--- URL: https://bitwarden.com/it-it/help/about-collections/ --- # About Collections Collections group together related logins, notes, cards, and identities for [secure sharing](https://bitwarden.com/it-it/help/sharing/) within an organization. Collections can be created and managed by any organization type. Collections are organization-equivalents to [folders](https://bitwarden.com/it-it/help/folders/), with a few key differences: - Organizations can define [access to collections](https://bitwarden.com/it-it/help/collection-permissions/), allowing users or [groups](https://bitwarden.com/it-it/help/about-groups/) to access only the items they need. - Items stored in an organization's collections(s) do not belong to any individual user, but rather to the organization. - Organization-owned items **must** be included in at least one collection. Your vault centralizes everything you have access to, like collections, [shared items](https://bitwarden.com/it-it/help/sharing/), and personal items. To open a specific collection, select it from the vault's filter menu: ![Open collection](https://bitwarden.com/assets/3uvlVv4JZdBPVkC6yQtmlB/e27ac5ec3d8fe46dbefdae0377144505/Open_collection.png) *Open collection* ## Nested collections When you nest a collection, it becomes hierarchically organized under another collection. Select where to **Nest your collection under** when you first create it or later by going to **Collections** → ⋮ **icon** →**Edit info**: ![Nested collection](https://bitwarden.com/assets/4WE9iu5h5WwMh2hTbMV0Q6/f3cfc507b06de6e8243a76685d598066/Nested_collection.png) *Nested collection* This only changes how your collection list appears in the filter column. Nested collections don't inherit items, access, or permissions from their "parent" collection. ## Next steps - [Create a collection](https://bitwarden.com/it-it/help/create-collections/) that you can add shared items to. - [Share items with organization members](https://bitwarden.com/it-it/help/sharing/) through your new collection. - [Assign groups and members](https://bitwarden.com/it-it/help/assign-users-to-collections/) access to your new collection. - [Configure the permissions](https://bitwarden.com/it-it/help/collection-permissions/) your groups and members have to the collection. - [Configure collection management settings](https://bitwarden.com/it-it/help/collection-management/) for your organization. --- URL: https://bitwarden.com/it-it/help/about-groups/ --- # Groups ## What are groups? Groups relate together individual members and provide a scalable way to assign access to and [permissions](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/) for specific [collections](https://bitwarden.com/it-it/help/about-collections/). When [onboarding new members](https://bitwarden.com/it-it/help/managing-users/), add them to a group to have them automatically inherit that group's configured permissions. > [!NOTE] Groups available to teams and enterprise organizations > Groups are available to [Teams and Enterprise organizations](https://bitwarden.com/it-it/help/about-organizations/#types-of-organizations/). ### Using groups Organizations can designate access to [collections](https://bitwarden.com/it-it/help/about-collections/) based on member groups, rather than individual members. Group-collection associations provide a deep level of access control and scalability to sharing resources. One common group-collection methodology is to create **Groups by Department** and **Collections by Function**, for example: ![Using Collections with Groups](https://bitwarden.com/assets/1WzkMkukq1i1mueOQP81JC/e6ba38466c2612b64b15344040fea1dd/collections-graphic-2.png) Other common methodologies include **Collections by Vendor or System** (for example, members in an **Engineering** group are assigned to a **AWS Credentials** collection) and **Groups by Locality** (for example, members are assigned to a **US Employees** group or **UK Employees** group). ## Create a group Organization [admins (or higher)](https://bitwarden.com/it-it/help/user-types-access-control/) and [provider users](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/) can create and manage groups. To create a group: 1. Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Navigate to **Groups** and select the + **New Group** button: ![Nuovo gruppo](https://bitwarden.com/assets/FefJG4qBRiWkTzsxBKfm6/53093b4dd48e534cdde9f3e249d3c382/2024-12-03_14-22-27.png) 3. On the **Group info** tab, give your group a **Name.** > [!TIP] External ID (Org Entities) > The **External Id** field is only relevant if you are using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) and will be visible in the dialogue when configured using [SCIM](https://bitwarden.com/it-it/help/about-scim/), Directory Connector, or the API. 4. On the **Members**tab, assign members to the group. 5. On the **Collections**tab, assign collections to group. For each collection, select the desired [permissions](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/): ![Collections permissions](https://bitwarden.com/assets/1NP5OrGCAVOZmkxfGjhU2h/7c0375c7f8f8540863a5391b0062454a/2024-12-03_14-23-45.png) Permissions can designate that members can either view-only or edit items in the collection, as well as whether they can manage access to the collection and whether [passwords are hidden](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/). 6. Select **Save** to finish creating your group. ### Edit members assignments Once your groups are created and configured, add members to them: 1. In the Admin console, open the **Groups** view. 2. For the group you want to edit, use the ⋮ options menu to select **Members**. 3. Add or remove members from the group and select **Save** > [!NOTE] Admins require collection access > If the **Owners and admins can manage all collections and items** option is disabled, administrators are unable to add themselves to a group. However, they can add other administrators to a group. See [Collection management settings](https://bitwarden.com/it-it/help/collection-management/#collection-management-settings/) for more information. ### Edit collections assignments If you want to change the [collections](https://bitwarden.com/it-it/help/about-collections/) or [permissions](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/) assigned to a group: 1. In the Admin console, open the **Groups** view. 2. For the group you want to edit, use the ⋮ options menu to select **Collections**. 3. Add, remove, or change collections permissions from the group and select **Save.** --- URL: https://bitwarden.com/it-it/help/about-key-connector/ --- # About Key Connector > [!NOTE] TDE is a good alternative to KC. > Bitwarden recommends [trusted device decryption](https://bitwarden.com/it-it/help/about-trusted-devices/) as an alternative option to Key Connector that facilitates member login without a master password and does not require deploying or managing a key server. Key Connector is a self-hosted application that facilitates customer-managed encryption (CMS), allowing an enterprise organization to serve cryptographic keys to Bitwarden clients. Key Connector runs as a docker container on the same network as existing services, and can be used with [login with SSO](https://bitwarden.com/it-it/help/about-sso/) to serve cryptographic keys for an organization as an alternative to requiring a master password for vault decryption ([learn more](https://bitwarden.com/it-it/help/about-key-connector/#why-use-key-connector/)). Bitwarden supports deployment of one Key Connector for use by one organization for a self-hosted instance. Key Connector requires connection to a **database where encrypted user keys are stored** and an **RSA Key Pair to encrypt and decrypt stored user keys**. Key Connector can be [configured](https://bitwarden.com/it-it/help/deploy-key-connector/) with a variety of database providers (for example, MSSQL, PostgreSQL, MySQL) and key pair storage providers (for example, Hashicorp Vault, Cloud KMS Providers, On-prem HSM devices) in order to fit your business's infrastructure requirements. ![Key Connector Architecture](https://bitwarden.com/assets/59mLNik59Pb25ZhJ7vNRa9/6ce753e0215ef199ec0cdef6fc880fe8/keyconnector-diagram-2.png) ## Why use Key Connector? **In implementations that leverage master password decryption**, your identity provider handles authentication and a member's master password is required for vault decryption. This separation of concerns is an important step that ensures that only an organization member has access to the key which is required to decrypt your organization's sensitive vault data. **In implementations that leverage Key Connector for decryption**, your identity provider still handles authentication, but vault decryption is handled by Key Connector. By accessing an encrypted key database (see the above diagram), Key Connector provides a user their decryption key when they log in, without requiring a master password. We often refer to Key Connector implementations as leveraging **Customer-Managed Encryption**, because your business has sole responsibility for the management of the Key Connector application and of the vault decryption keys it serves. For enterprises ready to deploy and maintain a customer-managed encryption environment, Key Connector facilitates a streamlined vault login experience. ### Impact on master passwords Because Key Connector replaces master password-based decryption with customer-managed decryption keys, organization members will be **required to remove the master password from their account**. Once removed, all vault decryption actions will be conducted using the stored user key. Besides logging in, this will have some impacts on [offboarding](https://bitwarden.com/it-it/help/about-key-connector/#impact-on-organization-membership/) and [on other features](https://bitwarden.com/it-it/help/about-key-connector/#impact-on-other-features/) you should be aware of. > [!NOTE] > Currently, there is not a way to re-create master passwords for accounts that have removed them. > > For this reason, organization owners and admins are not able to remove their master password and must continue using their master password even if using SSO. It is possible to elevate a user who has removed their master password to owner or admin, however we **strongly recommend** that your organization always have at least one owner with a master password. ### Impact on organization membership Key Connector requires users to [remove their master passwords](https://bitwarden.com/it-it/help/about-key-connector/#impact-on-master-passwords/) and instead uses a company-owned database of cryptographic keys to decrypt users' vaults. Because master passwords can not be re-created for accounts that have removed them, this means that once an account uses Key Connector decryption it is for all intents and purposes **owned by the organization**. These accounts **may not leave the organization**, as in doing so they would lose any means of decrypting vault data. Similarly, if an organization administrator removes the account from the organization, the account will lose any means of decrypting vault data. ### Log in using Key Connector Users who log in for the first time to a Key Connector enabled organizations will receive a dialogue prompting users to confirm the organization: ![Verify organization Key Connector](https://bitwarden.com/assets/fTrb2sTLVMdjtlpf2yNGD/59e7c37be145ef6525128f73864e3aee/2025-12-17_13-45-48.png) *Verify organization Key Connector* - Selecting **Continue with log in** will continue the log in process. - Selecting **Do not continue:** - Existing Bitwarden users will receive a dialogue, prompting them to leave the organization if **Leave now** is selected. - New Bitwarden users will be logged out. ### Impact on other features | **Feature** | **Impact** | |------|------| | Verification | There are a number of features in Bitwarden client applications that ordinarily require entry of a master password in order to be used, including [exporting](https://bitwarden.com/it-it/help/export-your-data/) vault data, changing [two-step Login](https://bitwarden.com/it-it/help/setup-two-step-login/) settings, retrieving [API keys](https://bitwarden.com/it-it/help/personal-api-key/), and more. **All these features**will replace master password confirmation with email-based TOTP verification. | | Vault lock/unlock | Under ordinary circumstances, a [locked vault can be unlocked](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout-action/) using a master password. When your organization is using Key Connector, locked client applications can only be unlocked with a [PIN](https://bitwarden.com/it-it/help/unlock-with-pin/) or with [biometrics](https://bitwarden.com/it-it/help/biometrics/). If neither PIN nor biometrics are enabled for a client application, the vault will always log out instead of lock. Unlike unlocking, logging in **always**requires a connection to your self-hosted server ([learn more](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout-action/)). | | Master password re-prompt | When Key Connector is being used, [master password re-prompt](https://bitwarden.com/it-it/help/managing-items/#protect-individual-items/) will be disabled for any user that has removed their master password as a result of your Key Connector implementation. | | Admin password reset | When Key Connector is being used, [admin password reset](https://bitwarden.com/it-it/help/admin-reset/) will be disabled for any user that has removed their master password as a result of your Key Connector implementation. | | Revoking access | Members who do not have master passwords will be fully locked out of their account if they are [revoked](https://bitwarden.com/it-it/help/revoke-users/). | | Emergency access | When Key Connector is being used, the emergency access [account takeover option](https://bitwarden.com/it-it/help/emergency-access/) will be disabled for any user that has removed their master password as a result of your Key Connector implementation. Trusted emergency contacts may still **View**a grantor's individual vault data, subject to the established [emergency access workflow](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/). | | Change email | When Key Connector is being used, a user's vault email address cannot be changed. | ## How do I start using Key Connector? In order to get started using Key Connector for customer-managed encryption, please review the following requirements: > [!WARNING] Key Connector Requirements > Management of cryptographic keys is incredibly sensitive and is **only recommended for enterprises with a team and infrastructure** that can securely support deploying and managing a key server. In order to use Key Connector you must also: - [Have an Enterprise organization](https://bitwarden.com/it-it/help/password-manager-plans/#enterprise-organizations/). - [Have a self-hosted Bitwarden server deployed with Docker](https://bitwarden.com/it-it/help/install-on-premise-linux/). - [Have an active SSO implementation](https://bitwarden.com/it-it/help/about-sso/). - [Activate the single organization and require single sign-on policies](https://bitwarden.com/it-it/help/policies/). If your organization meets or can meet these requirements, including a team and infrastructure that can support management of a key server, [contact us](https://bitwarden.com/it-it/contact/) and we will activate Key Connector. --- URL: https://bitwarden.com/it-it/help/about-organizations/ --- # Organizations Overview ## What are organizations? Organizations relate Bitwarden users and vault items together for [secure sharing](https://bitwarden.com/it-it/help/sharing/) of logins, notes, cards, and identities. Organizations have a unique view, the Admin Console, where [administrators](https://bitwarden.com/it-it/help/user-types-access-control/) can manage the organization's items and members, run reporting, and configure organization settings: ![Console di amministrazione dell'organizzazione gratuita](https://bitwarden.com/assets/hzBuypc5ISzqC3jUmYbea/edcb03ce3d3071cea4f9afb6c7f8eca9/2024-12-03_13-46-09.png) Members of an organization will find shared items in their **Vaults** view alongside personal items, as well as several methods for filtering the item list to only organization items or items in particular [collections](https://bitwarden.com/it-it/help/about-collections/): ![Cassaforte abilitata per l'organizzazione](https://bitwarden.com/assets/4D2tlh9YKPzDY20SYGVKcG/dff56b66549d29405b1af211860f698e/2024-12-03_14-07-28.png) ### Types of organizations Bitwarden offers a variety of organizations to meet your business's or family's needs. For feature-by-feature breakdowns of each organization type, see [About Bitwarden Plans](https://bitwarden.com/it-it/help/password-manager-plans/). | **Type** | **Description** | |------|------| | Free organizations | Free organizations allow two users to securely share in up to two [collections](https://bitwarden.com/it-it/help/about-collections/). | | Families organizations | Families organizations allow six users to securely share in unlimited [collections](https://bitwarden.com/it-it/help/about-collections/). | | Teams organizations | Teams organizations allow unlimited users (billed per user per month) to securely share in unlimited [collections](https://bitwarden.com/it-it/help/about-collections/) and offer a suite of operational tools such as [event logs](https://bitwarden.com/it-it/help/event-logs/). | | Enterprise organizations | Enterprise organizations allow unlimited users (billed per user per month) to securely share in unlimited [collections](https://bitwarden.com/it-it/help/about-collections/) and add enterprise-only features such as [login with SSO](https://bitwarden.com/it-it/help/about-sso/) and [policies](https://bitwarden.com/it-it/help/policies/) to Bitwarden's suite of operational tools. | ### Comparing organizations with premium The key thing to know is that organizations enable **secure sharing from organizations to users**. [Premium individual plans](https://bitwarden.com/it-it/help/password-manager-plans/#premium-individual/) unlock premium password security and management features, including advanced 2FA options, the Bitwarden authenticator (TOTP), encrypted file attachments, and more, but premium individual **does not include secure data sharing.** Paid organizations (Families, Teams, or Enterprise) automatically include those premium features (advanced 2FA options, Bitwarden authenticator (TOTP), and more) for **every** user enrolled in the organization. ### Comparing organizations with providers [Providers](https://bitwarden.com/it-it/help/providers/) are vault-administration entities that allow businesses such as managed service providers (MSPs) to quickly create and administer **multiple Bitwarden organizations** on behalf of business customers. ## Create an organization Organizations are created and managed from the [web app](https://bitwarden.com/it-it/help/getting-started-webvault/). If you are new to Bitwarden, [create an account](https://bitwarden.com/it-it/go/start-free/) before you start your organization, then proceed with these instructions: 1. Select the **New organization** button in the Bitwarden web app: ![Nuova organizzazione](https://bitwarden.com/assets/3eSqWiTIuPSFxXdo5AAjT9/248b0fa7bb381add0d71682acd244a63/2024-12-03_13-57-58.png) Enter an **Organization name** and a **Billing email** we can reach you at. [Learn what the holder of your billing email is allowed to do](https://bitwarden.com/it-it/help/update-billing-info/#update-billing-email/). 2. **Choose your plan**. Bitwarden offers organizations suited to any need. Check out the [feature-by-feature breakdown](https://bitwarden.com/it-it/help/password-manager-plans/#compare-business-plans/) to figure out which is best for you. > [!NOTE] Organization premium features > All paid organization (Families, Teams Starter, Teams, or Enterprise) include premium features for all enrolled users! 3. If you chose a **free organization**, you are all set! If you chose one of our paid organizations, - **Families/Teams/Enterprise:** Your plan comes with 5 GB of encrypted [storage for attachments](https://bitwarden.com/it-it/help/attachments/). Add **Additional storage (GB)** for $0.33 per GB per month. - **Teams/Enterprise:** Specify the number of **user seats** you need for your organization. Seats will be added if you exceed this number, unless you [specify a limit](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/#set-a-seat-limit/). - **Teams/Enterprise:** Choose whether you would like to be billed annually or monthly. Families organizations can only be billed annually. 4. Once you are happy with your organization, enter your **Payment information** (not required if you're creating a Free organization) and select **Submit**. > [!TIP] Organizations trial > New Families, Teams, and Enterprise organization have a seven day free trial built in! We won't charge you until your trial is over, and you can cancel your subscription at any time from the organization **Settings** tab. Once you have created your organization, create a [collection](https://bitwarden.com/it-it/help/about-collections/), [invite users](https://bitwarden.com/it-it/help/managing-users/), and [start sharing](https://bitwarden.com/it-it/help/sharing/). ## Collections and groups Bitwarden collections and groups are organizational tools that allow you to share data securely and manage access at scale. #### Collections Collections are a way to associate and share items, similar to a shared folder. Items may belong to one or more collections. Collection management is performed by users with appropriate [permissions](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/). Collections may often be organized by: - Departments (engineering, HR) - Areas of responsibility (social media, software development) - Functions (compliance reporting, customer outreach) To get started with collections, see [here](https://bitwarden.com/it-it/help/about-collections/). #### Groups Organization groups are a way to associate members of your organization, similar to user groups in an identity provider. Groups enable administrators to grant or revoke collection permissions in bulk, or act as a template when a new member joins your organization. Groups may often be used to organize: - Departments ( engineering, HR) - Vendor or systems (AWS, production servers) - Locality (US employees, EU employees) To get started with groups, see [here](https://bitwarden.com/it-it/help/about-groups/). ## Upgrade an organization If you want to upgrade your organization to another plan in order to unlock the [additional features](https://bitwarden.com/it-it/help/about-bitwarden-plans/): 1. In the Admin Console, navigate to your organization's **Billing** → **Subscription**view. 2. Select the **Upgrade plan** button. You can only upgrade your organization to a higher plan, for example from Teams to Enterprise. Upgrading an organization in this way will not initiate a 7-day free trial like creating a new organization would. --- URL: https://bitwarden.com/it-it/help/about-scim/ --- # About SCIM System for cross-domain identity management (SCIM) can be used to automatically provision members and groups in your Bitwarden organization. Bitwarden servers provide a SCIM endpoint that, with a valid [SCIM API Key](https://bitwarden.com/it-it/help/about-scim/#set-up-scim/), will accept requests from your identity provider (IdP) for user and group provisioning and de-provisioning. Bitwarden supports SCIM v2 using standard attribute mappings and offers integration documentation for: - [JumpCloud](https://bitwarden.com/it-it/help/jumpcloud-scim-integration/) - [Microsoft Entra ID](https://bitwarden.com/it-it/help/microsoft-entra-id-scim-integration/) - [Okta](https://bitwarden.com/it-it/help/okta-scim-integration/) - [OneLogin](https://bitwarden.com/it-it/help/onelogin-scim-integration/) - [Ping Identity](https://bitwarden.com/it-it/help/ping-identity-scim-integration/) > [!NOTE] Different user provisioning methods > This article discusses only one of the available methods to invite users and manage your subscription’s seat count: > > - All organizations can [manually invite users](https://bitwarden.com/it-it/help/managing-users/) and update the [seat count](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/). > - Teams and Enterprise organizations can use [SCIM](https://bitwarden.com/it-it/help/about-scim/). > - Teams and Enterprise organizations can use [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/). > - Enterprise organizations can use [just-in-time (JIT)](https://bitwarden.com/it-it/help/jit-provisioning/). ## Set up SCIM To set up SCIM, your IdP will need a SCIM URL and API key to make authorized requests to the Bitwarden server. These values are available from the Admin Console by navigating to **Settings**→ **SCIM provisioning**: ![SCIM provisioning](https://bitwarden.com/assets/6sw1kuK7GuZ3dfQkkbs6rV/e665df6992fb880114fcef82e4e4c07c/SCIM_provisioning_URL_and_API_key.png) *SCIM provisioning* > [!TIP] Use SCIM Guides. > The following section covers some generic information that can be used to set up SCIM, however Bitwarden recommends using one of the integration documents for: > > - [JumpCloud](https://bitwarden.com/it-it/help/jumpcloud-scim-integration/) > - [Microsoft Entra ID](https://bitwarden.com/it-it/help/microsoft-entra-id-scim-integration/) > - [Okta](https://bitwarden.com/it-it/help/okta-scim-integration/) > - [OneLogin](https://bitwarden.com/it-it/help/onelogin-scim-integration/) > - [Ping Identity](https://bitwarden.com/it-it/help/ping-identity-scim-integration/) ### Required attributes Bitwarden uses standard SCIM v2 attribute names, listed here, however each IdP may use alternate names which are mapped to Bitwarden during provisioning. #### User attributes For each user, Bitwarden will use the following attributes: - An indication that the user is `active` (**required**) - `email`ª or `userName` (**required**) - `displayName` - `externalId` > [!NOTE] Multiple email addresses w/ SCIM > ª - Because SCIM allows users to have multiple email addresses expressed as an array of objects, Bitwarden will use the `value` of the object which contains `"primary": true`. #### Group attributes For each group, Bitwarden will use the following attributes: - `displayName` (**required**) - `members`ª - `externalId` > [!NOTE] Members & SCIM API > ª - `members` is an array of objects, each object representing a user in that group. **Group provisioning must be used in order to assign synced users to groups**, however the SCIM API cannot be used to query members in a group. To query group membership, use the [Public API.](https://bitwarden.com/it-it/help/api/) ## SCIM event logs Organizations using SCIM capture [event logs](https://bitwarden.com/it-it/help/event-logs/) for actions taken by SCIM integrations, including inviting users and removing users, as well as creating or deleting groups. SCIM-derived events will register `SCIM` in the **Member** column. ## Updates to existing objects The following sections describe the changes that SCIM provisioning will sync to your organization for members and groups **when a change occurs in the IdP**: ### Member status When a user is temporarily suspended or de-activated in your IdP, as opposed to being outright removed, their access to your organization will automatically be [revoked](https://bitwarden.com/it-it/help/revoke-users/). Users with revoked access are listed in the **Revoked**tab of the organization's**Members**screen and will: - Not have access to any organization vault items, collections. - Not have the ability to [use SSO to login](https://bitwarden.com/it-it/help/using-sso/), or [organizational Duo](https://bitwarden.com/it-it/help/setup-two-step-login-duo/) for two-step login. - Not be subject to your organization's [policies](https://bitwarden.com/it-it/help/policies/). - Not occupy a license seat. > [!WARNING] Accounts without MPs & TDE > For member accounts that **do not have master passwords** as a result of [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/): > > - [Removing them from your organization](https://bitwarden.com/it-it/help/remove-users/#remove-members-from-an-organization/) eliminates all access to their Bitwarden account unless they were previously assigned a master password using [account recovery](https://bitwarden.com/it-it/help/account-recovery/) and they log in with that master password at least once before being removed. > > These users will not be able to re-join your organization unless the above steps are taken **before** they are removed from the organization. If they aren't, each removed user will be required to [delete their account](https://bitwarden.com/it-it/help/delete-your-account/#delete-an-individual-account/) and be issued a new invitation to create an account and join your organization. > - [Revoking access to the organization](https://bitwarden.com/it-it/help/revoke-users/), but not removing them from the organization, will still fully locked them out of their account until their access to the organization is restored. ### Member email address > [!NOTE] Who can change email addresses in organizations. > Members of organizations using [trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) cannot change their email address unless issued a master password with [account recovery](https://bitwarden.com/it-it/help/account-recovery/). > > Members of organizations using [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/) cannot change their email address. Members accounts will need to [deleted](https://bitwarden.com/it-it/help/delete-member-accounts/) and re-provisioned to accommodate an email address change. Remind users to export data prior to account deletion and re-import their data once provisioned with their new email address. Members provisioned using SCIM are able to change their account email address in Bitwarden and their organization's relevant IdP, however in order to do so they must: 1. First change the email address in Bitwarden by navigating to **Settings**→ **My account**([learn more](https://bitwarden.com/it-it/help/product-faqs/#q-how-do-i-change-my-email-address/)). 2. Once the email has been changed in Bitwarden, update the user value on the IdP or AD client. This could be the `externalid` or a corresponding value, depending on the organization's choice of IdP. 3. Re-sync the IdP or AD client to implement the changes. > [!NOTE] Changing the Bitwarden email in SCIM org > If the user email address is updated and synced on the IdP or AD prior to updating the Bitwarden email, the updated email will be interpreted as a new user. ### Member display name While requests to the SCIM API can be configured to include member display names, this data is not currently synced to Bitwarden on initial provision or when changes occur in the IdP. ### Member external ID While SCIM provisioning will assign an external ID to a user when they're initially provisioned, it will not currently sync changes to the external ID from the IdP to Bitwarden. ## Updates to pre-SCIM objects > [!NOTE] Turn off BWDC for SCIM > If you used Directory Connector prior to implementing SCIM, make sure to turn Directory Connector off before turning SCIM provisioning on. The following sections describe the changes that SCIM provisioning will sync to your organization for members and groups **that existed in your organization prior to the implementation of SCIM**: ### Members added prior to SCIM SCIM provisioning will treat members that**joined your organization before SCIM was implemented** differently depending on whether they do or do not exist in the IdP: - Members that **exist in the IdP** and joined before SCIM will not be duplicated, required to re-join the organization, or removed from any groups. - Members that **do not exist in the IdP** and joined before SCIM will not be removed, or added to or removed from any groups. ### Groups created prior to SCIM SCIM provisioning will treat groups that**were created in your organization before SCIM was implemented** differently depending on whether they do or do not exist in the IdP: - Groups that **exist in the IdP** and were created before SCIM will not be duplicated or have any member removed, but will have new members added according to membership assigned in the IdP. - Groups that **do not exist in the IdP** and were created before SCIM will not be removed or have any members added or removed. --- URL: https://bitwarden.com/it-it/help/about-send/ --- # About Send Bitwarden Send is an encrypted file and text sharing tool that transmits sensitive information directly to anyone through secure, temporary links. Send can be used to transmit text up to 1,000 encrypted characters or files up to 500 MB (or 100 MB on mobile) and can be [shared with anyone](https://bitwarden.com/it-it/help/receive-send/) via text, email, or any preferred communication channel. ## Accessing Send Sends are created, edited, managed, and deleted from the **Send** view in any Bitwarden app. Access the Send view from the primary navigation: ![Send in the web app](https://bitwarden.com/assets/7umXxS0YG58NdB3vb4kwKo/c2a5f8ae8fa0bae6becb2e20e7f59390/2026-02-24_12-52-46.png) *Send in the web app* > [!NOTE] Remove Send policy > If you are a member of an organization that activated the [Send controls policy's](https://bitwarden.com/it-it/help/policies/#send-controls/) **Remove Send** option, you cannot create new Sends or edit existing ones. While the Sends page cannot be accessed with the Bitwarden web app when this policy is enforced, you can view or delete existing Sends from any other client. ## Using Send Using Bitwarden Send is a two-step process: [Create your Send](https://bitwarden.com/it-it/help/create-send/) and share with [intended recipients](https://bitwarden.com/it-it/help/receive-send/). To create a Send: 1. Select **New Send**: ![New Send](https://bitwarden.com/assets/5ixV8tBpmNQsujpAfan69u/bc04bef94830ec05cfa414bc4b1d7a58/2026-02-24_10-39-18.png) *New Send* 2. Select the required [lifespan options](https://bitwarden.com/it-it/help/send-lifespan/) and [privacy options](https://bitwarden.com/it-it/help/send-privacy/) to fit your sharing needs. ![Send options](https://bitwarden.com/assets/5vAk27se4vF8LYczDueYex/ff88a11a1da2500eeaa8ff713d459d71/Send_Options.png) *Send options* 3. Share the Send link using any communication channel you prefer. Each Send has a [configured lifespan](https://bitwarden.com/it-it/help/send-lifespan/) which allows you to monitor the Send. Your created Sends will display status icons when a lifespan-related event occurs: | **Icon** | **Meaning** | |------|------| | 🔒 | This Send is [protected by a password](https://bitwarden.com/it-it/help/send-privacy/#send-passwords/). | | ✗ | This Send has been [manually disabled](https://bitwarden.com/it-it/help/send-lifespan/#manually-deactivate-or-delete/). | | 🕐 | This Send has reached its specified [expiration date](https://bitwarden.com/it-it/help/send-lifespan/#expiration-date/). | | ✗ | This Send has reached its specified [maximum access count](https://bitwarden.com/it-it/help/send-lifespan/#maximum-access-count/). | | 🗑️ | This Send has reached its specified [deletion date](https://bitwarden.com/it-it/help/send-lifespan/#deletion-date/) and is **pending deletion**. | ## ## Send security ### End-to-end encrypted Data is [encrypted](https://bitwarden.com/it-it/help/send-encryption/#send-encryption/) on creation and only [decrypted](https://bitwarden.com/it-it/help/send-encryption/#send-decryption/) when a recipient opens the link. A Send's contents are stored **encrypted** in Bitwarden systems just like a traditional vault item. The link generated for each Send doesn't contain any data related to its contents, so it's safe to share over intermediary communications services without exposing information. ### Dynamically ephemeral Sends are designed for ephemeral sharing, so every [Send that you create](https://bitwarden.com/it-it/help/create-send/) has specified [lifespan](https://bitwarden.com/it-it/help/send-lifespan/) (max. 31 days) that can be chosen from a few options or a custom timestamp. When its deletion date is reached, the Send and its contents will be completely purged. Using other options like [expiration date](https://bitwarden.com/it-it/help/send-lifespan/#expiration-date/) and [maximum access count](https://bitwarden.com/it-it/help/send-lifespan/#limit-views-or-maximum-access-count/), you can ensure that access to recipients is terminated according to your needs. ### Flexibly private You can protect the contents of your Send with several flexible privacy options: - [Configuring a password](https://bitwarden.com/it-it/help/send-privacy/#send-passwords/) for access. - [Email-verified access](https://bitwarden.com/it-it/help/send-privacy/#email-verified-recipients/) for specific recipients. - [Hiding your email address from recipients](https://bitwarden.com/it-it/help/send-privacy/#hide-email/). For text Sends, you can also optionally [require users to toggle visibility](https://bitwarden.com/it-it/help/send-privacy/#hide-text/) to prevent exposure to unintentional onlookers. > [!NOTE] Sends and Attachments utilize storage space > Attachments on individual vault items and all Sends use the individual storage space granted by premium subscriptions or organizations. Attachments on organization owned items use shared organizational storage space. Learn how to [add storage space](https://bitwarden.com/it-it/help/attachments/#add-storage-space/). ## Next steps Now that you have learned the basics of Bitwarden Send, we recommend: - [Creating your first Send](https://bitwarden.com/it-it/help/create-send/) - [Go premium for file Sends](https://bitwarden.com/it-it/help/password-manager-plans/#premium-individual/) - For a more in-depth overview of send, see [Bitwarden Send - How it works](https://bitwarden.com/it-it/blog/bitwarden-send-how-it-works/). --- URL: https://bitwarden.com/it-it/help/about-sso/ --- # About Single Sign-On Using single sign-on (SSO), [Enterprise organizations](https://bitwarden.com/it-it/help/about-organizations/#types-of-organizations/) can leverage their existing Identity Provider (IdP) to authenticate members with Bitwarden. SSO for Enterprise organizations include: - [SAML 2.0](https://bitwarden.com/it-it/help/configure-sso-saml/) and [OIDC](https://bitwarden.com/it-it/help/configure-sso-oidc/) configuration options that support integration with a wide variety of IdPs. - An [enterprise policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/) to optionally **require** non-administrative members to log in to Bitwarden with SSO. - An [enterprise policy](https://bitwarden.com/it-it/help/policies/#automatically-log-in-users-for-allowed-applications/) to optionally allow easier auto-fill in non-SSO apps launched from your IdP. - Several distinct [member decryption options](https://bitwarden.com/it-it/help/sso-decryption-options/) for safe data access workflows. - [Just-In-Time (JIT) provisioning](https://bitwarden.com/it-it/help/jit-provisioning/) of members via SSO. > [!TIP] SSO Decryption Options > Using SSO with Bitwarden retains our zero-knowledge encryption model. Nobody at Bitwarden has access to your data and, similarly, **neither should your Identity Provider**. That's SSO **decouples authentication and decryption**. In all implementations, your Identity Provider cannot and will not have access to the decryption key needed to decrypt vault data. > > While authentication is handled via your IdP, decryption of your data is controlled by one of several [decryption methods](https://bitwarden.com/it-it/help/sso-decryption-options/). ![SSO and master password decryption](https://bitwarden.com/assets/76IOpVRQv886zcUYIM2HF0/36300f14123231d0da18081adcc9962b/sso-workflow-3.png) *SSO and master password decryption* If you're new to Bitwarden, [start a 7-day Enterprise free trial](https://bitwarden.com/it-it/go/start-enterprise-trial/) to begin testing SSO. We recommend this following steps when testing SSO: 1. Configure your SSO integration using one of the **SSO Guides** for your chosen IdP. If your IdP isn't listed, you can use the [generic SAML](https://bitwarden.com/it-it/help/configure-sso-saml/) or [generic OIDC](https://bitwarden.com/it-it/help/configure-sso-oidc/) guide. 2. Test the [member login experience](https://bitwarden.com/it-it/help/using-sso/) using master password decryption. 3. Assess whether a different [member decryption options](https://bitwarden.com/it-it/help/sso-decryption-options/) would fit your implementation, and if so begin configuration of that decryption option. 4. Provide information to members, based on the specifics of your implementation, about how to[ log in with SSO](https://bitwarden.com/it-it/help/using-sso/). --- URL: https://bitwarden.com/it-it/help/about-trusted-devices/ --- # About Trusted Devices SSO with trusted devices allows users to [authenticate using SSO](https://bitwarden.com/it-it/help/about-sso/) and decrypt their vault using a device-stored encryption key, eliminating the need to enter a master password. A trusted device is a Bitwarden app, like an instance of the browser extension or mobile app, that has been approved for use of passwordless sign-in [by the user](https://bitwarden.com/it-it/help/add-a-trusted-device/) or [by an administrator](https://bitwarden.com/it-it/help/approve-a-trusted-device/). Each Bitwarden app would be a separate trusted device, with a separate approval, even if they're on the same computer or smartphone. SSO with trusted devices gives business end users a passwordless experience that is also zero-knowledge and end-to-end encrypted. This prevents users from getting locked out due to forgotten master passwords and allows them to enjoy a streamlined login experience. ## Start using trusted devices To get started using SSO with trusted devices: 1. [Setup SSO with trusted devices](https://bitwarden.com/it-it/help/setup-sso-with-trusted-devices/) for your organization. 2. Provide administrators with information on [how to approve device requests](https://bitwarden.com/it-it/help/approve-a-trusted-device/). 3. Provide end-users with information on [how to add trusted devices](https://bitwarden.com/it-it/help/add-a-trusted-device/). ## How it works The following tabs describe encryption processes and key exchanges that occur during different trusted devices procedures: ### Onboarding When a new user joins an organization, an **Account Recovery Key** ([learn more](https://bitwarden.com/it-it/help/account-recovery/)) is created by encrypting their account encryption key with the **Organization Public Key**. Account recovery is required to enable SSO with trusted devices. The user is then asked if they want to remember, or trust, the device. When they opt to do so: ![Create a trusted device](https://bitwarden.com/assets/2o9o8L0JZMvWZYJvfKGMzj/b7cab59682862c8e782331ed6a2ef9d9/td-create.png) *Create a trusted device* 1. A new **Device Key**is generated by the client. This key never leaves the client. 2. A new RSA key pair, called the **Device Private Key**and **Device Public Key**, is generated by the client. 3. The user's account encryption key is encrypted with the unencrypted **Device Public Key** and the resultant value is sent to the server as the **Public Key-Encrypted User Key**. 4. The **Device Public Key**is encrypted with the user's account encryption key and the resultant value is sent to the server as the **User Key-Encrypted Public Key**. 5. The **Device Private Key** is encrypted with the first **Device Key** and the resultant value is sent to the server as the **Device Key-Encrypted Private Key**. The **Public Key-Encrypted User Key** and **Device Key-Encrypted Private Key** will, crucially, be sent from server to client when a login is initiated. The **User Key-Encrypted Public Key** will be used should the user need to rotate their account encryption key. ### Logging in When a user authenticates with SSO on an already-trusted device: ![Use a trusted device](https://bitwarden.com/assets/61SSa6ITlRaICIUoCzEiVp/746cf3ba3005b4118d20319e894c47c7/td-use.png) *Use a trusted device* 1. The user's **Public Key-Encrypted User Key**, which is an encrypted version of the account encryption key used to decrypt vault data, is sent from the server to the client. 2. The user's **Device Key-Encrypted Private Key**, the unencrypted version of which is required to decrypt the **Public Key-Encrypted User Key**, is sent from the server to the client. 3. The client decrypts the **Device Key-Encrypted Private Key**using the **Device Key**, which never leaves the client. 4. The now-unencrypted **Device Private Key**is used to decrypt the **Public Key-Encrypted User Key**, resulting in the user's account encryption key. 5. The user's account encryption key decrypts vault data. ### Approving When a user authenticates with SSO and opts to decrypt their vault with an un-trusted device (i.e. a **Device Symmetric Key**does not exist on that device), they are required to choose a method of approving the device and optionally trusting it for future use without further approval. What happens next depends on the selected option: - **Approve from another device**: 1. The process documented [here](https://bitwarden.com/it-it/help/log-in-with-device/#how-it-works/) is triggered, resulting in the client having obtained and decrypted the account encryption key. 2. The user can now decrypt their vault data with the decrypted account encryption key. If they have chosen to trust the device, trust is established with the client as described in the **Onboarding**tab. - **Request admin approval**: 1. The initiating client POSTs a request, which includes the account email address and a unique **auth-request public key**ª, to an Authentication Request table in the Bitwarden database. ![User requests admin approval (Step 1)](https://bitwarden.com/assets/1CgwXVCrjssDwsz2Aie4mV/aac6c3975c9a8d225074268c093cadc3/2025-04-30_09-33-37.png) *User requests admin approval (Step 1)* 2. Administrators can [approve or deny the request](https://bitwarden.com/it-it/help/approve-a-trusted-device/) on the Device approvals page. 3. When the request is approved by an administrator, the approving client encrypts the user's account encryption key using the **auth-request public key** enclosed in the request. 4. The approving client then PUTs the encrypted account encryption key to the Authentication Request record and marks the request fulfilled. ![Admin approves auth request (Steps 3-4)](https://bitwarden.com/assets/4Y9q6Y3KmLskDaqfF03YmJ/8a99742b2bf8e7394cb0988495dc13b0/2025-04-30_09-34-10.png) *Admin approves auth request (Steps 3-4)* 5. The initiating client GETs the encrypted account encryption key and **locally **decrypts it using the **auth-request private key**. ![User receives admin approval (Step 5)](https://bitwarden.com/assets/7LNcFuhupPeR4DJhg2k4po/10ae5da219f1e5338e5cdf6554655e9f/2025-04-30_09-34-28.png) *User receives admin approval (Step 5)* 6. Using the decrypted account encryption key, trust is established with the client as described in the **Onboarding**tab. ª - **Auth-request public** and **private keys** are uniquely generated for each passwordless login request and only exist for as long as the request does. Unapproved requests will expire after 1 week. - **Approve with master password**: 1. The users's account encryption key is retrieved and decrypted as documented in the [Authentication and decryption](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#authentication-and-decryption/) section of the security whitepaper. 2. Using the decrypted account encryption key, trust is established with the client as described in the **Onboarding**tab. ### Key rotation > [!NOTE] Which TDE users can rotate an enc key > Only users who have a master password can rotate their [account encryption key](https://bitwarden.com/it-it/help/account-encryption-key/). [Learn more](https://bitwarden.com/it-it/help/about-trusted-devices/#impact-on-master-passwords/). When a user rotates their [account encryption key](https://bitwarden.com/it-it/help/account-encryption-key/), during the normal rotation process: 1. The **User-Key Encrypted Public Key** is sent from the server to the client, and subsequently decrypted with the old account encryption key (a.k.a. **User Key**), resulting in the **Device Public Key**. 2. The user's new account encryption key is encrypted with the unencrypted **Device Public Key** and the resultant value is sent to the server as the new **Public Key-Encrypted User Key**. 3. The **Device Public Key**is encrypted with the user's new account encryption key and the resultant value is sent to the server as the new **User Key-Encrypted Public Key**. 