Bitwarden for Enterprise Features Datasheet
This document describes and references the features available to Bitwarden Enterprise Organizations in several categories:
Application Range and Ease-of-use
Enterprise Features | Description |
|---|---|
Deployment Options | Cloud, Private Cloud, and Self-hosted. |
Web Application | Fully encrypted cloud web app at https://vault.bitwarden.com, or on your self-hosted server |
Mobile Apps (with Mobile Login Controls) | Available for iOS and Android. Learn more. |
Browser Extensions | Available for Chrome, Firefox, Opera, Edge, Vivaldi, Brave, Tor, and Safari. Learn more. |
Desktop Applications | Available for Windows, Mac, and Linux. Learn more. |
Command-line Interface | Available for Windows, Mac, and Linux. Learn More. |
Administrative Features and Capabilities
Enterprise Features | Description |
|---|---|
Simple user management | Add or remove seats and onboard or offboard users directly from the Web Vault. Learn more. |
Role based access control | Assign role-based access for Organization users, including a custom role and granular permissions (e.g. Hide Passwords, Read-Only). Learn more. |
Directory sync | Synchronize your Bitwarden Organization with your existing user directory. Provision and deprovision users, groups, and group associations. Learn more. |
SCIM support | Use the SCIM protocol to manage and provision Bitwarden users, groups, and group associations from your Identity Provider or directory service for easy onboarding and employee succession. Learn more. |
Account recovery administration | Designated administrators can reset Master Password of end-user accounts if an employee loses or forgets their Master Password. Learn more. |
Collections with curated access | Create an unlimited amount of password collections containing an unlimited amount of passwords. Collections can be assigned to groups or individual users. Learn more. |
Enterprise policies | Enforce security rules for all users, for example mandating use of Two-step Login. Learn more. |
Temporary password sharing and generation | Create and share ephemeral data using Bitwarden Send. Learn more. |
Complimentary Families plan for users | All enterprise users receive a complimentary family plan for personal use to practice good security habits outside of the workplace. Learn more. |
Reporting
Enterprise Features | Description |
|---|---|
Vault health reports | Run reports for Exposed Passwords, Reused Passwords, Weak Passwords, and more. Learn more. |
Data breach reports | Run reports for data compromised in known breaches (e.g. Email Addresses, Passwords, Credit Cards, DoB, etc.). Learn more. |
Event logs | Get time stamped records of events that occur within your Organization Vault for easy use in the Web Vault or ingestion by other systems. Learn more. |
Authentication
Enterprise Features | Description |
|---|---|
2FA for individuals | A robust set of 2FA options for any Bitwarden user. Learn more. |
2FA at organization-level | Enable 2FA via Duo for your entire Organization. Learn more. |
Biometric authentication | Available for: |
SSO with trusted devices | SSO with trusted devices allows users to authenticate using SSO and decrypt their vault using a device-stored encryption key, eliminating the need to enter a master password. Learn more. |
Login with SSO | Leverage your existing Identity Provider to authenticate your Bitwarden Organization users via SAML 2.0 or OpenID Connect (OIDC). Learn more. |
SSO with customer managed encryption | Employees use their SSO credentials to authenticate and decrypt all in a single step. This option shifts retention of the users master passwords to companies requiring the business to deploy a key connector to store the user keys. Learn more. |
Security
Enterprise Features | Description |
|---|---|
Secure storage for Logins, Notes, Cards, and Identities | Bitwarden Vault items are encrypted before being stored anywhere. Learn more. |
Zero knowledge encryption | All Vault data is end-to-end encrypted. Learn more. |
Secure username and password Generator | Generate secure, random, and unique credentials for every Vault item. Available on web and in-app. Learn more. |
Encrypted export | Download encrypted exports for secure storage of Vault data backups. Learn more. |
Biometric authentication | Available for: |
Emergency access | Users can designate and manage trusted emergency contacts, who may request access to their Vault in case of emergency. Learn more. |
Account fingerprint phrase | Security measure that uniquely and securely identifies a Bitwarden user account when encryption-related or onboarding operations are performed. Learn more. |
Subprocessors | See our full list of subprocessors: Bitwarden Subprocessors. |
Compliance, Audits, Certifications
Enterprise Features | Description |
|---|---|
SOC 2 Type II and SOC 3 | |
Security and compliance assessments | Bitwarden invests in annual third party audits, security assessments, and other compliance standards. All reports are available on the Bitwarden compliance page. |
GDPR, CCPA, HIPAA, & Privacy Shield | |
White-box testing | Performed by unit tests and QA engineers. |
Black-box testing | Performed via automation and manual testing. |
Bug Bounty Program | Conducted through HackerOne. Learn more. |
APIs and Extensibility
Enterprise Features | Description |
|---|---|
Programmatically accessible | Public and Private APIs for Organizations. Learn more. |
Command line interface | Fully featured and self-documented command-line tool. Learn more. |
Extensibility support | Automate workflows by combining API and CLI. |
Resiliency
Enterprise Features | Description |
|---|---|
Local cache & offline access |