Provider Admin

Learn how to set up and manage your Provider Portal as an admin, including onboarding clients, configuring permissions, and overseeing your service team's access to client organizations.



tip

Prefer live training? Join a public

public training session



Demo





Learn more about becoming a Bitwarden MSP or reseller

here

1:36: Overview of Bitwarden Password Manager.
- 1:46: Bitwarden client apps.
- 2:15: How Bitwarden integrates with your tech stack.
- 4:53: Overview of terminology and concepts.
8:34: MSP architecture deep dive.
- 10:05: Your organization.
- 16:19: The Provider Portal.
- 23:13: Client organizations.
25:49: Manage your clients.
- 26:50: Manage policies.
- 27:43: Import data.
- 28:18: Set up SSO and SCIM.
29:00: Q&A.



Get started



Becoming a member of the Bitwarden Partner Program is quick and easy. Our partnership program has been designed to maximize your success across a wide range of shared priorities, strategic requirements, and customer benefits.

Get started today



note

Manage your organization separately—do not include it in your Provider Portal client list

If you're an admin joining an existing provider, use the provider invitation in your email inbox to log in or create a new Bitwarden account.



Your master password

During sign-up, you'll create a master password for logging in to Bitwarden. It's important that your master password is:

Memorable: Bitwarden employees and systems have no knowledge of, way to retrieve, or way to reset your master password. Do not forget your master password!
Strong: A longer, more complex, and less common password is the best way to protect your account. Bitwarden provides a free
password strength testing tool
to test the strength of some memorable passwords you are considering.



Every all-star Provider needs an all-star team. Start inviting your employees from the Manage → Members view to

round out your client management team

Services users can fully manage any client organizations, while Provider admins can do the same and additionally manage your Provider setup and billing. For protective redundancy, we recommend including at least one other Provider admin on your team.



Customer deployment guide

Use the following steps and best practices to deploy Bitwarden to your customers.



Define technical requirements and onboarding strategy for your customer's Bitwarden organization and environment.

Step	Topic	Action	Resources	Duration (hours)
1	Environment decision	Determine Cloud or Self-Hosted environment	Hosting FAQs	0.5
2	Authentication strategy	Determine if the customer will use Single Sign-On (SSO)	About SSO	0.25
3	Decryption method	If using Login with SSO, select Master Password or trusted devices for decryption	About trusted devices	0.25
4	Provisioning strategy	Select provisioning strategy like SCIM, directory connector, or manual provisioning.	Managing users	0.25
5	User identification	Identify users, teams, or departments for rollout groups		0.25
6	Training strategy	Identify groups and internal advocates who will attend training. Example: end users, service desk, admins		0.5
7	Document collection (sharing) strategy	Determine how collections will be configured. Considerations include: Will users be allowed to create collections? Will collections be configured by department, project, function? Will data be imported from another application, which often defines structure? Do Admin and Owner users get access to all shared items, or only the Managers of delegated Collections?	About collections	1
8	Policy planning	Select policies to be configured at launch	Policies	0.5
9	Rollout timeline	Determine invitation and onboarding mechanisms and timing		0.5
10	Internal communication	Create internal messaging or memo about Bitwarden rollout. Review Bitwarden templates to get a sense of the communications	Welcome email templates	1
11	Leadership communication	Communicate to internal leaders about Password Management Rollout Strategy		0.25



Set up the technical foundation and configure Bitwarden settings for your customer.