4. The Public Key-Encrypted User Key is then re-shared with each trusted device. ### Keys used for trusted devices This table provides more information about each key used in the procedures described above: | Key | Details | |------|------| | Device Key | AES-256 CBC HMAC SHA-256, 512 bits in length (256 bits for key, 256 bits for HMAC) | | Device Private Key & Device Public Key | RSA-2048 OAEP SHA1, 2048 bits in length | | Public Key-Encrypted User Key | RSA-2048 OAEP SHA1 | | User Key-Encrypted Public Key | AES-256 CBC HMAC SHA-256 | | Device Key-Encrypted Private Key | AES-256 CBC HMAC SHA-256 | ### Impact on master passwords While SSO with trusted devices eliminates the need for a master password, it doesn't in all cases eliminate the master password itself: - If a user is onboarded **before** SSO with trusted devices is activated, their account will retain its master password. - If a user is onboarded **after** SSO with trusted devices is activated and they select **Log in**→**Enterprise SSO**from the organization invite for [JIT provisioning](https://bitwarden.com/it-it/help/sso-faqs/#q-how-does-login-with-sso-work-for-new-users-just-in-time/), their account will not have a master password. Should you change to the master password [member decryption option](https://bitwarden.com/it-it/help/sso-decryption-options/), these users will be prompted to create a master password when they log in as long as they are still a member of the organization ([learn more](https://bitwarden.com/it-it/help/setup-sso-with-trusted-devices/)). > [!WARNING] Accounts without MPs & TDE > For member accounts that **do not have master passwords** as a result of [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/): > > - [Removing them from your organization](https://bitwarden.com/it-it/help/remove-users/#remove-members-from-an-organization/) eliminates all access to their Bitwarden account unless they were previously assigned a master password using [account recovery](https://bitwarden.com/it-it/help/account-recovery/) and they log in with that master password at least once before being removed. > > These users will not be able to re-join your organization unless the above steps are taken **before** they are removed from the organization. If they aren't, each removed user will be required to [delete their account](https://bitwarden.com/it-it/help/delete-your-account/#delete-an-individual-account/) and be issued a new invitation to create an account and join your organization. > - [Revoking access to the organization](https://bitwarden.com/it-it/help/revoke-users/), but not removing them from the organization, will still fully locked them out of their account until their access to the organization is restored. - If a user account is recovered using [account recovery](https://bitwarden.com/it-it/help/account-recovery/), their account will necessarily be assigned a master password. A master password cannot currently be removed from an account once it has one, so to avoid this outcome we recommend that you (i) instruct the user to export their data to a backup, (ii) completely delete the lost account, (iii) ask the user to [re-onboard to your organization using trusted devices](https://bitwarden.com/it-it/help/add-a-trusted-device/) and (iv) once they've done so instruct them to import their backup. ### Impact on other features Depending on whether a master password hash is available in memory for your client, which is dictated by how your client application is initially accessed, it may exhibit the following behavior changes: | Feature | Impact | |------|------| | Verification | There are a number of features in Bitwarden client applications that ordinarily require entry of a master password in order to be used, including [exporting](https://bitwarden.com/it-it/help/export-your-data/) vault data, changing [two-step login settings](https://bitwarden.com/it-it/help/setup-two-step-login/), retrieving [API keys](https://bitwarden.com/it-it/help/personal-api-key/), and more. If the user doesn't use a master password to access the client, **all these features**will replace master password confirmation with email-based TOTP verification. | | Vault lock/unlock | Under ordinary circumstances, a [locked vault can be unlocked](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout-action/) using a master password. If the user doesn't use a master password to access the client, locked client applications can only be unlocked with a [PIN](https://bitwarden.com/it-it/help/unlock-with-pin/) or with [biometrics](https://bitwarden.com/it-it/help/biometrics/). If neither PIN nor biometrics are enabled for a client application, the vault will always log out instead of lock. Unlocking and logging in will **always**require an internet connection. | | Master password re-prompt | If the user does not unlock their vault with a master password, [master password re-prompt](https://bitwarden.com/it-it/help/managing-items/#protect-individual-items/) will be disabled. | | Changing email address | Users who [do not have master passwords](https://bitwarden.com/it-it/help/about-trusted-devices/#impact-on-master-passwords/) **will not** be able to change their email address. | | CLI | Users who [do not have master passwords](https://bitwarden.com/it-it/help/about-trusted-devices/#impact-on-master-passwords/) **will not** be able to access Password Manager CLI. | --- URL: https://bitwarden.com/it-it/help/access-intelligence-email-templates/ --- # Access Intelligence email templates Use the templates below to announce Access Intelligence to your organization before you go live. Sending internal emails in advance helps employees recognize legitimate Bitwarden notifications and ensures at-risk passwords are acted on promptly. ## Template 1: Initial announcement > [!NOTE] Template 1: Initial announcement > **Subject:** Important: New password security initiative with Bitwarden > > **Body:** > > Hi team, > > We're implementing a new security feature called Access Intelligence in Bitwarden to help us identify and strengthen weak or at-risk passwords across our organization. > > **What you need to know:** > > - You may receive email notifications or see banners in your Bitwarden browser extension requesting password changes for specific applications > - **These emails are legitimate**, please do not ignore them > - Your passwords remain fully encrypted and private, neither IT admins nor Bitwarden can see your actual passwords > - Access Intelligence only identifies which credentials need attention, not what those passwords are > > **Why we're doing this:** > > This proactive approach helps us protect our organization from security breaches by ensuring all credentials meet current security standards. > > **Next steps:** > > When you receive a notification, please follow the instructions to rotate the identified passwords with a new generated password promptly. We'll be prioritizing critical applications first to avoid overwhelming everyone at once. > > Questions? Feel free to reach out. > > Thanks for your cooperation in keeping our organization secure. ## Template 2: Brief announcement > [!NOTE] Template 2: Brief announcement > **Subject:** New security notifications coming from Bitwarden > > **Body:** > > Hi everyone, > > Starting this week, you may receive legitimate security notifications from Bitwarden by email and in the Bitwarden browser extension asking you to update at-risk passwords. > > **Please note:** > > - These requests are genuine, please act on them > - Your passwords remain completely private and encrypted > - We can only see *that* a password needs updating, not the password itself > - Instructions for updating will be included in each notification > > Thanks for helping us maintain strong security practices. ## Template 3: FAQ style > [!NOTE] Template 3: FAQ style > **Subject:** Upcoming Bitwarden password security notifications: What to expect > > **Body:** > > Hi team, > > **What's happening?** We're launching a password security initiative using the Bitwarden Access Intelligence feature. You'll begin to receive email notifications to update at-risk passwords. > > **Are these emails legitimate?** Yes. Please act on any password change requests you receive from Bitwarden. > > **Can admins see my passwords?** No. Access Intelligence works with zero-knowledge encryption. Admins and Bitwarden can only identify which accounts need attention, never the actual passwords. > > **What should I do?** Follow the instructions in each notification to update the requested passwords. We're focusing on critical applications first. > > **Questions?** Contact us for assistance. > > Thank you for prioritizing security. --- URL: https://bitwarden.com/it-it/help/access-intelligence/ --- # Access Intelligence Enterprise organizations can use **Access Intelligence** to identify and prioritize applications with [at-risk](https://bitwarden.com/it-it/help/access-intelligence/#determining-risk/) credentials that are stored within your Bitwarden organization by its members. Using this report, select [critical applications](https://bitwarden.com/it-it/help/access-intelligence/#marking-critical-applications/) and notify organization members that they [need to take action on at-risk passwords](https://bitwarden.com/it-it/help/change-at-risk-passwords/). Access Intelligence provides easy co-located visibility for admins into which credentials are [at-risk](https://bitwarden.com/it-it/help/access-intelligence/#determining-risk/), it does not grant administrators direct access to passwords they don't otherwise have access to. > [!NOTE] Access Intelligence & individual vaults > Access Intelligence does not allow admin visibility into items for which the organization is not the owner. To ensure full visibility into all potential at-risk credentials, Bitwarden recommends activating the [Centralize organization ownership](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) policy so that all data is owned by the organization. ## Run the report As the application landscape evolves and changes within your organization, the contents of this report will change. It is critically important that Access Intelligence be treated as a continuous exercise. To update the report, take note of the **Data last updated** timestamp and select the **Run report** button. ![Run the Access Intelligence report](https://bitwarden.com/assets/6ooDvXBHM0ehpTD2XWpQGK/88c0af7c5edd5b30b8037f49baf8ac88/2026-03-20_12-07-24.png) *Run the Access Intelligence report* ## Activity The **Activity** tab of the Access Intelligence report provides a summary of crucial datapoints and tasks. While the Activity tab provides this information at-a-glance, you should also familiarize yourself with the **All applications** and **Critical applications** tab to best understand what's surfaced here: ![Access Intelligence, Activity tab](https://bitwarden.com/assets/4ors4hBI2rwbW0zvjb2W0U/70128699f9db718b6c99c5f0abcf241e/2026-04-08_09-29-26.png) *Access Intelligence, Activity tab* - **Risk over time**: Visualize how at-risk applications, passwords, and members have changed over time relative to absolute changes in application, password, and member counts. This data is downloadable from this page as a `.csv`. - **At-risk members**: Number of members with access to [at-risk](https://bitwarden.com/it-it/help/access-intelligence/#determining-risk/) items for [critical](https://bitwarden.com/it-it/help/access-intelligence/#marking-critical-applications/) applications. - **Password change progress**: Percentage completion of [dispatched password change requests](https://bitwarden.com/it-it/help/access-intelligence/#requesting-password-changes/). - **Critical applications**: Proportion of [critical](https://bitwarden.com/it-it/help/access-intelligence/#marking-critical-applications/) applications that are currently [at-risk](https://bitwarden.com/it-it/help/access-intelligence/#determining-risk/). - **Applications needing review**: Number of new applications added by members since the [report was last run](https://bitwarden.com/it-it/help/access-intelligence/#run-the-report/). ### Determining risk A password is determined to be **at-risk** if it is weak, exposed, or re-used within the organization. This analysis is done with the same tools used in the [Weak passwords report](https://bitwarden.com/it-it/help/reports/#weak-passwords-report/), [Exposed passwords report](https://bitwarden.com/it-it/help/reports/#exposed-passwords-report/), and [Reused passwords report](https://bitwarden.com/it-it/help/reports/#reused-passwords-report/). As is the case for running reports manually, the analysis done by Access Intelligence is done locally to preserve zero-knowledge and protect your data integrity and anonymity. ## All applications The Access Intelligence report lists all applications saved as items within your Bitwarden organization. Each application represents the set of all items with a URI that matches a given web service (for example, the "Atlassian" application may contain 26 "Total passwords", indicating there are 26 items that contain credentials for logging into Atlassian) and contains: | Column | Description | |------|------| | **Application** | The name of the application that is [at-risk](https://bitwarden.com/it-it/help/access-intelligence/#determining-risk/). | | **At-risk passwords** | The number of passwords associated with the application that are [at-risk](https://bitwarden.com/it-it/help/access-intelligence/#determining-risk/). | | **Total passwords** | The total number of passwords associated with the application. | | **At-risk members** | The number of members who have access to the [at-risk](https://bitwarden.com/it-it/help/access-intelligence/#determining-risk/) passwords associated with the application. | | **Total members** | The total number of members who have access to the application. | > [!TIP] Access Intelligence for Shadow IT & SSO gap detection. > By surfacing a list of all applications for which organization members have credentials, Access Intelligence can also help administrators detect the use of unsanctioned applications as well as those which could be migrated to single sign-on (SSO) authentication through an IdP. ### Marking critical applications > [!TIP] Why mark applications critical? > Marking an application **critical** is an important tool for ensuring organization members are encouraged to take quick action on the applications that matter most. > > One important function of Access Intelligence is the ability to dispatch notifications to members informing them they need to take action on a critical [at-risk](https://bitwarden.com/it-it/help/access-intelligence/#determining-risk/) password. Dispatching these notifications in targeted waves will help prevent member alert fatigue and resultant delays in remediation. Applications marked **critical** are those which will have notifications dispatched to organization members informing them that they [need to take action on at-risk passwords](https://bitwarden.com/it-it/help/change-at-risk-passwords/). To mark applications critical, toggle one or more checkboxes and select select the **Mark app as critical** button: ![Mark a critical application](https://bitwarden.com/assets/77hdEeJiKWpHd8BoHYbnCx/e691c69651cace09523a8655e31e3988/2026-03-20_12-09-56.png) *Mark a critical application* ## Critical applications Using Access Intelligence, administrators can preemptively assess which applications they want prioritized for members to take action on. The report can be narrowed down from **All applications** for which there are credentials stored within your organization to only those you select as the current **Critical applications** to take action on. ### Requesting password changes Requesting password changes will dispatch notifications to organization members with access to critical applications informing them that they [need to take action on at-risk passwords](https://bitwarden.com/it-it/help/change-at-risk-passwords/). Members who have [permission to edit the password](https://bitwarden.com/it-it/help/collection-permissions/) will receive notifications both in their email inbox and as a banner in a Bitwarden browser extensions they're logged in to. > [!TIP] Best practices before sending Access Intelligence notifications. > Before dispatching your first password change requests, or as part of employee Bitwarden training, we recommend: > > - Informing members that these emails are legitimate and should not be ignored. > - Providing members with instructions for [how to take action on password change requests](https://bitwarden.com/it-it/help/change-at-risk-passwords/). To request password changes on all applications currently marked [critical](https://bitwarden.com/it-it/help/access-intelligence/#marking-critical-applications/), navigate to the **Critical applications** view and select **Request password changes**: ![Request a password change](https://bitwarden.com/assets/6wQ3EUzMFkzRIkA2FHgnlY/99836bd7d0bd053e1c2eb6878175685c/2026-03-20_12-07-242.png) *Request a password change* --- URL: https://bitwarden.com/it-it/help/access-tokens/ --- # Access Tokens Access tokens are objects that facilitate [machine account](https://bitwarden.com/it-it/help/machine-accounts/) access to, and the ability to decrypt, edit, and create [secrets](https://bitwarden.com/it-it/help/secrets/) stored in Secrets Manager. Access tokens are issued to a particular machine account, and will give any machine they're applied to the ability to access **only the secrets associated with that machine account**. ## Create an access token Access tokens are never stored in Bitwarden databases and cannot be retrieved, so take care to store your access tokens somewhere safe when you generate them. To create an access token: 1. Select **Machine accounts**from the navigation. 2. Select the machine account to create an access token for, and open the **Access tokens** tab: ![Create access token](https://bitwarden.com/assets/6EINDaXiPQp9qQcO6q1zt5/259e6c2c6e91e0df63c83d03a89ac4a2/2024-12-03_11-31-26.png) 3. Select the **Create access token**button. 4. On the Create Access Token window, provide: 1. A **Name**for the token. 2. When the token **Expires**. By default, Never. 5. Select the **Create access token**button when you're finished configuring the token. 6. A window will appear printing your access token to the screen. Save your token somewhere safe before closing this window, as your token **will not be stored and cannot be retrieved later**: ![Access token example](https://bitwarden.com/assets/3QfpdSQai2hFrWGdGSlQRN/a5a5483cfbbbf690a8436043be58cea7/2024-12-03_11-32-26.png) This access token is the authentication vehicle through which you'll be able to script secret injection and editing by your machines and applications. ## Use an access token Access tokens are used for authentication by the [Secrets Manager CLI](https://bitwarden.com/it-it/help/secrets-manager-cli/). Once you've created your access token and saved its value somewhere safe, use it to authenticate secret retrieval commands by the CLI for injection into your applications or infrastructure. This could be: - Exporting the access token to a `BWS_ACCESS_TOKEN` environment variable on the host machine. CLI commands like the following will automatically check for a variable with that key for authentication: ``` bws project get e325ea69-a3ab-4dff-836f-b02e013fe530 ``` - Using the `-access-token` option inline a script written to `get` and inject secrets, for example something that includes the lines: ``` ... export DB_PW=$(bws secret get fc3a93f4-2a16-445b-b0c4-aeaf0102f0ff --access-token 0.48c78342-1635-48a6-accd-afbe01336365.C0tMmQqHnAp1h0gL8bngprlPOYutt0:B3h5D+YgLvFiQhWkIq6Bow== | .jq '.value') ... docker run -d database ... -env DB_PW=$DB_PW ... mysql:latest ``` - Using our dedicated [GitHub Actions integration](https://bitwarden.com/it-it/help/github-actions-integration/) to save the access token as a repository secret for use in your workflow files. ## Revoke an access token At any time, you can revoke an access token. **Revoking a token will break the ability of any machines currently using it to retrieve and decrypt secrets**. To revoke a token: 1. Select **Machine accounts**from the navigation, and open the **Access tokens**tab. 2. For the access token you want to revoke, use the (⋮ ) options menu to select **Revoke access token**: ![Revoke access token](https://bitwarden.com/assets/1rujDBqHJ6lYy26kqmTZw4/38b09b908992c91639a49012adbec93c/2024-12-03_13-40-17.png) --- URL: https://bitwarden.com/it-it/help/account-encryption-key/ --- # Encryption Key Rotation Each unique Bitwarden account has an encryption key which is used to encrypt all vault data. > [!NOTE] Rotating encryption key > **Rotating your encryption key is a potentially dangerous operation.** Please read this section thoroughly to understand the full ramifications of doing so. Rotating your account’s encryption key generates a new encryption key that is used to re-encrypt all vault data. You should consider rotating your encryption key if your account has been compromised in such a way that someone has obtained your encryption key. ## Before rotating Before rotating, you should take the following actions to protect against potential data loss or corruption. #### Re-create any account restricted exports If you are using Account restricted [encrypted exports](https://bitwarden.com/it-it/help/encrypted-export/) to store long-term secure backups, you should preemptively re-create the encrypted export of your vault data using the Password protected option Account restricted encrypted exports use your encryption key to encrypt **and decrypt** your vault data, meaning that a rotated encryption key will not be able to decrypt an export created with the "stale" (prior-to-rotation) key. Replacing your Account restricted export with a Password protected export ensures you'll be able, if you need to, to re-import your data after rotating your account encryption key. #### Log out of client applications Before you rotate an encryption key, we recommend you log out of any logged-in sessions on Bitwarden client applications (desktop app, browser extension, mobile app, and so on). Logging out of client applications in this way will prevent sessions from using the "stale" (prior-to-rotation) encryption key. After doing so, logging back in as normal will use the new encryption key. **Making changes in a session with a "stale" encryption key will cause data corruption that will make your data unrecoverable.** ## How to rotate an encryption key > [!NOTE] Backup prior to key rotation > Bitwarden recommends creating a backup of your items prior to rotating your account encryption key. Password protected `.json` exports are the recommended format for this scenario, however any format **except Account restricted** `.json` exports can be re-imported after your key is rotated. To learn more about vault exports and what items are included, see [Export Vault Data](https://bitwarden.com/it-it/help/export-your-data/). To rotate your account encryption key: 1. In the web app, navigate to**Settings** → **Security** → **Master password**: ![Master password settings](https://bitwarden.com/assets/2Svv0PwlH9i7SSK73dlv9A/e451afb190346e492110a7bf1bd3a518/Master_password_settings.png) *Master password settings* 2. Enter your **Current master password** and create/confirm a **New master password**. 3. Check the **Also rotate my account's encryption key** checkbox and accept the dialog. 4. Select **Change master password**. --- URL: https://bitwarden.com/it-it/help/account-recovery-enrollment/ --- # Set Up Account Recovery [Account recovery](https://bitwarden.com/it-it/help/account-recovery/) helps organization members regain access to their account. After the Enterprise policy is activated, members need to enroll in the program. Enrollment triggers the key exchange that makes account recovery secure. There are two ways for members to be enrolled: - [Automatic enrollment](https://bitwarden.com/it-it/help/account-recovery-enrollment/#automatic-enrollment/) is the quickest option, but only applies to members who join after the policy is turned on. - [Self-enrollment](https://bitwarden.com/it-it/help/account-recovery-enrollment/#self-enrollment/) allows members to manually enroll through the web app. ## Turn on Enterprise policy First, turn on the [Account recovery administration](https://bitwarden.com/it-it/help/policies/#account-recovery-administration/) policy. After it's activated, members must enroll in account recovery. ## Automatic enrollment When you turn on the **Account recovery administration** policy, you have the option to check **Automatically enroll new members in account recovery**. Turning on this setting will: - Enroll new members in account recovery automatically when they [enter an accepted status](https://bitwarden.com/it-it/help/managing-users/#accept/). - Prevent them from withdrawing from account recovery. > [!WARNING] Existing members need to self-enroll account recovery > Bitwarden recommends turning on automatic enrollment. However, automatic enrollment only applies to members who join **after** the policy was activated. If your organization already had members **before the policy was turned on**, those members must self-enroll to be eligible. If you automatically enroll members in account recovery, we recommend notifying them. Some organization members can choose to store personal credentials under their own ownership and should be made aware that account recovery could allow an administrator to access their personal items. ## Self-enrollment Members must opt in proactively if [automatic enrollment](https://bitwarden.com/it-it/help/account-recovery-enrollment/#automatic-enrollment/) is off or if they joined before it was turned on. To enroll in account recovery: 1. From the web app, select the ⋮ **Options icon** next to the organization in the Vaults view. 2. Select **Enroll in account recovery**: ![Enroll in account recovery](https://bitwarden.com/assets/4ape19S5L7lf0tAAEyInGR/87fadad707f8c7acb5894e94e758c6c3/2024-12-03_15-33-13.png) *Enroll in account recovery* 3. Enter your **Master password**. 4. Select **Submit**. 5. Select **Trust**. ### Withdraw enrollment Members of organizations that turned on the automatic enrollment policy **are not allowed to withdraw** from account recovery. Members of organizations that have not turned it on, however, can select **Withdraw** from the same menu used to enroll: ![Withdraw from account recovery](https://bitwarden.com/assets/4GR176lad9pre4sZN3rA35/642bdef55248fb84ddb24fc316875b11/2024-12-03_15-34-30.png) *Withdraw from account recovery* Manually changing your master password or [rotating an encryption key](https://bitwarden.com/it-it/help/account-encryption-key/) **will not** withdraw a member from account recovery. --- URL: https://bitwarden.com/it-it/help/account-recovery/ --- # About Account Recovery > [!NOTE] Account recovery plan availability > Account recovery is available for **Enterprise organizations** and is a more robust alternative to individually managed two-step login [recovery codes](https://bitwarden.com/it-it/help/two-step-recovery-code/). Losing a master password,[ two-step login method](https://bitwarden.com/it-it/help/setup-two-step-login/), or [trusted device](https://bitwarden.com/it-it/help/about-trusted-devices/) can lock a member out of their vault. Account recovery gives administrators the ability to reset member credentials and restore their access. Once [account recovery is set up](https://bitwarden.com/it-it/help/account-recovery-enrollment/) and members are enrolled, there are two steps to regain access to the account: 1. An [administrator](https://bitwarden.com/it-it/help/account-recovery/#who-can-recover-accounts/) resets the member's master password, two-step login method, or both. Bitwarden then sends a recovery link to the member's account email. 2. With the [emailed recovery link](https://bitwarden.com/it-it/help/my-account-was-recovered/), the member can then reset their master password and/or set up a new two-step login method. Account recovery only affects credentials configured within Bitwarden. It **does not bypass SSO** or any two-factor authentication configured with your IdP. If your organization [requires SSO authentication](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/), members will still be required to use these methods to access their account after recovery. > [!WARNING] Account recovery not related to deleted accounts > Account recovery does not restore deleted accounts. [Deleting an account](https://bitwarden.com/it-it/help/delete-member-accounts/) is permanent and cannot be undone. ## Who can recover accounts [Owners, admins, and permitted custom role members](https://bitwarden.com/it-it/help/user-types-access-control/) with the **Manage account recovery** permission can initiate account recovery. Who can reset whose master password or two-step login method depends on their role: - Any owner, admin, or member with a custom role that includes **Manage account recovery** can recover a user's or custom role member's account. - Only an admin or owner can recover an admin's account. - Only an owner can recover another owner's account. ## How it works When a member of the organization enrolls in account recovery, that user's [encryption key](https://bitwarden.com/it-it/help/account-encryption-key/) is encrypted with the organization's public key. The result is stored as the **Account Recovery Key**. When an recovery action is taken: 1. The organization private key is decrypted with the organization symmetric key. 2. The user's **Account Recovery Key** is decrypted with the decrypted organization private key, resulting in the users's [encryption key](https://bitwarden.com/it-it/help/account-encryption-key/). 3. The user’s encryption key is encrypted with a new master key and a new master password hash is seeded from the new master password, both the master key-encrypted encryption key and master password has replace pre-existing server-side values 4. The user's encryption key is encrypted with the organization's public key, replacing the previous **Account Recovery Key** with a new one. **At no point** will anyone, including the administrator who executes the reset, be able to see the old master password. ## Event logging [Events](https://bitwarden.com/it-it/help/event-logs/) are logged when: - A user enrolls in or withdraws from account recovery. - An administrator initiates account recovery by resetting the master password or removing two-step login methods. - A user updates their master password via account recovery. - A user saves a new two-step login. ## Next steps - Turn on the [Account recovery administration policy](https://bitwarden.com/it-it/help/policies/). - Instruct users to [enroll in account recovery](https://bitwarden.com/it-it/help/account-recovery-enrollment/) if they joined before the policy was turned on or if you didn't turn on automatic enrollment. - Learn how to [recover an account](https://bitwarden.com/it-it/help/recover-a-member-account/). --- URL: https://bitwarden.com/it-it/help/account-switching/ --- # Log In to Multiple Accounts Did you know that you can have **up to five** Bitwarden accounts logged-in at the same time with the Bitwarden browser extension, desktop app and mobile app? Using account switching, seamlessly switch between Bitwarden accounts such as personal and work accounts. ### Mobile To log in to a second (or third, or fourth, or fifth) account, select the currently logged-in account from the top menu bar and select + **Add Account**. ![Account switching on mobile](https://bitwarden.com/assets/56xAZhiS6wZqKktMlFwbVn/9af5d0ce782af44fc48ebfd8057ddc4c/2025-01-21_14-58-15.png) Selecting + **Add Account**will take you to the login screen: ![Log in on mobile](https://bitwarden.com/assets/112EwzW6sPKPGu65R8rKHc/679b2686d9b67e5ccb37a2ebf56ea062/2025-01-21_15-04-00.png) > [!TIP] Account Switching across Servers > If you have accounts on multiple servers, for example if an employer who self-hosts Bitwarden has issued you a [families organization sponsorship](https://bitwarden.com/it-it/help/families-for-enterprise/), use the **server selector drop down**that is located on the login screen and select the **Self-hosted** menu to change the **Server URL**to the URL for the account. > > > ![Desktop server selector](https://bitwarden.com/assets/1Bc4QseUed27nuuhbeD7WR/e5dbca7997cb8efe1ebbff001813354e/2026-01-28_09-16-56.png) > *Desktop server selector* > > In this example, your work account may use something such as `https://your.company.bitwarden.com` and your families organization account would use `https://vault.bitwarden.com`. Once you log in to your second account, you can quickly switch between them from the same menu, which will also show the current status of each account's vault (locked or unlocked). If you log out of one of these accounts, it will be removed from the list unless [session timeout](https://bitwarden.com/it-it/help/vault-timeout/) is set to log out. > [!NOTE] Account Switching Preferences/Options > Most vault actions, including adding new items or folders, syncing, and settings such as [session timeout](https://bitwarden.com/it-it/help/vault-timeout/) and unlock ([PIN](https://bitwarden.com/it-it/help/unlock-with-pin/) or [biometrics](https://bitwarden.com/it-it/help/biometrics/)) will only apply to the active account, which you can determine by the icon displayed in the top menu bar of the app. > > Some options such as [theme](https://bitwarden.com/it-it/help/change-theme/) are applied to all accounts. ## Auto-fill If you're using account switching, your mobile app will default to auto-fill credentials from the currently active account, however, you can switch from one account to the other during auto-fill ### Desktop To log in to a second (or third, or fourth, or fifth) account, select the currently logged-in account from the top-right of the desktop app and select + **Add Account:** ![Switch accounts on desktop](https://bitwarden.com/assets/7fpUmakpNIByzoWQa1cU8L/bd9e35756805bba8bd35bc43c7630aaf/2026-04-23_09-27-28.png) *Switch accounts on desktop* Selecting + **Add Account**will take you to the login screen: ![Log in on desktop](https://bitwarden.com/assets/6Dvz7SzKBp90RDcROWgBhW/2407b5d1399cc1b8d0780b31dcbd95ee/2026-04-23_09-29-54.png) *Log in on desktop* > [!TIP] Account Switching across Servers > If you have accounts on multiple servers, for example if an employer who self-hosts Bitwarden has issued you a [families organization sponsorship](https://bitwarden.com/it-it/help/families-for-enterprise/), use the **server selector drop down**that is located on the login screen and select the **Self-hosted** menu to change the **Server URL**to the URL for the account. > > > ![Desktop server selector](https://bitwarden.com/assets/1Bc4QseUed27nuuhbeD7WR/e5dbca7997cb8efe1ebbff001813354e/2026-01-28_09-16-56.png) > *Desktop server selector* > > In this example, your work account may use something such as `https://your.company.bitwarden.com` and your families organization account would use `https://vault.bitwarden.com`. Once you log in to your second account, you can quickly switch between them from the same menu, which will also show the current status of each account's vault (locked* *or unlocked). If you log out of one of these accounts, it will be removed from this list. > [!TIP] Account Switching > Most vault actions, including adding new items or folders, syncing, searching, and settings like [session timeout](https://bitwarden.com/it-it/help/vault-timeout/) and unlock ([PIN](https://bitwarden.com/it-it/help/unlock-with-pin/) or [Biometrics](https://bitwarden.com/it-it/help/biometrics/)) will only apply to the *active *account, which you can determine by the email displayed in the top-right of the app. > > Some **Preferences**, however, are set for **All Accounts**: > > > ![Desktop settings for all accounts](https://bitwarden.com/assets/4tZUuuDPHnHQh5RNihx0TB/e20745ac076e7274ec0652692159c4e1/2026-04-23_09-34-58.png) > *Desktop settings for all accounts* ### Browser extension To log in to a second (or third, or fourth, or fifth) account, select the currently logged-in account from the top menu bar: ![Cambio account nell'estensione del browser](https://bitwarden.com/assets/7xbbMZ89zcTHz6ee0cA1MK/8d8972a6b995b3fd7367f248c9c60d69/screenshot_3.png) Once you have selected the account icon, select + **Add account**from the account switching menu: ![Aggiungi account nell'estensione del browser](https://bitwarden.com/assets/343trVk3zLCF7Z12uA5wjO/ac2f56fc907372335f30d1dbf68116a1/screenshot_4.png) Once you log in to your second account, you can quickly switch between them from the same menu, which will also show the current status of each account's vault (locked* *or unlocked). If you log out of one of these accounts, it will be removed from this list. ## Auto-fill If you're using account switching, browser extension will default to auto-fill credentials from the currently active account. --- URL: https://bitwarden.com/it-it/help/add-a-trusted-device/ --- # Add a Trusted Device When you become a member of an organization, the device you log in with for the first time will automatically be registered as a trusted device. Once this occurs, all you'll need to do to log in to Bitwarden and decrypt your data is complete your company's established single sign-on flow. > [!TIP] TDE Remember Me? > Devices will be trusted by default when you log in on them. It is highly recommended that you uncheck the **Remember this device** option when logging in on a public or shared device. When you log into a new device however, you'll need to approve, or trust, that device. There are a few methods for doing so: - **Approve from another device**: If you're already logged into Bitwarden on another device, you can approve the new device from there: ### Mobile app To approve a request with the mobile app: 1. In the mobile app, navigate to **Settings** → **Account** **security**→ **Pending login requests**: ![Pending login requests on mobile](https://bitwarden.com/assets/1ZB3Pc8T0mlP96W3IZefrR/a22c8efe63a88941bad11a278b1d113d/2025-09-09_09-39-13.png) *Pending login requests on mobile* 2. Locate and tap the pending device request. 3. Verify that fingerprint phrase matches and select **Confirm access**: ![Approve a login on mobile](https://bitwarden.com/assets/6xeP36n7g2dbwLI9YWjNg4/2aa9fdc96e765e963ee07f38ad0b6c06/2025-09-09_09-39-44.png) *Approve a login on mobile* ### Browser extension To approve a request with the browser extension: 1. In the browser extension, wait for a device approval request to be received or navigate to **Settings**→ **Account** **security**→ **Devices**: ![Devices view on browser extensions](https://bitwarden.com/assets/6OZfQt2jDDqa9F0MaUdBUq/1460f0ec04c63ab55da1f5eaf37ca469/2025-09-09_09-49-23.png) *Devices view on browser extensions* 2. In the **Devices**view, locate and select the pending device request: ![Devices list on browser extensions](https://bitwarden.com/assets/64f1jZ30In2BbWDEUZVtxO/9de965d59fedca2bad4e325f4181f69a/2025-09-09_09-49-42.png) *Devices list on browser extensions* 3. Verify that fingerprint phrase matches and select **Confirm access**: ![Approve a device on browser extensions](https://bitwarden.com/assets/2LFY10MMpI9G0ZcojcXveg/0a891ec5fa8f6052e5804841e7ec7724/2025-09-09_09-48-55.png) *Approve a device on browser extensions* ### Web app To approve a request with the web app: > [!NOTE] Browser extensions & web app approval > When requesting approval for a login of the browser extension, the extension will wait for up to two minutes for approval even if you click out of or minimize the extension window in order to approve the request using the web app. 1. In the web app, select the **Review login request**link in the banner notification or navigate to **Settings** → **Security**→ **Devices**: ![Approval request on web](https://bitwarden.com/assets/1K9FeC1OVOwyu0T8DMiwOp/cc88b5f47f0f243f5a655e77086871c9/2025-12-31_11-10-23.png) *Approval request on web* 2. On the **Devices** tab, locate and select the pending device request: ![Device list on web app](https://bitwarden.com/assets/7GLmOwtReFuUD3uxPQ0LB8/ed5dbce83b2c428b9c2369270be1d959/2025-12-31_11-08-26.png) *Device list on web app* 3. Verify that fingerprint phrase matches and select **Confirm access**: ![Confirm access with web app](https://bitwarden.com/assets/6s6Hdn9L1EyeRfBsmOcfgX/f6a13a34fdc59f815f7e4d51e981af47/2025-12-31_11-08-37.png) *Confirm access with web app* ### Desktop app To approve a request with the desktop app: 1. In the desktop app, wait for a device approval request to be received: ![Approve on desktop](https://bitwarden.com/assets/5cpkevhyuiSg82yfopvmc1/916f1988e815f23d871bc56effbc1247/2026-05-28_14-05-19.png) *Approve on desktop* 2. Verify that fingerprint phrase matches and select **Confirm access**. - **Use master password**: If you are an admin or owner, or joined your organization before SSO with trusted devices was implemented, and therefore still have a master password associated with your account, you can enter it to approve the device. ![Request admin approval](https://bitwarden.com/assets/5IMJBQOrklcOuLVEpaR6gX/60ead8f10e34f7acd2467eaaa34ff93d/2025-06-16_15-22-15.png) - **Request admin approval**: You can send a device approval request to admins and owners within your organization for approval. You **must** be [enrolled in account recovery](https://bitwarden.com/it-it/help/account-recovery/#self-enroll-in-account-recovery/) to request admin approval, though you may have been [automatically enrolled](https://bitwarden.com/it-it/help/account-recovery/#automatic-enrollment/) when you joined the organization. In many cases, this will be the only option available to you ([learn more](https://bitwarden.com/it-it/help/approve-a-trusted-device/)). > [!TIP] If you used admin approval for TDE > If you use this option, you'll get an email informing you to continue logging in on the new device when you're approved. You must take action by logging in to the new device within 12 hours, or the approval will expire. Once the new device becomes trusted, all you'll need to do to log in to Bitwarden and decrypt your vault data is complete your company's established single sign-on flow. ## Adding your first trusted device The initial client used to access Bitwarden for users who were invited with Just in Time (JIT) provisioning using [login with SSO](https://bitwarden.com/it-it/help/about-sso/) will become their first trusted device. If the initial client accessed is the Bitwarden desktop or mobile app, this device can be used to approve additional devices. For the desktop or mobile app to become the first trusted device, the user should not use the organization invite link. Instead, open the mobile or desktop app and select the **Enterprise single sign-on** option to begin the JIT process. ## Remove a trusted device Devices will remain trusted until: - The application or extension is uninstalled. - The web browser's memory is cleared (web app only). ## Troubleshooting If you're having trouble establishing device trust: - On Chrome, check that **Allow sites to save data on your device** is turned on (**Settings** → **Privacy and security** → **Site settings** → **Additional content settings** → **On-device site data** → **Allow sites to save data on your device**). --- URL: https://bitwarden.com/it-it/help/add-rawmanifest-files/ --- # Add rawManifest Files The Bitwarden self-host Helm Chart allows you to include other Kubernetes manifest files either pre- or post-install. To do this, update the `rawManifests` section of the chart. The article contains some examples of how you might use rawManifests: ## Validate server certificate For example, to configure Bitwarden to validate your MSSQL database server's certificate: > [!NOTE] my-values.yaml value required > In this example, you would also need to set the value `caCertificate.enabled: true` in your `my-values.yaml` file. ```bash rawManifests: preInstall: - kind: ConfigMap apiVersion: v1 metadata: name: cacert data: rootca.crt: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- postInstall: ``` ## Traefik IngressRoute For example, to install Traefik's IngressRoute as an alternative to Kubernetes' Ingress controller, add the following: > [!NOTE] Add manifest example > In this example, you would also need to disable the ingress controller at `general.ingress.enabled`: within your `my-values.yaml` file. ```bash rawManifests: preInstall: [] postInstall: - apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: "bitwarden-self-host-middleware-stripprefix" spec: stripPrefix: prefixes: - /api - /attachments - /icons - /notifications - /events - /scim ##### NOTE: Admin, Identity, and SSO will not function correctly with path strip middleware - apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: "bitwarden-self-host-ingress" spec: entryPoints: - websecure routes: - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/`) services: - kind: Service name: bitwarden-self-host-web passHostHeader: true port: 5000 - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/api/`) services: - kind: Service name: bitwarden-self-host-api port: 5000 middlewares: - name: "bitwarden-self-host-middleware-stripprefix" - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/attachments/`) services: - kind: Service name: bitwarden-self-host-attachments port: 5000 middlewares: - name: "bitwarden-self-host-middleware-stripprefix" - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/icons/`) services: - kind: Service name: bitwarden-self-host-icons port: 5000 middlewares: - name: "bitwarden-self-host-middleware-stripprefix" - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/notifications/`) services: - kind: Service name: bitwarden-self-host-notifications port: 5000 middlewares: - name: "bitwarden-self-host-middleware-stripprefix" - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/events/`) services: - kind: Service name: bitwarden-self-host-events port: 5000 middlewares: - name: "bitwarden-self-host-middleware-stripprefix" - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/scim/`) services: - kind: Service name: bitwarden-self-host-scim port: 5000 middlewares: - name: "bitwarden-self-host-middleware-stripprefix" ##### NOTE: SSO will not function correctly with path strip middleware - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/sso/`) services: - kind: Service name: bitwarden-self-host-sso port: 5000 ##### NOTE: Identity will not function correctly with path strip middleware - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/identity/`) services: - kind: Service name: bitwarden-self-host-identity port: 5000 ##### NOTE: Admin will not function correctly with path strip middleware - kind: Rule match: Host(`REPLACEME.COM`) && PathPrefix(`/admin`) services: - kind: Service name: bitwarden-self-host-admin port: 5000 tls: certResolver: letsencrypt ``` ## --- URL: https://bitwarden.com/it-it/help/adfs-oidc-implementation/ --- # ADFS OIDC This article contains **Active Directory Federation Services (AD FS)-specific** help for configuring login with SSO via OpenID Connect (OIDC). For help configuring login with SSO for another OIDC IdP, or for configuring AD FS via SAML 2.0, see [OIDC Configuration](https://bitwarden.com/it-it/help/configure-sso-oidc/) or [ADFS SAML Implementation](https://bitwarden.com/it-it/help/saml-adfs/). Configuration involves working simultaneously within the Bitwarden web app and the AD FS Server Manager. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Open SSO in the web vault Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) Select **Settings** → **Single sign-on** from the navigation: ![OIDC configuration](https://bitwarden.com/assets/51wSToXTHHVmBCrLrE8T0E/85aa432ea19eadf0195317f4f233e973/2024-12-04_09-41-46.png) If you haven't already, create a unique **SSO identifier**for your organization. Otherwise, you don't need to edit anything on this screen yet, but keep it open for easy reference. > [!TIP] Self-hosting, use alternative Member Decryption Options. > There are alternative **Member decryption options**. Learn how to get started using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). ## Create an application group In Server Manager, navigate to **AD FS Management**and create a new application group: 1. In the console tree, select **Application Groups** and choose **Add Application Group**from the Actions list. 2. On the Welcome screen of the wizard, choose the **Server application accessing a web API**template. ![AD FS Add Application Group](https://bitwarden.com/assets/5X9h5j0BUUJ39NLtOqarjF/5948faaf2e497cc435b6da0f2e8ce610/adfs-oidc-1.png) 3. On the Server application screen: ![AD FS Server Application screen](https://bitwarden.com/assets/1e87bYOhKpJ4cWuvlgrRL8/46389fb08be2d247303a55d5e17196d4/adfs-oidc-2.png) - Give the server Application a **Name**. - Take note of the **Client Identifier**. You will need this value in a subsequent step. - Specify a **Redirect URI**. For cloud-hosted customers, this is `https://sso.bitwarden.com/oidc-signin` or `https://sso.bitwarden.eu/oidc-signin`. For self-hosted instances, this is determined by your configured Server URL, for example `https://your.domain.com/sso/oidc-signin`. 4. On the Configure Application Credentials screen, take note of the **Client Secret**. You will need this value in a subsequent step. 5. On the Configure Web API screen: ![AD FS Configure Web API screen](https://bitwarden.com/assets/28pMbK9dUI9ZIfcwDaf4Dw/b0572921f857956d3a61077de352c555/adfs-oidc-3.png) - Give the Web API a **Name**. - Add the **Client Identifier**and **Redirect URI**(see step 2B. & C.) to the Identifier list. 6. On the Apply Access Control Policy screen, set an appropriate Access Control Policy for the Application Group. 7. On the Configure application permissions screen, permit the scopes `allatclaims` and `openid`. ![AD FS Configure Application Permissions screen](https://bitwarden.com/assets/2PvGUtVgRfd0GLx1HG72Is/1e41e84f90fac6b20b4aaf93a9c38069/adfs-oidc-4.png) 8. Finish the Add Application Group Wizard. ## Add a transform claim rule In Server Manager, navigate to **AD FS Management** and edit the created application group: 1. In the console tree, select **Application Groups**. 2. In the Application Groups list, right-click the created application group and select **Properties**. 3. In the Applications section, choose the Web API and select **Edit...**. 4. Navigate to the **Issuance Transform Rules**tab and select the **Add Rule...**button. 5. On the Choose Rule Type screen, select **Send LDAP Attributes as Claims.** 6. On the Configure Claim Rule screen: ![AD FS Configure Claim Rule screen](https://bitwarden.com/assets/67MOJ621dRTvbkVR5gyW7e/044d2b61f1df83069f961d30639f29b3/adfs-oidc-5.png) - Give the rule a **Claim rule name**. - From the LDAP Attribute dropdown, select **E-Mail-Addresses.** - From the Outgoing Claim Type dropdown, select **E-Mail Address**. 7. Select**Finish.