Provider Admin
Learn how to set up and manage your Provider Portal as an admin, including onboarding clients, configuring permissions, and overseeing your service team's access to client organizations.
tip
You can also view a demo, browse deployment instructions, or join a public MSP training session.
Get started
Becoming a member of the Bitwarden Partner Program is quick and easy. Our partnership program has been designed to maximize your success across a wide range of shared priorities, strategic requirements, and customer benefits. Get started today.
note
Manage your organization separately—do not include it in your Provider Portal client list
If you're an admin joining an existing provider, use the provider invitation in your email inbox to log in or create a new Bitwarden account.
Your master password
During sign-up, you'll create a master password for logging in to Bitwarden. It's important that your master password is:
Memorable: Bitwarden employees and systems have no knowledge of, way to retrieve, or way to reset your master password. Do not forget your master password!
Strong: A longer, more complex, and less common password is the best way to protect your account. Bitwarden provides a free password strength testing tool to test the strength of some memorable passwords you are considering.
The Provider Portal is an all-in-one management experience that enabled providers to manage customers' Bitwarden organizations at scale. It streamlines administration tasks by centralizing access and support for each client, as well as allowing you to create new ones as your business grows:
Every all-star Provider needs an all-star team. Start inviting your employees from the Manage → Members view to round out your client management team:
Services users can fully manage any client organizations, while Provider admins can do the same and additionally manage your Provider setup and billing. For protective redundancy, we recommend including at least one other Provider admin on your team.
As a Provider admin, you'll have the ability to fully manage all aspects of a client organization on behalf of your customers, including setting up their collection and group structure, importing data, and setting up policies and SSO.
Learn how to create new Client Organizations and take a look at the first steps toward configuring a successful Client Organization.
As a Provider admin, one of your key roles will be to manage the subscriptions and seat counts of your client organizations. Learn more here.
Client organizations allow your customers to securely share passwords, credit cards, and more, and give you the tools to manage these things on their behalf. There's a lot you can do, but here are some key day-to-day tasks you'll tackle as a Provider.
Watch a demo
Learn more about becoming a Bitwarden MSP or reseller here.
1:36: Overview of Bitwarden Password Manager.
1:46: Bitwarden client apps.
2:15: How Bitwarden integrates with your tech stack.
4:53: Overview of terminology and concepts.
8:34: MSP architecture deep dive.
10:05: Your organization.
16:19: The Provider Portal.
23:13: Client organizations.
25:49: Manage your clients.
26:50: Manage policies.
27:43: Import data.
28:18: Set up SSO and SCIM.
29:00: Q&A.
Customer deployment guide
Use the following steps and best practices to deploy Bitwarden to your customers.
Define technical requirements and onboarding strategy for your customer's Bitwarden organization and environment.
Step | Topic | Action | Resources | Duration (hours) |
|---|---|---|---|---|
1 | Environment decision | Determine Cloud or Self-Hosted environment | 0.5 | |
2 | Authentication strategy | Determine if the customer will use Single Sign-On (SSO) | 0.25 | |
3 | Decryption method | If using Login with SSO, select Master Password or trusted devices for decryption | 0.25 | |
4 | Provisioning strategy | Select provisioning strategy like SCIM, directory connector, or manual provisioning. | 0.25 | |
5 | User identification | Identify users, teams, or departments for rollout groups | 0.25 | |
6 | Training strategy | Identify groups and internal advocates who will attend training. Example: end users, service desk, admins | 0.5 | |
7 | Document collection (sharing) strategy | Determine how collections will be configured. Considerations include: | 1 | |
8 | Policy planning | Select policies to be configured at launch | 0.5 | |
9 | Rollout timeline | Determine invitation and onboarding mechanisms and timing | 0.5 | |
10 | Internal communication | Create internal messaging or memo about Bitwarden rollout. Review Bitwarden templates to get a sense of the communications | 1 | |
11 | Leadership communication | Communicate to internal leaders about Password Management Rollout Strategy | 0.25 |
Set up the technical foundation and configure Bitwarden settings for your customer.
