Business Unit Portal Quick Start

As the Business Unit Portal owner, you will be automatically given admin status, allowing you to fully manage all aspects of Business Unit organizations. Bitwarden strongly recommends that you provision additional admins for failover purposes.

Now, begin adding your employees as service users, which will allow them to administer all Business Unit organizations and create new ones, or manage the unit itself.

1. Invite users. From the Business Unit Portal  Manage → Members tab, invite users as service users (or invite additional admins):
   
   

   

2. Instruct users to accept invites. Invited users will receive an email from Bitwarden inviting them to join the Business Unit. Inform users that they should expect an invitation and that they will need to Log In with an existing Bitwarden account or Create Account to proceed.
   
   

   

3. Confirm accepted invitations. To complete the secure onboarding of your users, confirm accepted invitations from the Business Unit Portal People tab:
   
   

   

With the assembled team of service users, you're ready to start setting up Business Unit organizations.

Business Unit organizations are any organization that is attached to or administered by the Business Unit Portal. To your users, there's no difference between a "Business Unit" organization and a "regular" organization, except who is conducting the administration.

Organizations relate Bitwarden users and vault items together for secure sharing of logins, cards, notes, and identities. Organizations have a view, the Admin Console, where service users can manage the organization's collections, manage members and groups, run reporting, import data, and configure organization settings:

Members of a Business Unit organization will find shared items in the Vaults view alongside individually-owned items, as well as several methods for filtering the item list to only organization items or items in particular collections:

To create a new Business Unit organization, you must be as a Business Unit Admin. Navigate to the  Clients tab of the Business Unit Portal and select the  New button:

With your newly-created Business Unit organization, start building the perfect solution for your users. Exact setup will be different for each Business Unit organization based on your needs, but will typically involve:

1. Create collections. A good first step is to create a set of collections, which provide an organizing structure for the vault items you will add to the vault in the next step.
   

   Common collections patterns include Collections by Department (for example, users in the client's Marketing Team are assigned to a Marketing collection) or Collections by Function (for example, users from the client's Marketing Team are assigned to a Social Media collection):
   

   

2. Import data. Once the structure of how you will store vault items is in place, you can begin importing data to the organization.
   

   note

   Note that, as a service user, you will not be able to directly view, create, or manage individual items.

3. Configure enterprise policies. Before beginning the user management portion of setup, configure enterprise policies in order to set rules-of-use for things such as master password complexity, use of two-step login, and admin password reset.
   

   note

   Enterprise policies are only available to Enterprise organizations.

4. Setup login with SSO. If your business unit uses single sign-on (SSO) to authenticate with other applications, connect Bitwarden with their IdP to allow authentication with Bitwarden using end-users' SSO credentials.

5. Create user groups. For teams and enterprise organizations, create a set of groups for scalable permissions assignment. When you start adding users, add them to groups to have each user automatically inherit the group's configured permissions (for example, access to which collections). One common group-collection pattern is to create Groups by Department and Collections by Function, for example:
   

   

With the infrastructure for secure and scalable sharing of credentials in place, you can begin inviting users to the organization. Onboarding users to Bitwarden can be accomplished in three ways, depending on the size of your Business Unit:

1. For smaller units, you can send email invitations to users from the Admin Console  Members view:
   

   

2. For larger units who leverage an IdP such as Azure AD, Okta, OneLogin, or JumpCloud, use SCIM to automatically provision users.

3. For larger units who leverage a directory service (Active Directory, LDAP, Okta, and more), use Directory Connector to sync organization users from the source directory and automatically issue invitations.

Regardless of whether you have invited users from the organization vault, using SCIM, or using Directory Connector, the same three-step process (Invite → Accept → Confirm) that you followed when onboarding service users will apply here as well.

Business Unit Portal access to managed organizations is currently available for cloud-hosted environments only. To provide administrative services for a self-hosted instance, an additional service seat will need to be purchased to manage the self-hosted instance. For more information, see managing self-hosted organizations.