Admin ConsoleManage MembersRevoke & Remove

Permanently Remove Access

Organization admins, owners, and some custom role members can remove members from an organization. Removing a member:

  • Does cut off all access to the organization and its data. Removed members would need to re-join the organization in order to re-gain access.

  • Does not delete their Bitwarden account in most cases. Removed members will be able to access their personally-owned vault items unless you take steps to delete their account.

  • Is automatically done for organizations using directory sync if the Remove disabled users during sync option is toggled on.

To remove members from your organization:

  1. In the Admin Console, navigate to the Members view.

  2. Select the users you want to remove from the organization and use the Options menu to Remove:

    Remove members
    Remove members
    tip

    If your organization has a claimed domain, the Remove option will instead be Delete if the user's account email address matches your claimed domain and will outright delete the account instead of only removing access to the organization:

    Delete claimed accounts
    Delete claimed accounts

Offline devices cache a read-only copy of data, including organization items. Some clients may retain access to this read-only data for a short period of time after a member is removed. If you anticipate malicious exploitation of this, credentials the member had access to should be updated when you remove them from the organization.

warning

For member accounts that do not have master passwords as a result of SSO with trusted devices:

  • Removing them from your organization will cut off all access to their Bitwarden account unless (i) they are assigned a master password using account recovery beforehand, and (ii) they log in with that master password at least once before being removed.

    These users will not be able to re-join your organization unless the above steps are taken before they are removed from the organization. If they aren't, each removed user will be required to delete their account and be issued a new invitation to create an account and join your organization.

  • Revoking access to the organization, but not removing them from the organization, will still allow them to log in to Bitwarden and access only their individual vault.