** ## Back to the web app At this point, you have configured everything you need within the contest of the AD FS Server Manager. Return to the Bitwarden web app to configure the following fields: | **Field** | **Description** | |------|------| | Authority | Enter the hostname of your AD FS Server with `/adfs `appended, for example `https://adfs.mybusiness.com/adfs`. | | Client ID | Enter the [retreived Client ID](https://bitwarden.com/it-it/help/adfs-oidc-implementation/#create-an-application-group/). | | Client Secret | Enter the [retrieved Client Secret](https://bitwarden.com/it-it/help/adfs-oidc-implementation/#create-an-application-group/). | | Metadata Address | Enter the specified **Authority**value with `/.well-known/openid-configuration `appended, for example `https://adfs.mybusiness.com/adfs/.well-known/openid-configuration`. | | OIDC Redirect Behavior | Select **Redirect GET**. | | Get claims from user info endpoint | Enable this option if you receive URL too long errors (HTTP 414), truncated URLS, and/or failures during SSO. | | Custom Scopes | Define custom scopes to be added to the request (comma-delimited). | | Customer User ID Claim Types | Define custom claim type keys for user identification (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Email Claim Types | Define custom claim type keys for users' email addresses (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Custom Name Claim Types | Define custom claim type keys for users' full names or display names (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Requested Authentication Context Class References values | Define Authentication Context Class Reference identifiers (`acr_values`) (space-delimited). List `acr_values `in preference-order. | | Expected "acr" Claim Value In Response | Define the `acr `Claim Value for Bitwarden to expect and validate in the response. | When you are done configuring these fields, **Save** your work. > [!TIP] Policies for SSO Guides > You can require users to log in with SSO by activating the [single sign-on authentication policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/). ## Test the configuration Once your configuration is complete, test it by navigating to [https://vault.bitwarden.com](https://vault.bitwarden.com), entering your email address, selecting **Continue**, and selecting the **Enterprise Single-On** button: ![Log in options screen](https://bitwarden.com/assets/3BdlHeogd42LEoG06qROyQ/c68021df4bf45d72e9d37b1fbf5a6040/login.png) Enter the[ configured Organization ID](https://bitwarden.com/it-it/help/configure-sso-oidc/#step-1-enabling-login-with-sso/) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the AD FS SSO login screen. After you authenticate with your AD FS credentials, enter your Bitwarden master password to decrypt your vault! > [!NOTE] SSO must be initiated from Bitwarden > Bitwarden does not support unsolicited responses, so initiating login from your IdP will result in an error. The SSO login flow must be initiated from Bitwarden. --- URL: https://bitwarden.com/it-it/help/admin-team-onboarding-emails/ --- # Admin Team Onboarding Emails This article includes the onboarding emails sent to new Bitwarden Enterprise and Teams admins and owners from **care@bitwarden.com**. Feel free to read them all at once below, or grab them and adapt them to your team's needs. ### Enterprise ### Onboarding overview > [!NOTE] Email - Program 1, Email 1, Enterprise > **Subject**: Your Bitwarden onboarding checklist > > **Body**: > > Hi *[name]*, > > Welcome to Bitwarden! > > In order to make sure you get the most out of your new password manager, you'll receive one email a day over the next week on how to set up Bitwarden. This way, you can quickly scale Bitwarden across your team. The emails will cover how to: > > - Invite your admin team > - Set your enterprise policies > - Import your data > - Create groups and collections > - Invite users > - Get employee buy in > - Become a Bitwarden power user > > In the meantime, feel free to review this [Bitwarden onboarding guide](https://bitwarden.com/it-it/help/onboarding-and-succession/) for additional support. > > Stay secure, > > *[Signature]* ### Invite your admin team > [!NOTE] Email - Program 1, Email 2, Enterprise & Teams > **Subject**: To do today: Invite your admin team > > **Body**: > > Hi *[name]*, > > Every all-star business needs an all-star admin team. Today, **invite at least one additional organization owner**to your Bitwarden account - this is essential for protective redundancy. Bitwarden recommends redundant owners and admins for every organization. > > Read more about inviting your admin team [here](https://bitwarden.com/it-it/help/get-started-administrator/#invite-your-admin-team/). > > Stay secure, > > *[Signature]* ### Set Enterprise policies > [!NOTE] Email - Program 1, Email 3, Enterprise > **Subject**: Pro-tip for Bitwarden admins and owners > > **Body**: > > Hi *[name]*, > > Today's onboarding tip is critical for getting your Bitwarden organization ready for more team members: **Set your Enterprise policies**. > > Enterprise policies allow Bitwarden Enterprise organizations to enforce security rules for all users, such as requiring two-step login. It's how Bitwarden admins and owners **set the right security foundations for their teams**, and build **a consistent deployment and user experience**for all team members. > > Some policies will remove non-compliant users from the organization when enabled, and some are not retroactively enforceable, so now is the time to nail down your organization's policies. > > Learn more about how policies work [here](https://bitwarden.com/it-it/help/policies/). > > Stay secure, > > *[Signature]* ### Import your data > [!NOTE] Email - Program 1, Email 4, Enterprise & Teams > **Subject**: Save time and hassle with Bitwarden's data import options > > **Body**: > > Hi *[name]*, > > Are your migrating to Bitwarden from another password manager? > > The next step in getting started with Bitwarden is to import your company's existing password data. Bitwarden supports many file types, including those from other password solutions, like LastPass and 1Password. > > Here's a [step-by-step guide](https://bitwarden.com/it-it/help/import-to-org/) for importing your organization's data into Bitwarden. > > Stay secure, > > *[Signature]* ### Groups & collections > [!NOTE] Email - Program 1, Email 5, Enterprise & Teams > **Subject**: How to organization your data in Bitwarden > > **Body**: > > Hi *[name]*, > > Now that you've added items to your vault, it's time to set up collections and groups to ensure that the *right* users have access to the *right* credentials. > > Organizing Bitwarden data with collections and groups will help you save time, automate permissions, and make items more discoverable. > > - Learn more about collections [here](https://bitwarden.com/it-it/help/about-collections/). > - Learn more about groups [here](https://bitwarden.com/it-it/help/about-groups/). > > Stay secure, > > *[Signature]* ### Invite your users > [!NOTE] Email - Program 1, Email 6, Enterprise > **Subject**: 2 ways to automate Bitwarden user provisioning > > **Body**: > > Hi *[name]*, > > Scalable success with Bitwarden comes from provisioning users smoothly and securely. Here are the top ways new admins and owners automate the process of getting employees on Bitwarden. > > **SSO** > > With Login with SSO, Enterprise organizations leverage their existing Identity Provider to authenticate users with Bitwarden using the SAML 2.0 or OpenID Connect (OIDC) protocols. [Learn about SSO](https://bitwarden.com/it-it/help/configure-sso-saml/). > > **SCIM** > > System for cross-domain identity management (SCIM) can be used to automatically provision members and groups in your Bitwarden organization. Bitwarden servers provide a SCIM endpoint that, with a valid SCIM API key, will accept requests from your Identity Provider (IdP) for user and group provisioning and de-provisioning. [Learn about SCIM](https://bitwarden.com/it-it/help/about-scim/). > > **Directory Connector** > > The Bitwarden Directory Connector app automatically provisions users, groups, and group associations in your Bitwarden organization by pulling from a selection of source directory services. Provisioned users will be issued invitations to join the organization. [Learn about Directory Connector](https://bitwarden.com/it-it/help/directory-sync/). > > Stay secure, > > *[Signature]* ### Employee buy-in tips > [!NOTE] Email - Program 1, Email 7, Enterprise & Teams > **Subject**: How to get your employees to use Bitwarden > > **Body**: > > Hi *[name]*, > > You likely want to drive the most employee adoption possible with your new password manager. We have some tips to help. > > Here's what Bitwarden recommends to get employees on board: > > 1. Appoint and implementation champion. > 2. Communicate the implementation plan to employees. > 3. Share this guide with employees your invite to Bitwarden: [Get started with Bitwarden](https://bitwarden.com/it-it/help/courses/password-manager-team-member/). You can also share [this video training series](https://bitwarden.com/it-it/learning/pm-101-getting-started-as-a-user/). > 4. Communicate the benefits of using a password manager (repeatedly). > 5. Sign up for complimentary, 1:1 Bitwarden training [here](https://bitwarden.com/it-it/http://bitwarden.com/training/). > > Read more about the steps above in this blog post: [How to Gain Employee Buy-in for Your New Password Manager](https://bitwarden.com/it-it/blog/user-adoption-for-company-password-manager/). > > Stay secure, > > *[Signature]* ### Conclusion > [!NOTE] Email - Program 1, Email 8, Enterprise & Teams > **Subject**: What's next with Bitwarden > > **Body**: > > Hi *[name]*, > > This is the end of the onboarding email series - but it's just the beginning of your journey with Bitwarden! Here are some ways to keep learning about Bitwarden: > > **Bitwarden Courses** > > Check out [Courses](https://bitwarden.com/it-it/help/courses/), which compiles videos, presentations, and guides on key security and Bitwarden topics. > > **The Community Forum** > > In addition to the priority support you receive as a Bitwarden client, you are now part of a thriving security community: [The Bitwarden Community Forum](https://community.bitwarden.com/). Join the conversation and even suggest your own feature requests for voting and discussion! > > **Contact Customer Support** > > Feel free to reach out to our Customer Support team at any time for technical, billing, and product questions: [Contact Support](https://bitwarden.com/it-it/help/). > > Stay secure, > > *[Signature]* ### Teams ### Onboarding overview > [!NOTE] Email - Program 1, Email 1, Teams > **Subject**: Your Bitwarden onboarding checklist > > **Body**: > > Hi *[name],* > > Welcome to Bitwarden! > > In order to make sure you get the most out of your new password manager, you'll receive one email a day over the next week on how to set up Bitwarden. This way, you can quickly scale Bitwarden across your team. The emails will cover how to: > > - Invite your admin team > - Import your data > - Create groups and collections > - Invite users > - Get employee buy-in > - Become a Bitwarden power user > > In the meantime, feel free to review this [Bitwarden onboarding guide](https://bitwarden.com/it-it/help/onboarding-and-succession/) for additional support. > > Stay secure, > > *[Signature]* ### Invite your admin team > [!NOTE] Email - Program 1, Email 2, Enterprise & Teams > **Subject**: To do today: Invite your admin team > > **Body**: > > Hi *[name]*, > > Every all-star business needs an all-star admin team. Today, **invite at least one additional organization owner**to your Bitwarden account - this is essential for protective redundancy. Bitwarden recommends redundant owners and admins for every organization. > > Read more about inviting your admin team [here](https://bitwarden.com/it-it/help/get-started-administrator/#invite-your-admin-team/). > > Stay secure, > > *[Signature]* ### Import your data > [!NOTE] Email - Program 1, Email 4, Enterprise & Teams > **Subject**: Save time and hassle with Bitwarden's data import options > > **Body**: > > Hi *[name]*, > > Are your migrating to Bitwarden from another password manager? > > The next step in getting started with Bitwarden is to import your company's existing password data. Bitwarden supports many file types, including those from other password solutions, like LastPass and 1Password. > > Here's a [step-by-step guide](https://bitwarden.com/it-it/help/import-to-org/) for importing your organization's data into Bitwarden. > > Stay secure, > > *[Signature]* ### Groups & collections > [!NOTE] Email - Program 1, Email 5, Enterprise & Teams > **Subject**: How to organization your data in Bitwarden > > **Body**: > > Hi *[name]*, > > Now that you've added items to your vault, it's time to set up collections and groups to ensure that the *right* users have access to the *right* credentials. > > Organizing Bitwarden data with collections and groups will help you save time, automate permissions, and make items more discoverable. > > - Learn more about collections [here](https://bitwarden.com/it-it/help/about-collections/). > - Learn more about groups [here](https://bitwarden.com/it-it/help/about-groups/). > > Stay secure, > > *[Signature]* ### Invite your users > [!NOTE] Email - Program 1, Email 6, Teams > **Subject**: Top tips for inviting users to Bitwarden > > **Body**: > > Hi *[name]*, > > Scalable success with Bitwarden comes from provisioning users smoothly and securely. If you haven't done so already, you'll want to research the options for inviting users to Bitwarden, and select what makes the most sense for company. > > **Standard Invites** > > You can manually invite users through the web app. [Learn about standard invites](https://bitwarden.com/it-it/help/managing-users/#add-new-members/). > > **Directory Connector** > > The Bitwarden Directory Connector application automatically provisions users, groups, and group associations in your Bitwarden organization by pulling from a selection of source directory services. Provisioned users will be issued invitations to join the organization, and can then complete the normal onboarding procedure. [Learn about Directory Connector](https://bitwarden.com/it-it/help/directory-sync/). > > Stay secure, > > *[Signature]* ### Employee buy-in tips > [!NOTE] Email - Program 1, Email 7, Enterprise & Teams > **Subject**: How to get your employees to use Bitwarden > > **Body**: > > Hi *[name]*, > > You likely want to drive the most employee adoption possible with your new password manager. We have some tips to help. > > Here's what Bitwarden recommends to get employees on board: > > 1. Appoint and implementation champion. > 2. Communicate the implementation plan to employees. > 3. Share this guide with employees your invite to Bitwarden: [Get started with Bitwarden](https://bitwarden.com/it-it/help/courses/password-manager-team-member/). You can also share [this video training series](https://bitwarden.com/it-it/learning/pm-101-getting-started-as-a-user/). > 4. Communicate the benefits of using a password manager (repeatedly). > 5. Sign up for complimentary, 1:1 Bitwarden training [here](https://bitwarden.com/it-it/http://bitwarden.com/training/). > > Read more about the steps above in this blog post: [How to Gain Employee Buy-in for Your New Password Manager](https://bitwarden.com/it-it/blog/user-adoption-for-company-password-manager/). > > Stay secure, > > *[Signature]* ### Conclusion > [!NOTE] Email - Program 1, Email 8, Enterprise & Teams > **Subject**: What's next with Bitwarden > > **Body**: > > Hi *[name]*, > > This is the end of the onboarding email series - but it's just the beginning of your journey with Bitwarden! Here are some ways to keep learning about Bitwarden: > > **Bitwarden Courses** > > Check out [Courses](https://bitwarden.com/it-it/help/courses/), which compiles videos, presentations, and guides on key security and Bitwarden topics. > > **The Community Forum** > > In addition to the priority support you receive as a Bitwarden client, you are now part of a thriving security community: [The Bitwarden Community Forum](https://community.bitwarden.com/). Join the conversation and even suggest your own feature requests for voting and discussion! > > **Contact Customer Support** > > Feel free to reach out to our Customer Support team at any time for technical, billing, and product questions: [Contact Support](https://bitwarden.com/it-it/help/). > > Stay secure, > > *[Signature]* --- URL: https://bitwarden.com/it-it/help/administrative-data/ --- # Administrative Data Users provide personal information in connection with your account creation, usage of the Bitwarden service and support, and payments for the Bitwarden service. Bitwarden uses administrative data to provide the Bitwarden service to you. We retain administrative data for as long as you are a customer of Bitwarden and as required by law. If you terminate your relationship with Bitwarden, we will delete your personal information in accordance with our data retention policies. > [!NOTE] Privacy policy > We encourage you to review our [Privacy Policy](https://bitwarden.com/it-it/privacy/) for more information. For Individual, Premium, and Families accounts, Bitwarden **does not log**specific information regarding authentication attempts (successful or otherwise) or use of Bitwarden products. For members of Teams and Enterprise organizations, such information, including IP addresses, is logged for access by admins and owners in [event logs](https://bitwarden.com/it-it/help/event-logs/). As described above, Bitwarden does access some data to provide the Bitwarden service to you, including: #### Personal information - Account email address (used for email verification, account administration, and communication between you and Bitwarden). - Whether email address is verified. - Name (only if provided during account creation). - A **Bitwarden-generated** device-specific GUID (sometimes referred to as a device ID, and used to alert you when a new device logs into your vault.) #### Billing / Subscription - Premium subscription status and renewal date. - Billing history. - Last four digits of payment method on file, type of card, and expiration date. - Any existing account credit. #### Organization information - Organization name. - Organization business name (when applicable). - Organization type and plan information, including: - Features available to the organization. - Renewal cadence. - Number of seats. - Organization billing email address. - Email addresses of organization owners and admins. --- URL: https://bitwarden.com/it-it/help/adoption-checklist/ --- # Adoption checklist Use this checklist to help drive adoption, ensuring ongoing engagement of Bitwarden beyond initial implementation. ## Awareness and communication **Drive ongoing visibility and awareness of Bitwarden value** - Send Bitwarden monthly/quarterly newsletters with tips, reminders, and updates - Use email, intranet, or collaboration platforms - Plan regular communication about Bitwarden and password security - Conduct periodic awareness campaigns on password security best practices via email, posters, intranet, or videos - Highlight risks of password reuse and weak passwords - Encourage C-suite leaders to promote use of Bitwarden to their direct reports or in larger-audience newsletters **Support links:** - [Customer activation kit](https://bitwarden.com/it-it/help/customer-activation-kit/) - [Bitwarden posters](https://bitwarden.com/it-it/resources/bitwarden-posters/) - [Bitwarden brand materials](https://bitwarden.com/it-it/brand/) - [Onboarding email templates](https://bitwarden.com/it-it/help/customer-success-hub/) ## Training and enablement **Equip users with the knowledge they need to succeed** - Conduct Bitwarden-led training for all users - Schedule in-person/virtual sessions with Bitwarden training team - Different sessions across roles and departments - Leverage Bitwarden training materials and FAQs with solutions - Host user guides and training materials on internal knowledge base or shared repositories **Support links:** - [Disabling browser autofill](https://bitwarden.com/it-it/help/disable-browser-autofill/) - [Import data from Chome or Edge](https://bitwarden.com/it-it/help/import-from-chrome/) ## Support and engagement **Ensure users are supported and feel empowered throughout their journey** - Offer ongoing support channels for users (support email, chat, or office hours) - Ensure clear access for questions/assistance - Identify and empower Bitwarden champions within teams or departments - Provide these individuals with extra training and resources - Encourage sharing experiences and helping colleagues - Design user adoption incentives and success metrics **Support links:** - [Identifying your Bitwarden Champion](https://bitwarden.com/it-it/blog/deployment-strategies-for-password-managers/#champion-opt-in-first/) ## Advocacy and success stories **Build internal momentum and trust through proven impact** - Highlight success stories and benefits for all users - Share examples of improved security and workflows **Support links:** - [Bitwarden case studies](https://bitwarden.com/it-it/case-studies/) ## Adoption monitoring and user feedback **Track progress and gather feedback to refine your strategy** - Track the number of active Bitwarden users in the organization - Use admin console to monitor active user logins - Track over time to assess adoption strategies - Monitor and track feedback on key features (autofill, password saving, password sharing) - Check indicators of usage such as stored credentials in organization vaults - Conduct periodic user experience surveys - Identify roadblocks and suggestions for improvement **Support links:** - [Member access reports](https://bitwarden.com/it-it/help/reports/#member-access/) ## Troubleshooting and continuous improvement **Address common challenges and iterate on user experience** - Monitor support requests for recurring issues (eg. vault confusion, extension issues) - Identify common challenges users face during onboarding and usage - Leverage Bitwarden training materials and FAQs Support links: - [Member access reports](https://bitwarden.com/it-it/help/reports/#member-access/) ## Strategic security alignment **Position Bitwarden as a key pillar in your security strategy** - Emphasize Bitwarden in improving organizational security posture - Explain how Bitwarden reduces breach risks, aids compliance, and promotes safe practices - Position as key security strategy component - Highlight value beyond password management (Bitwarden Send, storing sensitive information such as credit cards, identities, notes, and more) - Quantify Bitwarden security gains - Use testimonials from early adoptors --- URL: https://bitwarden.com/it-it/help/ansible-integration/ --- # Ansible Bitwarden offers an integration with Ansible to retrieve secrets from Secrets Manager and inject them into your Ansible playbook. The lookup plugin will inject retrieved secrets as masked environment variables inside an Ansible playbook. To setup the collection: ## Requirements - We recommend installing Python packages in a [Python virtual environment](https://python.land/virtual-environments/virtualenv). - Current version of Ansible installed on your system. - Bitwarden Secrets Manager with an [active machine account](https://bitwarden.com/it-it/help/secrets-manager-quick-start/#add-a-service-account/). Prior to setting up the Ansible collection, we recommend that you also open Secrets Manager to access your access token and any secrets you wish to include in the setup. ## Install the Bitwarden Ansible collection The following guide is a setup example for the Bitwarden collection using a Linux machine. 1. Install the Bitwarden SDK: ```bash pip install bitwarden-sdk ``` 2. Install bitwarden.secrets collection: ```bash ansible-galaxy collection install bitwarden.secrets ``` Now that the Ansible collection has been installed, we can begin calling Bitwarden secrets from an Ansible playbook with `bitwarden.secrets.lookup`. The following section will include examples to demonstrate this process. > [!NOTE] Mac OS ansible > macOS users may need to set the following environment variable in shell in order to avoid [Ansible issues upstream](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#running-on-macos-as-a-control-node). > > - `export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES ` ## Fetch Bitwarden secrets To fetch secrets from Secrets Manager in your playbook, there are two methods: ### Save access token as environment variable. Using the Secrets Manager, we can securely set our access token as an environment variable in the shell and use the playbook to retrieve the secret. To [authenticate the access token](https://bitwarden.com/it-it/help/developer-quick-start/#authenticate/): 1. In the shell, run the following command to set your access token environment variable: ```bash export BWS_ACCESS_TOKEN= ``` 2. Now that the environment variable has been set, we can use the lookup plugin to populate variables in our playbook. For example: ```bash vars: database_password: "{{ lookup('bitwarden.secrets.lookup', '') }}" ``` > [!NOTE] Secure env variable in playbook > By setting `BWS_ACCESS_TOKEN` as an environment variable, the access token can be referenced without including the raw access token value in the playbook. ### Supply access token in playbook The Secrets Manager access token can also be referenced within the playbook itself. This method would not require you to use the `BWS_ACCESS_TOKEN` environment variable in your shell, however, the access token value will be stored in the playbook itself. 1. Access tokens may be included in the playbook with the following example: ```bash vars: password_with_a_different_access_token: "{{ lookup('bitwarden.secrets.lookup', '', access_token='') }}" ``` Using this method, multiple access tokens may be referenced in a single playbook. ## Retrieve secret from different server Bitwarden self-hosted users can retrieve secrets from their Bitwarden server by including the `base_url,` `api_url` and `identity_url`: ```bash vars: secret_from_other_server: "{{ lookup('bitwarden.secrets.lookup', '', base_url='https://bitwarden.example.com' ) }}" secret_advanced: >- {{ lookup('bitwarden.secrets.lookup', '', api_url='https://bitwarden.example.com/api', identity_url='https://bitwarden.example.com/identity' ) }} ``` ## Example playbook The following is an example of a playbook file with several configuration options. ```bash --- - name: Using secrets from Bitwarden vars: bws_access_token: "{{ lookup('env', 'CUSTOM_ACCESS_TOKEN_VAR') }}" state_file_dir: "{{ '~/.config/bitwarden-sm' | expanduser }}" secret_id: "9165d7a8-2c22-476e-8add-b0d50162c5cc" secret: "{{ lookup('bitwarden.secrets.lookup', secret_id) }}" secret_with_field: "{{ lookup('bitwarden.secrets.lookup', secret_id, field='note' ) }}" secret_with_access_token: "{{ lookup('bitwarden.secrets.lookup', secret_id, access_token=bws_access_token ) }}" secret_with_state_file: "{{ lookup('bitwarden.secrets.lookup', secret_id, state_file_dir=state_file_dir ) }}" tasks: - name: Use the secret in a task include_tasks: tasks/add_db_user.yml # reference the secrets with "{{ secret }}", "{{ secret_with_field }}", etc. ``` > [!NOTE] Multiple CUSTOM_ACCESS_TOKEN > In the example above the `CUSTOM_ACCESS_TOKEN_VAR `demonstrates that you may include multiple, different access tokens. These do not have to be hard carded and can be supplied securely to your playbook. | Variable | Additional information | |------|------| | `bws_access_token` | Lookup access token `env` variable. | | `state_file_dir` | A directory where your authentication state can be cached. | | `secret_id` | ID of the secret you wish to lookup. | | `secret` | Lookup a secret value and store it as a variable named `"secret"`. | | `secret_with_field` | Lookup a secret with additional field output. In this example, the lookup will return the secret's `'note'` value. | | `secret_with_access_token` | Lookup a secret with the access token value included in the request. | | `secret_with_state_file` | Lookup a secret with the pre configured state file included in the request. | ## Additional requests and fields In addition to the `secret_id`, several fields can be included in the `bitwarden.secrets.lookup`. A The following JSON object includes all of the fields that can be referenced in the playbook lookup: ```bash { "id": "be8e0ad8-d545-4017-a55a-b02f014d4158", "organizationId": "10e8cbfa-7bd2-4361-bd6f-b02e013f9c41", "projectId": "e325ea69-a3ab-4dff-836f-b02e013fe530", "key": "SES_KEY", "value": "0.982492bc-7f37-4475-9e60", "note": "", "creationDate": "2023-06-28T20:13:20.643567Z", "revisionDate": "2023-06-28T20:13:20.643567Z" } ``` To retrieve additional fields such as `"note"`, the following command can be added to the playbook: ```bash vars: database_password: "{{ lookup('bitwarden.secrets.lookup', '0037ed90-efbb-4d59-a798-b103012487a0', field='note') }}" ``` --- URL: https://bitwarden.com/it-it/help/app-settings/ --- # Client App Settings The following sections list the settings available to Bitwarden Password Manager apps: ## Browser extension ### Account security - **Unlock options**: - **Unlock with biometrics**: Set up [biometric unlock](https://bitwarden.com/it-it/help/biometrics/). - **Ask for biometrics on launch**: Allow Bitwarden to be unlocked with a biometric on first launch. - **Unlock with PIN**: Set up [PIN unlock](https://bitwarden.com/it-it/help/unlock-with-pin/). - **Require master password on browser restart**: Require Bitwarden to be unlocked with a master password on first launch. - **Vault timeout**: - **Timeout**: Set how long Bitwarden can be active [before timing out.](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout/) - **Timeout action**: Set what Bitwarden will do [when it times out](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout-action/). - **Manage devices**: Approve login requests using [another device](https://bitwarden.com/it-it/help/log-in-with-device/) or a [trusted device](https://bitwarden.com/it-it/help/add-a-trusted-device/). - **Other options**: - **Fingerprint phrase**: View your account's [fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/). - **Two-step login**: Open the web app to set up [two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/). - **Change master password**: Open the web app to [change your master password](https://bitwarden.com/it-it/help/master-password/#change-master-password/). ### Autofill - **Autofill suggestions**: - **Show autofill suggestions on form fields**: Activate an [inline autofill menu](https://bitwarden.com/it-it/help/auto-fill-browser/#inline-menu/). - **Display identities as suggestions**: [Include identities](https://bitwarden.com/it-it/help/auto-fill-card-id/) in the inline autofill menu. - **Display cards as suggestions**: [Include cards](https://bitwarden.com/it-it/help/auto-fill-card-id/) in the inline autofill menu. - **Display suggestions when icon is selected**: Click the inline icon to activate the autofill menu, rather than only focusing on the field to fill. - **Make Bitwarden your default password manager**: (Chrome only) [Deactivate your browsers's built-in password manager](https://bitwarden.com/it-it/help/disable-browser-autofill/) and make Bitwarden your default. - **Always show cards as Autofill suggestions on Vault view**: Show all cards in the Autofill suggestions section of the Vaults view. - **Always show identities as Autofill suggestions on Vaults view**: Show all identities in the Autofill suggestions section of the Vaults view. - **Autofill shortcut**: - **Manage shortcuts**: Set up custom keyboard shortcuts for Bitwarden. - **Autofill on page load**: - **Autofill on page load**: Activate [autofill on page load](https://bitwarden.com/it-it/help/auto-fill-browser/#on-page-load/). - **Default autofill setting for login items**: Set a default for whether items can [autofill on page load](https://bitwarden.com/it-it/help/auto-fill-browser/#on-page-load/). This default can be overridden on an item-by-item basis. - **Additional options**: - **Show context menu options**: Allow Bitwarden options to be access [through the context menu](https://bitwarden.com/it-it/help/auto-fill-browser/#context-menu/) (typically, using a right-click). - **Copy TOTP automatically**: [Copy a TOTP to the clipboard automatically](https://bitwarden.com/it-it/help/auto-fill-browser/#totp-autofill/) when credentials are used for autofill. - **Clear clipboard**: Set when to clear values copied from Bitwarden from your clipboard. - **Default URL match detection**: Set a default for [how Bitwarden identifies autofill suggestions](https://bitwarden.com/it-it/help/uri-match-detection/). - **Blocked domains**: Set a list of domains to [prohibit Bitwarden from using autofill](https://bitwarden.com/it-it/help/blocking-uris/) for. ### Notifications - **Save to vault options**: - **Ask to save and use passkeys**: [Allow Bitwarden to create and autofill passkeys](https://bitwarden.com/it-it/help/storing-passkeys/) for websites or services that support it. - **Ask to add login**: Allow Bitwarden to [prompt you to add an item](https://bitwarden.com/it-it/help/autosave-from-browser-extensions/#ask-to-add-login/) when you log in with credentials that aren't stored in Bitwarden. - **Ask to update existing login**: Allow Bitwarden to [prompt you to update an item](https://bitwarden.com/it-it/help/autosave-from-browser-extensions/#ask-to-update-existing-login/) when used credentials don't match what is stored in Bitwarden. - **Excluded domains**: Set a list of domains to prohibit add or update prompts for. ### Vault options - **Folders**: Add or edit [folders](https://bitwarden.com/it-it/help/folders/). - **Import items**: Import data [to your vault](https://bitwarden.com/it-it/help/import-data/) or [to an organization](https://bitwarden.com/it-it/help/import-to-org/). - **Export vault**: Export data [from your vault](https://bitwarden.com/it-it/help/export-your-data/) or [from your organization](https://bitwarden.com/it-it/help/export-organization-items/). - **Trash**: View items that were [recently deleted](https://bitwarden.com/it-it/help/managing-items/#delete/). - **Sync vault now**: Manually trigger a [vault sync](https://bitwarden.com/it-it/help/vault-sync/). ### Appearance - **Theme**: Switch between light mode, dark mode, or align Bitwarden with your system default. - **Extension width**: Switch between the default width, wide, or extra wide of the extension window. - **Compact mode (beta)**: Condense the amount of whitespace between elements in the extension. - **Show number of login autofill suggestions on extension icon**: Show the number of available autofill suggestions for the page you're overlayed on top of the extension icon. - **Show animations**: Show animations, for example a slide effect when you change views, while you're using the browser extension. - **Vault customization** - **Show website icons and retrieve change password URLs**: Allow Bitwarden to fetch [website icons](https://bitwarden.com/it-it/help/website-icons/) and [change password URLs](https://bitwarden.com/it-it/help/change-at-risk-passwords/) for credentials stored in your vault. - **Show quick copy actions on Vault**: Display [buttons for copying a username or password](https://bitwarden.com/it-it/help/auto-fill-browser/#copy-credentials/) for each item in the Vaults view. ## Mobile ### Account security - **Approve login requests**: - **Pending login requests**: Approve login requests using [another device](https://bitwarden.com/it-it/help/log-in-with-device/) or a [trusted device](https://bitwarden.com/it-it/help/add-a-trusted-device/). - **Unlock options**: - **Unlock with Biometrics/Face ID/Touch ID:**Set up [biometric unlock](https://bitwarden.com/it-it/help/biometrics/). - **Unlock with PIN code**: Set up [PIN unlock](https://bitwarden.com/it-it/help/unlock-with-pin/). - **Require master password on app restart**: Require Bitwarden to be unlocked with a master password on first launch. - **Authenticator sync**: - **Allow authenticator syncing**: Allow Bitwarden Password Manager to [sync authentication codes to Bitwarden Authenticator](https://bitwarden.com/it-it/help/totp-sync/). - **Session timeout**: - **Session timeout**: Set how long Bitwarden can be active [before timing out.](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout/) - **Session timeout action**: Set what Bitwarden will do [when it times out](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout-action/). - **Other**: - **Account fingerprint phrase**: View your account's [fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/). - **Two-step login**: Open the web app to set up [two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/). - **Change master password**: Open the web app to [change your master password](https://bitwarden.com/it-it/help/master-password/#change-master-password/). ### Autofill (Android) - **Autofill services**: Allow Bitwarden to [use your saved login information to sign in](https://bitwarden.com/it-it/help/auto-fill-android/) to apps and websites on your device. This will require you to choose Bitwarden as your preferred service in a subsequent window. - **Display autofill suggestions**: Choose whether autofill suggestions will be displayed in the keyboard ([Inline](https://bitwarden.com/it-it/help/auto-fill-android/#inline/)) or over the input field ([Popup](https://bitwarden.com/it-it/help/auto-fill-android/#popup/)). - **Passkey management**: Open Android app settings to [designate Bitwarden as your preferred passkey provider](https://bitwarden.com/it-it/help/auto-fill-android/#use-passkeys/). - **Privileged apps**: Learn more about how Bitwarden protects you from phishing when using passkeys. - **Use accessibility**: Allow autofill to be available as a [Quick-action tile in the Accessibility menu](https://bitwarden.com/it-it/help/auto-fill-android/#quick-action-tiles/). This will require you to turn accessibility on for Bitwarden in a subsequent window. - **Copy TOTP automatically**: Copy a [TOTP](https://bitwarden.com/it-it/help/integrated-authenticator/) to the clipboard automatically when credentials are used for autofill. - **Ask to add item**: Allow Bitwarden to prompt you to save an item when you log in with credentials that aren't saved in your vault. - **Default URI match detection**: Set a default for [how Bitwarden identifies autofill suggestions](https://bitwarden.com/it-it/help/uri-match-detection/). - **Block autofill**: Set a list of domains to [prohibit Bitwarden from using autofill](https://bitwarden.com/it-it/help/blocking-uris/) for. ### Autofill (iOS) - **Autofill**: - **Password autofill**: Learn how to set up [autofill](https://bitwarden.com/it-it/help/auto-fill-ios/) and tap **Continue** to proceed to the iOS menu where you'll need to do so. - **App extension**: Learn about the Safari app extension and tap **Activate app extension** to turn it on. - **Additional options**: - **Copy TOTP automatically**: Copy a [TOTP](https://bitwarden.com/it-it/help/integrated-authenticator/) to the clipboard automatically when credentials are used for autofill. - **Default URI match detection**: Set a default for [how Bitwarden identifies autofill suggestions](https://bitwarden.com/it-it/help/uri-match-detection/). ### Vault - **Folders**: Add or edit [folders](https://bitwarden.com/it-it/help/folders/). - **Export vault**: Export data [from your vault](https://bitwarden.com/it-it/help/export-your-data/) or [from your organization](https://bitwarden.com/it-it/help/export-organization-items/). - **Import items**: Open the web app to import data [to your vault](https://bitwarden.com/it-it/help/import-data/) or [to an organization](https://bitwarden.com/it-it/help/import-to-org/). ### Appearance - **Language**: Choose the language used by the Bitwarden mobile app. - **Theme**: Switch between light mode, dark mode, or align Bitwarden with your system default. - **Use dynamic colors**: (Android-only) Apply a color scheme to Bitwarden based on your wallpaper. - **Show website icons**: Allow Bitwarden to fetch [website icons](https://bitwarden.com/it-it/help/website-icons/) for credentials stored in your vault. ### Other - **Allow sync on refresh**: Allow a pull-down gesture to be used to [sync your vault](https://bitwarden.com/it-it/help/vault-sync/). - **Clear clipboard**: Set when to clear values copied from Bitwarden from your clipboard. - **Allow Universal Clipboard**: (iOS-only) Allow data copied from the Bitwarden mobile app to be pasted on other devices signed in with the same Apple ID. - **Allow screen capture**: (Android-only) Allow the Bitwarden mobile app to be in screenshots and screen sharing. - **Connect to watch**: (iOS-only) [Connect Bitwarden to your Apple Watch](https://bitwarden.com/it-it/help/apple-watch-totp/) for easy access to TOTPs. - **Siri & Shortcuts access**: (iOS-only) Allow Bitwarden to respond to Siri and Shortcuts using App Intents. ## Desktop ### Account security - **Vault timeout**: - **Timeout**: Set how long Bitwarden can be active [before timing out.](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout/) - **Timeout action**: Set what Bitwarden will do [when it times out](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout-action/). - **Unlock with PIN**: Set up [PIN unlock](https://bitwarden.com/it-it/help/unlock-with-pin/). - **Lock with master password on restart**: Require the Bitwarden desktop app to be unlocked with a master password on first launch. - **Unlock with system authentication**: (Linux-only) Set up [biometric unlock](https://bitwarden.com/it-it/help/biometrics/). - **Unlock with Touch ID**: (macOS-only) Set up [biometric unlock](https://bitwarden.com/it-it/help/biometrics/). - **Ask for Touch ID on app restart**: (macOS-only) Automatically prompt for a biometric on first launch. - **Unlock with Windows Hello**: (Windows-only) Set up [biometric unlock](https://bitwarden.com/it-it/help/biometrics/). - **Require master password or PIN on app restart**: (Windows-only) Require the Bitwarden desktop app to be unlocked with a master password or PIN on first launch. ### Preferences - **Clear clipboard**: Set when to clear values copied from Bitwarden from your clipboard. - **Minimize when copying to clipboard**: Automatically minimize Bitwarden when you copy an item's data to the clipboard. - **Show website icons and retrieve change password URLs**: Allow Bitwarden to fetch [website icons](https://bitwarden.com/it-it/help/website-icons/) and [change password URLs](https://bitwarden.com/it-it/help/change-at-risk-passwords/) for credentials stored in your vault. ### App settings (Linux) Unlike **Security** and **Preferences**settings, these settings apply to all accounts you use the desktop app with: > [!TIP] Tray vs. Dash on Linux. > On Windows, the **system tray**is the strip of shortcuts located at the bottom-right of the screen. The **dash** is the strip of frequently-used and open apps typically located at the left of the screen. - **Show tray icon**: Always show the Bitwarden desktop app icon in the system tray. - **Close to tray icon**: When closing the window, show an icon in the system tray instead of nowhere. - **Start to tray icon**: When the Bitwarden desktop app is first started, show an icon in the system tray instead of opening the window. - **Start automatically on login**: Start the Bitwarden desktop app automatically when you log in to your computer. - **Allow browser integration**: (non-Safari) Allow Bitwarden browser extensions to [integrate with the desktop app](https://bitwarden.com/it-it/help/biometrics/#set-up-biometrics-for-browser-extension/) for biometric unlock. On Safari, integration is available without activating this option. - **Require verification for browser integration**: Require [fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/) confirmation when establishing the integration between Bitwarden desktop app and browser extension. - **Use hardware acceleration**: Turn this option off if you experience graphical or performance issues. - **Enable SSH agent**: Allow the Bitwarden desktop app to act as an [SSH agent](https://bitwarden.com/it-it/help/ssh-agent/). - **Theme**: Switch between light mode, dark mode, or align Bitwarden with your system default. - **Language**: Choose the language used by the Bitwarden desktop app. ### App settings (macOS) Unlike **Security** and **Preferences**settings, these settings apply to all accounts you use the desktop app with: > [!TIP] Dock vs. menu bar on macOS. > On macOS, the **menu bar** is the strip of menus located at the top of the screen. The **Dock** is the strip of frequently-used and open apps available by moving your cursor to the edge of the screen. - **Show menu bar icon**: Always show the Bitwarden desktop app icon in the menu bar. - **Minimize to menu bar**: When minimizing the window, show an icon in the menu bar instead of the Dock. - **Close to menu bar**: When closing the window, show an icon in the menu bar instead of nowhere of the Dock. - **Start to menu bar**: When Bitwarden desktop app is first started, show an icon in the menu bar instead of opening the window. - **Start automatically on login**: Start the Bitwarden desktop app automatically when you log in to your computer. - **Always show in the Dock**: Always show the Bitwarden desktop app in the Dock, regardless of active menu bar options. - **Allow browser integration**: (non-Safari) Allow Bitwarden browser extensions to [integrate with the desktop app](https://bitwarden.com/it-it/help/biometrics/#set-up-biometrics-for-browser-extension/) for biometric unlock. On Safari, integration is available without activating this option. - **Require verification for browser integration**: Require [fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/) confirmation when establishing the integration between Bitwarden desktop app and browser extension. - **Use hardware acceleration**: Turn this option off if you experience graphical or performance issues. - **Enable SSH agent**: Allow the Bitwarden desktop app to act as an [SSH agent](https://bitwarden.com/it-it/help/ssh-agent/). - **Allow screen capture**: Allow the Bitwarden desktop app to appear in screenshots and screen sharing. When off, the desktop app will be invisible in most screenshots and when screen sharing. - **Allow DuckDuckGo browser integration**: (macOS-only) Allow the integration [between the Bitwarden desktop app and DuckDuckGo macOS browser](https://bitwarden.com/it-it/help/duckduckgo-macos-browser-integration/). - **Theme**: Switch between light mode, dark mode, or align Bitwarden with your system default. - **Language**: Choose the language used by the Bitwarden desktop app. ### App settings (Windows) Unlike **Security** and **Preferences**settings, these settings apply to all accounts you use the desktop app with: > [!TIP] Taskbar vs. System Tray on Windows. > On Windows, the **system tray**is the strip of shortcuts located at the bottom-right of the screen. The **taskbar** is the strip of frequently-used and open apps typically located at the bottom-middle of the screen. - **Show tray icon**: Always show the Bitwarden desktop app icon in the system tray. - **Minimize to tray icon**: When minimizing the window, show an icon in the system tray instead of the taskbar. - **Close to tray icon**: When closing the window, show an icon in the system tray instead of nowhere. - **Start to tray icon**: When the Bitwarden desktop app is first started, show an icon in the system tray instead of opening the window. - **Start automatically on login**: Start the Bitwarden desktop app automatically when you log in to your computer. - **Allow browser integration**: (non-Safari) Allow Bitwarden browser extensions to [integrate with the desktop app](https://bitwarden.com/it-it/help/biometrics/#set-up-biometrics-for-browser-extension/) for biometric unlock. On Safari, integration is available without activating this option. - **Require verification for browser integration**: Require [fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/) confirmation when establishing the integration between Bitwarden desktop app and browser extension. - **Use hardware acceleration**: Turn this option off if you experience graphical or performance issues. - **Enable SSH agent**: Allow the Bitwarden desktop app to act as an [SSH agent](https://bitwarden.com/it-it/help/ssh-agent/). - **Allow screen capture**: Allow the Bitwarden desktop app to appear in screenshots and screen sharing. When off, the desktop app will be invisible in most screenshots and when screen sharing. - **Theme**: Switch between light mode, dark mode, or align Bitwarden with your system default. - **Language**: Choose the language used by the Bitwarden desktop app. --- URL: https://bitwarden.com/it-it/help/apple-watch-totp/ --- # Bitwarden on Apple Watch Our Password Manager [integration authenticator capabilities](https://bitwarden.com/it-it/help/integrated-authenticator/) are now accessible on the Apple Watch. Bitwarden Premium members or those with a premium memberships from a paid organization will now have an additional option for accessing time-based one-time passwords (TOTP) codes. Bitwarden for the Apple Watch will show TOTP codes for vault items with seeds stored for easier access when logging into TOTP protected accounts. > [!NOTE] TOTP membership requirement > TOTP code generation requires Bitwarden Premium or individual premium membership from a paid organization (Families, Teams, or Enterprise). Learn more about the details of each plan [here](https://bitwarden.com/it-it/help/about-bitwarden-plans/#compare-personal-plans/). ## Setup 1. Have the Bitwarden app installed on your iOS mobile device. 2. Check your Apple Watch, Bitwarden should be installed on your watch automatically. If you do not see Bitwarden your Apple Watch, You can manually install Bitwarden on the Apple Watch. ![Apple Watch Bitwarden app](https://bitwarden.com/assets/6pWZMbYpUERAe7wPVKBANZ/eb3046159b774c207510b762947e144d/Screen_Shot_2022-12-02_at_3.53.40_PM__2_.png) 3. Access your Bitwarden account on the iPhone mobile app and select the ⚙️ **Settings**tab. 4. Select the **Other**option and toggle on **Connect to Watch**. Once selected, confirm that the setting is **on**in the pop-up window. ![Connect to an Apple Watch ](https://bitwarden.com/assets/349i1GulSBErWTuDSFOgkW/25a10a9b2a8584fb074c205236311fc8/2025-01-22_10-10-42.png) 5. Once started, the watch will begin syncing with Bitwarden: When you log out of an account or switch to a different account, the Apple Watch will wipe the current data. Syncing will occur again when logging back into a Bitwarden account on your iOS mobile device. > [!NOTE] disable watch app > Turning the Bitwarden Apple Watch connection off in the mobile app will delete all data and disable communication to the Bitwarden app on the Apple Watch. ## Enabling TOTP If you are new to enabling TOTP codes for vault items, see [here](https://bitwarden.com/it-it/help/authenticator-keys/#generate-totp-codes/). If no items have TOTP setup, the Apple Watch will display this screen: ![Apple Watch add 2FA screen](https://bitwarden.com/assets/28ELSN09aicT7i20KcFekH/6a062e0391357ae18abcf60cf819db06/2fa.png) ## Using the Apple Watch to access TOTP codes 1. Unlock your Apple Watch by entering your watch PIN if one has been enabled. 2. Select Bitwarden on your Apple Watch. ![Apple Watch app selection screens ](https://bitwarden.com/assets/7twiT5CXV1jsizjiVTocGM/abdcfe9af5da2b1712e18a0fed59f338/Screen_Shot_2022-12-12_at_5.06.28_PM.png) 3. The vault will sync with the active Bitwarden account on your iOS mobile device. The current account can be seen at the top of the vault page. ![Apple Watch vault screen](https://bitwarden.com/assets/6JGjNWcUfjrUkLjxgRnjPD/0a9be44d510816b1edf4ec76b44b8778/vault_view.png) 4. Select the vault item you wish to access. The TOTP code and timer will be displayed on the Apple Watch screen. ![Apple Watch TOTP screen](https://bitwarden.com/assets/4ENEoPkcwuB2dOb0EHDmhR/efaf2e9278212af2297e5155895865ac/totp_bevel_copy.png) ## Bitwarden on Apple Watch security Bitwarden's zero-knowledge encryption works together with Apple's WatchConnectivity and Secure Enclave will retain zero-knowledge and a secure communication between the iPhone and Apple Watch. Several steps can be taken to increase the security of your accounts and device by: - Setting a secure passcode to prevent unwanted access to Bitwarden on Apple Watch. Once the Apple Watch is unlocked, information on the device can be viewed. - Enabling wrist detection on the Apple Watch so the device will lock automatically once it has been removed from the user's wrist. > [!NOTE] Unlock with iPhone security > If the Unlock with iPhone setting is enabled, unlocking the connected iPhone will automatically unlock your Apple Watch if the device is nearby. This could potentially expose Bitwarden information on the Apple Watch. See Apple's [documentation](https://support.apple.com/guide/security/system-security-for-watchos-secc7d85209d/web) for watchOS security to learn more. --- URL: https://bitwarden.com/it-it/help/approve-a-trusted-device/ --- # Approve a Trusted Device When a member of your organization logs into a new device, they'll need to [approve, or trust, that device](https://bitwarden.com/it-it/help/add-a-trusted-device/). One method for doing so, done by selecting the **Request admin approval**option, involves sending a device approval request to admins and owners within the organization for approval. ![Request admin approval](https://bitwarden.com/assets/5IMJBQOrklcOuLVEpaR6gX/60ead8f10e34f7acd2467eaaa34ff93d/2025-06-16_15-22-15.png) As an admin, you'll receive an email any time an organization member submits a device approval request. To approve a request, as an organization admin, or owner, or [custom user](https://bitwarden.com/it-it/help/user-types-access-control/#custom-role/) with the **Manage account recovery** permission: 1. Log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Select **Settings**→ **Device approvals** from the navigation. 3. Using the options ⋮ menu, select ✓ **Approve request**. ![Approve device request](https://bitwarden.com/assets/1iPurecgskOyt0NGDRidBM/3a85c233b2a208dc2c939c8e79fd9b4f/Screenshot_2024-02-29_at_10.52.50_AM.png) > [!NOTE] Verify fingerprint > When a member requests device approval, a fingerprint phrase is displayed on the member's device. Additional verification can be performed by checking that this fingerprint phrase matches the one shown in the member column. This method is optional and **requires synchronous communication** between the requesting member and the administrator. ## Bulk approve requests Multiple device requests may be approved at one time using the top level options ⋮ menu and selecting ✓ **Approve all requests**. ![Approve or bulk approve device](https://bitwarden.com/assets/4ozBvrFFLPYcRmuCWNCuCz/504a206008a06c4e98d0058478f21d26/TDE_Bulk_Device_sc3.png) > [!NOTE] Bulk device approval web app warning > Bulk device approval using the **Approve all requests** option may neglect verification steps that administrators can perform to ensure a request is legitimate, such as checking the user's reported fingerprint phrase. > > Bitwarden recommends that significant security controls such as IdP credential standards, IdP MFA, and IdP device registration and trust be reviewed before enabling and using bulk device approval. When a device request is approved, the requesting user is sent an email informing them they can continue logging in on that device. The user must take action by logging in to the new device within 12 hours, or the approval will expire. Unapproved requests will expire after 1 week. You can deny a login attempt by instead selecting [close] **Deny request**, or deny all existing requests by selecting the top-most options ⋮ menu and selecting [close] **Deny all requests**. [Events](https://bitwarden.com/it-it/help/event-logs/) are logged when: - A user requests a device approval. - A device request is approved. - A device request is denied. --- URL: https://bitwarden.com/it-it/help/assign-users-to-collections/ --- # Assign Users to Collections When you [create a collection](https://bitwarden.com/it-it/help/about-collections/), you can assign access to existing [groups](https://bitwarden.com/it-it/help/about-groups/) or members. You can, at any time, modify who has access to a collection from the Password Manager web app: 1. In the web app, open the collection and select the [angle-down] button to see your options: ![Manage a collection](https://bitwarden.com/assets/m7O6TwNqNzsOCJNp1caor/914bfbf2192a2cccbe6c3fb58c11a73d/2024-12-02_15-40-10.png) 2. Select **Access**. 