Secrets ManagerGet Started

Manage your Organization

note

For a complete Bitwarden onboarding overview, please review this guide for more information.

As an organization using Secrets Manager, you'll share many of the tools originally used by Password Manager. This article covers these common areas and links to share documentation where appropriate.

note

If you're brand new to Bitwarden organizations, we recommend checking out our article on getting started as an organization administrator.

Enterprise policies

Policies allow Enterprise organizations to enforce security rules for their members, for example mandating use of two-step login. While some policies apply primarily to Password Manager, there are a handful of policies that are broadly applicable to users of Secrets Manager:

tip

If you're new to Bitwarden, we recommend setting policies before onboarding your users.

User management

User management for Secrets Manager organizations is similar to organizations using Password Manager, however some Secrets Manager-specific elements include granting organization members access to Secrets Manager, member role differences, and specifying user seats and machine accounts.

Onboarding

There are a few different methods of onboarding users to your Bitwarden organization. Some of the commonly used methods are highlighted here:

Manual

The Bitwarden web vault provides a simple and intuitive interface for inviting new users to join your organization. This method is best for small organizations or those that aren't using directory services like Azure AD or Okta. Learn how to get started.

SCIM

Bitwarden servers provide a SCIM endpoint that, with a valid SCIM API Key, will accept requests from your identity provider for user and group provisioning and de-provisioning. This method is best for larger organizations using a SCIM-enabled directory service or IdP. Learn how to get started.

Directory Connector

Directory Connector automatically provisions users and groups in your Bitwarden organization by pulling from a selection of source directory services. This method is best for larger organizations using directory services that don't support SCIM. Learn how to get started.

Access to Secrets Manager

Once onboarded, give individual members of your organization access to Secrets Manager:

  1. Open your organization's Members view and select the members your want to give access to Secrets Manager.

  2. Using the menu, select Activate Secrets Manager to grant access to selected members:

    • For organizations self-hosting, this step must be repeated in the self-hosted instance as well.

      Add Secrets Manager users
      Add Secrets Manager users
tip

Giving members access to Secrets Manager won't automatically give them access to stored projects or secrets. You'll need to assign people or groups access to the projects next.

Member roles

The following table outlines what each member role can do within Secrets Manager. During the beta, users have the same member role for Secrets Manager that they're assigned for Password Manager:

note

Custom roles are not currently scoped with options for Secrets Manager, however can still be used to assign specific Password Manager or broader organization capabilities.

Groups

Groups relate together individual members and provide a scaleable way to access access to and permissions for specific projects. When adding new members, add them to a group to have them automatically inherit that group's configured permissions. Learn more.

Once groups are created in the admin console, assign them to projects from the Secrets Manager web app.