizations
    Touch ID/ Windows Hello Support Configure Bitwarden to accept biometrics was a method to unlock your Vault
    Compliance, Audits, Certifications  
    SOC 2 Type 2
    2018 Security Assessment
    2020 Security Assessment
    White box testing Performed by unit tests and QA Engineers
    Black box testing Performed via automation or manual testing
    Bug bounty program HackerOne
    GDPR, CCPA, HIPAA, Privacy Shield
    Vault Health reports Exposed passwords, reused passwords, weak passwords, and more
    Data breach reports compromised data (email addresses, passwords, credit cards, DoB, etc.) in known breaches
    Event logs User, item, collection, group, organization events
    Directory integration  
    Bitwarden Directory Connector Sync with Active Directory or LDAP, Azure, G Suite, Okta, OneLogin
    Single Sign On (SSO)  
    SAML 2.0 Enabling login with SSO for SAML 2.0
    OIDC Enabling login with SSO for OpenID Connect
    Link existing account Link existing account to SSO
    Vault access Authenticate Vault using SSO
    APIs and Extensibility  
    Programmatically accessible Public and private APIs
    Command line interface Public and private APIs Fully featured CLI client application
    Extensibility Plug-in and extension supports Output log data via the API, automate workflows with the API and CLI
    Technical implementation  
    Passwords stored encrypted in-memory until revealed
    Strong and flexible password generation Configurable password generator. Policy for Password Generator strength
    Vendor cannot access passwords Bitwarden employs a zero-knowledge encryption model with no ability to see customer vault data
    Confirming to cryptography standards
    Local cache/offline access
    Temporary password sharing and generation
    Auto clear clipboard after copying a password
    Duplicate password detection