3. In the collection **Access** view, you can: - Grant additional [groups](https://bitwarden.com/it-it/help/about-groups/) or members access, including what [level of permission](https://bitwarden.com/it-it/help/collection-permissions/) they have. - Change the [level of permission](https://bitwarden.com/it-it/help/collection-permissions/) associated with a [group](https://bitwarden.com/it-it/help/about-groups/) or member that can already access the collection. 4. Select **Save**. > [!TIP] Bulk collection access management > **Bulk-management**: Users with access to the Admin Console can bulk-manage access to collections from the Collections view using the options ⋮ menu: > > ![Bulk manage collections](https://bitwarden.com/assets/42edJRnvap8xiBpURskIVI/7ff8006517e9bce50dffa4372fcc2911/2024-12-02_15-41-46.png) ## Assign access to un-managed collections > [!NOTE] Only applies if 'Owner/Admin Manage All' setting is off. > The following only applies if the [Owners and admins can manage all collections and items](https://bitwarden.com/it-it/help/collection-management/#owners-and-admins-can-manage-all-collections-and-items/) collection management setting is **off.** If this setting is **on** in your organization: > > - [Owners, admins, and custom role members](https://bitwarden.com/it-it/help/user-types-access-control/) with the **Edit any collection**permission can always, rather than temporarily, modify access to a collection from the **Collections** view. > - The **Add Access** badge and tab described below will not appear. Collections should always have at least one assigned member with the [Manage collection permission](https://bitwarden.com/it-it/help/collection-permissions/). Under certain circumstances, for example when a managing member leaves your organization, collections can end up without a member with that level of permission. When this occurs, [owners, admins, and custom role members](https://bitwarden.com/it-it/help/user-types-access-control/) with the **Edit any collection**permission will temporarily gain management capabilities for these collections through the **Add Access** tab of the **Collections**view: ![Add access to un-managed collections](https://bitwarden.com/assets/1Nqn29nNIkKtb5HfWkfcWK/64c3875f60d3d292837d0655ad3b146c/2024-12-05_09-56-43.png) Using the steps described previously in this article, owners, admins, and permitted custom role members should assign a new member with the [Manage collection permission](https://bitwarden.com/it-it/help/collection-permissions/). Once done, the assigner will lose management capabilities for that collection and the Add Access label is removed. ## Next steps - [Learn about collections](https://bitwarden.com/it-it/help/about-collections/) at a conceptual level. - [Create a collection](https://bitwarden.com/it-it/help/create-collections/) that you can add shared items to. - [Share items with organization members](https://bitwarden.com/it-it/help/sharing/) through your new collection. - [Configure the permissions](https://bitwarden.com/it-it/help/collection-permissions/) your groups and members have to the collection. - [Configure collection management settings](https://bitwarden.com/it-it/help/collection-management/) for your organization. --- URL: https://bitwarden.com/it-it/help/attachments/ --- # File Attachments > [!NOTE] Attachments only available if you're paying > File attachments are available for Premium users and members of paid [organizations](https://bitwarden.com/it-it/help/about-organizations/). These upgraded plans include 5GB of encrypted storage for file attachments per user. [More storage](https://bitwarden.com/it-it/help/attachments/#add-storage-space/) can be purchased in 1GB increments. Files can be attached to any vault item, including [shared](https://bitwarden.com/it-it/help/sharing/) vault items, from any Bitwarden app. A file of any type that's 500 MB or smaller (100 MB or smaller, if uploading from mobile) can be attached to an item and up to 5 GB of total attachments (unless more storage is added) can be uploaded per account. Attachments are encrypted and decrypted locally, meaning no unencrypted attachment data is transported over the internet or stored by the server. > [!NOTE] Sends and Attachments utilize storage space > Attachments on individual vault items and all Sends use the individual storage space granted by premium subscriptions or organizations. Attachments on organization owned items use shared organizational storage space. Learn how to [add storage space](https://bitwarden.com/it-it/help/attachments/#add-storage-space/). ## Upload an attachment To attach an attachment to a vault item: ### Web app To attach a file from the web app: 1. Open the item and select **Edit**. 2. Scroll to the bottom of the **Edit** view and select **Attachments**. 3. Select **Choose File** and browse for your file. 4. Select **Upload**. 5. Select **Save**. Once saved, the **Attachments** section will list all files attached to that item. ### Browser extension To attach a file from the browser extension: 1. Open the item and select **Edit**. 2. Scroll to the bottom of the **Edit** view and select **Attachments**. The extension will pop out. 3. Select **Choose File** and browse for your file. 4. Select **Upload**. 5. Select **Save**. Once saved, the **Attachments** section will list all files attached to that item. ### Mobile To attach a file from the mobile app: 1. Open the item and select the ⋮ **Menu icon**. 2. Select **Attachments**. 3. Select **Choose file** and browse for your file. 4. Select **Save** in Android or the ✓ **Save icon** in iOS. Once saved, the **Attachments** section will list all files attached to that item. ### Desktop To attach a file from the desktop app: 1. Open the item and select **Edit**. 2. Scroll to the bottom of the **Edit** view and select **Attachments**. 3. Select **Choose File** and browse for your file. 4. Select **Upload**. 5. Select **Save**. Once saved, the **Attachments** section will list all files attached to that item. ### CLI Use `bw create attachment` to attach a file to an existing vault item, for example: ``` bw create attachment --file /path/to/myfile.ext --itemid ``` For more information, please refer to the Bitwarden [CLI documentation](https://bitwarden.com/it-it/help/cli/). ## View an attachment On **Android** devices, image files (`.jpeg`, `.png`, `.gif`, `.WebP`, `.heic`) can be previewed from directly within Bitwarden, without downloading them to your device, by tapping the attachment on the **View item** screen: ![View an attachment](https://bitwarden.com/assets/8CANFNTEL2gsoDy0zvQPG/65b328d7d01be571b66596c51f78d07d/2026-04-10_09-10-55.png) *View an attachment* ## Download an attachment To download an attachment from most Bitwarden apps, open the item. Within the **Attachments** section, select the ⬇️ **Download icon** next to the file. For the **CLI**, use `bw get attachment` to download a file, for example: ``` bw get attachment photo.png --itemid 99ee88d2-6046-4ea7-92c2-acac464b1412 --output /Users/myaccount/Pictures/ ``` For more information, please refer to the [CLI documentation](https://bitwarden.com/it-it/help/cli/#get-attachment/). ## Export all attachments To create an export that includes attachments: ### Web app To export your attachments from the web app: 1. Select **Tools** → **Export**from the navigation: ![Export items](https://bitwarden.com/assets/5PUGzasNsQnABG9gtso4o3/4e4880193ff45c22f0474c129e68e4e3/2025-12-17_11-43-59.png) *Export items* 2. From the **File format** dropdown, select `.zip (with attachments)`. Currently, attachments can only be exported from your individual vault. 3. Select **Export**. You will need to confirm your permission to do this using your master password or an email verification code. Your export file will be sent to your Downloads folder or wherever your web browser is set to download files to. ### Browser extension To export your attachments from the browser extension: 1. Open the **Settings** tab. 2. Select **Vault options** and then **Export vault**. 3. From the **File format** dropdown, select `.zip (with attachments)`. Currently, attachments can only be exported from your individual vault. 4. Select **Export vault** button to finish. You will need to confirm your permission to do this using your master password or an email verification code. Your export file will be sent to your Downloads folder or wherever your web browser is set to download files to. ### Desktop app To export your attachments from the desktop app: 1. From the menu bar, navigate to **File** → **Export vault**. 2. From the **File Format** dropdown, select `.zip (with attachments)`. Currently, attachments can only be exported from your individual vault. 3. Select **Export vault**. You will need to confirm your permission to do this using your master password or an email verification code. Your export file will be sent to your Downloads folder or wherever your web browser is set to download files to. ### CLI To export your attachments from the CLI, use the command: ```bash bw export --format zip ``` ## Delete an attachment To delete an attachment: ### Web app To delete an attachment from the web app: 1. Open the item and select **Edit**. 2. Scroll to the bottom of the **Edit** view and select **Attachments**. 3. Select the 🗑️ **Delete** **icon** next to the attachment. 4. Select **Yes** to confirm. 5. Select **Save**. ### Browser extension To delete an attachment from the browser extension: 1. Open the item and select **Edit**. 2. Scroll to the bottom of the **Edit** view and select **Attachments**. The extension will pop out. 3. Select the 🗑️ **Delete** **icon** next to the attachment. 4. Select **Yes** to confirm. 5. Select the [angle-left] **Back icon**. 6. Select **Save**. ### Mobile To delete an attachment from the mobile app: 1. Open the item and select the ⋮ **Menu icon**. 2. Select **Attachments**. 3. Select the 🗑️ **Delete** **icon** next to the attachment. 4. Depending on your mobile device: - In Android, select **Delete** to confirm and then **Save**. - In iOS, select **Yes** to confirm and then the ✓ **Save icon**. ### Desktop To delete an attachment from the desktop app: 1. Open the item and select **Edit**. 2. Scroll to the bottom of the **Edit** view and select **Attachments**. 3. Select the 🗑️ **Delete** **icon** next to the attachment. 4. Select **Yes** to confirm. 5. Select **Save**. ### CLI Use bw delete attachment to delete a file attachment, for example: ``` bw delete attachment 7063feab-4b10-472e-b64c-785e2b870b92 ``` For more information, please refer to the Bitwarden [CLI documentation](https://bitwarden.com/it-it/help/cli/). ## Add storage space Paid users and members of paid [organizations](https://bitwarden.com/it-it/help/about-organizations/) have 5GB of encrypted storage for file attachments. Individuals and organizations can purchase additional storage space by completing the following steps: > [!NOTE] Adding Storage Billing Impact > Adding storage space will adjust your billing totals and immediately charge your payment method. The first charge will be prorated for the remainder of the current billing cycle. ### Individual To add storage space in your individual vault: 1. In the Bitwarden web app, navigate to**Settings**→ **Subscription.** 2. In the Storage section, select the **Add Storage** button: ![Add storage to individual vault](https://bitwarden.com/assets/113yhHwt2fIgkjWjmPgCa4/f3df4d33206d35873c92266a546a9ed6/Add_storage_to_individual_vault.png) *Add storage to individual vault* 3. Using the counter, choose the number of **GB of Storage to Add** and select **Submit**. ### Organization To add storage space in your organization vault: 1. In the Bitwarden web app, Open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) *Product switcher* 2. From the navigation, select **Billing**→ **Subscription**. 3. In the Manage subscription section, select the **Add Storage** button: ![Add storage to organization vault](https://bitwarden.com/assets/6tMMQEzEKXIRSa9fIUXuoh/3d9f81b717d3cee9681f1feda97d1b91/2024-12-02_15-28-55.png) *Add storage to organization vault* 4. Using the counter, choose the number of **GB of Storage to Add** and select **Submit**. ### Self-hosted While attachment storage is still tied to being a paid user or member of an organization when self-hosted, the **amount of storage** space is only limited by how much space is available on the volume that contains your attachments directory, with an upward limit of 10 TB (10240 GB). Users and admins **do not** need to change any values to increase that limit. ## Fixing old attachments Prior to December 2018, file attachments used a different method of encrypting their data. We have since moved to a newer, better way of encrypting attachments. Any attachments that use the older encryption method will be labeled with an alert icon in your vault listing. You should upgrade these old attachments to the newer method of encryption so that other account-related features can function properly: 1. Open the vault item containing the old attachment and select **Edit**. 2. Scroll to the bottom of the Edit form and select **Attachments**. 3. Click the **Fix**button next to the old attachment. This process will download the attachment, re-encrypt it using the new encryption method, re-upload the attachment back to your vault, and delete the old version of the attachment. Once an attachment has successfully been upgraded, the alert icon and fix button should disappear. --- URL: https://bitwarden.com/it-it/help/authenticator-import-export/ --- # Import & Export Authenticator Data You can import verification codes into Bitwarden Authenticator from supported applications, allowing you to quickly migrate existing codes without manually re-adding each one. You can also export your codes at any time to create backups. ## Import data To import time-based one-time passwords (TOTPs) into Bitwarden Authenticator: 1. Tap the ⚙️ **Settings** **icon**. 2. Tap **Import**. 3. From the **File format** dropdown menu, choose the import file's source: - **Authenticator Export (JSON)**: Import a Bitwarden Authenticator or Bitwarden Password Manager `.json` export. Use the instructions in the following section for information on how to create a `.json` export with Bitwarden Authenticator. Importing a [Bitwarden Password Manager .json export](https://bitwarden.com/it-it/help/export-your-data/) will parse the file and import TOTP seeds. - **Google Authenticator (QR code)**: Import from Google Authenticator using a QR code, which can be made from the **Transfer accounts** screen in Google Authenticator. Scan the generated QR code with Bitwarden Authenticator to complete the import. > [!TIP] Google Import Authenticator Android > On Android, use the + **Add** icon on the home screen to scan a Google Authenticator QR code rather than navigating to **Settings**→ **Import**. - **LastPass (JSON)**: Import a LastPass Authenticator account export, which can be made from the LastPass Authenticator **Settings** → **Transfer accounts**screen. - **2FAS (.2fas)**: Import a 2FAS backup file, which can be made from the 2FAS **Settings** → **2FAS Backup** screen. Only backup files that are not password protected can be imported to Bitwarden Authenticator. - **Raivo (JSON) (iOS only)**: Import a Raivo OTP export, which can be made from the Raivo **Settings** screen using the **Export OTPs to ZIP archive option**. You will need to decrypt the `.zip` file using your master password and import the enclosed `raivo-otp-export.json` file to Bitwarden Authenticator. - **Aegis (Android only)**: Import an unencrypted Aegis .json export, which can be made from the Aegis **Import & Export** screen. ## Export data You can export data that's stored locally in the Bitwarden Authenticator app. Any TOTPs synced from your Bitwarden vault, however, will need to be [exported through your vault](https://bitwarden.com/it-it/help/export-your-data/) separately, because they're not included in Bitwarden Authenticator exports. To export data from Bitwarden Authenticator: 1. Open the ⚙️ **Settings**tab. 2. Tap **Export**. 3. Select your export's **File format** from the dropdown menu, `.json` or `.csv`. 4. Tap **Export items**. > [!NOTE] Exporting from authenticator > Exported data includes the `otpauth://totp/?secret=` string for each entry. If you want to store this data elsewhere or set up a second authenticator app, this is the most important data to save. ### Example exports Bitwarden Authenticator exports data in the following formats. You may also use this section to condition your own import file if you're importing from a currently-unsupported provider: ### .json ```plain text { "encrypted": false, "items": [ { "favorite": false, "id": "52A4DFB0-F19E-4C9D-82A1-BBEE95BBEF81", "login": { "totp": "otpauth://totp/Amazon:alice@bitwarden.com?secret=IIO5SCP3766LMSAB5HJCQPNDCCNAZ532&issuer=Amazon&algorithm=SHA1&digits=6&period=30", "username": "alice@bitwarden.com" }, "name": "Amazon", "type": 1 }, { "favorite": false, "id": "DC81A830-ED98-4F45-9B73-B147E40134AB", "login": { "totp": "otpauth://totp/Apple:alice@bitwarden.com?secret=IIO5SCQ3766LMSBB5HJCQPNDCCNAZ532&issuer=Apple&algorithm=SHA1&digits=6&period=30", "username": "alice@bitwarden.com" }, "name": "Apple", "type": 1 }, { "favorite": false, "id": "4EF44090-4B6A-4E98-A94C-CF7B0F2CC35D", "login": { "totp": "otpauth://totp/Bitwarden:alice@bitwarden.com?secret=IIO5SCP3766LMSBB5HJCQPNDCCNAZ532&issuer=Bitwarden&algorithm=SHA1&digits=6&period=30", "username": "alice@bitwarden.com" }, "name": "Bitwarden", "type": 1 }, { "favorite": false, "id": "59B09168-502A-4D38-B218-FACF66E6A365", "login": { "totp": "otpauth://totp/Microsoft:alice@bitwarden.com?secret=IIO5SCP3766LMSBB5HJCHPNDCCNAZ532&issuer=Microsoft&algorithm=SHA1&digits=6&period=30", "username": "alice@bitwarden.com" }, "name": "Microsoft", "type": 1 }, { "favorite": false, "id": "789F095B-95B2-4816-A5F7-01095116C10E", "login": { "totp": "otpauth://totp/Reddit:alice@bitwarden.com?secret=IIO5SCP3766LNSBB5HJCQPNDCCNAZ532&issuer=Reddit&algorithm=SHA1&digits=6&period=30", "username": "alice@bitwarden.com" }, "name": "Reddit", "type": 1 } ] } ``` ### .csv ```plain text folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp ,,login,Amazon,,,0,,alice@bitwarden.com,,otpauth://totp/Amazon:alice@bitwarden.com?secret=IIO5SCP3766LMSAB5HJCQPNDCCNAZ532&issuer=Amazon&algorithm=SHA1&digits=6&period=30 ,,login,Apple,,,0,,alice@bitwarden.com,,otpauth://totp/Apple:alice@bitwarden.com?secret=IIO5SCQ3766LMSBB5HJCQPNDCCNAZ532&issuer=Apple&algorithm=SHA1&digits=6&period=30 ,,login,Bitwarden,,,0,,alice@bitwarden.com,,otpauth://totp/Bitwarden:alice@bitwarden.com?secret=IIO5SCP3766LMSBB5HJCQPNDCCNAZ532&issuer=Bitwarden&algorithm=SHA1&digits=6&period=30 ,,login,Microsoft,,,0,,alice@bitwarden.com,,otpauth://totp/Microsoft:alice@bitwarden.com?secret=IIO5SCP3766LMSBB5HJCHPNDCCNAZ532&issuer=Microsoft&algorithm=SHA1&digits=6&period=30 ,,login,Reddit,,,0,,alice@bitwarden.com,,otpauth://totp/Reddit:alice@bitwarden.com?secret=IIO5SCP3766LNSBB5HJCQPNDCCNAZ532&issuer=Reddit&algorithm=SHA1&digits=6&period=30 ``` --- URL: https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/ --- # Troubleshoot Android Autofill If you're having trouble with [autofill on Android](https://bitwarden.com/it-it/help/auto-fill-android/), first verify that your Android version is compatible with your chosen autofill method. Bitwarden supports a few different autofill methods depending on your Android version: | **Option** | **Requires version...** | **Requires you to also enable...** | |------|------|------| | Autofill Service | Android 8+ | - | | Inline Autofill | Android 11+ | Autofill service, IME that supports inline | | Accessibility | All Android versions | - | Next, confirm that the login item has the correct URI format saved. On Android, Password Manager uses a website (e.g. `https://gmail.com`) to autofill in web browsers and a package name (e.g. `com.google.android.gm`) to autofill in installed applications. > [!WARNING] Android Autofill mechanics > When it comes to installed applications, it's important to **only install and autofill into applications from trusted sources**, like the Google Play Store or F-Droid, because a malicious application could mimic the package name of a well-known application. [Learn more](https://bitwarden.com/it-it/help/uri-match-detection/#tab-android-1MW4Dc3sLFszt1M8GaKqyB/). ### Troubleshooting the autofill service If the Bitwarden autofill service overlay isn't visible when your device is focusing on a username or password input field, your device may require a device-specific setting to be enabled. **For Huawei/Honor devices**, enable Dropzone: 1. Open the Huawei/Honor Optimizer app (also known as "Phone Manager"). 2. Tap **Dropzone** in the middle of the bottom row. 3. Slide the toggle to the right to allow Dropzone. **For Oppo and other devices**, enable Floating Window: 1. Open the Android Settings app. 2. Navigate to Privacy/Security. 3. Locate **Floating Windows** or **App Management** and tap to open. 4. Slide the toggle to the right to allow Floating Windows. ### Troubleshooting the accessibility service The most common issue encountered using the accessibility service is that **Android battery optimization** settings will automatically turn off services (like the Accessibility Service) in order to preserve battery. To resolve this, **turn off battery optimization for Bitwarden**. If you continue to experience issues with the Accessibility Service: 1. Double-check your battery optimization settings. If battery optimization is on for Bitwarden, turn it off. 2. If you use a battery saver or Task Manager app, try disabling to see if that makes a difference. If it does, add Bitwarden to the exception list. 3. Check the built-in Task Manager. You'll need to bring up the running apps view and then hold down the app icon or swipe up on the Bitwarden app and then select **Lock**. Please note, the service can also halt if you ever "Force stop" the Bitwarden app. > [!TIP] Default battery optimization configurations > The site [https://dontkillmyapp.com/](https://dontkillmyapp.com/) might help you determine the default battery optimization configurations for your device. > [!NOTE] Android autofill help > If you are still not able to get Android autofill working, [Contact Us](https://bitwarden.com/it-it/contact/). --- URL: https://bitwarden.com/it-it/help/auto-fill-android/ --- # Autofill from Android App Bitwarden makes your passwords available for autofill so that you can seamlessly log in to websites and apps while also maintaining strong and secure passwords. Autofill cuts the copying and pasting out of your login routine by detecting vault items that match the service you are logging in to. Custom fields and split login workflows (when username and password fields are displayed on separate screens) are not currently supported in mobile autofill. > [!WARNING] Android Autofill mechanics > When it comes to installed applications, it's important to **only install and autofill into applications from trusted sources**, like the Google Play Store or F-Droid, because a malicious application could mimic the package name of a well-known application. [Learn more](https://bitwarden.com/it-it/help/uri-match-detection/#tab-android-1MW4Dc3sLFszt1M8GaKqyB/). ## Set up autofill Depending on the version of Android your device is running, there are a few different ways to enable autofill from Bitwarden. To set up autofill: 1. Navigate to **Settings** → **Autofill**. 2. Tap **Autofill services**to allow Bitwarden to use your saved login information to sign in to apps on your device. 3. When your device asks for your preferred services for passwords, passkeys, & autofill, choose **Bitwarden**. 4. Back on the Bitwarden **Settings** → **Autofill** screen, choose one of the following **Display autofill suggestions**options: - **Inline**: This option will suggest credentials to autofill in your keyboard. - **Popup**: This option will suggest credentials to autofill in a popup over the input field. 5. If you use Brave or Chrome as your web browser, toggle the **Use Brave autofill integration** or **Use Chrome autofill integration** options on to ensure that autofill will work in these browsers. Learn more [below](https://bitwarden.com/it-it/help/auto-fill-android/#browser-integrations/). > [!NOTE] Adroid autofill HTTP chromium > Due to the way Brave and Chome Android apps function, autofill will not work on sites using HTTP unless a browser flag is manually turned on. To enable Autofill on for HTTP sites on Brave/Chrome: > > 1. Navigate to `brave://flags` > 2. seach for **Insecure origins treated as secure**and enable the flag > 3. Add required HTTP domains/IPs, for example: `http://192.0.2.0/24`, or `http://myserver.local` > 4. Relaunch Brave. 6. If you want to use Quick-action tiles, toggle **Use accessibility** on. When your device takes you to the **Accessibility** menu, toggle Bitwarden on in that location as well. > [!TIP] Quick Tile Actions > Quick-action tiles do not require that the **Autofill service**is toggled on in Bitwarden, meaning you can skip the previous steps if this is your preferred method, however you will need to edit your tiles using the [pencil] icon to put the Bitwarden tile options in a place that makes sense for you. > [!NOTE] There's a troubleshooting guide > Having problems? Refer to our guide on [troubleshooting Android Autofill](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). If you are still not able to get autofill on Android working, [contact us](https://bitwarden.com/it-it/contact/). ## Autofill methods ### Inline This method suggests credentials to autofill in your keyboard: ![Android inline autofill](https://bitwarden.com/assets/2LxDxR7KcVd68U9UydYxat/e02408654528f4262a293de61e1439bb/2025-07-30_10-56-55.png) If you're not seeing suggestions: - Make sure you're using Android 11+ and a compatible IME (input method editor). - Check that the keyboard IME you're using supports inline. ### Popup This method overlays a popup menu when the device is focused on an input that has a [matching login item](https://bitwarden.com/it-it/help/uri-match-detection/). When your vault is unlocked, you'll be provided the options to immediately autofill or to open your vault: ![Android popup autofill](https://bitwarden.com/assets/1fIoPhOLMcXzvd0Y8aw1pm/642f9f722291f2de3daf93f2fd9a6450/2025-07-30_10-59-13.png) You'll be presented with two options. The first (above, **My Login Item**) will autofill the first login (above, `my_username`) with a matching URI. The second (above, **Bitwarden**) will allow you to choose from a list of logins with matching URIs. This method requires Android 8+. ### Browser integrations If you use Brave, Chrome, or Vivaldi as your web browser, toggle the **Use Brave integration** option, where **** is the name of that browser, on to ensure that autofill will work in these browsers. Doing so will take you to that web browser's settings, where you will also need to enable the option to use a third-party service. This is required by Chrome so it can securely use Bitwarden to autofill passwords through its protected autofill system, and requires that **Autofill services**is enabled in Bitwarden and that the installed Chrome app is at least version 135. These options will disable the browser's built-in autofill functionality in favor of Bitwarden. > [!WARNING] Risks of compatibility mode. > Bitwarden will automatically detect whether you're using **Edge, Opera, or Samsung Internet**, will not require an integration option to be turned on for those browsers, and will use a modified autofill logic within those browsers. > > On Edge, Opera, or Samsung Internet, take care to only autofill trusted and legitimate websites, as a vulnerability exists that could allow credentials to be autofilled into an embedded or hidden iframe on a malicious website. ![Enable android integrations](https://bitwarden.com/assets/1Qm4g428OlYOBvzAxKwUNU/77106f75d8f5af42bed8bde4db9dc325/2025-07-30_13-14-04.png) ### Quick-action tiles Quick-action tiles use the Android accessibility service to make autofill actions available from your notifications pull-down's settings menu. Quick-action tiles do not require that the **Autofill service**is toggled on in Bitwarden, however you will need to edit your tiles using the [pencil] icon to put the Bitwarden tile options in a place that makes sense for you: ![Android quick-action autofill](https://bitwarden.com/assets/7MHfjTUrRjdLtBoyL3Ukz2/7980adfc9de7b6b2659f1955d3d987fd/2025-07-30_11-07-51.png) To use a quick-action tile, navigate to the page or app you want to autofill and, swipe down to access the tiles, and tap the tile you want to use. ## Autofill passkeys The Bitwarden Android app can be used to store and autofill passkeys. To turn on the ability to autofill passkeys, navigate to **Settings**→ **Autofill** and tap **Passkey management** to access the Android settings used to configure Bitwarden as your passkey provider. Please note that Android does not allow 3rd party passkey providers like Bitwarden to support passkey-based 2FA (a.k.a. "non-discoverable credentials"); Bitwarden-stored passkeys can only be used as a primary login credential. Learn more about [storing and autofilling passkeys on Android](https://bitwarden.com/it-it/help/storing-passkeys/#tab-android-3XutklkReT3Gw0l1qHhBem/). ## Switch accounts during autofill If you are [logged in to more than one account](https://bitwarden.com/it-it/help/account-switching/), your mobile app will default to trying to autofill credentials from the currently active account. You can switch from one account to another during autofill by tapping the avatar bubble. --- URL: https://bitwarden.com/it-it/help/auto-fill-browser/ --- # Autofill from Browser Extension Bitwarden makes logging in quick and secure with autofill. When you visit a website, the browser extension recognizes it and enters matching credentials from your vault into the login fields. Configure the autofill methods that you find most convenient. > [!NOTE] Autofill for basic auth prompts > [Basic authentication prompts](https://bitwarden.com/it-it/help/basic-auth-autofill/) work differently than the autofill methods described in this article. ## Set up autofill First, all autofill methods with the browser extension require your login items to have an [assigned website URI](https://bitwarden.com/it-it/help/uri-match-detection/). This connects your saved credentials to the correct websites. Next, the steps to configure and use autofill vary and are outlined in each method's description below. Within the **Settings** → **Autofill** menu, some options apply to all or most autofill methods: - For best performance, check **Make Bitwarden your default password manager** and [deactivate your browser's password manager](https://bitwarden.com/it-it/help/disable-browser-autofill/). This prevents the browser's password tool from interfering with the Bitwarden autofill. - If you do not want a TOTP to be automatically copied when autofill is activated, uncheck [**Copy TOTP automatically**](https://bitwarden.com/it-it/help/auto-fill-browser/#totp-autofill/). - From the **Clear clipboard** dropdown menu, select your preferred interval to control how long copied values from your vault remain available. The default is five minutes. - Choose your**Default URI match detection**, the logic that Bitwarden uses to pair the website to your saved credential. The default, unless [specified by your organization](https://bitwarden.com/it-it/help/policies/#default-uri-match-detection/), is **Base domain**. - Select and add [**Blocked domains**](https://bitwarden.com/it-it/help/blocking-uris/) to prevent autofilling on specific websites. ## Autofill methods in the browser extension The most basic ways to autofill logins are by interacting with the Bitwarden browser extension. When you're on a website and at least one item's saved URI matches, the number of matching items for that website will appear on top of the Bitwarden extension icon. > [!TIP] Disable badge counter > To hide the matching items' total, go to ⚙️ **Settings** → **Appearance** and uncheck **Show number of login autofill suggestions on extension icon**. Select the [shield] **Bitwarden extension badge** to open your vault, and the matching items will appear in the top **Autofill suggestions** section. If you want cards or identities included, go to **Settings** → **Autofill** and check **Always show cards as Autofill suggestions on Vault view**or **Always show identities as Autofill suggestions on Vault view**. To find an item, select the 🎚️ **Filters icon** to open and apply filters to the **Autofill suggestions** and **All items** results: ![Filtri e suggerimenti dell'estensione del browser](https://bitwarden.com/assets/12UsFuA2sxbUCBMIczJsxv/6376ae661b966e4698375c2af2c27c0d/Browser_extension_filters.png) *Filtri e suggerimenti dell'estensione del browser* ### Click item from Autofill suggestions To autofill an item that appears within the top **Autofill suggestions** section: 1. When on the website's login page, open the Bitwarden browser extension. 2. Go to the **Vault** tab. 3. If the item is listed in the **Autofill suggestions** section, click anywhere on the item to autofill your credentials: ![Click item to autofill](https://bitwarden.com/assets/3tnagVMjtTufvRCrih3ctQ/9277f05114868cf0c37c069c565f2f95/Click_item_to_autofill.png) *Click item to autofill* This will enter your saved details into the detected input fields. In cases where a web page or service has multiple items with relevant URIs, Bitwarden will always autofill the last-used login. > [!NOTE] Autofill on untrusted iframes and mismatched SSL > You may receive a warning before autofilling if the targeted fields are in an [untrusted iframe](https://bitwarden.com/it-it/help/auto-fill-browser/#autofill-in-iframes/) or the current site uses HTTP but the [item's saved URI](https://bitwarden.com/it-it/help/uri-match-detection/) requires HTTPS. If you want to open an item when it's located within **Autofill suggestions**, select the⋮ **Menu icon** → **View**. ### Copy credentials You can also select the [clone] **Copy icon** next to an item. A menu will appear where you select **Copy username** or **Copy password**: ![Standard copy icon](https://bitwarden.com/assets/7y8WE9sWACC2KLASo9yASw/d1b1f78084ed20940ec76fc397b25ae8/Standard_copy_icon.png) *Standard copy icon* Alternatively, you can add three quick-copy action buttons next to items to specifically copy your username, password, or verification code to the clipboard: ![Quick copy actions](https://bitwarden.com/assets/5w7lobEk81aOGfLKFjRp2e/301afdc4fffc7878b1b0baacc58e788b/Quick_copy_icons.png) *Quick copy actions* This option is off by default. To turn it on, go to **Settings** → **Appearance** and toggle on **Show quick copy actions on Vault**. ### View Login When the browser is open to a saved URI, click on its corresponding login item in the extension to open the **View Login** page. Then select **Autofill** to enter your information on that page: ![Autofill on View Login](https://bitwarden.com/assets/Y4VkZTrM140OgvjZe5lhc/a2f9c0003aec18d74b26581c57768e96/Autofill_on_View_Login.png) *Autofill on View Login* If you select **Autofill** and the website you're on does not match the login item's saved URI, you have the choice to **Autofill and add this website** to the login item or use **Autofill without adding the website** to your vault. ### Drag-and-drop logins The browser extension and desktop apps include a feature to drag the username and password fields into a login form to fill credentials: ![Browser extension drag and drop](https://bitwarden.com/assets/7m5Ghz2w281MDQXtvWVdAZ/ded43247a3295552fed4690a3431b095/browser_gif.gif) To drag-and-drop credentials: 1. Hover your cursor over the **Username** or **Password** field on the Bitwarden browser extension or desktop app. ![Hover username or password](https://bitwarden.com/assets/38KJr7zvVSKmYri1WaRXGg/5bab3513a7300ef20f9f55a33ba80c82/2025-02-20_11-07-33.png) *Hover username or password* 2. Once the icon appears, drag the field into the desired login form. ## Other autofill methods There are several more ways to autofill your credentials when your vault is unlocked within the browser extension. These options may be even faster because you don't need to interact with the browser extension. For all of the autofill options described below, there are two instances where you may receive a warning before autofilling: - If the targeted fields are in an [untrusted iframe](https://bitwarden.com/it-it/help/auto-fill-browser/#autofill-in-iframes/). - The current site uses HTTP but the [item's saved URI](https://bitwarden.com/it-it/help/uri-match-detection/) requires HTTPS. ### Inline menu Use the inline autofill menu to quickly input login credentials, [passkeys](https://bitwarden.com/it-it/help/storing-passkeys/), and [TOTP](https://bitwarden.com/it-it/help/integrated-authenticator/) codes from your Bitwarden vault. ![Inline autofill menu](https://bitwarden.com/assets/H7DjdJNvQH00yGNLf5gsC/1ec6f0ce9a94862b0cae1d8b8d679fc8/2024-10-29_14-41-02.png) *Inline autofill menu* #### Activate the inline autofill menu To turn on the inline autofill menu: 1. Log in and unlock the Bitwarden [browser extension](https://bitwarden.com/it-it/help/getting-started-browserext/). 2. Select ⚙️ **Settings** → **Autofill**. 3. Check **Show autofill suggestions on form fields**, which will open more options: - (Optional) Check **Display identities as suggestions** and/or **Display cards as suggestions** if you want the inline autofill menu to [suggest those item types](https://bitwarden.com/it-it/help/auto-fill-card-id/#using-the-inline-menu/). - (Optional) Check **Display suggestions when icon is selected** to display the matching items available for autofill only when the Bitwarden icon is selected. If this setting is unchecked, the matching item(s) immediately appear below the form field. We also recommend [turning off your browser's autofill](https://bitwarden.com/it-it/help/disable-browser-autofill/) option. If your browser's autofill functionality is enabled, you may experience conflicts with the Bitwarden autofill menu. #### Use the inline autofill menu ### Log in with inline autofill To log in to an account using the inline autofill menu: 1. Select the login form's username field. If your vault is locked when you attempt this, the menu will prompt you to unlock the vault. 2. The inline autofill menu will display. When it does, select the login or passkey you wish to use for the website. > [!NOTE] adding URI to auto-fill menu > Don't see the login credentials you would like to use? Edit the vault item and select **Autofill and save**, or manually enter the website in the URI field. 3. If no credentials are saved for this site, select + **New item**. The browser extension will open to a new item where you can save new login credentials. ![Autofill create item](https://bitwarden.com/assets/1nVpqyl5FuzMPIaKezwZ8c/8a715cb0b1e1423815f0b66b0e8b1b42/web-browser-extension-autofill-newitem.png) *Autofill create item* > [!NOTE] Press Esc to close auto-fill menu > If the inline autofill menu is causing unintended interference with your browser, press the `Esc` key to close it. ### Enter TOTP with inline autofill To autofill TOTP codes with inline autofill, place your cursor into the TOTP field on the login form. When the inline autofill menu displays, select the TOTP code: ![TOTP inline autofill single login](https://bitwarden.com/assets/3RaBZBRgkfwVF0mQPRZYBJ/840a46c911d09ead87ac09fdb0955493/2025-01-03_09-22-34.png) *TOTP inline autofill single login* If you have multiple logins for the website, the inline autofill menu will display each login with a TOTP code: ![Inline TOTP autofill](https://bitwarden.com/assets/1rc2rXC3daH5mcEZNRgbv1/db47ffbb4a3b987ff2e3e7842900ceb6/2025-01-02_17-23-28.png) *Inline TOTP autofill* ### Create account with inline autofill To create a new account using the inline autofill menu: 1. Enter a username in the login form's username field. 2. Select the password field. The inline autofill menu will display. 3. Select **Fill generated password** if you're satisfied with the generated password**.**You can also use the [refresh-tab] Generate button to generate a new password until you're satisfied with it: ![Fill generated password](https://bitwarden.com/assets/2JcceqWgFbk4ViLCMe6qm5/ce116e8ff337f90fbbd57b52aa15fdcd/2024-11-05_10-07-08.png) *Fill generated password* > [!TIP] Inline uses generator settings > This option will use the settings you've configured in the browser extension's **Generator**tab. [Learn how to change these settings](https://bitwarden.com/it-it/help/generator/#password-types/). 4. **Before submitting the form by clicking 'Sign up' or 'Create account'**, the inline autofill menu will offer the option to **Save to Bitwarden**. Use this option to open Bitwarden in a pop-up, and select the **Save** button to save the generated credential: ![Save login to Bitwarden](https://bitwarden.com/assets/7cMSUQLfvxHNwHS8xMX1j7/b63d716005ec29eef2a4f42286271d29/2025-04-25_10-21-36.png) *Save login to Bitwarden* 5. Complete the form by selecting Sign up, Create account, or whatever button the website or app offers to complete account creation. ### Context menu Without opening your browser extension, you can right-click on an input field and use the **Bitwarden** → **Autofill** option. If your vault is locked when you attempt this, a window will open prompting you to unlock. Once unlocked, the browser extension will automatically proceed with autofilling your username, password, card, or identity. ![Browser Extension Context Menu](https://bitwarden.com/assets/6GKKvIe7GwwOBtp9gmh862/4d39f59a8a862bb83d53e50f9f68d107/2024-12-03_09-12-06.png) *Browser Extension Context Menu* > [!NOTE] No context-menu in safari extension > Autofill with a context menu is currently unavailable in the Safari browser extension. ### Keyboard shortcuts One of the fastest methods is with an autofill keyboard shortcut. This works when username and password fields appear together on one page and separately in split login workflows. #### Set up keyboard shortcuts The default shortcut for login items is: `Ctrl/Cmd` + `Shift` + `L`. If you want to change it or the default doesn't work, [update your browser's shortcut settings](https://bitwarden.com/it-it/help/keyboard-shortcuts/#customize-browser-extension-shortcuts/). You can also create [shortcuts for cards and identities](https://bitwarden.com/it-it/help/auto-fill-card-id/#using-keyboard-shortcuts/). If you use Microsoft Edge, make sure you upgrade to the latest Chromium-based version. #### Use keyboard shortcuts To use the shortcut: 1. Place your cursor into the first login field, like username. 2. Press `Ctrl/Cmd` + `Shift` + `L`. 3. (Optional) If there are multiple logins with the detected URI, the last-used login will be used for the autofill operation. Press the same keyboard shortcut again to cycle through multiple logins. If your vault is locked when you attempt the autofill shortcut, a window will open prompting you to unlock. Once unlocked, the browser extension will automatically proceed with autofilling your credentials. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### On page load > [!WARNING] Why auto-fill on page load is "experimental". > This feature is disabled by default because, while generally safe, compromised or untrusted websites could take advantage of this to steal credentials. > > Browser extensions will not allow autofill on page load for [untrusted iframes](https://bitwarden.com/it-it/help/auto-fill-browser/#auto-fill-in-iframes/) and will warn users before auto-filling on an HTTP site when HTTPS is expected based on that [item's saved URI(s)](https://bitwarden.com/it-it/help/uri-match-detection/). Autofill on page load will autofill login information when a web page corresponding to a login's URI value loads. By default, **on page load** is not turned on. Once enabled, you can set the default behavior to on or off for all items. To enable this feature, navigate to **Settings** → **Autofill** in your browser extension, check on the **Autofill on page load** checkbox, and choose your default behavior. Once enabled and the default behavior is set, you can additionally specify autofill on page load behavior for each individual login: ![On page load options](https://bitwarden.com/assets/5PxR0j79XtzMCrF4R6xUtu/49fca8557bb393247d750e3b3030c0e8/2024-12-03_09-14-59.png) *On page load options* Using this convention, you can setup your browser extension to, for example: - Autofill on page load for only a select few items (**off by default** for all items and **manually turned on** for select items). - Autofill on page for all but a select few items (**on by default** for all items and **manually turned off** for select items). ## Troubleshoot autofill from the browser extension If your browser extension is having issues autofilling usernames and passwords for a particular site, you can use [linked custom fields](https://bitwarden.com/it-it/help/auto-fill-custom-fields/#using-linked-custom-fields/) to force an autofill. ### Autofill in iframes Browser extensions will quietly disable [autofill on page load](https://bitwarden.com/it-it/help/auto-fill-browser/#on-page-load/) for untrusted iframes and will warn you about the iframe if autofill is triggered manually using a keyboard shortcut, the context menu, or directly from the browser extension. "Untrusted" iframes are defined as those for which the `src=""` value does not match a URI for the login item, as dictated by a globally-set or item-specific [match detection behavior](https://bitwarden.com/it-it/help/uri-match-detection/#match-detection-options/). ## Autofill less common credentials ### TOTP autofill If you use the [integrated authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/), the browser extension will autofill your TOTP code provided that you're using the context menu, keyboard shortcuts or manual autofill. You may also use the inline autofill menu for TOTP codes. Browser extensions **will not autofill your TOTP code if you're using autofill on page load**. By default, your TOTP will also be copied to the clipboard when a login is autofilled. This is the recommended workflow if you're using autofill on page load. > [!TIP] Extension TOTP copying > Automatic TOTP copying is on by default when you use autofill in the browser extension. To turn it off, go to **Settings** → **Autofill** and uncheck **Copy TOTP automatically**. You can also use the nearby **Clear clipboard** dropdown menu to specify when copied values are cleared. ### Log in with passkeys stored in Bitwarden You can [use passkeys to log in](https://bitwarden.com/it-it/help/storing-passkeys/) to websites. When storing a new passkey, the website URI is saved in the login item. To use the passkey, open the website and begin the passkey login workflow. Related passkeys will be displayed in a Bitwarden browser extension dialogue box. Select the passkey you would like to use and press **Confirm**: ![Log in with passkey](https://bitwarden.com/assets/5KeuUZox5shd0zDMxPHKXn/1aab35dfceed0ed9cdb17b143be9a890/2024-10-29_11-39-33.png) *Log in with passkey* The [inline autofill menu](https://bitwarden.com/it-it/help/auto-fill-browser/#inline-autofill-menu/) can also be used to easily authenticate with passkeys. > [!NOTE] Excluded domains supress passkeys > The browser extension will not offer to save or use a passkey for any domain included in the [**excluded domains**](https://bitwarden.com/it-it/help/exclude-domains/) list. --- URL: https://bitwarden.com/it-it/help/auto-fill-card-id/ --- # Autofill Cards & Identities Bitwarden can do more than just [autofill your usernames and passwords](https://bitwarden.com/it-it/help/auto-fill-browser/). Some Bitwarden apps can autofill [cards](https://bitwarden.com/it-it/help/managing-items/#cards/) and [identities](https://bitwarden.com/it-it/help/managing-items/#identities/) to simplify online purchases, account creation, and more. For organization members, a policy may [prevent the use of card items](https://bitwarden.com/it-it/help/policies/#remove-card-item-type/) and, in turn, not offer the ability to autofill them. > [!NOTE] Support for auto-fill cards and identities. > Autofill of cards is currently available for browser extensions and Android. Autofill of identities is currently only available for browser extensions. ## Set up card & identity autofill > [!TIP] Android autofill card setup > On Android, autofill of cards does not require any setup beyond the [baseline autofill setup](https://bitwarden.com/it-it/help/auto-fill-android/). The following instructions are for browser extensions only. You can add cards and identities to your listed autofill suggestions using the following options in **Settings** → **Autofill**: - **Always show cards as Autofill suggestions on Vault view**: Include cards in the suggestions located in the Vault view. When located in **Autofill suggestions**, click the card item to autofill. - **Always show identities as Autofill suggestions on Vault view**: Include identities in the suggestions located in the Vault view. When located in **Autofill suggestions**, click the identify item to autofill. > [!NOTE] Jumping from favorites to autofill suggestions > Autofill suggestions always supersede [favorites](https://bitwarden.com/it-it/help/favorites/). If you have a favorited card or identity, it will jump from **Favorites** to **Autofill suggestions** when you turn these options on. You can make cards and identities available from the inline autofill menu, provided that the **Show autofill suggestions on form fields** option is on, using the following options in **Settings** → **Autofill**: - **Display identities as suggestions**: Include identities in the inline autofill menu. This requires the . - **Display cards as suggestions**: Include cards in the inline autofill menu. This requires the **Show autofill suggestions on form fields** option to be on. ## Use card & identity autofill There are a few different methods you can use to autofill cards or identities: ### Browser extensions ### Using the inline menu To enable card and identity autofill using the inline autofill menu, turn on the **Display identities as suggestions** and **Display cards as suggestions** options as described in the previous section. The **Show autofill suggestions on form fields**option must also be turned on. Once on, your stored cards and identities will be listed when you click on a form. Select the card or identity you wish to use when filling out a form information: ![Inline Autofill Card](https://bitwarden.com/assets/2IZKkQJjPBvDgT3Z6IZMoR/2d00c6b6789b78addd486fd974720ddd/2024-08-13_13-10-20.png) *Inline Autofill Card* > [!NOTE] Save new card inline autofill > If you do not have a card or identity saved in your Bitwarden vault, you may select + **New Card**/ **New identity** from the inline menu after filling out the information to save the new item in your Bitwarden vault. ### Using the browser extension's vault view To autofill a card or identity from the extension's vault, turn on the **Show cards as Autofill suggestions on Vault view** and **Show identities as Autofill suggestions on Vault view** options as described in the previous section. Once on, your cards and identities will be available in the **Autofill suggestions**section of the **Vault**view. Click anywhere on the card or identity to autofill: ![Click item to autofill](https://bitwarden.com/assets/3tnagVMjtTufvRCrih3ctQ/9277f05114868cf0c37c069c565f2f95/Click_item_to_autofill.png) *Click item to autofill* The browser extension will find any fields on the web page that map to card or identity information and autofill them. ### Using the context menu > [!NOTE] No context-menu in safari extension > Autofill with a context menu is currently unavailable in the Safari browser extension. Without opening your browser extension, you can autofill cards and identities by right-clicking on an input field and using the **Bitwarden** → **Autofill** option. If your vault is locked when you attempt this, a window will open prompting you to unlock. Once unlocked, the browser extension will automatically proceed with autofilling your information. ![Browser Extension Context Menu](https://bitwarden.com/assets/6GKKvIe7GwwOBtp9gmh862/4d39f59a8a862bb83d53e50f9f68d107/2024-12-03_09-12-06.png) *Browser Extension Context Menu* ### Using keyboard shortcuts Cards and Identities can be autofilled using keyboard shortcuts. To use this feature, keyboard shortcuts must be manually set for cards and identities: 1. Open the Bitwarden browser extension and select ⚙️ **Settings**. 2. Select **Autofill** from the settings menu and then **Manage shortcuts** to open your browsers autofill settings window. 3. In the Bitwarden Password Manager keyboard shortcuts, configure keyboard shortcuts you would like to use for **Autofill the last used card for the current website** and **Autofill the last used identity for the current website**. ### Android apps On Android, cards will automatically appear as suggestions inline (in your keyboard) or as a popup over the field depending on [which autofill method is active](https://bitwarden.com/it-it/help/auto-fill-android/#list-of-autofill-methods/). This is currently available for Chrome and Chromium browsers. For example, as a popup: ![Android card popup](https://bitwarden.com/assets/2ekny75ulY7xoyqz80Kz1z/f3954ac976db5283aa064efc6a78cc5e/2025-08-12_10-32-44.png) --- URL: https://bitwarden.com/it-it/help/auto-fill-custom-fields/ --- # Autofill Custom Fields Bitwarden can do more than just [autofill your usernames and passwords](https://bitwarden.com/it-it/help/auto-fill-browser/). Bitwarden browser extensions can autofill [custom fields](https://bitwarden.com/it-it/help/custom-fields/) to simplify filling in security questions, PINS, and more. Additionally, if your browser extension is having issues autofilling usernames and passwords for a particular site, using [linked custom fields](https://bitwarden.com/it-it/help/auto-fill-custom-fields/#using-linked-custom-fields/) can force an autofill. > [!TIP] Name custom fields correctly. > It's important to name the custom field correctly in order for autofill to work. [Learn more](https://bitwarden.com/it-it/help/custom-fields/#custom-field-names/). To autofill custom fields: 1. Open the browser extension to the **Vault** view. This view automatically detects the website (for example, `myverizon.com`) of the page displayed in the open tab and surfaces any logins with corresponding URIs. 2. If an item appears in **Autofill suggestions**, click anywhere on the item that contains the custom field to autofill: ![Click item to autofill](https://bitwarden.com/assets/3tnagVMjtTufvRCrih3ctQ/9277f05114868cf0c37c069c565f2f95/Click_item_to_autofill.png) *Click item to autofill* The browser extension will find any fields that match the [custom field name](https://bitwarden.com/it-it/help/custom-fields/#custom-field-names/) and autofill that field's value. ### Using linked custom fields Linked custom fields can be used to solve issues where your browser extension can't autofill usernames and passwords for a particular site. To create and autofill a linked custom field: 1. In the **Custom fields** section of an item's **Edit** panel, choose **Linked** from the Field type dropdown. 2. In the **Name** input, [give the custom field a name](https://bitwarden.com/it-it/help/custom-fields/#custom-field-names/) that corresponds to the username or password's HTML form element `id`, `name`, `aria-label`, or `placeholder`. > [!TIP] Use context menu for custom field name. > You can get the right value by right-clicking the form element and using the **Copy Custom Field Name** context menu option: > > > ![Copy custom field name](https://bitwarden.com/assets/5nnPLqyzgAhDCinQNB0uUC/a721194f39f0a8fa919066d73ff9e2c8/2024-10-29_10-50-34.png) > *Copy custom field name* 3. Select **Add**. 4. Select **Username** or **Password** for the field's value depending on which credential you are having trouble autofilling. In many cases, you'll need to create a linked custom field for each. 5. **Save** the changes to the vault item. Now that you have created one or more linked custom fields, you can autofill using the [method described in an earlier section](https://bitwarden.com/it-it/help/auto-fill-custom-fields/#auto-fill-custom-fields/). When you do, your browser extension will autofill the username, password, or both into the HTML form element given for a field Name. ## Special autofill scenarios ### HTML `` elements Typically custom fields are autofilled in HTML `