Step	Topic	Action	Resources	Duration (hours)
12	Organization owner	Identify the organization owner. The owner is the super-user that can control all aspects of your organization. Decide if you want the email to be associated with a specific user or a team inbox. Additionally, the best practice is two owner accounts for redundancy	Member roles	0.25
13	Enterprise policies	Configure Enterprise policies. Any policies should be enabled prior to user invitation. Be sure to check out the following policies: Account recovery administration Enforce organization data ownership Activate autofill	Policies	1
14	Collection management settings	Choose how collections will behave in the organization. These settings allow for a spectrum of full admin control to completely self-serve where users can create their own collections. These settings can be used to establish a policy of least privilege	Managing users	0.25
15	Co-managed environment	Add administrators or owners to the client organization to co-manage. Best practice is to configure a second owner for redundancy	Managing users	0.5
16	Create collections	Collections are where secure items are located and shared with groups of users	Collections	0.5
17	Create user groups	Creating user groups allows easy assignment of collections. If you decide to sync groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and group assignments later	Groups	0.5
18	Collection assignment	Assign groups to collections, making sure to test and demonstrate 'Read Only' and 'Hide Password' options	User types access control	0.5
19	Add items	Add items manually to test collections or import via CSV or JSON from another password management application	Collections	0.25
20	Login with SSO	If applicable, configure Login with SSO and organization identifier Configure to work with SAML 2.0 or OpenID Connect	Get started with SSO	1.5
21	Domain verification	if applicable, verify company and/or other email domains to allow your users to skip entering the Organization identifier during the Enterprise SSO process. Not necessary for non-SSO organizations	Domain verification	0.5



Deploy Bitwarden across your customer's teams and functions.

Step	Topic	Action	Resources	Duration (hours)
22	Technical cadence meeting	Plan implementation phase 3 with client		0.5
23	Add items to collections	Add items manually to production collections or import data from another password management application	About collections	0.25
24	Enterprise policies	Enterprise Policies can be used to tailor your Bitwarden Organization to fit your security needs. Enable and configure desired policies before user onboarding begins	Policies	0.1
25	Enforce organization data ownership	To take full advantage of reporting like Access Intelligence, consider turning on the Organizational data ownership policy. This ensures all items saved to Bitwarden are owned by the organization.	Enforce organization data ownership	0.1
26	Login with SSO	If applicable, configure Bitwarden to authenticate using your SAML 2.0 or OIDC Identity Provider	About SSO	1.5
27	Early users	Add a set of users to the client organization manually and assign them to different groups. With these users, you'll broadly test all pre-configured functionality in the next step, before moving on to advanced functions like Directory Connector. Share the attached onboarding workflow instructions with the users	Managing users - Invite Onboarding Workflows	0.5
28	SIEM integration	If applicable, connect Bitwarden to customer's SIEM tool	SIEM	0.5
29	Bitwarden clients	All Organization members added for the pilot group should download Bitwarden on an assortment of devices, login, and test access to shared items via collections. They should test the proper implementation of policies.	Download	0.5
30	Deploy client applications	Configure your application management or MDM tooling to prepare for mass deployment of Bitwarden applications	Deploy client applications	0.5
31	Disable built-in password manager	Make Bitwarden Password Manager the default password manager and turn off built-in browser solutions. Educate users how to do the same when onboarded	Disable built-in password manager	0.25
32	Test user onboarding	Configure and test Bitwarden SCIM or Directory Connector integrations to automatically sync users and groups	About SCIM About Directory Connector	1.5
33	User onboarding	Execute on SCIM or Directory Connector syncing to invite additional users in groups to the organization. Share the attached onboarding workflow instructions with the users	About SCIM About Directory Connector Onboarding Workflows	1



Train all users and stakeholders on how to use Bitwarden and provide continuing education.

Step	Topic	Action	Resources	Duration (hours)
33	Admin training	Provide essential day-to-day task training for administrative users with the addition of any special topics requested Example special topics include, but are not limited to: Demonstrating the configured SSO login flow User onboarding and offboarding Custom roles	Get to know the Admin Console Bitwarden for business admins	0.75
34	Service desk training	Advise service desk users on their role/operations. Review what tasks can be done with the custom role and what require admin intervention		0.75
35	Team member training	A general training session for end users will cover: Bitwarden for all devices Setting up the Bitwarden Browser Extension Creating your account Getting to know the Bitwarden vault How to use the Bitwarden Password Manager Bitwarden Send	Get to know your vault Get to know Password Manager	0.75
36	Ongoing education	All users can take advantage of monthly new and updated learning content in the Bitwarden Learning Center	Learning	0.75