Manage your Organization
note
For a complete Bitwarden onboarding overview, please review this guide for more information.
As an organization using Secrets Manager, you'll share many of the tools originally used by Password Manager. This article covers these common areas and links to share documentation where appropriate.
note
If you're brand new to Bitwarden organizations, we recommend checking out our article on getting started as an organization administrator.
Policies allow Enterprise organizations to enforce security rules for their members, for example mandating use of two-step login. While some policies apply primarily to Password Manager, there are a handful of policies that are broadly applicable to users of Secrets Manager:
tip
If you're new to Bitwarden, we recommend setting policies before onboarding your users.
User management for Secrets Manager organizations is similar to organizations using Password Manager, however some Secrets Manager-specific elements include granting organization members access to Secrets Manager, member role differences, and specifying user seats and machine accounts.
There are a few different methods of onboarding users to your Bitwarden organization. Some of the commonly used methods are highlighted here:
Manual
The Bitwarden web vault provides a simple and intuitive interface for inviting new users to join your organization. This method is best for small organizations or those that aren't using directory services like Azure AD or Okta. Learn how to get started.
SCIM
Bitwarden servers provide a SCIM endpoint that, with a valid SCIM API Key, will accept requests from your identity provider for user and group provisioning and de-provisioning. This method is best for larger organizations using a SCIM-enabled directory service or IdP. Learn how to get started.
Directory Connector
Directory Connector automatically provisions users and groups in your Bitwarden organization by pulling from a selection of source directory services. This method is best for larger organizations using directory services that don't support SCIM. Learn how to get started.
Once onboarded, give individual members of your organization access to Secrets Manager:
Open your organization's Members view and select the members your want to give access to Secrets Manager.
Using the
menu, select Activate Secrets Manager to grant access to selected members:For organizations self-hosting, this step must be repeated in the self-hosted instance as well.
Add Secrets Manager users
tip
Giving members access to Secrets Manager won't automatically give them access to stored projects or secrets. You'll need to assign people or groups access to the projects next.
The following table outlines what each member role can do within Secrets Manager. During the beta, users have the same member role for Secrets Manager that they're assigned for Password Manager:
Member role | Description |
---|---|
User | Users can create their own secrets, projects, machine accounts, and access tokens. They can edit these objects once created. Users must be assigned to projects or machine accounts in order to interact with existing objects, and can be given Can read or Can read, write access. |
Admin | Admins automatically have Can read, write access to all secrets, projects, machine accounts, and access tokens. Admins can assign themselves access to Secrets Manager and assign other members access to Secrets Manager. |
Owner | Owners automatically have Can read, write access to all secrets, projects, machine accounts, and access tokens. Owners can assign themselves access to Secrets Manager and assign other members access to Secrets Manager. |
note
Custom roles are not currently scoped with options for Secrets Manager, however can still be used to assign specific Password Manager or broader organization capabilities.
Groups relate together individual members and provide a scaleable way to access access to and permissions for specific projects. When adding new members, add them to a group to have them automatically inherit that group's configured permissions. Learn more.
Once groups are created in the admin console, assign them to projects from the Secrets Manager web app.