` or `` elements, however Bitwarden browser extensions can autofill custom field values into the `innerText` of HTML `` elements as well. In order to autofill into a `` element, the opening tag must have the `data-bwautofill` attribute. So, in the following scenario: ``` Bitwarden is great. ``` A custom field with **name:** `myspan` will replace `Bitwarden is great` with whatever is saved in the custom field's **value**. --- URL: https://bitwarden.com/it-it/help/auto-fill-ios/ --- # Autofill from iOS App Bitwarden makes your passwords and passkeys available for autofill so that you can seamlessly log in to websites and apps while also maintaining strong and secure passwords. Autofill cuts the copying and pasting out of your login routine by detecting vault items that match the service you are logging in to. Custom fields and split login workflows (when username and password fields are displayed on separate screens) are not currently supported in mobile autofill. ## Set up autofill > [!NOTE] autofill URI > Most autofill methods require login items to have an [assigned website URI](https://bitwarden.com/it-it/help/uri-match-detection/). There are a few different ways to autofill on iOS: - **Keyboard autofill**: (Recommended) Use this option to make Bitwarden autofill accessible in any iOS app—including web browsers—through a keyboard button or slide-up prompt. - **Browser app extension**: Use this option to make Bitwarden autofill accessible only in web browser apps, like Safari, through the Share menu. - **Long-press a text field**: Use this option to autofill from Bitwarden in a larger variety of locations. > [!NOTE] iOS AutoFill > It is currently not possible to use auto-fill on iOS if your [vault timeout action](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout-action/) is set to **Log Out** and your only enabled [two-step login method](https://bitwarden.com/it-it/help/setup-two-step-login/) requires NFC (for example, an NFC YubiKey), as iOS will not allow NFC inputs to interrupt autofill workflows. > > Either change your vault timeout action to **Lock**, or enable another two-step login method. > [!NOTE] iOS autofill Argon2id > If you are using Argon2id with a KDF memory value higher than 64 MB, a warning dialogue will be displayed every time iOS autofill is initiated or a new Send is created through the Share sheet. To avoid this message, adjust Argon2id settings [here](https://bitwarden.com/it-it/help/kdf-algorithms/#argon2id/) or enable [unlock with biometrics](https://bitwarden.com/it-it/help/biometrics/#enable-unlock-with-biometrics/). ### Keyboard autofill To activate keyboard autofill on iOS for passwords, complete the following steps. This will also activate the slide-up menu for passkey autofill: 1. Open iOS ⚙️ **Settings** and then **General** on your device. 2. Tap **AutoFill & Passwords**. 3. Toggle **AutoFill Passwords and Passkeys** on and tap **Bitwarden** in the **Autofill From** list: ![Setup autofill on iOS](https://bitwarden.com/assets/5jxVP3WslH4ppIdFq9viqX/613fbbb9eacbb14f56c0fbcee17bc9a1/2025-01-22_11-00-15.png) > [!NOTE] Disable other autofill providers on iOS > We highly recommend deactivating any other autofill service, like Keychain, in the **Autofill From** list. Next, test autofill to make sure it works properly: 1. Open an app or website that you aren't currently signed in to. 2. Tap the username or password field on the login screen. A keyboard will slide up with a matching login (`my_username`), or with a 🔑 **Passwords** button: ![AutoFill on iOS ](https://bitwarden.com/assets/vQG8BTWlHg2AQxBlXe4S3/63f2a5e9c32c2f38b29ec0ab0af24d57/autofill-ios.jpeg) 3. If a [matching login](https://bitwarden.com/it-it/help/uri-match-detection/) is displayed, tap it to autofill. If the 🔑 **Passwords** button is displayed, tap it to browse your vault for the login to use. In cases where the 🔑 **Passwords** button is displayed, it's probably because there isn't an item in your vault with a [matching URI](https://bitwarden.com/it-it/help/uri-match-detection/). > [!NOTE] iOS biometric unlock disabled with autofill > Are you getting a `Biometric unlock disabled pending verification of master password` message? [Learn what to do](https://bitwarden.com/it-it/help/autofill-faqs/#q-what-do-i-do-about-biometric-unlock-disabled-pending-verification-of-master-password/). ### Browser app extension autofill To enable browser app extension autofill on iOS: 1. Open your Bitwarden app and tap ⚙️ **Settings**. 2. Tap **Autofill**. 3. Tap the **App extension** option in the Autofill section. 4. Tap the **Activate app extension** button. 5. From the share menu that slides up, tap **Bitwarden**. A green `Extension Activated!` message will indicate success. Then test that the app extension is working correctly: 1. Open your device's web browser and navigate to a website that you aren't currently signed in to. 2. Tap the **Share** icon. 3. Scroll down and tap the **Bitwarden** option: ![Bitwarden in the Share menu ](https://bitwarden.com/assets/3Icxd3YqcXjBrjHVAeluwm/8be732b1ed2adebfd0a7af00f7150a97/extension.png) > [!NOTE] > If you have [unlock with biometrics](https://bitwarden.com/it-it/help/biometrics/) enabled, the first time you tap this option you will be prompted to verify your master password. 4. A Bitwarden screen will slide up on your device and will list [matching logins](https://bitwarden.com/it-it/help/uri-match-detection/) for the website. Tap the item to autofill. > [!NOTE] > If there are no logins listed, it's probably because there isn't a login in your vault with a [matching URI](https://bitwarden.com/it-it/help/uri-match-detection/). ### Long-press a text field By long-pressing any text field, you can autofill data from Bitwarden and long as it's active as the keyboard auto-fill option: ![Long-press a text field on iOS](https://bitwarden.com/assets/77glhnjH87Z6PKscElWtZy/f9229264859577c0490cf423237f8502/2025-01-22_11-05-33.png) ## Switch accounts during autofill If you are [logged in to more than one account](https://bitwarden.com/it-it/help/account-switching/), your [mobile app ](https://bitwarden.com/it-it/download/apple-iphone-password-manager/)will default to trying to autofill credentials from the currently active account. You can switch from one account to another during autofill by tapping the avatar bubble. ## Use passkeys ### Set up Bitwarden for use with passkeys Autofilling passkeys, including being prompted by Bitwarden when you create a new passkey, requires iOS 17.0 or higher. To use the functionality described below: 1. Open your iOS **Settings** app. 2. Go to **Passwords** → **Password Options**. 3. Toggle the following options on: - Toggle **AutoFill Passwords and Passkeys**on. - Toggle **Bitwarden**on in the **Use passwords and passkeys from:**list. ### Create a passkey When creating a new passkey on a website or app, the iOS application will prompt you to store the passkey: ![Create a passkey](https://bitwarden.com/assets/6rccoaRtUBbEnUjQxfSTNi/d033196df75950bae5bd7a20e8a7edd2/passkey-ios-1__1_.png) *Create a passkey* Select **Continue**. > [!NOTE] Sign in with non-Bitwarden saved passkey (iOS) > If you prefer to sign in with a passkey not stored in Bitwarden, select **Other Sign In Options**. If a passkey already exists for this service, Bitwarden will allow you to save a new passkey by selecting the + icon to create a new item, or by overwriting an existing passkey: ![Save or overwrite a passkey](https://bitwarden.com/assets/6L5s6XBFjvaaEiDZ68m00Q/a130745c2276068fd0be066a47a34684/passkey-ios-2__1_.png) *Save or overwrite a passkey* > [!NOTE] One passkey per login > Only one passkey can be saved per login item. If a credential is saved in multiple places, for instance as two separate login items in the individual vault and organization vault respectively, a different passkey can be be stored with each login item. ### Sign in using a passkey stored in Bitwarden To use a passkey stored in Bitwarden, initiate the passkey login on the website. The mobile app will provide an option to login using the passkey stored in your Bitwarden vault: ![Sign in with passkey](https://bitwarden.com/assets/b6fY5o4CBxhW4ZjDIpanR/56ffdbf1ff93b7387be273bc7df15e6b/passkey-ios-3__1_.png) *Sign in with passkey* Select **Continue**. > [!NOTE] Sign in with non-Bitwarden saved passkey (iOS) > If you prefer to sign in with a passkey not stored in Bitwarden, select **Other Sign In Options**. --- URL: https://bitwarden.com/it-it/help/autofill-faqs/ --- # Autofill FAQs ### Q: How do I disable the Bitwarden accessibility bubble? 1. Open the **Settings** in your Android device. 2. Navigate to **Accessibility**. 3. Select **Bitwarden**. 4. Turn off the toggle for Bitwarden shortcut. ### Q: Can I use autofill while using a physical keyboard on an iPad? **A:** Yes! To use autofill while using a physical keyboard: 1. Open the iOS ⚙️ **Settings** app on your device. 2. Tap **General**. 3. Tap **Keyboards**. 4. In the All Keyboards section, toggle **Shortcuts** on. ### Q: How do I disable Google Autofill in my Android device? **A:** To disable Google Autofill on your Android device: 1. Open **Settings** in your Android device. 2. Scroll down and tap on **Google**. 3. Tap on **Autofill with Google** and toggle it off. ### Q: What do I do about 'Biometric unlock disabled pending verification of master password'? **A:** This most commonly occurs on iOS when you make a change to your device's biometrics settings (for example, adding another finger to Touch ID). To resolve this error: 1. **If you have**[**PIN Code**](https://bitwarden.com/it-it/help/unlock-with-pin/)**verification active**, disable it. 2. Log out of your Bitwarden mobile app. 3. Check that your device settings are [setup to use Bitwarden for autofill](https://bitwarden.com/it-it/help/auto-fill-ios/). 4. Log back in to your Bitwarden mobile app. 5. Re-enable [PIN code](https://bitwarden.com/it-it/help/unlock-with-pin/) verification if you want to use it as a backup for [biometrics](https://bitwarden.com/it-it/help/biometrics/). ### Q: Does URI matching not work with certain websites when Base Domain is the set rule? **A:**Some results that would typically match have been filtered out because the URL you are currently on may serve multiple websites. To learn more about these websites, see [publicsuffix.org](https://publicsuffix.org/). --- URL: https://bitwarden.com/it-it/help/automatic-confirmation/ --- # Automatic Confirmation By default, users invited to join a Bitwarden organization must be [confirmed by an administrator](https://bitwarden.com/it-it/help/managing-users/#confirm/) once they accept an invitation to join. Confirmation is a crucial step that completes the three-step onboarding process designed to facilitate end-to-end-encrypted sharing of items between organizations and their members. Enterprise organizations can optionally set up automatic confirmation of users if it is not desired that administrators manually confirm each user joining the organization. In order to be eligible for automatic confirmation functionality: - **Added by your Bitwarden team**: In order to gain access to this automation, Bitwarden support will need to add it to your organization. The first step is to [contact us](https://bitwarden.com/it-it/contact/). - **Single organization policy will extend to all roles**: The [Single organization policy](https://bitwarden.com/it-it/help/policies/#single-organization/) must be on and all members, including owners and admins who are not typically subject to the policy, must be compliant with it. - **No emergency access**: To mitigate some risks of using automatic confirmation, [emergency access](https://bitwarden.com/it-it/help/emergency-access/) will be removed for all members of your organization. Members using emergency access will receive an email informing them it's been turned off. - **No provisioned provider accounts**: A member of a [provider](https://bitwarden.com/it-it/help/providers/) may not be an provisioned member of in your organization. A provider can still manage your organization, but its members cannot occupy a seat in your organization. - **Accept potential security risks**: Automatic confirmation could pose a security risk to your organization's data. Before using automatic confirmation, make sure you read about the [risks outlined in this article](https://bitwarden.com/it-it/help/automatic-confirmation/#potential-security-risks/) and accept them. Once activated, automatic confirmation is a background process executed by unlocked browser extensions belonging to [owners, admins, and custom role members](https://bitwarden.com/it-it/help/user-types-access-control/) with the **Manage users** permission. Learn how to activate automatic confirmation in the following sections. > [!NOTE] Events logged for automatic confirmation. > [Events](https://bitwarden.com/it-it/help/event-logs/#organization-events/) are logged when automatic confirmation is turned on or off for the organization, turned on or off by each administrator, and when a member is automatically confirmed. ## Turn on automatic confirmation In order to turn on automatic confirmation of new members, you must turn it on both at the organization level and for each Bitwarden client that you want executing the process. ### For the organization To turn on automatic confirmation for your organization, make sure you've met the eligibility requirements described above. Once you've contacted your Bitwarden team and it's been made available to your organization: 1. Owners and admins will get an email with the subject line **Automatic confirmation is available for **. > [!NOTE] Automatic Confirmation on Self-hosted Servers > If you're **self-hosting** Bitwarden: > > - This email will be sent to the owners and admins **of the cloud organization**associated with your self-hosted organization. > - One of those owners or admins must [update the self-hosted organization's license file](https://bitwarden.com/it-it/help/licensing-on-premise/) before proceeding with Step 2. Once the license file is updated, Step 2 and all subsequent steps can be completed from the self-hosted server. 2. An activation panel will be issued to organization owners and admins, the next time they log in, prompting them to turn on the policy. Once the functionality is added for your organization by Bitwarden, Automatic confirmation can also be activated [via a policy](https://bitwarden.com/it-it/help/policies/#automatic-user-confirmation/) from the **Settings** → **Policies** menu in the Admin Console. Either way, select **Continue** to turn on automatic confirmation for the organization: ![Automatic confirmation of new users](https://bitwarden.com/assets/1ggo2uyCvldAlJcOxAmGdv/eabe1eb2c5a82731268d6b3486fbc3d5/2026-02-05_10-43-27.png) *Automatic confirmation of new users* ### For each administrator Once turned on for the organization, each [owner, admin, and custom role member](https://bitwarden.com/it-it/help/user-types-access-control/) with the **Manage users** permission will be issued an activation panel **in the browser extension** inviting them to turn automatic confirmation on for that client. Administrators that close this dialog can toggle automatic confirmation on or off from the browser extension's **Settings** → **Admin**menu. Either way, select **Turn on** to begin automatic confirmation: ![Turn on automatic confirmation](https://bitwarden.com/assets/18MR4NrPqPFWRW7W5oqFzW/40422afa9db8a695213a80944d427589/2026-02-05_11-02-16.png) *Turn on automatic confirmation* In order for members to be automatically confirmed, at least one [owner, admin, or relevant custom role member](https://bitwarden.com/it-it/help/user-types-access-control/) must turn this on. The automatic confirmation process runs in the background of each unlocked browser extension client that chooses to turn it on. ## Potential security risks Before turning on automatic confirmation, **make sure you understand the potential risks associated with its use**. Decryption of your organization's data requires that a user goes through a three-step (Invite → Accept → Confirm) onboarding workflow in order to [facilitate the secure sharing of encryption keys](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#sharing-data-between-users/) and maintain an end-to-end encrypted environment. In this workflow, manual confirmation operates as a final protection to ensure that only members who are intended to access organization data can do so; if an unintended person or malicious actor has accepted an invitation, they could be caught and denied at the confirmation step to prevent unwanted access. Actors with unrestricted access to the database used by your Bitwarden server, whether self-hosted or cloud-hosted, could fabricate an invitation to join your organization and accept it. With automatic confirmation running, there would be no manual intervention that would allow administrators to catch and deny access to such an actor. --- URL: https://bitwarden.com/it-it/help/autosave-from-browser-extensions/ --- # Autosave from Browser Extension Bitwarden browser extensions offer an array of in-browser notifications that compare your decrypted data with data that you enter into login, registration, and similar web forms. This includes: - A notification to add an undetected login. - A notification to update an existing login. - A notification to save or use passkeys. - A notification to save a new URI These notifications are active by default, but can be turned off from the browser extension's **Settings** → **Notifications** menu. > [!TIP] Block autosave > You can also block specific sites from triggering autosave notifications from the **Settings** → **Notification** → **Excluded domains** menu. Learn more in [Block Autosave on Specific Sites](https://bitwarden.com/it-it/help/exclude-domains/). ## Ask to save and use passkeys When Bitwarden detects that you're creating a new passkey for a website, or if you're being prompted to login with a passkey that you have saved in Bitwarden, Bitwarden will prompt you to either save a new passkey or log in with an already-saved one: ![Log in with passkey](https://bitwarden.com/assets/5KeuUZox5shd0zDMxPHKXn/1aab35dfceed0ed9cdb17b143be9a890/2024-10-29_11-39-33.png) More information can be found in [Autofill Passkeys](https://bitwarden.com/it-it/help/storing-passkeys/). ## Ask to add login When Bitwarden detects that you've entered login information for a page that isn't stored in Bitwarden, you'll be prompted to save those credentials in Bitwarden: ![Richiedi di aggiungere l'accesso](https://bitwarden.com/assets/4vsurEuH5deik26BWn4n1p/82757186b081890fbe92b4d73baeae53/screenshot_7.png) From this notification, you can select whether to store this among your personal items (i.e. **My vault**) or with an organization. You can also edit the item before saving it using the edit [pencil-square] button. ## Ask to update existing login When Bitwarden detects that login information you enter on a form for an item you have saved in Bitwarden is different from what you have saved, for example if you've recently updated your password on a website but not in Bitwarden, you'll be prompted to update your credentials in Bitwarden: ![Ask to update existing login](https://bitwarden.com/assets/3nn8Vz526Il3onWPHMUUAi/90fd3af3616b60c2961064a56205d525/2025-05-20_16-19-00.png) ## Ask to save a URI When using the browser extension to **Autofill**a login item that does not have a URI matching the website you are on, the browser extension will give you the option to save the new URI to the item: ![Confirm Autofill](https://bitwarden.com/assets/67h2UzB5cit1oVpEKTUcVs/dfeadfd6749961b76fb9746a36cc9085/2025-12-04_09-37-06.png) *Confirm Autofill* --- URL: https://bitwarden.com/it-it/help/aws-eks-deployment/ --- # AWS EKS Deployment This article dives into how you might alter your [Bitwarden self-hosted Helm Chart](https://bitwarden.com/it-it/help/self-host-with-helm/) deployment based on the specific offerings of AWS and Elastic Kubernetes Service (EKS). Note that certain add-ons documented in this article will require that your EKS cluster has at least one node already launched. ## Requirements Before proceeding with the installation, ensure the following requirements are met: - [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed. - [Helm 3](https://helm.sh/docs/intro/install/) is installed. - You have an SSL certificate and key or access to creating one via a certificate provider. - You have a SMTP server or access to a cloud SMTP provider. - A [storage class](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) that supports ReadWriteMany. - You have an installation id and key retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). ### Rootless requirements Bitwarden will detect whether your environment restricts what user containers can be run as during startup and will automatically initiate deployment in rootless mode if restriction is detected. Successfully deploying in rootless mode requires one of the following two options: - Deploying an [external MSSQL database](https://bitwarden.com/it-it/help/external-db/) instead of the SQL container included by default in the Helm chart. - Assigning elevated privileges to the included SQL container [using a service account](https://bitwarden.com/it-it/help/kubernetes-service-accounts/), [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod), or other method. > [!TIP] SQL pod as root to non-root > While Microsoft requires that SQL containers be run as root, container startup will step down to a non-root user before executing application code. ## Ingress controller Ingress controller and Gateway API configurations have been defined in `my-values.yaml`, and will require an AWS Network Load Balancer. AWS Application Load Balancers (ALB) are not currently recommended as they do not support path rewrites and path-based routing. > [!TIP] Assumption about NLB for EC2 > The following assumes that you have an SSL certificate saved in AWS Certificate Manager, as you will need a certificate Amazon Resource Name (ARN). > > You also must have at least 1 node already running in your cluster. To connect a Network Load Balancer to your cluster: 1. Follow [these instructions](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html) to create an IAM policy and role, and to install the AWS Load Balancer Controller in your cluster. 2. Ingress NGINX has reach EOL and will no longer receive support (see the [Kubernetes official statement](https://kubernetes.io/blog/2026/01/29/ingress-nginx-statement/)). Bitwarden and AWS recommend migration to an alternative such as [Gateway API or third-party ingress controllers](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions-standard.html). `my-values.yaml` will contain configuration variables for Ingress or Gateway API setups. It is not recommended to configure both simultaneously. The following table contains ## Create a storage class Deployment requires a shared storage class that you provide, which must support [ReadWriteMany](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). The following example of how to create a storage class that meets the requirement: > [!TIP] AWS Helm EFS assumption > The following assumes that you have an AWS Elastic File System (EFS) created. If you don't [create one now](https://docs.aws.amazon.com/efs/latest/ug/gs-step-two-create-efs-resources.html). In either case, take note of your EFS' **File system ID** as you will need it during this process. 1. [Get the Amazon EFS CSI driver add-on](https://docs.aws.amazon.com/eks/latest/userguide/managing-add-ons.html#creating-an-add-on) for your EKS cluster. This will require that you [create an OIDC provider](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) for your cluster and [create an IAM role](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html#efs-create-iam-resources) for the driver. 2. In the AWS CloudShell, replace the `file_system_id= "REPLACE"` variable in the the following script and run it in the AWS CloudShell: > [!WARNING] It's just an example > The following is an illustrative example, be sure to assign permissions according to your own security requirements. ```bash file_system_id="REPLACE" cat << EOF | kubectl apply -n bitwarden -f - kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: shared-storage provisioner: efs.csi.aws.com parameters: provisioningMode: efs-ap fileSystemId: $file_system_id directoryPerms: "777" # Change for your use case uid: "2000" # Change for your use case gid: "2000" # Change for your use case basePath: "/dyn1" subPathPattern: "\${.PVC.name}" ensureUniqueDirectory: "false" reuseAccessPoint: "false" mountOptions: - iam - tls EOF ``` 3. Set the `sharedStorageClassName` value in `my-values.yaml` to whatever name you give the class in `metadata.name:`, in this example: ```bash sharedStorageClassName: "shared-storage" ``` ## Using AWS Secrets Manager Deployment requires Kubernetes secrets objects to set sensitive values for your deployment. While the `kubectl create secret` command can be used to set secrets, AWS customers may prefer to use AWS Secrets Manager and the AWS Secrets and Configuration Provider (ACSP) for Kubernetes Secrets Store CSI Driver. You will need the following secrets stored in AWS Secrets Manager. Note that you can change the **Keys** used here but must also make changes to subsequent steps if you do: | Key | Value | |------|------| | `installationid` | A valid installation id retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). For more information, see [what are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#general/) | | `installationkey` | A valid installation key retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). For more information, see [what are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#general/) | | `smtpusername` | A valid username for your SMTP server. | | `smtppassword` | A valid password for the entered SMTP server username. | | `yubicoclientid` | Client ID for YubiCloud Validation Service or self-hosted Yubico Validation Server. If YubiCloud, get your client ID and secret key [here](https://upgrade.yubico.com/getapikey/). | | `yubicokey` | Secret key for YubiCloud Validation Service or self-hosted Yubico Validation Server. If YubiCloud, get your client ID and secret key [here](https://upgrade.yubico.com/getapikey/). | | `globalSettings__hibpApiKey` | Your HaveIBeenPwned (HIBP) API Key, available [here](https://haveibeenpwned.com/API/Key). This key allows users to run the [Data Breach report](https://bitwarden.com/it-it/help/reports/#data-breach-individual-vaults-only/) and to check their master password for presence in breaches when they create an account. | | If you're using the Bitwarden SQL pod, `sapassword`. If you're using your own SQL server, `dbconnectionString.` | Credentials for the database connected to your Bitwarden instance. What is required will depend on whether you're using the included SQL pod or an external SQL server. | 1. Once your secrets are securely stored, [install ACSP](https://docs.aws.amazon.com/secretsmanager/latest/userguide/ascp-eks-installation.html). During ACSP installation you will: - Install the Secrets Store CSI Driver (`secrets-store-driver-csi`). > [!NOTE] Secrets Store CSI Driver > When installing and configuring the Secrets Store CSI Driver, you **must** enable `syncSecret.enabled=true`. - Install the AWS provider for Secrets Store CSI Driver (`secrets-store-driver-csi-provider-aws`). 2. Create a permissions policy to allow access to your secrets. This policy **must** grant `secretsmanager:GetSecretValue` and `secretsmanager:DescribeSecret` permission, for example: ```bash { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Resource": "arn:aws:secretsmanager:REPLACEME:REPLACEME:secret:REPLACEME" } } ``` 3. Create a service account that has access to your secrets via the created permissions policy, for example: ```bash CLUSTER_NAME="REPLACE" ACCOUNT_ID="REPLACE" # replace with your AWS account ID ROLE_NAME="REPLACE" # name of a role that will be created in IAM POLICY_NAME="REPLACE" # the name of the policy you created earlier eksctl create iamserviceaccount \ --cluster=$CLUSTER_NAME \ --namespace=bitwarden \ --name=bitwarden-sa \ --role-name $ROLE_NAME \ --attach-policy-arn=arn:aws:iam::$ACCOUNT_ID:policy/$POLICY_NAME \ --approve ``` 4. Next, create a [SecretProviderClass](https://docs.aws.amazon.com/secretsmanager/latest/userguide/ascp-examples.html#ascp-examples-secretproviderclass), as in the following example. Be sure to: - Replace the `region` with your region. - Replace the `objectName` with the name of the Secrets Manager secret you created (**Step 1**). - If you're using IRSA, use the same `namespace` as your EKS pods. ```bash cat < [!TIP] SQL pod as root to non-root > While Microsoft requires that SQL containers be run as root, container startup will step down to a non-root user before executing application code. ## Ingress controllers This section documents using the **Azure Application Gateway** ingress controller (AGIC) to deploy Bitwarden behind an application load balancer. > [!NOTE] Microsoft azure ingress deprecation > Azure NGINX Ingress has reached EOL and is no longer receiving support. Please see the [Microsoft](https://learn.microsoft.com/en-us/azure/aks/app-routing) and [Kubernetes](https://kubernetes.io/blog/2026/01/29/ingress-nginx-statement/) statements regarding the deprecation of ingress and movement to Gateway. #### Before installing the chart If you prefer this option, **before** [installing the chart](https://bitwarden.com/it-it/help/self-host-with-helm/#install-the-chart/) you must: 1. [Enable the Azure Application Gateway ingress controller for your cluster](https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-existing). 2. Update your my-values.yaml file, specifically `general.ingress.className:`, `general.ingress.annotations:`, and `general.ingress.paths:`: ```bash general: domain: "replaceme.com" ingress: enabled: true className: "azure-application-gateway" # This value might be different depending on how you created your ingress controller. Use "kubectl get ingressclasses -A" to find the name if unsure. ## - Annotations to add to the Ingress resource. annotations: appgw.ingress.kubernetes.io/ssl-redirect: "true" appgw.ingress.kubernetes.io/use-private-ip: "false" # This might be true depending on your setup. appgw.ingress.kubernetes.io/rewrite-rule-set: "bitwarden-ingress" # Make note of whatever you set this value to. It will be used later. appgw.ingress.kubernetes.io/connection-draining: "true" # Update as necessary. appgw.ingress.kubernetes.io/connection-draining-timeout: "30" # Update as necessary. ## - Labels to add to the Ingress resource. labels: {} # Certificate options. tls: # TLS certificate secret name. name: tls-secret # Cluster cert issuer (e.g. Let's Encrypt) name if one exists. clusterIssuer: letsencrypt-staging paths: web: path: /(.*) pathType: ImplementationSpecific attachments: path: /attachments/(.*) pathType: ImplementationSpecific api: path: /api/(.*) pathType: ImplementationSpecific icons: path: /icons/(.*) pathType: ImplementationSpecific notifications: path: /notifications/(.*) pathType: ImplementationSpecific events: path: /events/(.*) pathType: ImplementationSpecific scim: path: /scim/(.*) pathType: ImplementationSpecific sso: path: /(sso/.*) pathType: ImplementationSpecific identity: path: /(identity/.*) pathType: ImplementationSpecific admin: path: /(admin/?.*) pathType: ImplementationSpecific ``` 3. If you're going to use the provided Let's Encrypt example for your TLS certificate, update `spec.acme.solvers.ingress.class:` in the script linked [here](https://bitwarden.com/it-it/help/self-host-with-helm/#example-certificate-setup/) to `"azure/application-gateway"`. 4. In the Azure Portal, create an empty rewrite set for Application Gateway: 1. Navigate to the **Load balancing** > **Application Gateway** in the Azure Portal and select your Application Gateway. 2. Select the **Rewrites**blade. 3. Select the + **Rewrite set** button. 4. Set the **Name**to the value specified for `appgw.ingress.kubernetes.io/rewrite-rule-set:` in `my-values.yaml`, in this example `bitwarden-ingress`. 5. Select **Next**and **Create**. #### After installing the chart **After** [installing the chart](https://bitwarden.com/it-it/help/self-host-with-helm/#install-the-chart/), you will also be required to create rules for your rewrite set: 1. Re-open the empty rewrite set you created before installing the chart. 2. Select all routing paths that begin with `pr-bitwarden-self-host-ingress...`, de-select any that do not begin with that prefix, and select **Next**. 3. Select the + **Add Rewrite rule** button. You can give your rewrite rule any name and any sequence. 4. Add the following condition: - **Type of variable to check**: Server variable - **Server variable**: uri_path - **Case-sensitive**: No - **Operator**: equal (=) - **Pattern to match**: `^(\/(?!admin)(?!identity)(?!sso)[^\/]*)\/(.*)` 5. Add the following action: - **Rewrite type**: URL - **Action type**: Set - **Components**: URL path - **URL path value**: `/{var_uri_path_2}` - **Re-evaluate path map**: Unchecked 6. Select **Create**. ## Creating a storage class Deployment requires a shared storage class that you provide, which must support [ReadWriteMany](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). The following example is a script you can run in the Azure Cloud Shell to create an Azure File Storage class that meets the requirement: > [!WARNING] It's just an example > The following is an illustrative example, be sure to assign permissions according to your own security requirements. ```bash cat < [!TIP] Key Vault existing is assumed > These instructions assume you already an have Azure Key Vault setup. If not, [create one now](https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver#create-or-use-an-existing-azure-key-vault). 1. Add Secrets Store CSI Driver support to your cluster with the following command: ```bash az aks enable-addons --addons azure-keyvault-secrets-provider --name myAKSCluster --resource-group myResourceGroup ``` The add-on creates a user-assigned managed identity you can use to authenticate to your key vault, however you have other [options for identity access control](https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access). If you use the created user-assigned managed identity, you will need to explicitly assign **Secret** > **Get** access to it ([learn how](https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal)). 2. Create a SecretProviderClass, as in the following example. The `parameters` section of the following YAML file is accurate for most environments. However, depending on your setup, you may need to change some values; for example, `cloudName` should be set to `AzureUSGovernmentCloud` for Azure US Government Cloud. Consult [Microsoft's documentation](https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/getting-started/usage/#create-your-own-secretproviderclass-object) for full details. The `parameters` section also contains `` placeholders that you must replace, and will be slightly different depending on if you are using the included SQL pod or using your own SQL server. ```bash cat <" # Set the clientID of the user-assigned managed identity to use # clientID: "" # Setting this to use workload identity keyvaultName: "" cloudName: "AzurePublicCloud" objects: | array: - | objectName: installationid objectAlias: installationid objectType: secret objectVersion: "" - | objectName: installationkey objectAlias: installationkey objectType: secret objectVersion: "" - | objectName: smtpusername objectAlias: smtpusername objectType: secret objectVersion: "" - | objectName: smtppassword objectAlias: smtppassword objectType: secret objectVersion: "" - | objectName: yubicoclientid objectAlias: yubicoclientid objectType: secret objectVersion: "" - | objectName: yubicokey objectAlias: yubicokey objectType: secret objectVersion: "" - | objectName: hibpapikey objectAlias: hibpapikey objectType: secret objectVersion: "" - | objectName: sapassword #-OR- dbconnectionstring if external SQL objectAlias: sapassword #-OR- dbconnectionstring if external SQL objectType: secret objectVersion: "" tenantId: "" secretObjects: - secretName: "bitwarden-secret" type: Opaque data: - objectName: installationid key: globalSettings__installation__id - objectName: installationkey key: globalSettings__installation__key key: globalSettings__mail__smtp__username - objectName: smtppassword key: globalSettings__mail__smtp__password - objectName: yubicoclientid key: globalSettings__yubico__clientId - objectName: yubicokey key: globalSettings__yubico__key - objectName: hibpapikey key: globalSettings__hibpApiKey - objectName: sapassword #-OR- dbconnectionstring if external SQL key: SA_PASSWORD #-OR- globalSettings__sqlServer__connectionString if external SQL EOF ``` 3. Use the following commands to set the required secrets values in Key Vault: > [!WARNING] Insecure way of setting a secret > This example will record commands to your shell history. Other methods may be considered to securely set a secret. ```bash kvname= az keyvault secret set --name installationid --vault-name $kvname --value az keyvault secret set --name installationkey --vault-name $kvname --value az keyvault secret set --name smtpusername --vault-name $kvname --value az keyvault secret set --name smtppassword --vault-name $kvname --value az keyvault secret set --name yubicoclientid --vault-name $kvname --value az keyvault secret set --name yubicokey --vault-name $kvname --value az keyvault secret set --name hibpapikey --vault-name $kvname --value az keyvault secret set --name sapassword --vault-name $kvname --value # - OR - # az keyvault secret set --name dbconnectionstring --vault-name $kvname --value ``` 4. In your `my-values.yaml` file, set the following values: - `secrets.secretName`: Set this value to the `secretName` defined in your SecretProviderClass. - `secrets.secretProviderClass`: Set this value to the `metadata.name` defined in your SecretProviderClass. --- URL: https://bitwarden.com/it-it/help/backup-on-premise/ --- # Backup Server Data When self-hosting Bitwarden, you are responsible for implementing your own backup procedures in order to keep data safe. Though the steps required to do so will depend on your deployment method, in all cases it is recommended that you: - Manually take regular backups of important data, including configuration data, certificate data, and more. - Ensure that automatically-recurring database backups are being taken. > [!TIP] Recurring backups, by deployment > In **Docker**deployments using the built-in database, a nightly backup runs as long as the `mssql` container is running. In **Helm** deployments, you will need to either schedule a job outside the cluster or create a CronJob object within the cluster, and Bitwarden provides examples to help guide your approach. ### Docker ## Manual backups Bitwarden will take automatic nightly backups of the `mssql` database container (see below), however for the most complete disaster recovery (DR) plan you should manually backup and keep safe the entire `./bwdata` directory. Particularly important pieces of `./bwdata` to backup regularly include: - `./bwdata/env` - Instance's environment variables, including database and certificate passwords. - `./bwdata/core/attachments` - Instance's vault item attachments. - `./bwdata/mssql/data` - Instance's database data. - `./bwdata/core/aspnet-dataprotection` - Framework-level data protection, including authentication tokens and some database columns. You can also manually trigger a backup of the `mssql` database container at any time using the following command: ```bash docker exec -i bitwarden-mssql /backup-db.sh ``` ## Automatic database backups Bitwarden will automatically take nightly backups of the `mssql` database container, as long as the container running. These backups are stored in the `./bwdata/mssql/backups` directory for 30 days. > [!NOTE] Lite doesn't do nightly backups. > [Bitwarden lite](https://bitwarden.com/it-it/help/install-and-deploy-lite/) does not take nightly backups. Using lite, you are required to manage your own backup processes. ### Restore a database backup In the event of data loss, you can use `./bwdata/mssql/backups` to restore a nightly backup. Complete the following steps to restore a nightly backup: 1. Retrieve your database password from the `globalSettings__sqlServer__connectionString=...Password=` value found in `global.override.env`. 2. Identify the Container ID of the `mssql` container using the `docker ps` command. 3. Run the following command to open a bash session for your `mssql` docker container: ``` docker exec -it bitwarden-mssql /bin/bash ``` Your command prompt should now match the identified Container ID of the `bitwarden-mssql` container. 4. In the container, locate the backup file you wish to restore. > [!NOTE] > The backup directory in the container is volume-mapped from the host directory. `./bwdata/mssql/backups` on the host machine maps to `etc/bitwarden/mssql/backups` in the container. For example, a file `/etc/bitwarden/mssql/backups/vault_FULL_20201208_003243.BAK` is a backup taken on December 08, 2020 at 12:32am. 5. Start the `sqlcmd` utility with the following command: ```bash /opt/mssql-tools18/bin/sqlcmd -S localhost -U -P -C ``` where `` and `` match the `User=` and `Password=` values found in `global.override.env`. 6. Once in the `sqlcmd` utility, you have two options for backup: 1. **Offline restore** (Preferred) Run the following SQL commands: ``` 1> use master 2> GO 1> alter database vault set offline with rollback immediate 2> GO 1> restore database vault from disk='/etc/bitwarden/mssql/backups/vault_FULL_{Backup File Name}.BAK' with replace 2> GO ​1> alter database vault set online 2> GO 1> exit ``` Restart your Bitwarden instance to finish restoring. 2. **Online restore** Execute the following SQL commands: ``` 1> RESTORE DATABASE vault FROM DISK = '/etc/bitwarden/mssql/backups/vault_FULL_20200302_235901.BAK' WITH REPLACE 2> GO ``` Restart your Bitwarden instance to finish restoring. ### Helm ## Manual backups Bitwarden provides example jobs that can be used to regularly backup your database (see below), however for the most complete disaster recovery (DR) plan you should manually backup and keep safe a wider array of server data. Particularly important pieces of data to backup regularly include: - Your chart's `my-values.yaml` file. - Your [Kubernetes Secrets object](https://bitwarden.com/it-it/help/self-host-with-helm/#create-a-secret-object/) (typically, as a `.yaml` file). - Any persistent volumes (PVCs) set up for: - `dataprotection` - `attachments` - `licenses` ## Recurring database backups There are a variety of ways to schedule recurring database backups for your Bitwarden deployment. The Bitwarden Helm Charts repository contains [one such example for backing up the pre-packaged SQL container](https://github.com/bitwarden/helm-charts/tree/main/examples), which includes: - Creating a Kubernetes Job object (`backup-job.yaml`) that establishes a connection to the database through Kubernetes Secrets, executes a backup, and stores the resultant `vault.bak` file to a persistent volume (PVC) while preserving prior backups. - Creating a Bash script (`db-backup.sh`), intended for use by a task scheduler outside of the cluster, that will run the Kubernetes Job and monitor it in real-time. ## Restoring backups To restore a backup, deploy a new Helm installation of Bitwarden with your backed-up `my-values` file and Kubernetes Secret object `.yaml` file. Once the chart is re-installed, re-attach your manually backed-up persistent volumes (PVCs) and `vault.bak` database backup. --- URL: https://bitwarden.com/it-it/help/basic-auth-autofill/ --- # Autofill Basic Auth Prompts Login prompts like the one pictured below, called "basic" or "native" authentication prompts, will be automatically autofilled by Bitwarden browser extensions **if there is only one login item with a** [**matching URI**](https://bitwarden.com/it-it/help/uri-match-detection/). You can also use the browser extension's [share-square] **Launch** button to automatically open and log in to a basic auth-protected resource. Autofilling on basic auth prompts will, by default, use the [Host](https://bitwarden.com/it-it/help/uri-match-detection/#host/) URI match detection option so that autofilling is more restrictive. This can be changed by setting the [match detection option](https://bitwarden.com/it-it/help/uri-match-detection/) for the relevant login. If more than one login with a matching URI is found, the browser extension will not be able to autofill your credentials and you will need to manually copy/paste your username and password to log in. If a single login item is present for a matching URI, the credentials will be autofilled in the background and no authentication prompt will be shown. ![Basic Auth Prompt ](https://bitwarden.com/assets/6rUtQ8FzPTPuKM0sXZ4iyc/3fc116ce5eba8bc70f8dbebfac0eafa6/basic-auth-prompt.png) > [!NOTE] > Due to the way basic auth prompts are designed, auto-filling must be non-interactive. This means you cannot autofill on a basic auth prompt using the **Vault** view, context-menu, or keyboard shortcuts. --- URL: https://bitwarden.com/it-it/help/billing-faqs/ --- # Billing FAQs This article contains frequently asked questions (FAQs) regarding **Plans and Pricing**. For help selecting the right Bitwarden plan for you, refer to [what plan is right for me?](https://bitwarden.com/it-it/help/what-plan-is-right-for-me/) and [about Bitwarden plans](https://bitwarden.com/it-it/help/password-manager-plans/). ## Account management ### Q: How do I upgrade from an individual subscription to an organization? **A:** Use [Upgrade from Individual to Organization](https://bitwarden.com/it-it/help/upgrade-from-individual-to-org/) to guide you through this process. ### Q: How do subscriptions work for self-hosting? **A:** In order to use a subscription on a self-hosted server first create an account and subscription in the Bitwarden cloud via the [web app](https://bitwarden.com/it-it/help/getting-started-webvault/). From there, download the [subscription license](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/), which will flag access to premium or organization features, to apply to your self-hosted server. Per the Bitwarden terms of service, one organization deployment is permitted per subscription. ### Q: If I have a families organization, do I need premium? **A:** The current families plan (introduced Sep. 2020) automatically provides premium features for all six members of the organization, so no! ### Q: Why do my license expiration dates on cloud and self-hosted not match? **A**: To ensure that you don't inadvertently lose organization functionality, we provide a 2 month grace period between the expiration of the license on cloud and expiration of the license on your self-hosted server. Learn more [here](https://bitwarden.com/it-it/help/organization-renewal/). ## Payment options ### Q: Can I use a Bitwarden Free plan for commercial use? **A**: Users can utilize Bitwarden clients, with either paid or free accounts, for personal or business purposes as long as they comply with our [Terms of Service](https://bitwarden.com/it-it/terms/). Bitwarden's license grants a limited, non-exclusive, non-transferable, royalty-free license to use the Commercial Modules solely for internal development and testing in a non-production environment. For more information, refer to the [license](https://github.com/bitwarden/server/blob/main/LICENSE.txt) and [license FAQ](https://github.com/bitwarden/server/blob/main/LICENSE_FAQ.md). If users do not intend to modify, resell, rent, lease, distribute, sublicense, loan, or otherwise transfer the Commercial Modules to any third party, or create a competing product or service, they can use any of the available clients for business or personal use while respecting our terms of service. ## Known issues ### Q: An error occurs when I try to go premium on Firefox. How do I fix this? **A:** We have observed some users of Firefox get the following error message when submitting payment information for a Premium subscription: `You passed an empty string for 'payment_method_data[referrer]'. We assume empty values are an attempt to unset a parameter; however 'payment_method_data[referrer]' cannot be unset. You should remove 'payment_method_data[referrer]' from your request or supply a non-empty value.