Step | Topic | Action | Resources | Duration (hours) |
|---|---|---|---|---|
12 | Organization owner | Identify the organization owner. The owner is the super-user that can control all aspects of your organization. Decide if you want the email to be associated with a specific user or a team inbox. Additionally, the best practice is two owner accounts for redundancy | 0.25 | |
13 | Enterprise policies | Configure Enterprise policies. Account recovery administration Enforce organization data ownership Activate autofill | 1 | |
14 | Collection management settings | Choose how collections will behave in the organization. These settings allow for a spectrum of full admin control to completely self-serve where users can create their own collections. These settings can be used to establish a policy of least privilege | 0.25 | |
15 | Co-managed environment | Add administrators or owners to the client organization to co-manage. Best practice is to configure a second owner for redundancy | 0.5 | |
16 | Create collections | Collections are where secure items are located and shared with groups of users | 0.5 | |
17 | Create user groups | Creating user groups allows easy assignment of collections. If you decide to sync groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and group assignments later | 0.5 | |
18 | Collection assignment | Assign groups to collections, making sure to test and demonstrate 'Read Only' and 'Hide Password' options | 0.5 | |
19 | Add items | Add items manually to test collections or import via CSV or JSON from another password management application | 0.25 | |
20 | Login with SSO | If applicable, configure Login with SSO and organization identifier | 1.5 | |
21 | Domain verification | if applicable, verify company and/or other email domains to allow your users to skip entering the Organization identifier during the Enterprise SSO process. Not necessary for non-SSO organizations | 0.5 |
Deploy Bitwarden across your customer's teams and functions.
Step | Topic | Action | Resources | Duration (hours) |
|---|---|---|---|---|
22 | Technical cadence meeting | Plan implementation phase 3 with client | 0.5 | |
23 | Add items to collections | Add items manually to production collections or import data from another password management application | 0.25 | |
24 | Enterprise policies | Enterprise Policies can be used to tailor your Bitwarden Organization to fit your security needs. | 0.1 | |
25 | Login with SSO | If applicable, configure Bitwarden to authenticate using your SAML 2.0 or OIDC Identity Provider | 1.5 | |
26 | Early users | Add a set of users to the client organization manually and assign them to different groups. With these users, you'll broadly test all pre-configured functionality in the next step, before moving on to advanced functions like Directory Connector. Share the attached onboarding workflow instructions with the users | 0.5 | |
27 | SIEM integration | If applicable, connect Bitwarden to customer's SIEM tool | 0.5 | |
28 | Bitwarden clients | All Organization members added for the pilot group should download Bitwarden on an assortment of devices, login, and test access to shared items via collections. They should test the proper implementation of policies. | 0.5 | |
29 | Deploy client applications | Configure your application management or MDM tooling to prepare for mass deployment of Bitwarden applications | 0.5 | |
30 | Disable built-in password manager | Make Bitwarden Password Manager the default password manager and turn off built-in browser solutions. Educate users how to do the same when onboarded | 0.25 | |
31 | Test user onboarding | Configure and test Bitwarden SCIM or Directory Connector integrations to automatically sync users and groups | 1.5 | |
32 | User onboarding | Execute on SCIM or Directory Connector syncing to invite additional users in groups to the organization. Share the attached onboarding workflow instructions with the users | 1 |
Train all users and stakeholders on how to use Bitwarden and provide continuing education.
Step | Topic | Action | Resources | Duration (hours) |
|---|---|---|---|---|
33 | Admin training | Provide essential day-to-day task training for administrative users with the addition of any special topics requested | 0.75 | |
34 | Service desk training | Advise service desk users on their role/operations. | 0.75 | |
35 | Team member training | A general training session for end users will cover: | 0.75 | |
36 | Ongoing education | All users can take advantage of monthly new and updated learning content in the Bitwarden Learning Center | 0.75 |
Suggest changes to this page
How can we improve this page for you?
For technical, billing, and product questions, please contact support