` This usually occurs when submitting your payment method is impeded by an installed browser Extension or configured Browser option. **Open Firefox in a Private Window and try resubmitting.** --- URL: https://bitwarden.com/it-it/help/biometrics/ --- # Unlock With Biometrics Quickly and securely access your vault with biometrics in the desktop app, browser extension, and mobile app. After logging in with your standard method, like a [master password](https://bitwarden.com/it-it/help/master-password/) or [trusted device](https://bitwarden.com/it-it/help/add-a-trusted-device/), [unlock your vault](https://bitwarden.com/it-it/help/understand-log-in-vs-unlock/) with biometrics. Biometric features are part of the built-in security in your device and/or operating system. **Bitwarden never receives your biometrics data**, because the feature uses native APIs to perform the validation on your local device. > [!TIP] Biometric for multiple accounts > Security settings are set per account. To turn on biometric unlock for [multiple accounts](https://bitwarden.com/it-it/help/account-switching/), like individual and organization accounts, repeat these steps for each one. ## Set up biometrics for desktop app To set up biometrics in the desktop app: ### Windows Set up unlock with biometrics for Windows via [Windows Hello](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello) using PIN, facial recognition, or other hardware that meets [Windows Hello biometric requirements](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-biometric-requirements). This option is supported in the Windows desktop app when it’s installed from [Bitwarden Downloads](https://bitwarden.com/it-it/download/#downloads-desktop-applications/). If the desktop app was installed from the Microsoft Store, biometrics will not work. To turn on biometric unlock: 1. [Turn on Windows Hello](https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0) in your device’s system settings. > [!NOTE] Microsoft Visual C++ Redistributable > If you are unable to turn on Windows Hello in your device settings, install [Microsoft Visual C++ Redistributable](https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170). 2. Download the Bitwarden desktop app from [Bitwarden Downloads](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) (if you haven’t already). Bitwarden desktop app installs from the Microsoft Store do not support biometric unlock. 3. Open the Bitwarden desktop app and go to **File** → **Settings**. 4. Under **Security**, check **Unlock with Windows Hello**. 5. (Optional) If you want to use biometrics to unlock your vault when the desktop app restarts, uncheck **Require master password or PIN on app restart**. You will be prompted to confirm your biometric in a pop-up window. If this setting remains checked, you will need to enter your master password or PIN every time the desktop app restarts. ### macOS Set up unlock with biometrics for macOS via [Touch ID](https://support.apple.com/en-us/HT207054). This option is supported in the macOS desktop app when it’s installed from the [Mac App Store](https://apps.apple.com/us/app/bitwarden/id1352778147?mt=12), but not from the Bitwarden downloads page. To turn on biometric unlock: 1. [Turn on Touch ID](https://support.apple.com/guide/mac-help/use-touch-id-mchl16fbf90a/mac) in your device’s system settings. 2. Download the Bitwarden desktop app from the [Mac App Store](https://apps.apple.com/us/app/bitwarden/id1352778147?mt=12) (if you haven’t already). Bitwarden desktop app installs from the Bitwarden Download page do not support biometric unlock. 3. Open the Bitwarden desktop and go to **Bitwarden** → **Settings**. 4. Under **Security**, check **Unlock with Touch ID** and confirm the update when prompted. 5. (Optional) Check **Ask for Touch ID on app start** to use Touch ID when the desktop app first opens, skipping the initial unlock screen. ### Linux Unlocking the Bitwarden desktop app with biometrics is supported in Linux when your system has a polkit agent and secret service daemon, such as GNOME Keyring. All available Linux versions of the [Bitwarden desktop app](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) support unlock with biometrics. > [!NOTE] Linux-biometrics compatibility by package > We recommend installing the `Snap` or `Flatpak` versions of the Bitwarden desktop app, because both fully support biometric unlock and automatic updates. Both also support biometric integration with Bitwarden browser extensions: > > - **Flatpak**: Supports biometric integration with sandboxed and un-sandboxed browser extensions. > - **Snap**: Supports biometric integration with un-sandboxed browser extensions. > > Learn more about [desktop app feature support](https://bitwarden.com/it-it/help/desktop-app-feature-support/). ## AppImage, Snap, .deb, and .rpm To turn on biometric unlock: 1. Turn on system authentication on your machine. 2. Open the Bitwarden desktop and go to **File** → **Settings**. 3. Under **Security**, check **Unlock with system authentication** and confirm the update when prompted. > [!NOTE] Log in before biometrics-Linux > After biometrics are configured for the Linux desktop app, you still need to log in with a master password or PIN. Once logged in, use biometrics to unlock your vault. ## Flatpak To turn on biometric unlock: 1. Copy [this policy](https://github.com/bitwarden/clients/blob/main/apps/desktop/resources/com.bitwarden.desktop.policy) to `/usr/share/polkit-1/actions/com.bitwarden.Bitwarden.policy` on your machine, for example: ```bash sudo wget -O /usr/share/polkit-1/actions/com.bitwarden.Bitwarden.policy https://raw.githubusercontent.com/bitwarden/clients/main/apps/desktop/resources/com.bitwarden.desktop.policy ``` 2. Change the ownership of the downloaded file: ```bash sudo chown root:root /usr/share/polkit-1/actions/com.bitwarden.Bitwarden.policy ``` 3. Change the security context of the file: ```bash sudo chcon system_u:object_r:usr_t:s0 ``` 4. Turn on system authentication on your machine. 5. Open the Bitwarden desktop and go to **File** → **Settings**. 6. Under **Security**, check **Unlock with system authentication** and confirm the update when prompted. > [!NOTE] Log in before biometrics-Linux > After biometrics are configured for the Linux desktop app, you still need to log in with a master password or PIN. Once logged in, use biometrics to unlock your vault. ## Set up biometrics for browser extension The ability to unlock your vault with biometrics is supported on these browsers: - Chromium-based browsers, including Chrome, Edge, Opera, and Brave - Firefox 87+ (Firefox ESR is not supported.) - Safari 14+ To set up biometrics on the browser extension: ### Chromium-based & Firefox There are two steps to enabling biometrics for browser extensions: [activate the integration](https://bitwarden.com/it-it/help/biometrics/#1-activate-the-integration/) and [activate extension biometrics](https://bitwarden.com/it-it/help/biometrics/#2-activate-extension-biometrics/). ### Activate the integration First, open the Bitwarden desktop app and update the settings: 1. Turn on unlock with biometrics in the [Bitwarden desktop app](https://bitwarden.com/it-it/help/biometrics/#set-up-biometrics-for-desktop-app/). 2. Open the Bitwarden desktop app **Settings**. (For Windows and Linux, go to **File** → **Settings**. For macOS, go to **Bitwarden** → **Settings**.) 3. Check **Allow browser integration**. > [!WARNING] macOS username size bug > On macOS, you may encounter an error if your username directory (e.g. `/Users/your_username/Library/...`) is longer than 104 characters. If you encounter this error, shorten your username. 4. (Optional) Check **Require verification for browser integration** to ask for fingerprint verification every time the integration between the desktop app and browser extension is activated. ### Activate extension biometrics > [!NOTE] Allow access to file URLs > Some browsers, notably Chrome and Chromium-based browsers like Edge and Brave, may require an additional permission for biometrics to work properly: > > 1. Using the web browser address bar, navigate to the extensions manager (e.g. `chrome://extensions or brave://extensions`). > 2. Open the Bitwarden entry on this page and toggle on **Allow access to file URLs**. Next, remain logged in to the Bitwarden desktop app and open the Bitwarden browser extension. To turn on unlock with biometrics for the browser extension: 1. Select the ⚙️ **Settings** icon. 2. Select **Account security**. 3. Check **Unlock with biometrics**. 4. You may see a prompt asking permission for Bitwarden to “communicate with cooperating native applications.” Select **Allow**. > [!NOTE] Communicate with cooperating native applications > This permission is required for the browser extension to unlock with biometrics. If you decline, you can continue using the browser extension, but unlock with biometrics will not work. 5. Go to the desktop app and there: 1. Select **Approve** to verify the browser connection. 2. Enter your biometric when prompted. 6. (Optional) If you previously turned on **Require verification for browser integration**, enter your fingerprint when prompted. 7. (Optional) Check **Ask for biometrics on launch** to use biometrics when the browser extension first opens, skipping the initial unlock screen. ### Safari To turn on biometric unlock: 1. Select the ⚙️ **Settings** icon. 2. Select **Account security**. 3. If a confirmation window appears, enter your device’s password and click **Always Allow**. 4. Check **Unlock with biometrics**. 5. When prompted, enter your Touch ID. 6. (Optional) Check **Ask for biometrics on launch** to use biometrics when the browser extension first opens, skipping the initial unlock screen. > [!TIP] Require verification for browser integration > To ask for fingerprint verification every time the integration between the desktop app and browser extension is activated: > > 1. Open the desktop app and go to **Bitwarden** → **Settings**. > 2. Check **Require verification for browser integration**. > 3. When turning on biometrics unlock in the browser extension, you’ll be asked to enter your fingerprint during setup. ## Set up biometrics for mobile Unlock with biometrics is supported on iOS via [Touch ID](https://support.apple.com/en-us/HT201371) and [Face ID](https://support.apple.com/en-us/HT208109) and on Android (Google Play or FDroid) via [fingerprint unlock](https://support.google.com/nexus/answer/6285273?hl=en) or [face unlock](https://support.google.com/pixelphone/answer/9517039?hl=en). > [!NOTE] Android Class Requirement > On Android, Bitwarden requires your biometric factor to be [Class 3](https://source.android.com/docs/security/features/biometric). Fingerprint readers will most often be Class 3, however the class of facial recognition systems will vary based on device manufacturer and model To set up unlock with biometrics for your mobile device: 1. Turn on the biometric method in your device’s system settings, like the **iOS Setting**s app. 2. Open the Bitwarden app and tap the ⚙️ **Settings** icon. 3. Tap **Account security**. 4. Tap **Unlock with Face ID** or **Unlock with Biometrics**. (What’s available is based on your device’s hardware capabilities and what you previously turned on in your device’s system settings.) 5. Enter your biometric when prompted, like your face or fingerprint. The toggle will fill in when unlock with biometrics is successfully set up. ## Use unlock with biometrics ### Windows & Linux Desktop To access your vault with the Windows or Linux desktop app: 1. Log in with a master password or PIN. 2. Select **Unlock with Windows Hello** or **Unlock with system authentication**: ![Unlock with Windows Hello](https://bitwarden.com/assets/7n73BtZuBKI2lrmTMGJUqk/cf42eacad0651a4cf1b12ba786a2f362/Windows_Hello.png) 3. Enter the biometric you configured. > [!NOTE] Biometrics greyed out > When you first open or restart the Windows and Linux desktop apps, the biometrics option will be greyed out. Unlock the vault with your standard method, like the master password or PIN. After that first log in and unlock, you can use biometrics to unlock your vault. ### macOS Desktop If you checked **Ask for Touch ID on app start** during setup, you’ll immediately be prompted to enter your Touch ID. If you did not check **Ask for Touch ID** on app start during setup: 1. Log in with a master password or PIN. 2. Select **Unlock with Touch ID**: ![Unlock with Touch ID](https://bitwarden.com/assets/2c5pB6gzPsvqDA46W2cODn/46c5bad230d8a5deb7f31e2861bdae0d/Unlock_with_Touch_ID.png) 3. Enter your Touch ID. ### Browser extension To access your vault with the browser extension: 1. Log in to the Bitwarden desktop app and unlock your vault. 2. With the desktop app still running in the background, open the Bitwarden browser extension. 3. (Optional) If you previously turned on **Require verification for browser integration** in the desktop app, enter your fingerprint when prompted. 4. Depending on if **Ask for biometrics on launch** was checked in the desktop app during setup: - If this setting was checked, you’ll immediately be prompted to enter your biometric. - If this setting **was not**checked, select **Unlock with biometrics** and enter the biometric you configured: ![Unlock with biometrics browser](https://bitwarden.com/assets/4UeYGO9saN15Jg3xLQmv5y/bfdb5e552b33009d219b1c1b7accd26b/Unlock_with_Biometrics_Browser.png) > [!NOTE] "Action was cancelled by the desktop application" browser error > If an “Action was cancelled by the desktop application” error appears, confirm that: > > - Your [desktop app is compatible](https://bitwarden.com/it-it/help/biometrics/#set-up-biometrics-for-desktop-app/), such as installed from the Mac App Store. > - The desktop app is open and you’re logged in. > - Biometrics are set up for your desktop app before turning them on in the browser extension. > - If you’re on macOS, shorten your username if it causes your directory path (e.g.` /Users/your_username/Library/...`) to be over 104 characters. ### Mobile When the Bitwarden mobile app first opens, enter your fingerprint or face ID when prompted. ## Troubleshooting If a “Biometric unlock disabled pending verification of your master password” error appears: 1. Temporarily turn off autofill in Bitwarden. 2. Follow the steps above to set up biometrics in Bitwarden. 3. Turn autofill back on within Bitwarden. --- URL: https://bitwarden.com/it-it/help/bitwarden-addresses/ --- # Bitwarden Domains, Endpoints, & URLs This page identifies official addresses and repositories for Bitwarden hosted or managed resources. Bitwarden utilizes CDNs (content delivery networks) and other resources whose IP addresses may change. ## Bitwarden Domains bitwarden.com | bitwarden.net | bitwarden.eu btwrdn.co | btwrdn.com ## Bitwarden URLs **Bitwarden Webpage** - bitwarden.com - bitwarden.net - btwrdn.com - start.bitwarden.com - go.bitwarden.com - cdn.bitwarden.com - cdn.bitwarden.net - assets.bitwarden.com **Bitwarden community contributions** - contributing.bitwarden.com ## Bitwarden applications **Download Bitwarden** - https://bitwarden.com/download/ **Bitwarden web app** - vault.bitwarden.com - vault.bitwarden.eu **Bitwarden server install/update** - func.bitwarden.com - artifacts.bitwarden.com - selfhost.bitwarden.com - btwrdn.co - ghcr.io/bitwarden - charts.bitwarden.com ## Application endpoints - api.bitwarden.com / api.bitwarden.eu - events.bitwarden.com / events.bitwarden.eu - func.bitwarden.com - identity.bitwarden.com / identity.bitwarden.eu - scim.bitwarden.com / scim.bitwarden.eu - sso.bitwarden.com / sso.bitwarden.eu - push.bitwarden.com / push.bitwarden.eu - notifications.bitwarden.com / notifications.bitwarden.eu - icons.bitwarden.net ## GitHub - [https://github.com/bitwarden](https://github.com/bitwarden) ## Issues - [Bitwarden server issues](https://github.com/bitwarden/server/issues) - [Bitwarden client issues](https://github.com/bitwarden/clients/issues) - [Bitwarden mobile issues](https://github.com/bitwarden/mobile/issues) - [Bitwarden Directory Connector issues](https://github.com/bitwarden/directory-connector/issues) ## Community - [Feature requests](https://community.bitwarden.com/t/about-the-feature-requests-category/12) - [Contributing](https://github.com/orgs/bitwarden/discussions) - [Community forums](https://community.bitwarden.com/) - [X.com](https://x.com/bitwarden) - [Reddit](https://www.reddit.com/r/Bitwarden/) - [YouTube](https://www.youtube.com/channel/UCId9a_jQqvJre0_dE2lE_Rw) - [LinkedIn](https://www.linkedin.com/company/bitwarden1) - [Facebook](https://www.facebook.com/bitwarden/) - [Instagram](https://www.instagram.com/bitwarden/) - [Mastodon](https://fosstodon.org/@bitwarden) - [Twitch](https://www.twitch.tv/bitwardenlive) --- URL: https://bitwarden.com/it-it/help/bitwarden-apis/ --- # Password Manager APIs Bitwarden currently offers two APIs with differing sets of functionality and use-cases: ## Public API The Bitwarden Public API provides organizations with a suite of tools for managing members, collections, groups, event logs, and policies. The Public API is a RESTful API with predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs. Learn more about the [Bitwarden Public API](https://bitwarden.com/it-it/help/public-api/) or view the [API Specification](https://bitwarden.com/it-it/help/api/) documentation. ## Vault Management API The Vault Management API provides Bitwarden users with a suite of tools for managing vault items, including those owned by organizations provided you have the appropriate permissions. The Vault Management API allows most actions that can be taken by the Bitwarden CLI to be taken in the form of RESTful API calls from an HTTP interface. Using the Vault Management API requires that you use the `serve` command from the CLI to start a local express web server from which to make requests. > [!NOTE] Vault management API JSON requests > The Vault Management API accepts JSON request bodies and returns JSON responses, including standard HTTP response codes. Learn more about the [serve command](https://bitwarden.com/it-it/help/cli/#serve/) or view the [API Specification](https://bitwarden.com/it-it/help/vault-management-api/) documentation. --- URL: https://bitwarden.com/it-it/help/bitwarden-authenticator/ --- # Bitwarden Authenticator Bitwarden Authenticator is a standalone app that generates time-based one-time passwords (TOTPs) for logins that support authenticator app two-factor authentication (2FA). It generates 5-10 digit codes, by default using SHA-1 and rotating them every 30 seconds. Bitwarden offers [two authenticators](https://bitwarden.com/it-it/help/bitwarden-authenticator/#whats-the-difference-between-bitwarden-authenticator-and-password-managers/): the Bitwarden Authenticator app and Password Manager [integrated authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/). Bitwarden Authenticator is available for everyone, with or without a Bitwarden Password Manager account. If you use both apps, you can [synchronize codes](https://bitwarden.com/it-it/help/totp-sync/) between Authenticator and your Bitwarden vault. When synced, your codes will be labelled either **Local Codes** or labelled by your account email address: ![Bitwarden iOS Authenticator app](https://bitwarden.com/assets/4fMWMI0YBJQybhhyOlV0Zb/2bb912b6e9a6f38818cc37d8a0f982b4/2025-05-21_10-13-39.png) *Bitwarden iOS Authenticator app* ## Install Bitwarden Authenticator Bitwarden Authenticator is available on iOS and Android devices. To get started, download the app from your device's app store: - iOS: [App Store](https://apps.apple.com/us/app/bitwarden-authenticator/id6497335175) (iOS 15+) - Android: [Google Play](https://play.google.com/store/apps/details?id=com.bitwarden.authenticator&pli=1) (Android 9+) > [!TIP] Authenticator iOS default > On iOS 16+, you can make [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/) or Password Manager [integrated authentication](https://bitwarden.com/it-it/help/integrated-authenticator/) your default verification code app when scanning codes directly from the camera app. To set this up: > > 1. Open the iOS **Settings**app on your device. > 2. Tap **General**. > 3. Tap **AutoFill & Passwords**. > 4. Tap **Password Options**. > 5. In the **Verification Codes** section, select an app from the **Set Up Codes In** dropdown menu. ## Add codes You can add codes to Authenticator a few ways. If you already saved verification codes in Password Manager, [sync the apps](https://bitwarden.com/it-it/help/totp-sync/#sync-codes-saved-in-your-bitwarden-vault/) to automatically display those codes in Authenticator. For new codes, scan a QR code or manually enter a code key: ### Scan a QR code In the Bitwarden Authenticator app: 1. Tap the + **Add icon**. 2. Point your camera at the QR code. Scanning will happen automatically. 3. Choose whether to **Save here** (only in Authenticator) or **Save to Bitwarden** (save as a login item in Password Manager). ### Add a code manually In the Bitwarden Authenticator app: 1. Tap the + **Add icon**. 2. Tap **Enter key manually** at the bottom of the screen. 3. Enter the name of the website or app in the **Name**field. 4. Enter the **Authenticator key**offered by the website or app. Some services refer to this as a "secret key" or "TOTP seed." 5. Choose whether to **Save here** (only in Authenticator) or **Save to Bitwarden** (save as a login item in Password Manager). > [!TIP] Copy code to BW Authenticator > If you create a local code in Authenticator and later want to add it to your vault, [copy the code to Password Manager](https://bitwarden.com/it-it/help/totp-sync/#move-and-sync-local-codes-to-your-bitwarden-vault/). ## Edit codes To edit a code that's synced from your vault, [update the login item](https://bitwarden.com/it-it/help/managing-items/#manage-items/) in Password Manager. For local codes stored only in Authenticator, long press the code and select **Edit** to access these options: - Edit the **Name** or **Key**. - Add a **Username**. Use this field when you have multiple accounts for the same website and require a separate verification code per account. - Toggle on **Favorite** to move that code to the top of the app's home screen for easy access. - Change the **Algorithm**used to generate the code. By default, Bitwarden Authenticator uses SHA-1. - Change the **Refresh period**for the code. By default, Bitwarden Authenticator uses 30 seconds. - Change the **Number of digits**for the code. By default, Bitwarden Authenticator uses 6 digits. > [!NOTE] Changing authenticator settings > **Algorithm**, **Refresh period**, and **Number of digits** are determined by the site you're using the verification code with. Do not change these settings for an item unless that website requires it or allows you to customize verification code behavior. ## Use codes To use a verification code, open Bitwarden Authenticator and tap an entry to copy it. Then paste the code into the verification prompt where you're logging in. ## Transfer codes to a new mobile device When you get a new mobile device, you need to transfer your TOTPs for them to appear in Bitwarden Authenticator. Use the method that matches your set-up: - For local codes, [export your Bitwarden Authenticator data](https://bitwarden.com/it-it/help/authenticator-import-export/#export-data/) on your old device. On your new device, [import the file to Authenticator](https://bitwarden.com/it-it/help/authenticator-import-export/#import-data/). - For any codes that synced with Password Manager on the old device, [set up sync](https://bitwarden.com/it-it/help/totp-sync/) on your new device. This will pull all verification codes that are attached to saved login items. Alternatively, [export a .json file](https://bitwarden.com/it-it/help/export-your-data/) for the TOTPs located in your vault and then [import the file to Authenticator](https://bitwarden.com/it-it/help/authenticator-import-export/#import-data/) on your new device. ## Frequently asked questions ### What's the difference between Bitwarden Authenticator and Password Manager's integrated authenticator? The standalone [Bitwarden Authenticator](https://bitwarden.com/it-it/download/#bitwarden-authenticator/) app and Password Manager's [integrated authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) store and generate TOTPs. Based on your security preferences, you can use the apps together, independently, or switch between them. When using both, decide whether to keep your codes connected or managed separately. Key differences include: | Characteristic | Authenticator | Password Manager's integrated authenticator | |------|------|------| | Who can use it | Everyone, no Bitwarden account is required. | Free accounts can store keys. Premium users and members of paid organizations can store keys and generate TOTP codes. | | Primary use | Anyone who prefers storing 2FA codes separately from their password manager and free Bitwarden accounts that want to generate TOTP codes | Convenient all-in-one password and 2FA management | | Platforms | Mobile only, iOS and Android | All Bitwarden clients, including mobile, browser extension, desktop app, and web app | | Default storage | Your local device *If your [Password Manager allows authenticator syncing](https://bitwarden.com/it-it/help/totp-sync/) and/or you proactively [copy a local code to your vault](https://bitwarden.com/it-it/help/totp-sync/#move-and-sync-local-codes-to-your-bitwarden-vault/), the codes are also stored in your Bitwarden vault. | Your Bitwarden vault | | Sync between apps | Can manually [copy local codes to Password Manager](https://bitwarden.com/it-it/help/totp-sync/#move-and-sync-local-codes-to-your-bitwarden-vault/) to permit syncing and can [automatically sync with codes in Password Manager](https://bitwarden.com/it-it/help/totp-sync/#sync-codes-saved-in-your-bitwarden-vault/) | Can automatically [sync with codes in Authenticator](https://bitwarden.com/it-it/help/totp-sync/#sync-codes-saved-in-your-bitwarden-vault/) | ### Can I use Bitwarden Authenticator to add 2FA to my Bitwarden account? Yes! Since Bitwarden Authenticator allows you to store codes outside of your Bitwarden account, this app can be used to [add 2FA to your Bitwarden account](https://bitwarden.com/it-it/help/setup-two-step-login-authenticator/). If you do this, save the code as a **local code** in Authenticator to prevent it from syncing to your vault. Syncing the code to the same vault it's meant to protect could lock you out of it. ### How do I change the Authenticator app's appearance? Go to **Settings** → **Theme**. You can pick **Light** mode, **Dark** mode, or your device's **Default (System)**. In Android, you can also toggle on **Use dynamic colors** to match Bitwarden's color scheme to your wallpaper. ### How is my data stored and protected? Your authentication keys (sometimes referred to as "secret keys" or "TOTP seeds") and all associated metadata are stored in a local unencrypted database on your device. This data is not synced to Bitwarden servers. A backup of your data is made by your device's cloud backup system, for example by iCloud Backup or Google One. To protect the data in your app, you can also set up biometric login. ### How do I back up and restore my TOTP data? An encrypted backup of your data is made by your device's cloud backup system, for example by iCloud or Google One. To restore your data, restore your device's cloud backup. You can also [export your authenticator data](https://bitwarden.com/it-it/help/authenticator-import-export/#export-data/) and store it securely as a backup. ### Which version of Bitwarden Authenticator am I using? To learn which version of Bitwarden Authenticator you're using, go to **Settings** and scroll down to the **About** section. --- URL: https://bitwarden.com/it-it/help/bitwarden-field-guide-two-step-login/ --- # Why Use Two-Step Login? Two-step login (also called two-factor authentication or 2FA) is a common security technique used by websites and apps to protect your sensitive data. Websites that use two-step login require you to verify your identity by entering an additional "token" (also called verification code or one-time password (OTP)) besides username and password, typically retrieved from a different device. Without physical access to the token from your secondary device, a malicious actor would be unable to access the website, even if they discover your username and password: ![Basic Two-step Login flow ](https://bitwarden.com/assets/6E6lpxB8UfXU7V6YcW40S3/b89a863ed448d1b90e42ac6c25140edd/fg-1.png) Commonly, websites or apps with sensitive data (for example, your online bank account) will attempt verify your identity outside of the login screen by: - Sending a token in an SMS / text message to the mobile device on-file. - Asking for a token generated by an Authenticator app (for example, [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/)) on your mobile device. - Looking for a token from a physical security key (for example, Yubikey). ### How should I use two-step login? Security often involves a tradeoff between protection and convenience, so ultimately it's up to you! Generally, the two most critical ways to use two-step login are: 1. [**To secure Bitwarden**](https://bitwarden.com/it-it/help/bitwarden-field-guide-two-step-login/#securing-bitwarden/) Secure all vault data by requiring a secondary step each time you log in to Bitwarden, in addition to entering your master password. 2. [**To secure important websites**](https://bitwarden.com/it-it/help/bitwarden-field-guide-two-step-login/#securing-important-websites/) Secure an individual website by requiring a temporary one-time password (TOTP) when you log in. You can store and generate TOTPs with Bitwarden. ## Securing Bitwarden Since your password manager stores all of your logins, we highly recommend that you secure it with two-step login. Doing so protects all of your logins by preventing a malicious actor from accessing your vault, even if they discover your master password. Enabling two-step login will require you to complete a secondary step each time you log in, in addition to your primary log in method (master password). You won't need to complete your secondary step to unlock your vault, only to log in. ![Two-step login to access Bitwarden ](https://bitwarden.com/assets/1fc7ZMSHr1grocnEitdwua/1fbdceda08b4a6c59b17a96b366ffacd/fg-2.png) Bitwarden offers several two-step login methods for free, including: - FIDO (any FIDO2 WebAuthn certified key) - via an authenticator app (for example, [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/)) - via email For premium users, Bitwarden offers several advanced two-step login methods: - Duo Security with Duo Push, SMS, phone call, and security keys - YubiKey (any 4/5 series device or YubiKey NEO/NFC) [Learn more about your options](https://bitwarden.com/it-it/help/setup-two-step-login/) or get help setting up any method using our **Setup Guides.** > [!NOTE] Bitwarden does not support SMS 2FA > Bitwarden does not support SMS 2FA due to vulnerabilities, including SIM hijacking. We do not recommend SMS 2FA for other accounts unless it is the only available method. Any second factor is recommended over having none, but most alternatives are safer than SMS 2FA. ## Securing important websites Many other websites and apps have two-step login options, this is especially common for websites that store sensitive information (for example, credit card or bank account numbers). Most website's two-step login option will be located in the **Settings**, **Security**, or **Privacy** menus. Activating two-step login will typically open a QR code, like this example from Reddit: ![2FA QR Code](https://bitwarden.com/assets/4ddS2XK3JVWe1uG9OCiXwB/d199bbf12b390ac32ec2a6737ded4a20/reddit-2fa-setup.png) Scanning this code with an authenticator app will enable the app to generate rotating six-digit tokens that you can use to verify your identity, like this one generated by [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/): ![TOTP token](https://bitwarden.com/assets/kBDOyVjNB2DiINm7FHk0r/13b3f7bceb014df08b84246256451322/IMG_5440.png) ### Use Bitwarden Authenticator Bitwarden Authenticator is a mobile authentication app you can use to verify your identity for websites and apps that use two-factor authentication (2FA). Bitwarden Authenticator can be downloaded from the iOS App Store and Google Play Store. ![Two-step login using Bitwarden Authenticator ](https://bitwarden.com/assets/5WsEwCqHd3BmAKTGdhXpQZ/bc84335eeb3655916781b1dd7cd4f4f1/fg-5.png) For help using Bitwarden Authenticator, refer to [this article](https://bitwarden.com/it-it/help/bitwarden-authenticator/). ### Use integrated authentication As an alternative, Bitwarden Password Manager offers a built-in authenticator for premium users, including members of paid organizations (Families, Teams, or Enterprise). ![Two-step Login using Bitwarden ](https://bitwarden.com/assets/4XRROCzbnmkN2EM9iO7MLX/3cf42adb04c450c833cd7d8aad836665/fg-3.png) For help using integration authentication, refer to [this article](https://bitwarden.com/it-it/help/integrated-authenticator/). #### When should I use the standalone app as opposed to the integrated authenticator? Only the standalone app allows you to setup 2FA for your Bitwarden account, but you can use either app to store and generate verification codes for all your other accounts. Only the integrated authentication currently allows you to share the token generation among team members. They can be used together, or separately, depending on your security preferences. ## 2FA security keys and passkeys FIDO2 security keys are a popular and secure option for adding 2FA to your Bitwarden account. If you are not familiar with FIDO2 security keys, see the [FIDO Alliance website](https://fidoalliance.org/fido2/) for additional information regarding FIDO2. A YubiKey device is a security key that works with FIDO authentication protocols, and can have several use cases. Two uses are as 2FA security keys, or [passkeys](https://bitwarden.com/it-it/blog/what-are-passkeys-and-passkey-login/). - **2FA security key:** Using a YubiKey as a 2FA security key will act as an additional device in the authentication process. This will be accompanied by another primary method of authentication (such as master password). The YubiKey security key must be physically plugged in to provide the authentication credentials. - **Passkey:**A passkey is a pair or public-private cryptographic keys that are used to authenticate a login. Instead of creating a username, password and adding 2FA to an account, the single passkey is used. During passkey creation, the YubiKey is able to work as the passkey generator to create the public and private keys necessary for passkey login. Learn more about using a YubiKey as a passkey [here](https://www.yubico.com/resources/glossary/what-is-a-passkey/). With Bitwarden, the primary use of a security key such as a YubiKey device is to provide 2FA authentication. ## Next steps Now that you are a two-step login expert, we recommend: - [Setup two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) - [Get premium for access to advanced two-step login methods](https://bitwarden.com/it-it/go/start-premium/) - [Setup the Bitwarden authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) - [Setup two-step login for teams and enterprise](https://bitwarden.com/it-it/help/setup-two-step-login/#two-step-login-for-teams-and-enterprise/) --- URL: https://bitwarden.com/it-it/help/bitwarden-glossary/ --- # Bitwarden Glossary of Terms ## General | Terminology | Definition | |------|------| | **Account** | A Bitwarden account is the record defined by your username and master password (which only you know). Your Bitwarden account is used to access Bitwarden services and also contains information such as billing, settings, language preference, and more. | |   Account switching | The Bitwarden feature for desktop and mobile clients that enables you to easily switch between multiple accounts, such as your personal or work accounts. [Learn more](https://bitwarden.com/it-it/help/account-switching/).  | |   Personal account | A personal Bitwarden account is the record defined by your username and master password (which only you know) that is not associated with an Organizational vault or related to a company or business entity. A personal account is generally set up with a personal email address and contains vault items over which only you have ownership and control. | |   Business account | A business Bitwarden account is the record defined by your username and master password (which only you know) that is associated with an Organization related to a company or business entity. A business account is generally set up with a business email address. A business account is governed by the associated organization. Any vault items or secrets contained within a business account should be considered proprietary to the related company or business entity. | | Admin | A user role within a Bitwarden Organization that has elevated permissions to manage users, collections, and organization settings. Admins can perform most administrative tasks but have more restrictions than Owners, such as not being able to manage billing or delete the organization. | | Admin Console | The administrative interface for managing a Bitwarden Organization. The Admin Console allows Owners and Admins to manage members, collections, groups, policies, integrations, billing, and other organization-wide settings. | | API key | The application programming interface (API) key is a specific identifying code for a user or program. The API key can be used to integrate other applications with Bitwarden for the uses of automation, monitoring, and more. The API key is a sensitive secret and should be handled carefully. | | Bitwarden Authenticator | A standalone mobile application that generates time-based one-time passwords (TOTP) for two-factor authentication. Bitwarden Authenticator can sync verification codes with Bitwarden Password Manager and works independently to secure accounts across any service. [Learn More.](https://bitwarden.com/it-it/products/authenticator/) | | Clients / Bitwarden client | The client, or client application, is the application that logs into Bitwarden. This includes the web, mobile, and desktop apps, the Bitwarden CLI, and browser extensions. Clients may be downloaded from the [Downloads page](https://bitwarden.com/it-it/download/). | | Claimed domains | The process of an organization proving their ownership of a specific internet domain (eg. mycompany.com). Domain verification allows for additional features to be activated, such as users being able to skip inputting the SSO identifier during the login process. [Learn more.](https://bitwarden.com/it-it/help/claimed-domains/) | | Cross-platform | The ability to access Bitwarden across multiple operating systems and devices including Windows, macOS, Linux, iOS, Android, and web browsers. Cross-platform compatibility ensures users can securely access their vault data from any device. | | Directory Connector | An application to sync users and groups from a directory service to a Bitwarden Organization. The Bitwarden Directory Connector automatically provisions and deprovisions users, groups, and group associations from the source directory. [Learn more.](https://bitwarden.com/it-it/help/directory-sync-desktop/#sync-with-directory-connector/) | | Groups | A set of Organization members. Groups relate users together, and provide a scalable way to assign permissions, such as access to Collections, projects, or secrets, as well as permissions within each separate Collection. When provisioning new users, add them to a Group to have them automatically inherit that Group’s configured permissions. | | Master password | Also known as a Bitwarden password, main password, account password, or vault password. The primary method (or key) for accessing your Bitwarden account and data, the master password is used both for authenticating your identity to the Bitwarden service and for decrypting your sensitive data such as vault items or secrets. Bitwarden encourages users to establish one that is memorable, strong, and unique in that it is used only for Bitwarden. *In 2021, Bitwarden introduced Account Recovery Administration (formerly Admin Password Reset), which enables Enterprise users and organizations to implement a policy that allows Administrators and Owners to reset master passwords for enrolled users. *[*Learn more.*](https://bitwarden.com/it-it/help/master-password/) | | Organization | An entity (company, institution, group of people) that relates Bitwarden users to shared Organization data such as logins within an Organization vault or a Secrets Manager Project for secure sharing of items. | | Owner | The highest-level user role within a Bitwarden Organization with full administrative control. Owners can manage all aspects of the organization including billing, user roles, policies, and can delete the organization. Organizations can have multiple Owners for continuity. | | Plan | Plans define the services that Bitwarden provides through licensing, including available features and number of users able to use the product. There are multiple types of pre-defined plans available for individuals or organizations to subscribe to. | | Policies | Policies are organization-wide controls that help an administrator keep a company secure by enabling additional settings for how their members (also called end users) use Bitwarden. These policies ensure a uniform standard of security. [Learn more.](https://bitwarden.com/it-it/help/policies/) | | SCIM | System for cross-domain identity management (SCIM) can be used to automatically provision members and groups in your Bitwarden organization. Bitwarden servers provide a SCIM endpoint that, with a valid SCIM API Key, will accept requests from your identity provider (IdP) for user and group provisioning and de-provisioning. [Learn more.](https://bitwarden.com/it-it/help/about-scim/) | | Self-hosting | The deployment option that allows organizations to host and manage their own Bitwarden server infrastructure on-premises or in a private cloud environment. Self-hosting provides complete data sovereignty and allows for additional custom security, such as enforcing VPN usage. This is an advanced option and requires dedicated IT resources to maintain. | | **Single Sign-On (SSO)** | A session and user authentication service that grants employees or users access to applications with one set of login credentials that are based on their identity and permissions. Single Sign-On has multiple implementation options, and is widely compatible with Identity Providers (IdPs) allowing customers to leverage their existing solution. [Learn more.](https://bitwarden.com/it-it/help/sso-decryption-options/) | |   Login with SSO | An implementation of Single Sign-On. With this method, the user is authenticated by an Identity Provider, then the user enters their Bitwarden password to decrypt their data. [Learn more.](https://bitwarden.com/it-it/help/about-sso/) | |   SSO with Trusted Devices | A passwordless implementation of Single Sign-On. With this method, the user is authenticated by an Identity Provider and their data is decrypted through a process that utilizes a device encryption key stored on designated, trusted devices. [Learn more.](https://bitwarden.com/it-it/help/about-trusted-devices/) | |   SSO with Customer Managed Encryption | An advanced passwordless implementation of Single Sign-On available to self-hosted organizations. With this method, the user is authenticated by an Identity Provider, then the user's encryption key is automatically retrieved from a self-hosted key server utilizing Key Connector, allowing for user data to be decrypted. [Learn more.](https://bitwarden.com/it-it/help/about-key-connector/) | | Subscription | The subscription is the transactional agreement between the customer and Bitwarden as part of the issuance of a license. Owners subscribe to plans at the agreed-upon fee on a recurring basis (monthly or annual) for the services provided by Bitwarden outlined in the plan. | ## Bitwarden Password Manager | Terminology | Definition | |------|------| | Access Intelligence | Advanced reporting that provides actionable risk insights to reduce credential vulnerabilities, resolve risks faster, and protect against breaches. It provides admins greater oversight into vault health, send notifications for priority applications, and uncover shadow IT. [Learn more.](https://bitwarden.com/it-it/products/access-intelligence/) | | Autofill | A software feature that automatically enters previously stored information into a form field. Using Bitwarden, you can autofill logins via browser extensions and mobile devices, and autofill cards and identities via browser extensions. [Learn more.](https://bitwarden.com/it-it/help/getting-started-browserext/#auto-fill-a-login/) | | Bitwarden Send | A feature for securely transmitting sensitive information to anyone, whether they have a Bitwarden account or not. Send allows users to share text or files with end-to-end encryption, expiration dates, password protection, and automatic deletion options. [Learn more.](https://bitwarden.com/it-it/products/send/) | | Biometric Unlock | An authentication method that uses biological characteristics such as fingerprint, facial recognition, or other biometric data to unlock your Bitwarden vault. Biometric unlock provides convenient access while maintaining security, and is available after initial login with your master password. | | Collections | A unit to store one or more vault items together (logins, notes, cards, and identities for secure sharing) by a business within a Bitwarden Organization. [Learn more.](https://bitwarden.com/it-it/help/about-collections/) | | Emergency Access | A premium feature that allows trusted emergency contacts to request access to your vault in urgent situations. After a user-defined waiting period, the emergency contact can either view vault items or take over the account, depending on the level of access granted. | | Individual vault / My Items | The Individual vault, labeled as My Items, is the protected area for every user to store unlimited logins, notes, cards, and identities. Users can access their Bitwarden Individual vault on any device and platform. **Within a business context** For users that are part of a Bitwarden Teams or Enterprise plan, an Individual vault is connected to their work email address. Individual vaults are often associated with, but separate from, an Organization vault. Note: the Individual vault / My Items location may be moved to be within the Organization vault with an enterprise policy. **Within a personal context** For users that are part of a Bitwarden personal or families plan, an Individual vault is connected to their personal email address. If part of a families plan or free two-person organization, the Individual vault remains separate from the Organization vault, but both are accessible by the user. Bitwarden recommends associating work email addresses with Teams and Enterprise Organizations, and personal email addresses with families organizations. | | Inline Autofill | A feature that displays suggested vault items directly within fields on web pages, such as username and password, allowing users to fill credentials without opening the Bitwarden extension. Inline autofill provides a streamlined experience by showing relevant logins contextually where they're needed. | | Integrated TOTP | The built-in authenticator within Bitwarden Password Manager that generates time-based one-time passwords (TOTP) for two-step login. Integrated TOTP allows Premium and Organization users to store and autofill verification codes directly from their vault items without needing a separate authenticator app. | | Items / Vault items | Items are the individual entries that can be saved and shared in Bitwarden Password Manager such as logins, notes, cards, and identities. | | Lock / Locked | A vault state where the user remains logged in, but the vault data is encrypted on the device and inaccessible until unlocked. Unlock methods can use the master password, PIN, or biometrics. Locking provides security during periods of inactivity without requiring full re-authentication to the server. | | Logged out | A vault state where the user is completely disconnected from the Bitwarden service and must re-enter their email, master password, and two-step login to access their vault. Logging out removes all vault data from the device. | | Organization member / Members | An end user such as an employee or family member that has access to shared Organization items within their vaults, alongside individual items within their individual vault. | | Organization vault | The protected area for shared items. Every user (also called a “member”) who is part of an Organization can find shared items in their vault view, alongside individually owned items. Organization vaults allow administrators and owners to manage the Organization’s items, users, and settings. | | Two-step login / Two-factor authentication | An additional layer of security during the login process that requires a second form of verification beyond the master password. Two-step login methods include authenticator apps, email, hardware security keys, and other options to protect against unauthorized access even if the master password is compromised. | | URI (Uniform Resource Identifier) | The address or identifier associated with a vault item that tells Bitwarden where and when to offer autofill. URIs can be website URLs, mobile app package names, or custom identifiers, and can use different match detection methods to control autofill behavior. | | Vault / Vaults view | The secure storage area that provides a unified interface and tight access control to any item. | | Vault Health Reports | Security auditing tools that analyze vault items to identify weak, reused, exposed, or compromised passwords, as well as unsecured websites and inactive two-step login. Vault Health Reports, available in premium plans, help users and organizations improve their overall security posture by highlighting vulnerabilities. | | Vault timeout | The configurable period of inactivity after which Bitwarden automatically locks or logs out your vault. Vault timeout settings may be adjusted to match your preference of security and convenience by determining how long the vault remains accessible before requiring re-authentication. | ## Bitwarden Secrets Manager | Terminology | Definition | |------|------| | Access token | A key that facilitates service account access to, and the ability to decrypt, secrets stored in your vault. [Learn more.](https://bitwarden.com/it-it/help/secrets-manager-quick-start/#create-an-access-token/) | | Name | A user-defined label for a specific secret. | | Project | Collections of secrets logically grouped together for management access by your DevOps and cybersecurity teams. [Learn more.](https://bitwarden.com/it-it/help/projects/) | | Secret | Sensitive key-value pairs, like API keys, that your organization needs to be securely stored and should never be exposed in plain code or transmitted over unencrypted channels. | | Service account | Non-human machine users, like applications or deployment pipelines, that require programmatic access to a discrete set of secrets. | | Value | A user-defined field of a stored secret that is used in software or machine processes. This is the sensitive information that is managed by Bitwarden Secrets Manager and can include API keys, application configurations, database connection strings, and environment variables. | ## Bitwarden Passwordless.dev | Terminology | Definition | |------|------| | FIDO | FIDO is the acronym for Fast Identity Online. It represents a consortium that develops secure, open passwordless authentication standards that are phishing proof. The FIDO protocols, which were developed by the FIDO Alliance, include: UAF: Universal Authentication Framework U2F: Universal Second Factor FIDO2: a new passwordless authentication protocol that contains core specifications WebAuthn (the client API) and CTAP (the authenticator API) [Learn more.](https://docs.passwordless.dev/guide/concepts.html#fido2) | | Passkeys | Passkeys – the credentials derived from the FIDO2 standard for each website that a user registers to – enable users to create and store cryptographic tokens instead of traditional passwords. Today, passkeys are used to log users into an app or website with pre-authenticated device specific tokens. In the future, the process could be used with shareable or transferable cryptographic tokens. [Learn more.](https://docs.passwordless.dev/guide/concepts.html#passkeys) | | Passwordless | Passwordless is the umbrella term used to describe a variety of authentication technologies that do not rely on passwords, including: something a user has (a security key, token, or device), something they are (biometrics), and passkeys. | ## Cybersecurity Terms | Terminology | Definition | |------|------| | Account takeover | A type of cyberattack where an unauthorized party gains access to a user's online account, typically through stolen credentials, phishing, or other compromise methods. Account takeovers can lead to data theft, financial fraud, and unauthorized access to sensitive information. Password managers and multi-factor authentication help prevent account takeover attacks. | | Credential stuffing | An automated cyberattack where attackers use lists of stolen username and password combinations from data breaches to attempt unauthorized access across multiple services. Credential stuffing exploits password reuse, making unique passwords for each account essential for security. | | End-to-end encryption (E2EE) | A security model where data is encrypted on the user's device before transmission to another intended user or to storage. Properly enacted, no third party, including the service provider, can access the unencrypted data. | | Multi-factor authentication (MFA) | A security policy that requires users to provide two or more verification factors to gain access to an account or system. MFA combines something you know (password), something you have (security key or phone), and/or something you are (biometrics) to significantly reduce the risk of unauthorized access. | | Password breach / Data breach | A security incident where sensitive information, including passwords and other credentials, is accessed, stolen, or exposed by unauthorized parties. Data breaches can result from cyberattacks, system vulnerabilities, or human error, and often lead to credential stuffing attacks when passwords are reused across services. | | Role-based access control (RBAC) | An access control method that assigns permissions to users based on their role within an organization rather than on an individual basis. RBAC simplifies permission management, enforces least-privilege access, and ensures users only have access to the resources necessary for their responsibilities. | | Hardware Security key | A physical hardware device used for authentication, typically supporting FIDO2/WebAuthn standards. Security keys provide strong protection against phishing and credential theft by requiring physical possession of the device for login, and are considered one of the most secure forms of multi-factor authentication. | | User provisioning / succession (deprovisioning) | The processes of creating, managing, and removing user access to systems and applications. User provisioning grants new users appropriate access when they join an organization, while deprovisioning ensures access is promptly removed when users leave or change roles, maintaining security and compliance. | | WebAuthn | A web authentication API and W3C standard that enables passwordless authentication using public key cryptography. WebAuthn is the foundation for passkeys and FIDO2 authentication, allowing users to securely authenticate to websites and applications using biometrics, security keys, or device-based credentials. | | Zero-knowledge architecture | A security framework where a service provider has no knowledge of the data stored on its systems because all encryption and decryption occurs on the user's device. In a zero-knowledge architecture, even if the service provider's servers are compromised, user data remains encrypted and inaccessible without the user's specific encryption keys. | --- URL: https://bitwarden.com/it-it/help/bitwarden-onboarding-playbook/ --- # Bitwarden Onboarding Playbook This playbook provides IT administrators with a flexible roadmap for onboarding users to Bitwarden Password Manager across five key phases. While the phases are presented in sequence, they're not strictly linear. Many steps can happen in parallel based on your team's needs and timeline. Throughout this guide, you'll find action items in code boxes that can be copied and pasted directly into your project management tools, internal documentation, or team communication platforms. This makes it easy to track progress, assign tasks, and maintain accountability during your Bitwarden rollout. Use this guide as a foundation and adapt it to fit your environment. ### 1: Training  > [!NOTE] Phase 1 tip > Phase 1 focuses on educating stakeholders, preparing systems, and establishing the knowledge base for successful setup. Bitwarden recommends scheduling training sessions for each group or team before or during rollout.  ## Key objectives - Establish training programs for all user levels - Prepare technical infrastructure and requirements - Create organizational and collection management policies and procedures - Build internal expertise and support capabilities ## Activities #### Step 1: Administrator training **Key personnel:** IT directors, system admins, owners **Training topics:** - Bitwarden architecture and enterprise features - Scalable sharing capabilities - Collection setup; organize and group related credentials, secrets, or other vault items - Adding a user to the Bitwarden organization  - Assigning appropriate permissions to members or groups for each collection - Assigning certain items to multiple collections so the right people can access without duplication  - Setup and Policies - SSO setup and integration workflows - Two-factor authentication setup and policies - Security policies and enterprise controls - Management and reporting - Custom fields and roles management - User and group management best practices - Event logging and reporting capabilities Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Schedule administrator training sessions [ ] Review enterprise feature requirements [ ] Document SSO integration requirements [ ] Plan custom roles and permission structures [ ] Establish security policy framework [ ] Document cyber insurance compliance requirement [ ] Prepare business case including insurance premium impact [ ] Align rollout timeline with insurance renewal dates ``` #### Step 2: Service desk training  **Key personnel:** Help desk staff, customer success leads **Training topics:** - Common user issues and troubleshooting - Password reset procedures and limitations - Account recovery processes - Escalation procedures for complex issues Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Train support staff on Bitwarden functionality [ ] Create troubleshooting documentation [ ] Establish support ticket workflows [ ] Define escalation procedures ``` #### Step 3: End user training  Note: For many customers, end user training comes right before or during rollout, as each department is onboarded. Bitwarden recommends prioritizing admin training first.  **Key personnel:** All end users across the company **Training topics:** - Password import processes and best practices if applicable  - Cross-platform Bitwarden usage (desktop, mobile, web, browser) - Account creation and master password guidelines - Vault navigation and organization features - How to save a new login - Autofill options - Password generator  - Bitwarden Send for secure sharing - Collaboration through collections Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Schedule organization-wide training sessions by functions; recommend starting with more technical teams (ie. tech team, data team) [ ] Create user documentation and quick reference guides. Leverage resources available in the Bitwarden help center [ ] Prepare import templates and migration tools [ ] Establish help desk support procedures ``` #### Step 4: Leadership training **Key personnel:** Department leads, executive leadership **Training topics:** - Why Bitwarden is important for securing the organization  - Password import processes and best practices if applicable  - Identify at-risk passwords with Vault Health reports  - Cross-platform Bitwarden usage (desktop, mobile, web, browser) - Account creation and master password guidelines - Vault navigation and organization features - How to save a new login - Autofill options - Password generator  - Bitwarden Send for secure sharing - Collaboration through collections Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Get leadership buy-in and identify advocates. Bitwarden research shows that company-wide password management mandates more than doubles regular usage.  [ ] Train leadership on importance of using a password manager [ ] Show leadership how easy it is to use ``` ### 2: Setup  > [!NOTE] Phase 2 Tip > Phase 2 is the technical setup phase where Bitwarden is deployed and configured for your organization.  ## Key objectives - Deploy Bitwarden infrastructure (cloud or self-host) - Configure organizational structure and policies - Establish security and identity integrations ([SSO](https://bitwarden.com/it-it/resources/choose-the-right-sso-login-strategy/), [SCIM](https://bitwarden.com/it-it/help/about-scim/)) - Prepare for user rollout (see [phase 3](https://bitwarden.com/it-it/help/bitwarden-onboarding-playbook/#tab-3:-prep-5hNzVYHnEiUgdYnhS6KJ0t/))  ## Option A: Bitwarden cloud (recommended) Bitwarden hosted is recommended for most organizations. Enjoy easy scalability, automatic updates, and minimal maintenance on secure, reliable servers managed by Bitwarden. #### Step 1: Pre-setup planning Before diving into the technical setup, it's important to establish your organizational strategy and approach. Below are key recommendations to consider. ##### Choose between US or EU cloud server regions Organizations must choose [between US or EU cloud server](https://bitwarden.com/it-it/help/server-geographies/) regions based on data residency requirements. Bitwarden cannot migrate accounts from one region to another for customers. A script is available for organizations to help facilitate migrations. Subscriptions can be transferred from one region to another region by contacting support. ##### Set the foundation for centralized ownership and credential lifecycle management **New customers ** - Begin with centralized ownership by enabling the **Enforce organization data ownership**policy from day one and start managing the entire credential lifecycle across applications.  - Every user (excepting admins and owners at this time) receives an organization-owned **My items** space for seamless, day-to-day work - All credentials are organization-owned, with reporting benefits built in - Simplify employee transitions, so credentials follow the person’s role changes and can be seamlessly reassigned when responsibilities shift.  **Existing customers** - Continue using your current setup while Bitwarden prepares a seamless path to centralized ownership for previously individual-held credentials.  - You’ll soon be able to bring every credential into the company vault, aligning all users under a single model of ownership - Contact your account team for more information on timing - Gain organization-wide control and insights into credential health and usage with centralized reporting. - Ensure seamless employee transitions by securely reassigning or deleting credentials without disruption. - Enforce least privilege by assigning roles, segmenting credentials into collections by department or function, granting users and groups access only to the collections they need. - Reinforce good password practices and begin bringing insights into the credential lifecycle - creation, access, transfer, and deletion - with enterprise policies. ##### Bitwarden recommends SSO with trusted devices For the best user experience, Bitwarden recommends [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/). This allows employees to log in and decrypt their vaults in a single step, though it requires additional IT admin setup time. Here are items to consider with this approach: - Enforce a session timeout policy of "Log out" which provides one consistent user experience: after timeout, employees simply re-authenticate via SSO with no master password required. - In trusted devices environments, “Unlock” behaves as “Log out” unless users configure PIN or biometrics - If your organization actively promotes PIN or biometrics, admins may choose “Unlock” but only if user communications make that expectation clear. - Session timeout: Bitwarden recommends between 4-10 hours for most use cases to balance productivity and security. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Determine cloud server region (US, EU) [ ] Determine overall organizational data ownership [ ] Choose authentication and decryption strategy [ ] Define user onboarding and deprovisioning approach [ ] Manual invitation [ ] Bitwarden Directory Connector [ ] SCIM [ ] Just-in-Time SSO [ ] Define vault ownership strategy (Individual vaults vs. Organization-only) [ ] Identify user groups for rollout phases [ ] Stakeholder selections: [ ] Project lead [ ] Identity provider admin [ ] Executive sponsor [ ] Security and compliance admin [ ] Support/help desk admin [ ] Device management admin (for client deployment) [ ] Business continuity admin [ ] Directory/user management admin ``` #### Step 2: Organization creation Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Create new Bitwarden organization account [ ] Select appropriate enterprise plan [ ] Configure billing and payment methods ``` #### Step 3: Core setup Follow the recommendations below to ensure a smooth Bitwarden setup. ##### Claim all corporate email domains To restrict certain user actions, grant administrators greater control, and simplify the login experience for your users. ##### Set up enterprise policies before user onboarding Set up all [enterprise policies](https://bitwarden.com/it-it/help/policies/) before user onboarding begins to ensure consistent security controls from day one. ##### Establish strong security baselines With minimum 14-16 character [master passwords](https://bitwarden.com/it-it/help/policies/#master-password-requirements/) (including uppercase, lowercase, numbers, and symbols) and password generator minimums of at least 14 characters with symbols and numbers. ##### Enable single organization restriction To prevent users from joining other Bitwarden organizations, maintain data governance and prevent potential data leaks. ##### Set up your organization vault If you already use groups and objects in your IdP or Directory, mirror that framework in Bitwarden for consistency. Folder-like objects will automatically be converted to collections during import. Remember: Bitwarden is different from traditional applications. For Bitwarden, everything is protected with end-to-end encryption, and access policies are enforced at the client level. That means: - Admins can define and assign access, but they can’t see the credentials themselves. - Collections and groups are the way Bitwarden enforces access while preserving zero-knowledge. - Some operations (syncing, policy checks, vault actions) require additional processing on the client side instead of being visible in plaintext to the server. If starting from scratch: - [Collections (what gets shared)](https://bitwarden.com/it-it/help/collection-management/)**:** Best practice is to organize Collections based on the function of the resources being shared (eg. shipping profiles, advertising platform logins)  Keep collections broad at first; add granularity when necessary. Typically, IT admins manage org-wide collections, while team leads manage department-specific ones. - [Groups (who gets access)](https://bitwarden.com/it-it/help/about-groups/): Use Groups to represent departments or teams (eg. Marketing, Finance) and aligning them 1:1 with collections for clarity. Unique groups that span functions (executive assistants, IT admins, purchase approvers) are also common. > [!NOTE] Scalable sharing tip > **Remember**: The Bitwarden scalable sharing model means that items can live in multiple collections simultaneously, without compromising security. Teams can access credentials they need without unnecessary exposure to entire vaults Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Configure domain claiming [ ] Set up enterprise policies for mandatory security controls [ ] Set up password and password generator minimums [ ] Organization data ownership enforcement to require all vault items in organization [ ] Create organizational structure - collections, groups [ ] Configure user roles and permissions ``` #### Step 4: Integration setup Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text SSO integration (if applicable): [ ] Configure SAML 2.0 or OIDC with identity provider [ ] Test SSO login workflows [ ] Configure trusted devices (if applicable) [ ] Document SSO troubleshooting procedures Directory Integration (if applicable): [ ] Install and configure Directory Connector [ ] Set up SCIM provisioning (Azure AD, Okta, OneLogin, JumpCloud) [ ] Test user and group synchronization [ ] Schedule automated sync intervals ``` #### Step 5: Security controls Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Set up event logging and SIEM integration [ ] Establish backup and recovery procedures ``` ## Option B: Self-hosted (advanced) *What does it mean to self-host?* Running Bitwarden on your own servers requires advanced technical knowledge and IT infrastructure. It also means that you are responsible for server maintenance, security, uptime, and updates.  To assess whether self host is right for you: - Do you already have anything else self-hosted? - Do you have dedicated hardware to run the server? - Is there an IT or DevOps team that will be responsible for the server? - Are you familiar with Docker, or Kubernetes and Helm charts? - Are you comfortable installing software using [Linux terminal](https://bitwarden.com/it-it/help/install-on-premise-linux/) or [PowerShell](https://bitwarden.com/it-it/help/install-on-premise-windows/#installation-procedure/)? If you decide to self-host Bitwarden, follow the steps below.  #### Step 1: Pre-setup planning Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Choose self hosted deployment method (Linux standard/manual/offline, Windows standard/offline, or Kubernetes) [ ] Define server/VM specs and hosting environment (environment variables, firewall or proxy) [ ] Decide on SSL certificate approach [ ] Plan network architecture, firewall or proxy rules, access controls [ ] Scalability planning [ ] Select key roles [ ] Project lead [ ] Executive sponsor [ ] Server admin [ ] Docker admin [ ] Network admin [ ] Firewall admin [ ] Support/help desk admin [ ] Database admin [ ] Identity provider admin [ ] SMTP admin [ ] Security and compliance admin [ ] Backups admin [ ] Business continuity admin [ ] Disaster recovery admin [ ] Device management admin ``` #### Step 2: Infrastructure preparation Set up a dedicated environment for your Bitwarden server. Requirements vary depending on your operating system. See [Help center](https://bitwarden.com/it-it/help/self-host-bitwarden/) for detailed instructions.  Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Provision hardware that meets minimum requirements [ ] Configure DNS records and domain name [ ] Open ports 80 and 443 [ ] Install server offerings and containerization tools [ ] Obtain installation ID and key from Bitwarden [ ] Secure SSL certificates ``` #### Step 3: Bitwarden server installation Install Bitwarden in your prepared environment. The exact steps differ depending on the operating system.  #### Step 4: Organization setup Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Create cloud organization for billing purposes [ ] Link self-hosted installation to billing organization [ ] Configure enterprise settings and policies [ ] Set up collections and groups structure [ ] Test all integrations (SSO, SCIM) ``` #### Step 5: Maintenance planning Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Create server update and maintenance schedule [ ] Implement automated backup system [ ] Set up off-site backup storage [ ] Test disaster recovery procedures [ ] Document maintenance and backup/recovery procedures [ ] Set up monitoring and alerting for backup failures; evaluate backup methods ``` ### 3: Plan > [!NOTE] Phase 3 Tip > Phase 3 focuses on organizational readiness and communication before user onboarding begins. This phase ensures smooth user adoption by setting proper expectations, addressing concerns, and creating organizational momentum for the change. ## Key objectives - Communicate the Bitwarden implementation to the entire organization - Address user concerns and resistance to change - Prepare support resources and documentation - Conduct final system testing and validation - Create organizational excitement and buy-in for improved security ## Activities #### Step 1: Prepare company-wide communication from leadership > [!NOTE] Mandate Tip > Leadership is critical to adoption success. [Bitwarden research](https://bitwarden.com/it-it/resources/bitwarden-security-impact-report/) shows that company-wide password management mandates more than doubles regular usage.  **Key Personnel:** Executive leadership, IT leadership, communications team, department leads. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Prepare leadership talking points about security benefits [ ] Schedule leadership communication sessions (all-hands, team meetings) [ ] CEO/Leadership announcement about password security initiative [ ] Clear messaging about why Bitwarden was chosen [ ] Timeline communication for rollout phases [ ] Expectation setting for mandatory adoption [ ] Emphasis on security benefits for both work and personal use [ ] Highlight cyberinsurance benefits and that implementing Bitwarden is a prerequisite to get approved for higher level of coverage; document insurance coverage being met ``` #### Step 2: Organizational communication campaign **Key personnel:** Communications team, HR, IT support. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text Communication strategy: [ ] Develop multi-channel communication plan (email, intranet, meetings) [ ] Create consistent messaging about security benefits [ ] Address common concerns and objections proactively [ ] Highlight ease of use and convenience benefits [ ] Share success stories from pilot users or other organizations Pre-rollout communications: [ ] All hands meeting: Initial introduction to Bitwarden [ ] Why we're implementing password management / Bitwarden [ ] Security benefits for the organization and individuals [ ] Why it is important to follow the directions shared by IT [ ] Expect more details in your email inbox [ ] Announcement email: More details on Bitwarden and roll out plan [ ] Recap: Why we're implementing password management / Bitwarden [ ] Recap: Security benefits for the organization and individuals [ ] Timeline for rollout and training [ ] What to expect in coming weeks [ ] FAQ document: Address common questions and concerns [ ] "Will this slow down my workflow?" [ ] "What happens to my existing passwords?" [ ] "Is my personal information secure?" [ ] "What if I forget my master password?" [ ] "Do I have to use this for personal passwords, too?" ``` #### Step 3: Change management readiness **Key personnel:** HR, change management team, department managers **Change management activities** Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text  [ ]  Identify and engage change champions in each department  [ ]  Conduct department-specific communication sessions  [ ]  Address cultural and workflow concerns  [ ]  Plan for resistance management and additional support  [ ]  Create peer support networks and feedback channels ``` ### 4: Rollout  > [!NOTE] Phase 4 Tip > Phase 4 ensures Bitwarden is actively used with the introduction of users to Bitwarden, ensuring proper account setup and initial usage.  > > Reminder for admins that all Bitwarden onboarding **process flow:** Invite → Accept → Confirm ## Key objectives - Onboard all users to the platform in phases or all at once - Ensure proper account setup and security setup - Facilitate password migration and initial vault population - Establish user proficiency with core features ## Choose your rollout path **Option A: Phased rollout (recommended for most organizations)** - Roll out in waves across teams and departments (eg.10% > 20% > 70%) - Ideal for larger organizations or those who want to reduce internal disruption - Easier to pace communications, training, prevent service desk overload, and allows admins to iterate and improve the process. **Option B: All at once (advanced)** - Works well for smaller organizations or large organizations with strong IT and training resources - Best if you can coordinate communications and support for everyone at once > [!NOTE] Rollout Callout > Running a small pilot (20-100 users, depending on your organization size) can help validate rollout across all main use cases (desktop, mobile, browser, SSO, etc) This helps refine communications and creates internal champions. Important note on the invitation and re-invitation process: Invite users after enterprise policies are configured and the core admin team has onboarded. This ensures new members are immediately subject to your organization’s security and usage standards. Users automatically receive an email invitation when provisioned via SCIM or Directory Connector. For phased rollouts, coordinate with your IT or email team to filter (based on subject lines) specific onboarding emails at the mail gateway and send these emails when you’re ready for the next group to onboard.  After a user accepts their invitation, an organization admin or owner must confirm their membership before vault access is granted. During rollout, admins should check the Members screen regularly (multiple times per day for larger orgs) to approve pending users. Confirmation can be automated with a script, but note that doing so reduces security visibility. Invitations expire after 7 days. Users still showing as Invited after several days may need IT follow-up to ensure adoption. Admins can also trigger a Reinvite, which sends a fresh invitation email as a reminder to join the organization. #### Step 1: Rollout planning > [!NOTE] Phased Rollout > The phased rollout approach, department by department, was selected by [Bitwarden customers as being “very effective.”](https://bitwarden.com/it-it/resources/bitwarden-security-impact-report/) **Key personnel:**Organization administrators Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] Identify groups of users who will be onboarded first (usually more technical teams) [ ] Follow a 10-20-70 rule for roll out (first 10% of users, then 20%, then 70%) [ ] Document timeline for each roll out phase ``` #### Step 2: User account creation and access **Key personnel:** All invited users, organization administrators Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text User actions: [ ] Accept organization invitation via email link [ ] Log in with existing account or create new account using invited email [ ] If applicable, create strong master password (14-16+ characters with mixed case, numbers, symbols) Administrator actions: [ ] Send organization invitations in planned waves (remember process flow: Invite → Accept → Confirm) [ ] Distribute Bitwarden onboarding guides and/or customized onboarding guides and intranet knowledge base articles [ ] Monitor invitation acceptance rates [ ] Confirm user accounts after acceptance [ ] Assign users to appropriate groups and collections [ ] Verify SSO and authentication workflows [ ] Configure MDM deployment if needed ``` #### Step 3: Client installation and setup **Key personnel:** All users Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text Installations: [ ] Configure server URL if not using vault.bitwarden.com and confirm web vault access [ ] Install browser extension and pin to toolbar [ ] Install and configure web vault access [ ] Download and install desktop application (Windows/macOS/Linux) [ ] Download mobile apps (iOS/Android) [ ] Log into all installed clients with master password and 2FA Setup tasks: [ ] Configure browser extension settings and permissions [ ] Set up mobile autofill permissions [ ] Configure biometric unlock (desktop/mobile, if available) [ ] Test synchronization across all devices ``` #### Step 4: Vault setup and navigation **Key personnel:** All users Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text Navigation training: [ ] Explore web vault interface and main navigation elements [ ] Understand difference between My Vault (individual) and Organization Vault (shared) [ ] Learn to use search functionality across vault items [ ] Familiarize with item types (Logins, Notes, Cards, Identities) Collection and organization understanding: [ ] Understand Collections concept for shared items [ ] Access items shared through collections [ ] Learn about Groups and permission levels [ ] Practice organizing items with folders ``` #### Step 5: Password management implementation **Key Personnel:** All users Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text Core functionality: [ ] Practice manually adding new login items [ ] Learn to edit existing vault items [ ] Set up browser extension autofill and auto-save features [ ] Practice different autofill experiences from browser extension [ ] Use built-in password generator for creating strong passwords Advanced features: [ ] Explore Bitwarden Send for secure item sharing with individuals outside of your organization [ ] Review password history for login items [ ] Configure autofill options (inline vs context menu) [ ] Set up TOTP (Time-based One-Time Password) generation [ ] Utilize clipboard history features ``` #### Step 6: Password migration and import **Key Personnel:** All users, with IT support Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text Migration process: [ ] Export passwords from current password managers [ ] Use Bitwarden import tools for bulk migration [ ] Manually add critical passwords not captured in import [ ] Verify all imported items are accessible and functional [ ] Update weak or duplicate passwords using generator Quality assurance: [ ] Complete security audit of imported passwords using Bitwarden vault health reports [ ] Identify and update weak passwords [ ] Resolve duplicate entries [ ] Verify critical business applications are included ``` ### 5: Adoption  > [!NOTE] Phase 5 Tip > Phase 5 focuses on adoption, maximizing value, ensuring security compliance, and maintaining long-term success. ## Key objectives - Achieve full organizational adoption  - Establish ongoing security and maintenance practices - Optimize workflows and advanced feature utilization - Maintain continuous improvement and support - Incorporate Bitwarden training into new employee onboarding ## Activities #### Step 1: Adoption and optimization  **Key stakeholders:** All users, organization administrators. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text User verification: [ ] Test login across all devices and browsers [ ] Verify sharing and collaboration features work properly [ ] Confirm understanding of organization's password policies [ ] Validate emergency access and recovery procedures [ ] Document personal backup and security measures Administrative verification: [ ] Monitor user adoption metrics through event logs [ ] Verify policy compliance across the organization [ ] Review and optimize collection and group structures [ ] Analyze usage patterns and identify improvement opportunities [ ] Deploy technical enforcements such as: [ ] Turn off browser based password managers [ ] Remove access to documents (google docs, excel, etc) where passwords were previously stored  ``` #### Step 2: Security audit and compliance **Key stakeholders:** Security team, organization administrators. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text Security review: [ ] Complete comprehensive security audit using Bitwarden reports [ ] Review exposed passwords and security breaches [ ] Analyze password strength across the organization [ ] Monitor 2FA adoption rates [ ] Review and update security policies as needed Compliance activities: [ ] Document compliance with organizational security standards [ ] Review event logs for suspicious activities [ ] Validate backup and disaster recovery procedures [ ] Ensure proper data retention and deletion policies [ ] Conduct periodic security assessments ``` #### Step 3: Advanced feature implementation **Key stakeholders:** Power users, organization administrators. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text Advanced capabilities: [ ] Implement custom fields for specialized data [ ] Configure advanced sharing workflows [ ] Utilize API integrations for business applications [ ] Set up automated reporting and monitoring [ ] Implement CLI tools for advanced users ``` #### Step 4: Ongoing support  **Key stakeholders:** IT support, organization administrators. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text Support structure: [ ] Establish regular support office hours [ ] Create escalation procedures for complex issues [ ] Maintain updated documentation and training materials [ ] Monitor and respond to user feedback [ ] Provide ongoing training for new features ``` #### Step 5: Continuous improvement **Key stakeholders:** All users, organizational administrators. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability:  ```plain text Regular reviews: [ ] Schedule quarterly security and usage reviews [ ] Collect and analyze user feedback [ ] Monitor industry best practices and updates [ ] Review and update organizational policies [ ] Plan for future enhancements and expansions Success metrics: [ ] User adoption and engagement rates [ ] Indicators of vault usage such as stored credentials in organizational vaults [ ] Regular usage of key features (autofill, password saving, password sharing) [ ] Password security improvements [ ] Reduction in security incidents [ ] Time savings in credential management [ ] Compliance with organizational security standards ``` #### Step 6: New employee onboarding **Key stakeholders:** new employees, HR, organizational administrators. Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability:  ```plain text [ ] Document Bitwarden best practices in onboarding resources or new hire checklist [ ] Offer recurring Bitwarden trainings for new employees [ ] Encourage new hires to ask for help from existing employees  ``` ### Resources Use these additional resources to help guide you through the phases during your Bitwarden journey: ## Success checklist Copy and paste this list directly into your project management tools, internal documentation, or team communication platforms to easily track progress, assign tasks, and maintain accountability: ```plain text [ ] 100% user adoption of all purchased Bitwarden seats  [ ] Complete password migration from legacy systems and other password managers [ ] Security posture improvements (reduction of breaches, promotes safe password habits)  [ ] Reduce number of at-risk credentials (reused, exposed, weak) across the entire organization [ ] Value achieved beyond password management (Bitwarden Send, storing sensitive information such as credit cards, identifies, notes, and more) [ ] Internal champions excited to help others achieve password security success [ ] Full integration with existing identity and security infrastructure [ ] Established security policies and compliance procedures [ ] Ongoing support and maintenance frameworks [ ] Documented Bitwarden procedures for onboarding new employees [ ] Optimized workflows for maximum efficiency and security [ ] Regular monitoring and continuous improvement processes ``` ## Bitwarden support - **Billing support:** Contact customer success for expedited billing assistance - **Technical support:** Available for all users with comprehensive troubleshooting - **Enterprise customers:** Ongoing meetings with global accounts managers - **Executive access:** Periodic meetings with Bitwarden executives for enterprise clients ## Templates [Rollout email templates](https://bitwarden.com/it-it/help/rollout-email-templates/): Email templates to announce the Bitwarden Password Manager rollout to your end users, administrative users, and IT teams. Attach your branding to these emails and adapt them as needed.  [End user onboarding email templates](https://bitwarden.com/it-it/help/end-user-onboarding-emails/): Onboarding emails sent to new Bitwarden Enterprise and Teams users from care@bitwarden.com.  [Customer activation kit](https://bitwarden.com/it-it/help/customer-activation-kit/): Ready-made communication materials including one-pagers, training videos, posters, email templates, and promotional resources to support your rollout. [Slide deck announcement template](https://docs.google.com/presentation/d/1zK8NDB6E8ID_ok_yxn5x5qjO7mzeI5CZ-kqcOsfcQcU/edit?usp=sharing): Slide deck template to the Bitwarden Password Manager to the whole company or organization. Attach your company branding and roll-out details as needed. ## Go deeper [Bitwarden Courses](https://bitwarden.com/it-it/help/courses/) - Monthly updated video content [Weekly Live Demos](https://bitwarden.com/it-it/resources/demos/) - Interactive Q&A sessions [Enterprise Feature List](https://bitwarden.com/it-it/help/enterprise-feature-list/) - Comprehensive feature documentation [API Documentation](https://bitwarden.com/it-it/help/api/) - For advanced integrations [Community Forums](https://community.bitwarden.com/) - User community and support --- URL: https://bitwarden.com/it-it/help/bitwarden-resellers/ --- # Bitwarden Resellers At Bitwarden, we love our partners! Look no further if you're a reseller who wants to get started offering Bitwarden organizations for your customers. ## Become a partner Becoming a member of the Bitwarden Partner Program is quick and easy. Our partnership program has been designed to maximize your success across a wide range of shared priorities, strategic requirements, and customer benefits. [Get started today](https://bitwarden.com/it-it/partners/). ## More information Here are some helpful links for you to use when reselling Bitwarden, or to provide to your customers: - [Password Manager Plans](https://bitwarden.com/it-it/help/about-bitwarden-plans/#business-plans/) - [Secrets Manager Plans](https://bitwarden.com/it-it/help/secrets-manager-plans/) - [Organizations Quick Start](https://bitwarden.com/it-it/help/getting-started-organizations/) - [Secrets Manager Quick Start](https://bitwarden.com/it-it/help/secrets-manager-quick-start/) - [Get Started with Bitwarden: Team Member](https://bitwarden.com/it-it/help/courses/password-manager-team-member/) --- URL: https://bitwarden.com/it-it/help/bitwarden-security-white-paper/ --- # Bitwarden Security Whitepaper ## Overview #### Everyone is more connected than ever Internet-connected devices and services are more critical than ever in today’s society. As more and more companies provide innovative software-as-a-service products that improve users’ lives at home and at work, the number of credentials and machine secrets grow exponentially. As do the threats to their security. #### Cybersecurity threats are high, but practices are low Threats to user and customer data continue to rise. It’s almost every week that a breach or ransomware attack makes the news, and those are only the incidents large enough to be published. In 2023, [IBM reported](https://www.ibm.com/reports/data-breach) that the average cost of a US data breach approaches $9.48 Million, taking into account investigation costs, legal fees, opportunity cost, and loss of customer trust. Research from [Verizon](https://www.verizon.com/business/resources/reports/2023-data-breach-investigations-report-dbir.pdf) shows that compromised credentials account for 86% of data breaches. This includes the use of passwords that have been guessed, phished, or leaked in other breaches. With such threats, one would expect that businesses armed their employees with as much training and tools as possible, but [Bitwarden research](https://bitwarden.com/it-it/resources/2023-password-decisions-survey-results/) shows that users aren’t always following best practices, including 90% of respondents saying that they reused passwords. Security experts recommend that users have a different, randomly generated password for every account. But how does one manage all those passwords? And how can good password habits be maintained across an organization? #### Bitwarden helps secure individuals, businesses, and infrastructure secrets Bitwarden offers a portfolio of security products to help secure everyone, prevent breaches, and ensure productivity. Bitwarden Password Manager provides users the tools to create, store, and share passwords while maintaining the highest level of security. It is the easiest and safest way to store all of your logins, passwords, passkeys, and other sensitive information while conveniently keeping them synced between all of your devices. Bitwarden Secrets Manager empowers developers, DevOps, and IT teams to store, share, and automate machine secrets like authentication keys, database passwords, and API keys. The end-to-end encrypted secrets management solution supports the secure deployment of infrastructure and application code without the risk of exposing critical machine secrets. Bitwarden Passwordless.dev provides APIs and tools needed for developers to implement FIDO2 WebAuthn based passkey authentication, the next generation of secure credential authentication, for websites and applications. #### Maintaining security and compliance Bitwarden solutions, software, infrastructure, and security processes have been designed from the ground up with a multi-layered, defense-in-depth approach. The Bitwarden Security and Compliance Program is based on the ISO27001 Information Security Management System (ISMS). Policies have been defined that govern security practices and processes and are continually updated to be consistent with applicable legal, industry, and regulatory requirements for services provided under the Terms of Service Agreement. Bitwarden complies with industry-standard application security guidelines that include a dedicated security engineering team and include regular reviews of application source code and IT infrastructure to detect, validate, and remediate any security vulnerabilities. This white paper provides an overview of Bitwarden security principles as well as links to additional documents that provide more detail in specific areas. ## Bitwarden security principles Protecting user data with Bitwarden products is a partnership between Bitwarden systems and employees, and users themselves. This section will cover, at a high-level, the key security measures Bitwarden utilizes and the tools Bitwarden makes available to users for protecting data stored in Bitwarden. ### Key security measures Bitwarden utilizes the following key security measures to protect data stored in Bitwarden: **End-to-end encryption:** Lock your passwords and private information with end-to-end AES-CBC 256 bit encryption with HMAC authentication, salted hashing, and Key Derivation Functions such as [PBKDF2 SHA-256](https://bitwarden.com/it-it/help/what-encryption-is-used/#pbkdf2/) or [Argon2id](https://bitwarden.com/it-it/help/what-encryption-is-used/#argon2id/). All cryptographic keys are generated and managed by the client on your devices, and all encryption is done locally. See more details [here](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#hashing-key-derivation-and-encryption/). **Zero knowledge encryption:** Bitwarden team members cannot see your passwords. Your data remains end-to-end encrypted with your individual email and master password. Bitwarden never stores and cannot access your master password or your cryptographic keys. **Secure password sharing:** Bitwarden enables secure sharing and management of sensitive data with users across an entire organization. A combination of asymmetric and symmetric encryption protects sensitive information as it is shared. **Open source and source available code:**The source code for all Bitwarden software products is hosted on [GitHub](https://github.com/bitwarden/) and we welcome everyone to review, audit, and contribute to the Bitwarden codebase. Bitwarden source code is audited by reputable third-party security auditing firms as well as independent security researchers. Additionally, the [Bitwarden Vulnerability Disclosure Program](https://hackerone.com/bitwarden?type=team&view_policy=true) enlists the help of the hacker community at HackerOne to make Bitwarden more secure. **Privacy by design:** Bitwarden stores all of your logins in an encrypted vault that syncs across all of your devices. Since it’s fully encrypted before it ever leaves your device, only you have access to your data. Not even the team at Bitwarden can read your data (even if we wanted to). **Security Auditing:** Third-party security reviews and assessments of applications and/or the platform are performed at a minimum of once per year. **Compliance:** Bitwarden complies with AICPA SOC2 Type 2 / Data Privacy Framework, GDPR, and CCPA regulations.[ Learn more](https://bitwarden.com/it-it/help/is-bitwarden-audited/). ### Security tools for users The following tools are provided by Bitwarden, and must be acted on by individual users and businesses, to optimize account protection and lockout avoidance: #### Master passwords User data protection in Bitwarden begins the moment a user creates an account and a master password. A master password is the token a user uses to access their vault, where sensitive data is stored. Users should create their accounts with a strong master password and Bitwarden includes a password strength meter as a guide to help users do so: ![Password strength meter](https://bitwarden.com/assets/6Nopwp0Wbr6FmfQBfzhAGb/e80b52613f70186f491e629cc7906c91/Screenshot_2024-04-01_at_9.41.44_AM.png) Users are warned when they try to sign up with a weak master password, and are also given the option to check known data breaches for the master password using an integration with [Have I Been Pwned (HIBP)](https://haveibeenpwned.com/FAQs): ![Weak or exposed master password](https://bitwarden.com/assets/2fc9uAmERxfK7QEkFzeeO0/0fbe2a9b1d207950a2d30358f904c405/Screenshot_2024-04-01_at_9.50.46_AM.png) **It is very important that users never forget their master passwords.** Master passwords are: - Cleared or marked for removal from memory after usage. - Never transmitted over the internet to Bitwarden servers. - Unable to be seen, read, or reverse engineered by anyone at Bitwarden. Because of this, and the fact that your data is fully encrypted and/or hashed before ever leaving your local device, forgetting a master password **will** result in a user being locked out of their account unless they have emergency access or account recovery active, both of which will be covered later in this paper. > [!NOTE] Master password can be changed > Users can change their master password from the Bitwarden web app. [Learn how](https://bitwarden.com/it-it/help/master-password/#change-master-password/). #### Alternative log in methods Bitwarden clients offer the following alternative methods of authentication. Some of these methods may also be used for decryption on log in: - **Log in with device**: Initiate an authentication request from a Bitwarden client and complete authentication by approving the request on a device you're already logged in to. [Learn how it works](https://bitwarden.com/it-it/help/log-in-with-device/). - **Log in with passkeys**: Use a passkey to log in to a Bitwarden client and, if the passkey is PRF-capable, use it to decrypt your vault data. [Learn how it works](https://bitwarden.com/it-it/help/login-with-passkeys/). - **SSO with trusted devices**: SSO with trusted devices allows users to authenticate using SSO and decrypt their vault using a device-stored encryption key, eliminating the need to enter a master password. [Learn how it works](https://bitwarden.com/it-it/help/about-trusted-devices/). #### Two-step login Two-step login (also called "two-factor authentication" or "2FA") is an extra layer of security for online accounts, designed to protect access to Bitwarden even if someone has the master password. When two-step login is active, users are required to complete a secondary step while logging into Bitwarden, like using a [FIDO2 security key](https://bitwarden.com/it-it/help/setup-two-step-login-fido/) or an [authenticator app](https://bitwarden.com/it-it/help/setup-two-step-login-authenticator/) to confirm the login attempt. As a best practice, **Bitwarden recommends all users activate and use two-step login**. Bitwarden provides users a [recovery code](https://bitwarden.com/it-it/help/two-step-recovery-code/) that they can use to turn off two-step login in the event a secondary device is lost, for example if a YubiKey goes missing. **Users should retrieve and save their recovery code immediately after activating the feature**, as Bitwarden policy prohibits facilitating support requests to deactivate two-step login on a users' behalf. Further, no tools have been built to facilitate internal teams doing so. Learn more about the [available two-step login methods](https://bitwarden.com/it-it/help/setup-two-step-login/), using [multiple methods](https://bitwarden.com/it-it/help/setup-two-step-login/#using-multiple-methods/), and what to do in the event of a [lost secondary device](https://bitwarden.com/it-it/help/lost-two-step-device/). #### Emergency access Premium users, including members of paid organizations (Families, Teams, or Enterprise) can [designate trusted emergency contacts](https://bitwarden.com/it-it/help/emergency-access/) who may request access to their vault in cases of emergency. Trusted emergency contacts can be assigned either view-only or takeover access to users' accounts. Emergency access uses asymmetric encryption to allow users to give a trusted emergency contact permission to access vault data in a zero knowledge environment: > [!NOTE] WP: See encryption section > The following information references encryption key names and processes that are discussed in [hashing, key derivation, and encryption](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#hashing-key-derivation-and-encryption/). Consider reading those details first. 1. A Bitwarden user (the grantor) invites another Bitwarden user to become a trusted emergency contact (the grantee). The invitation (valid for only five days) specifies a user access level and includes a request for the grantee's **RSA Public Key**. 2. Grantee is notified of the invitation via email and accepts the invitation to become a trusted emergency contact. 3. Grantor is notified of the invitation's acceptance via email and confirms the grantee as their trusted emergency contact. On confirmation, the grantor's **User Symmetric Key** is encrypted using the grantee's **RSA Public Key** and stored with the invitation. Grantee is notified of confirmation. 4. An emergency occurs, resulting in grantee requiring access to the grantor's vault. Grantee submits a request for emergency access. 5. Grantor is notified of the request via email. The grantor may manually approve the request at any time, otherwise the request is bound by a grantor-specified wait time. When the request is approved or the wait time lapses, the **Public Key-encrypted User Symmetric Key** is delivered to the grantee for decryption with the grantee's **RSA Private Key**. 6. Depending on the specified user access level, the grantee will either: - Obtain view/read access to items in the grantor's vault. - Be asked to create a new master password for the grantor's vault. #### Account recovery [Account recovery](https://bitwarden.com/it-it/help/account-recovery/) allows designated administrators of Enterprise organizations to recover member accounts and restore access in the event that an employee forgets their master password. Businesses may also wish to use account recovery to reclaim ownership of a member's account when an employment relationship is ended. > [!NOTE] WP: See encryption section > The following information references encryption key names and processes that are discussed in [hashing, key derivation, and encryption](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#hashing-key-derivation-and-encryption/). Consider reading those details first. When an organization member enrolls in account recovery, that user's account encryption key (a.k.a. **User Symmetric Key**) is encrypted with the organization's RSA Public Key. The result is stored as the **Account Recovery Key**. When a recovery action is taken: 1. The organization**RSA Private Key** is decrypted with the **Organization Symmetric Key**. 2. The user's **Account Recovery Key** is decrypted with the decrypted **RSA Private Key**, resulting in the **User Symmetric Key** (referred to as "account encryption key" in-product). 3. The **User Symmetric Key** is encrypted for the new **Master Password**. Similar to a standard password change; The server-stored encrypted account encryption key, and server authentication hash are replaced. ## Hashing, key derivation, and encryption This section will cover the cryptographic processes that are implemented when a user creates a Bitwarden account and subsequently logs in to access their data: ### Account creation When an account is created, Bitwarden uses Password-Based Key Derivation Function 2 (PBKDF2) with 600,000 iteration rounds to stretch the user's master password with a salt of the user's email address. > [!NOTE] PBKDF by default, but Argon available > Though user accounts are initiated with PBKDF2, users may elect to change their key derivation function to [Argon2id](https://bitwarden.com/it-it/help/what-encryption-is-used/#argon2id/) after the account has been created. Learn how to [change the KDF algorithm](https://bitwarden.com/it-it/help/kdf-algorithms/#changing-kdf-algorithm/). The resulting salted value is the 256-bit **Master Key**. The **Master Key** is then again stretched to 512-bits using HMAC-based Extract-and-Expand Key Derivation Function (HKDF), resulting in the **Stretched Master Key**. The **Master Key** and **Stretched Master Key** are never stored on or transmitted to Bitwarden servers: ![Password-based key derivation](https://bitwarden.com/assets/6nm36M2VAPwxdwlD8HoR2N/0b39079292cb7c80ac5147ffa5ab36eb/whitepaper-1.png) Next, a 512-bit **Generated Symmetric Key** and 128-bit **Initialization Vector** are created using a Cryptographically Secure Pseudorandom Number Generator (CSPRNG). The **Generated Symmetric Key** is encrypted with AES-256 bit encryption using the **Stretched Master Key** and **Initialization Vector**. The result is called the **Protected Symmetric Key**, and is the main key associated with the user. The **Protected Symmetric Key** is sent to the Bitwarden server upon account creation and sent back to Bitwarden client applications upon syncing. An asymmetric key pair is also created when the user registers their account. This **Generated RSA Key Pair** is used [when the user creates an organization](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#when-you-create-an-organization/) and in processes like [emergency access](https://bitwarden.com/it-it/help/emergency-access/) that can be used to share data between users. Finally, a **Master Password Hash** is generated using PBKDF-SHA256 with a payload of the **Master Key** and with a salt of the master password. The **Master Password Hash** is sent to the Bitwarden server upon account creation and login, and used to authenticate the user account. Once reaching the server, the **Master Password Hash** is hashed again using PBKDF2-SHA256 with a random salt and 600,000 iterations: ![Bitwarden password hashing, key derivation, and encryption ](https://bitwarden.com/assets/1rLMJoZFka4Per5lIyuMv9/33bc3f62358591bfe4cb86d3c3375535/whitepaper-acctcreate.png) ### Authentication and decryption Users are required to enter an email address and, typically, a master password in order to [log in](https://vault.bitwarden.com/#/) to a Bitwarden account. When they do so, Bitwarden uses Password-Based Key Derivation Function 2 (PBKDF2) with a default of 600,000 iteration rounds to stretch the master password with a salt of the account email address. The resulting salted value is the 256-bit **Master Key**. A **Master Password Hash**, generated using PBKDF-SHA256 with a payload of the **Master Key** and with a salt of the master password, is sent to the server for authentication by comparing the hash to that which is stored server-side. > [!NOTE] PBKDF by default, but Argon available > Though user accounts are initiated with PBKDF2, users may elect to change their key derivation function to [Argon2id](https://bitwarden.com/it-it/help/what-encryption-is-used/#argon2id/) after the account has been created. Learn how to [change the KDF algorithm](https://bitwarden.com/it-it/help/kdf-algorithms/#changing-kdf-algorithm/). Concurrently, the **Master Key** is stretched to 512-bits in length using HMAC-based Extract-and-Expand Key Derivation Function (HKDF), resulting in the **Stretched Master Key**. The **Protected Symmetric Key**, which is stored server-side and retrieved by the client, is decrypted using this **Stretched Master Key**. The resultant **Symmetric Key** is used by the client to decrypt vault data. This decryption is done entirely on the Bitwarden client. Master passwords and **Stretched Master Keys** are never stored on or transmitted to Bitwarden servers: ![An overview of user login ](https://bitwarden.com/assets/lrLsAOcvBsN1vaYAaZQKt/a73a6f46d55cf705423aa7a6a12b7f8a/whitepaper-login.png) Bitwarden does not keep the master password itself stored locally or in-memory on the Bitwarden client. Your account encryption key (**User** **Symmetric Key**) is kept in memory while the app is unlocked in order to decrypt vault data. When the Bitwarden client is locked, your encryption keys and vault data are purged as aggressively as possible from memory. After a certain period of inactivity on the lock screen, we reload application processes or perform other cleanup operations to ensure that any leftover managed memory is also purged or expect underlying systems to purge that memory when it is outside our control. We do our best to ensure that any data that may be in memory for the application to function is only held in memory for as long as you need it and that memory is cleaned up appropriately whenever the application is locked. We regularly review the Bitwarden application’s memory state and adjust processes wherever possible to clear sensitive contents while locked. ### Rotating the account encryption key During a password change operation, users have the option to rotate (i.e. change) their **User Symmetric Key** (referred to as "account encryption key" in-product). Rotating this key is a good idea if users believe that their previous master password was compromised or that the data they've stored in Bitwarden was stolen from one of their devices. > [!NOTE] WP: Rotating encryption key > Rotating the account’s encryption key is a sensitive operation, which is why it is not a default option when changing a master password. A key rotation involves generating a new, random encryption key for the account and **re-encrypting all vault data** using this new key. See additional details in [this article](https://bitwarden.com/it-it/help/account-encryption-key/). ### Variations This section will cover variations to encryption processes when users are using Log in with device, Log in with passkeys, or SSO with trusted devices. #### Log in with device When logging in with a device is initiated: 1. The initiating client sends a request which includes the account email address, a unique **Auth-request Public Key**ª, and an access code, to an Authentication Request table in the Bitwarden database. Registered devices, meaning clients that are logged in and have a [device-specific GUID](https://bitwarden.com/it-it/help/administrative-data/) stored in the Bitwarden database, are provided the request. 2. When the request is approved, the approving client encrypts the account's **User Encryption key** using the **Auth-request public key** enclosed in the request. 3. The approving client then sends the **User Encryption key** to the Authentication Request record and marks the request fulfilled. 4. The initiating client requests the encrypted **User Encryption key**. 5. The initiating client then **locally**decrypts the **User Encryption key** using the **Auth-request private key.** 6. The initiating client then uses the access code to authenticate the user with the Bitwarden Identity service. 7. The initiating client can then retrieve the user's vault data and use the **User Encryption key** to decrypt it. ª - **Auth-request Public and Private Keys** are uniquely generated for each passwordless login request and only exist for as long as the request does. Requests expire and are purged periodically if they aren't approved or denied. #### Log in with passkeys The following describes the mechanics of logging in with passkeys when users' passkeys are set up for encryption. Users may opt to not use their passkeys for encryption instead. When a passkey is registered for log in to Bitwarden: 1. A **Passkey Public and Private Key Pair** is generated by the authenticator via the WebAuthn API. This key pair, by definition, is what constitutes your passkey. Attestation options, such as what encryption algorithm to use, and provided by Bitwarden to the authenticator. 2. A **PRF Symmetric Key** is generated by the authenticator via the WebAuthn API's PRF extension. This key is derived from an **internal secret** unique to your passkey and a **salt** provided by Bitwarden. 3. A **PRF Public and Private Key Pair** is generated by the Bitwarden client. The PRF public key encrypts your **User Symmetric Key** (referred to as "account encryption key" in-product), which your client will have access to by virtue of being logged in and unlocked, and the resulting **PRF-Encrypted User Symmetric Key** is sent to the server. 4. The **PRF Private Key** is encrypted with the **PRF Symmetric Key** (see Step 2) and the resulting **PRF-Encrypted Private Key** is sent to the server. 5. Your client sends data to Bitwarden servers to create a new passkey credential record for your account. If your passkey is registered with support for vault encryption and decryption, this record includes: - The passkey name - The Passkey Public Key - The PRF Public Key - The PRF-Encrypted User Symmetric Key - The PRF-Encrypted Private Key Your **Passkey Private Key**, which is required to accomplish authentication, only ever leaves the client in an encrypted format. When a passkey is used to log in and, specifically, to decrypt your vault data: 1. Using WebAuthn API public key cryptography, your authentication request is asserted and affirmed. 2. Your **PRF-Encrypted User Symmetric Key** (referred to as "account encryption key" in-product) and **PRF-Encrypted Private Key** are sent from the server to your client. 3. Using the same **salt** provided by Bitwarden and the **internal secret** unique to your passkey, the **PRF Symmetric Key** is re-created locally. 4. The **PRF Symmetric Key** is used to decrypt your **PRF-Encrypted Private Key**, resulting in your **PRF Private Key**. 5. The **PRF Private Key** is used to decrypt your **PRF-Encrypted User Symmetric Key**, resulting in your **User Symmetric Key**. This is used to decrypt your vault data. #### SSO with trusted devices The following sections describe encryption processes and key exchanges that occur during different trusted devices procedures: ### Onboarding When a new user joins an organization, an **Account Recovery Key** ([learn more](https://bitwarden.com/it-it/help/account-recovery/)) is created by encrypting their account encryption key with the **Organization Public Key**. Account recovery is required to enable SSO with trusted devices. The user is then asked if they want to remember, or trust, the device. When they opt to do so: ![Create a trusted device](https://bitwarden.com/assets/2o9o8L0JZMvWZYJvfKGMzj/b7cab59682862c8e782331ed6a2ef9d9/td-create.png) *Create a trusted device* 1. A new **Device Key**is generated by the client. This key never leaves the client. 2. A new RSA key pair, called the **Device Private Key**and **Device Public Key**, is generated by the client. 3. The user's account encryption key is encrypted with the unencrypted **Device Public Key** and the resultant value is sent to the server as the **Public Key-Encrypted User Key**. 4. The **Device Public Key**is encrypted with the user's account encryption key and the resultant value is sent to the server as the **User Key-Encrypted Public Key**. 5. The **Device Private Key** is encrypted with the first **Device Key** and the resultant value is sent to the server as the **Device Key-Encrypted Private Key**. The **Public Key-Encrypted User Key** and **Device Key-Encrypted Private Key** will, crucially, be sent from server to client when a login is initiated. The **User Key-Encrypted Public Key** will be used should the user need to rotate their account encryption key. ### Logging in When a user authenticates with SSO on an already-trusted device: ![Use a trusted device](https://bitwarden.com/assets/61SSa6ITlRaICIUoCzEiVp/746cf3ba3005b4118d20319e894c47c7/td-use.png) *Use a trusted device* 1. The user's **Public Key-Encrypted User Key**, which is an encrypted version of the account encryption key used to decrypt vault data, is sent from the server to the client. 2. The user's **Device Key-Encrypted Private Key**, the unencrypted version of which is required to decrypt the **Public Key-Encrypted User Key**, is sent from the server to the client. 3. The client decrypts the **Device Key-Encrypted Private Key**using the **Device Key**, which never leaves the client. 4. The now-unencrypted **Device Private Key**is used to decrypt the **Public Key-Encrypted User Key**, resulting in the user's account encryption key. 5. The user's account encryption key decrypts vault data. ### Approving When a user authenticates with SSO and opts to decrypt their vault with an un-trusted device (i.e. a **Device Symmetric Key**does not exist on that device), they are required to choose a method of approving the device and optionally trusting it for future use without further approval. What happens next depends on the selected option: - **Approve from another device**: 1. The process documented [here](https://bitwarden.com/it-it/help/log-in-with-device/#how-it-works/) is triggered, resulting in the client having obtained and decrypted the account encryption key. 2. The user can now decrypt their vault data with the decrypted account encryption key. If they have chosen to trust the device, trust is established with the client as described in the **Onboarding**tab. - **Request admin approval**: 1. The initiating client POSTs a request, which includes the account email address and a unique **auth-request public key**ª, to an Authentication Request table in the Bitwarden database. ![User requests admin approval (Step 1)](https://bitwarden.com/assets/1CgwXVCrjssDwsz2Aie4mV/aac6c3975c9a8d225074268c093cadc3/2025-04-30_09-33-37.png) *User requests admin approval (Step 1)* 2. Administrators can [approve or deny the request](https://bitwarden.com/it-it/help/approve-a-trusted-device/) on the Device approvals page. 3. When the request is approved by an administrator, the approving client encrypts the user's account encryption key using the **auth-request public key** enclosed in the request. 4. The approving client then PUTs the encrypted account encryption key to the Authentication Request record and marks the request fulfilled. ![Admin approves auth request (Steps 3-4)](https://bitwarden.com/assets/4Y9q6Y3KmLskDaqfF03YmJ/8a99742b2bf8e7394cb0988495dc13b0/2025-04-30_09-34-10.png) *Admin approves auth request (Steps 3-4)* 5. The initiating client GETs the encrypted account encryption key and **locally **decrypts it using the **auth-request private key**. ![User receives admin approval (Step 5)](https://bitwarden.com/assets/7LNcFuhupPeR4DJhg2k4po/10ae5da219f1e5338e5cdf6554655e9f/2025-04-30_09-34-28.png) *User receives admin approval (Step 5)* 6. Using the decrypted account encryption key, trust is established with the client as described in the **Onboarding**tab. ª - **Auth-request public** and **private keys** are uniquely generated for each passwordless login request and only exist for as long as the request does. Unapproved requests will expire after 1 week. - **Approve with master password**: 1. The users's account encryption key is retrieved and decrypted as documented in the [Authentication and decryption](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#authentication-and-decryption/) section of the security whitepaper. 2. Using the decrypted account encryption key, trust is established with the client as described in the **Onboarding**tab. ### Key rotation > [!NOTE] Which TDE users can rotate an enc key > Only users who have a master password can rotate their [account encryption key](https://bitwarden.com/it-it/help/account-encryption-key/). [Learn more](https://bitwarden.com/it-it/help/about-trusted-devices/#impact-on-master-passwords/). When a user rotates their [account encryption key](https://bitwarden.com/it-it/help/account-encryption-key/), during the normal rotation process: 1. The **User-Key Encrypted Public Key** is sent from the server to the client, and subsequently decrypted with the old account encryption key (a.k.a. **User Key**), resulting in the **Device Public Key**. 2. The user's new account encryption key is encrypted with the unencrypted **Device Public Key** and the resultant value is sent to the server as the new **Public Key-Encrypted User Key**. 3. The **Device Public Key**is encrypted with the user's new account encryption key and the resultant value is sent to the server as the new **User Key-Encrypted Public Key**. 4. The Public Key-Encrypted User Key is then re-shared with each trusted device. ## Sharing data between users Collaboration is one of the leading benefits of using a password manager. In order to enable sharing, you need to first create an [organization](https://bitwarden.com/it-it/help/about-organizations/). A Bitwarden organization is an entity that relates users together that want to share items. An organization could be a family, team, company, or any other type of group that desires to share data. This section will cover the cryptographic processes that are implemented to ensure a secure, end-to-end, zero knowledge encryption method for sharing data as well as the additional security measures implemented to ensure control of your data: ![Organization key protection and exchange](https://bitwarden.com/assets/1f8B41wwuVVuaJP8NjI8jy/c059ab0fa4a645eb14973571c7669128/whitepaper-orgcloseup.png) ### When you create an organization When you create an organization, a Cryptographically Secure Pseudorandom Number Generator (CSPRNG) is used to generate the **Organization Symmetric Key**. This key is what's used to encrypt vault data owned by the organization, therefore sharing data with organization members requires securely providing access to the **Organization Symmetric Key**. The unprotected **Organization Symmetric Key** is never stored on Bitwarden servers. As soon as the **Organization Symmetric Key** is created, RSA-OAEP is used to encrypt it with the organization creator's **RSA Public Key**. > [!NOTE] RSA Private Key > A **RSA Key Pair** is generated for every user upon account creation, regardless of whether they are an organization member or not, so this key will already exist prior to organization creation. The **RSA Private Key**, the use for which is described below, is stored encrypted with the user's **User Symmetric Key**, so users must be fully logged in to gain access to it. The resultant value of this operation is referred to as the **Protected Organization Symmetric Key** and is sent to Bitwarden servers. When the organization creator, or any organization member, logs in to their account, the client application uses the decrypted **RSA Private Key** to decrypt the **Protected Organization Symmetric Key**, resulting in the **Organization Symmetric Key**. Using this, organization-owned vault data is decrypted locally. ### When users join an organization The process for subsequent users joining an organization is quite similar, however some differences are worth noting. First, an established member of the organization, specifically someone with permission to onboard other users, confirms the user to the organization. This established member, by virtue of having already logged in to their account and gone through the organization data decryption process described in the previous section, has access to the decrypted **Organization Symmetric Key**. So, when the new user is confirmed, the established member's client reaches out to Bitwarden servers, retrieves the new user's **RSA Public Key**, which is stored on Bitwarden servers at the time of account creation, and encrypts the decrypted **Organization Symmetric Key** with it. This results in a new **Protected Organization Symmetric Key** that is sent to Bitwarden servers and stored for the new member. > [!NOTE] Protected org symmetric > Each **Protected Organization Symmetric Key** is unique to its user, but each will decrypt to the same required **Organization Symmetric Key** when decrypted with its specific user's **RSA Private Key**. When the new user logs in to their account, the client application uses the decrypted **RSA Private Key** to decrypt the new **Protected Organization Symmetric Key**, resulting in the raw **Organization Symmetric Key**. Using this, organization-owned vault data is decrypted locally. ### Additional security measures #### Access controls, permissions, and roles Bitwarden organizations use collections, projects, and groups to logically group together vault data and users: - **Collections & projects**: Logically organize your vault data into discrete units to help ensure members are getting access to all and only the resources they need. - **Groups**: Logically organize your members into discrete units to help ensure that everyone is getting access to everything and only what they need. - **Member roles**: Assign roles to members to provide them access to the appropriate level of tools within the context of your organization. - **Permissions**: Designate what actions your members are allowed to take on the vault data they've been granted access to. #### Event logs Event logs contain time-stamped, detailed information about what actions or changes have occurred within an organization. These logs are helpful with researching changes in credentials or configuration and are very useful for audit trail investigation and troubleshooting purposes. Event logs are available for Teams and Enterprise organizations for both Password Manager and Secrets Manager. Learn more about [event logs](https://bitwarden.com/it-it/help/event-logs/). Teams and Enterprise organizations may also use the [Bitwarden public API](https://bitwarden.com/it-it/help/public-api/) to gather more data for their event logs. #### SIEM integrations Several Security Information and Event Management (SIEM) integrations are available for Bitwarden: - [Splunk](https://bitwarden.com/it-it/help/splunk-siem/) - [Panther](https://bitwarden.com/it-it/help/panther-siem/) - [Elastic](https://bitwarden.com/it-it/help/elastic-siem/) For other SIEM systems, a combination of data from the API and CLI may be used to gather data. This process is outlined [here](https://bitwarden.com/it-it/help/event-logs/#siem-and-external-systems-integrations/). ## Data protection This section will cover the measures taken to ensure that data remains secure: ![Multifactor encryption](https://bitwarden.com/assets/5hrNLuFuk9laua0zD0zSL/2f9a008c97f9bf98b969e96a85a0a32a/multifactor_encryption__2_.png) *Multifactor encryption* ### How vault data is encrypted All vault data (logins, passkeys, cards, identities, notes, and secrets) are protected with end-to-end-encryption. Data that you choose to store in Bitwarden is first stored as an object called a Cipher. Ciphers are encrypted locally when a vault item is created, edited, or imported, using a unique, random, 64-byte **Cipher Key**. Each **Cipher Key** is encrypted with either the **User Symmetric Key** or the **Organization Symmetric Key**, depending on whether the item is individually- or organizationally-owned, before being sent to Bitwarden servers. These encryption operations are performed entirely on the Bitwarden client application. When a user logs in to Bitwarden, the client gains access to their **User Symmetric Key** by decrypting their **Protected Symmetric Key** using the **Stretched Master Key**. If they're a member of an organization, the client gains access to the **Organization Symmetric Key** through their **RSA Private Key**. With one of these keys, **Cipher Keys** are locally decrypted and the resultant value is used to decrypt individual or organization vault data. When a user rotates their account encryption Key, here referred to as their **User Symmetric Key**, each existing **Cipher Key** is re-encrypted with the new **User Symmetric Key**. > [!NOTE] Cipher Keys for Attachments > In the case of attachments, the **Cipher Key** is used to encrypt the attachment's metadata, specifically the file name and size. The **Cipher Key** is also used to encrypt the **Attachment Key**, which in turn is used to encrypt the attachment data itself. Passkeys, stored in the vault are generated using the ES256 algorithm. ### Vault health reports Vault health reports can be used to evaluate the security of the data stored in Bitwarden Password Manager. Reports, for example the Reused Passwords and Weak Passwords reports, are run locally on the Bitwarden client application. This allows offending items to be identified without Bitwarden ever having access to unencrypted versions of this data. Learn more about [the available vault health reports](https://bitwarden.com/it-it/help/reports/). ### Data protection in transit Bitwarden uses TLS/SSL to secure communications between Bitwarden clients and user devices to the Bitwarden cloud. Bitwarden’s TLS implementation uses X.509 certificates for server authentication and key exchange and a strong cipher suite for bulk encryption. Bitwarden servers are configured to reject weak ciphers and protocols. Bitwarden also implements HTTP Security headers such as HTTP Strict Transport Security (HSTS), which will force all connections to use TLS. This additional layer of protection with HSTS mitigates the risks of downgrade attacks and misconfiguration. ### Data protection at rest Bitwarden always encrypts and/or hashes your data on your local device before it is sent to the cloud servers for syncing. Bitwarden servers are only used for storing and synchronizing encrypted vault data. It is not possible to get your unencrypted data from the Bitwarden cloud servers. AES is a standard in cryptography and used by the U.S. government and other government agencies around the world for protecting top-secret data. With proper implementation and a strong encryption key, AES is considered unbreakable. A password based key-derivation function is used to derive an intermediate key from your master password. This key is then salted and hashed for authenticating with the Bitwarden servers. The default iteration count used with PBKDF2 is 600,000 iterations on the client (this client-side iteration count is configurable from your account settings.) > [!NOTE] PBKDF by default, but Argon available > Though user accounts are initiated with PBKDF2, users may elect to change their key derivation function to [Argon2id](https://bitwarden.com/it-it/help/what-encryption-is-used/#argon2id/) after the account has been created. Learn how to [change the KDF algorithm](https://bitwarden.com/it-it/help/kdf-algorithms/#changing-kdf-algorithm/). The Bitwarden cloud database stores your encrypted vault and is hosted within the secure Microsoft Azure cloud infrastructure. It is configured with an encryption-at-rest technology provided by Azure called Transparent Data Encryption (TDE). TDE performs real-time encryption and decryption of the entire Bitwarden cloud database, associated backup data, and transaction log files when they’re not in-use. Azure handles the encryption keys for TDE, which only authorized Bitwarden server components are able to access. Read more about Azure’s Transparent Data Encryption [here](https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?view=azuresql&tabs=azure-portal). Additionally, Bitwarden server applications perform their own encryption of sensitive database columns related to your user account. Master password hashes and protected user keys are encrypted on the fly as they move in and out of the Bitwarden cloud database. These column-level encryption operations are performed with keys that Bitwarden manages in a strictly controlled key management service (KMS). Learn more: [How end-to-end encryption paves the way for zero knowledge](https://bitwarden.com/it-it/blog/end-to-end-encryption-and-zero-knowledge/) and [What encryption is being used](https://bitwarden.com/it-it/help/what-encryption-is-used/) ### Data types and data retention Bitwarden processes two kinds of user data to deliver the Bitwarden Service: (i) Vault Data and (ii) Administrative Data. (i) Vault Data Vault Data includes all information stored within accounts to the Bitwarden Service and may include Personal Information. If we host the Bitwarden Service for you, we will host Vault Data. Vault Data is encrypted using secure cryptographic keys under your control. Bitwarden cannot access Vault Data. Data Retention of Vault Data: You may add, modify, and delete Vault Data at any time. (ii) Administrative Data Bitwarden obtains Personal Information in connection with your account creation, usage of the Bitwarden Service and support, and payments for the Bitwarden Service such as names, emails address, phone and other contact information for users of the Bitwarden Service and the number of items in your Bitwarden Service account ("Administrative Data"). Bitwarden uses Administrative Data to provide the Bitwarden Service to you. We retain Administrative Data for as long as you are a customer of Bitwarden and as required by law. If you terminate your relationship with Bitwarden, we will delete your Personal Information in accordance with our data retention policies. When you use the website or communicate with us (e.g., via email) you will provide, and Bitwarden will collect certain Personal Information such as: - Name - Business name and address - Business telephone number - Email address - IP-address and other online identifiers - Any customer testimonial you have given us consent to share. - Information you provide to the Site's Interactive Areas, such as fillable forms or text boxes, training, webinars or event registration. - Information about the device you are using, comprising the hardware model, operating system and version, unique device identifiers, network information, IP address, and/or Bitwarden Service information when interacting with the Site. - If you interact with the Bitwarden Community or training, or registered for an exam or event, we may collect biographical information and the content that you share. - Information gathered via cookies, pixel tags, logs, or other similar technologies. Please refer to the [Bitwarden Privacy Policy](https://bitwarden.com/it-it/privacy/) for additional information. ## Cloud platform and web application security ### Architecture overview Bitwarden processes and stores all data securely in the Microsoft Azure cloud using services that are managed by the team at Microsoft, including Azure Kubernetes Services (AKS). Azure Kubernetes Services is a managed Kubernetes service provided by Microsoft that reduces the complexity of deploying and managing Kubernetes clusters. Microsoft fully manages the control plane. The control plane contains all of the components and services that are used to operate and maintain the Bitwarden Kubernetes clusters. Microsoft and the AKS team deploy, operate, and are responsible for the AKS service availability and functionality. The team at Bitwarden manages: - The access management of the AKS service - The patching and updating to apply the Node OS security patches, Node image version upgrades, and the Kubernetes version (cluster upgrades) - The container security for the docker images and running containers in AKS - The network security of the nodes ![Bitwarden architectural overview](https://bitwarden.com/assets/6PDqnG1zfXQLQ54rm0auc0/8b41d77f1451ae0aed8c259fa85ed5a2/Security_White_Paper_Diagrams_August_2023_-GO_BR-.png) ### Security updates and patching #### Azure Kubernetes Services (AKS) Microsoft provides patches, new node images, and new Kubernetes versions for their AKS service. The team at Bitwarden manages and monitors the AKS environment and follows the upgrade recommendations from Microsoft and vulnerability reports to ensure that Node OS security patches, Node image version upgrades, and the Kubernetes version (cluster upgrades) are applied. In addition, the Bitwarden team applies updates and patches to maintain the container security for the docker imagers and running containers in AKS. ### Control of production systems Bitwarden maintains documented runbooks for all production systems that cover deployment, update, and troubleshooting processes. Extensive alerts are set up to notify and escalate in case of issues. #### Baseline configurations Bitwarden processes and stores all data securely in the Microsoft Azure cloud using services that are managed by the team at Microsoft, including Azure Kubernetes Service (AKS). ##### Azure Kubernetes Services (AKS) Security baseline configurations are established and monitored using Cloud Security Posture Management and Vulnerability Management services. #### HTTP security headers Bitwarden leverages HTTP Security headers as an additional level of protection for the Bitwarden web application and communications. For example, HTTP Strict Transport Security (HSTS) will force all connections to use TLS, which mitigates the risks of downgrade attacks and misconfiguration. Content Security Policy headers provide further protection from injection attacks, such as cross-site scripting (XSS). In addition, Bitwarden implements X-Frame-Options: SAMEORIGIN to defend against clickjacking. ### Key management procedures Keys and other secrets utilized by the Bitwarden platform itself, including credentials for Bitwarden cloud provider accounts, are generated, securely stored, and rotated as needed in accordance with industry-standard practices. Bitwarden uses internal Bitwarden vaults for secure storage and backup of sensitive keys or other secrets utilized by the Bitwarden platform. Access to these vaults is carefully managed with access controls, permissions, and roles. ### Logging, monitoring, and alert notification Bitwarden maintains documented runbooks for all production systems that cover deployment, update, and troubleshooting processes. Extensive alerts are set up to notify and escalate in case of issues. A combination of manual and automated monitoring of Bitwarden cloud infrastructure provides a comprehensive and detailed view of system health as well as proactive alerts on areas of concern. Issues are surfaced quickly so that the Bitwarden infrastructure team can effectively respond and mitigate problems with minimal disruption. ### Threat prevention and response Bitwarden performs continuous security monitoring of our networks, assets, data, and services leveraging services and tools including but not limited to Security Information Event Management (SIEM), established Security Operations Center (SOC), Vulnerability Management, Data Loss Prevention (DLP), and Endpoint Detection and Response (EDR). Bitwarden maintains a Security Incident Response policy and plan which is designed to minimize the overall impact of cyber incidents and includes the following as part of the Incident Response Lifecycle: - Preparation and Planning - Detection and Analysis - Containment - Eradication - Recovery - Post-Incident Activities Bitwarden uses Content Delivery Network (CDN) services in order to provide Web Application Firewalls (WAF) at the edge, better DDoS protection, distributed availability, and caching. Bitwarden also uses proxies within the CDN provider for better network security and performance of its services and sites. ### Code assessments Bitwarden is open source software. All of our source code is hosted on GitHub and is free for anyone to review. Bitwarden source code is audited by reputable third-party security auditing firms as well as independent security researchers. In addition, the Bitwarden Vulnerability Disclosure Program enlists the help of the hacker community at HackerOne to make Bitwarden more secure. ### Code scanning In addition to Bitwarden source code being audited by reputable third-party security auditing firms and independent security researchers, Bitwarden source code is scanned by the following set of tools whenever a push is made to any branch in any Bitwarden repository: - **SonarQube**: Used for code quality analysis to ensure best practices for security, reliability, and maintainability are followed. - **Codecov**: Used for test coverage analysis to maximize the amount of code that is included in automated testing. - **Linters**: Several security-focused linters are also used to inspect all code changes. ### Business continuity and disaster recovery Bitwarden employs a full range of disaster recovery and business continuity practices from Microsoft Azure that are built into the Bitwarden cloud. This includes high availability and backup services for our application and database tiers. ### Software lifecycle and change management Bitwarden evaluates changes to platform, applications, and production infrastructure to minimize risk and such changes are implemented following the standard operating procedures at Bitwarden. Change request items are planned based on the roadmap and submitted to engineering. Engineering will review and evaluate their capacity and assess the level of effort for each change request item. After review and evaluation, the product and engineering teams will formulate what they are going to work on for a specific release. The CTO provides details of the release through communication channels and management meetings when the development life cycle begins for that release. At a high-level, the development, release, testing, and approval process includes: - Develop, build, and iterate using pull requests in GitHub. - Get features to a point where they are testable. - Engineering performs functional testing of the feature and/ or product as they are developing and building. - Unit testing build and static application security testing (SAST) are automated as part of Bitwarden Continuous Integration (CI) pipelines. - Some testing is also performed by the Customer Success team. - Engineering management assists with review and helps to formalize the process, including documentation updates. - CTO Provides Final Go / No-Go Approval **Meeting Attendance**: To ensure successful review, approval implementation and closure of change requests, each core Operation and IT service staff should be represented during the meeting to review and discuss the change request. Emergency deployment and hotfixes get escalated priority, and review and approval of the change is received from a manager or director prior to the change being made and is subsequently reviewed, communicated and closed during the next scheduled change meeting. This is normally in a service outage, system down or in an urgent outage prevention situation. ### Auditability and compliance The Bitwarden Security and Compliance Program is based on the ISO-27001 Information Security Management System (ISMS). Bitwarden staff have defined policies that govern security and processes, and continually update the security program to be consistent with applicable legal, industry, and regulatory requirements for services that are provided to you under our [Terms of Service Agreement](https://bitwarden.com/it-it/terms/). Bitwarden complies with industry-standard application security guidelines that include a dedicated security engineering team and include regular reviews of application source code and IT infrastructure to detect, validate, and remediate any security vulnerabilities. #### External security reviews Third-party security reviews and assessments of applications and/or the platform are performed at a minimum of once per year. #### Certifications Bitwarden certifications include: - SOC2 Type II (renewed annually) - SOC3 (renewed annually) - ISO 27001 According to the AICPA, the use of the Systems and Organization Controls (SOC), SOC 2 Type II report is restricted. For SOC 2 report inquiries, please [contact us](https://bitwarden.com/it-it/contact/). Read More: [Bitwarden achieves SOC2 certification](https://bitwarden.com/it-it/blog/bitwarden-achieves-soc-2-certification/) The SOC 3 report provides a summary of the SOC 2 report and is distributed publicly. According to the AICPA, SOC 3 is the SOC for service organizations to report on trust services criteria for general use. Bitwarden makes a copy of the SOC 3 report [available here](https://assets.ctfassets.net/7rncvj1f8mw7/2Sljjp4w5WkruimAllgaks/ec0064fd6e1839185f7dfd2803227e13/Bitwarden_-_2025_SOC_3_Report.pdf) and the summary demonstrates our commitment to security and privacy standards. These SOC certifications represent one facet of Bitwarden's commitment to safeguarding the security and privacy of customers, and compliance with rigorous standards. Bitwarden also performs a regular cadence of audits on our network security and code integrity. Read more: [Bitwarden 2020 security audit is complete](https://bitwarden.com/it-it/blog/bitwarden-network-security-assessment-2020/) and [Bitwarden completes third-party security audit](https://bitwarden.com/it-it/blog/third-party-security-audit/) ### Employee access controls Bitwarden employees have significant training and expertise for the type of data, systems, and information assets that they design, architect, implement, manage, support, and interact with. Bitwarden follows an established on-boarding process to ensure that the appropriate level of access is assigned and maintained. Bitwarden has established levels of access that are appropriate for each role. All requests, including any access change requests, need to be reviewed and approved by the manager. Bitwarden follows a least-privilege policy that grants employees the minimum level of access required to complete their duties. Bitwarden follows an established off-boarding process through Bitwarden Human Resources that revokes all access rights upon an employee's termination. ## Threat model and attack surface analysis overview Bitwarden follows a risk-based approach to designing secure services and systems which include threat modeling and attack surface analysis to identify threats and develop mitigation for them. The risk and threat modeling analysis extends to all areas of the Bitwarden platform including the core Bitwarden cloud server application and the Bitwarden clients such as mobile, desktop, web application, browser and/or command line interfaces. #### Bitwarden clients Users primarily interact with Bitwarden through client applications such as mobile, desktop, web application, browser and/or command line interfaces. The security of these devices, workstations, and web browsers is critical because if one or more of these devices are compromised an attacker may be able to install malware such as a keylogger which would capture all information entered on these devices including any of your passwords and secrets. You, as the end-user and/or device owner, are responsible for ensuring that your devices are secured and protected from non-authorized access. #### HTTPS TLS and web browser crypto end-to-end encryption The Bitwarden web client runs in your web browser. The authenticity and integrity of the Bitwarden web client depend on the integrity of the HTTPS TLS connection by which it is delivered. An attacker capable of tampering with the traffic that delivers the web client could deliver a malicious client to the user. Web browser attacks are one of the most popular ways for attackers and cybercriminals to inject malware or inflict damage. Attack vectors on the web browser might include: - An element of **social engineering, such as phishing,** to trick and persuade the victim to take any action that compromises the security of their user secrets and account. - **Web browser attacks and browser extension / add-on exploits:** A malicious extension designed to be able to capture user secrets as they are typed on the keyboard. - **Attacks on web applications through the browser:** Clickjacking, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF). Bitwarden leverages [HTTP Security headers](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#http-security-headers/) as an additional level of protection for the Bitwarden web application and communications. ## Conclusion This overview of the Bitwarden Security and Compliance program is offered for your review. Bitwarden’s solution, software, infrastructure, and security processes have been designed from the ground up with a multi-layered, defense-in-depth approach. The Bitwarden Security and Compliance Program is based on the ISO-27001 Information Security Management System (ISMS). Bitwarden staff have defined policies that govern security and processes, and continually update the security program to be consistent with applicable legal, industry, and regulatory requirements for services that are provided to you under our [Terms of Service Agreement](https://bitwarden.com/it-it/terms/). If you have any questions, please [contact us](https://bitwarden.com/it-it/contact/). ### Document changelog | Date published | Summary of changes | |------|------| | October 9, 2025 | Added information on source code scanning. | | June 30, 2025 | Various clarifications added regarding encryption process. | | May 21, 2025 | Corrected a statement about our policy that prohibits disabling users' 2FA. | | April 30, 2025 | Added diagrams for SSO with trusted devices approvals. | | March 11, 2025 | Added ISO 27001 certification. | | December 11, 2024 | Adjusted language around memory management. | | August 2, 2024 | Restructured the document for easier navigation, improved information architecture, and more consistent style. | | July 25, 2024 | Added information related to Cipher Keys for vault item encryption. | | March 23, 2024 | Added new descriptions and diagrams to **Sharing data between users** section. | | Jan 12, 2024 | Added information related to Log in with Passkeys. | --- URL: https://bitwarden.com/it-it/help/bitwarden-software-release-support/ --- # Software Release Support Bitwarden maintains software versions for the Bitwarden server, Bitwarden clients, and other supported integrations and modules. This document describes software lifecycle policies followed by Bitwarden, this information will help you prepare for updates appropriate for your organization. As a security company building a globally trusted product, Bitwarden maintains up-to-date and relevant software versions for all of our user base, making them widely available and easy to access. At the same time, we recognize there needs to be a balance between frequent updates and release lifespan. We also recognize there needs to be a balance between pushing forward with new features on newer systems and relinquishing support for older systems. (“Systems” in this case represents devices, operating systems, and software applications and frameworks.) ## Bitwarden software support > [!NOTE] Definition of "major version" > A "major version", as described in this document, is indicated by the second number in the version format used for Bitwarden clients and servers (e.g. 2025.**`6`**.0 or 2025.**`7`**.1). The following sections describe support policies for software developed by Bitwarden: ### Bitwarden cloud server The Bitwarden cloud servers are operated and maintained directly by Bitwarden. We update the Bitwarden cloud servers regularly and post updates at [status.bitwarden.com](https://status.bitwarden.com/). ### Bitwarden self-hosted server For self-hosted implementations with applicable subscription plans, Bitwarden servers receive ongoing updates: - At a given time, Bitwarden maintains the current major server version and the previous 2 major server versions. - Each server version is compatible with clients of the same major version, the previous 2 major client versions, and the subsequent 2 major client versions. > [!NOTE] Client compatibility tip > Self-hosted users are expected to keep their server up-to-date to stay current on Bitwarden features and support, and remain compatible with the latest released clients. Self-hosted instances that do not update client and server versions in accordance with the Bitwarden version support policy risk introducing a client change that is incompatible with their server. ### Bitwarden clients For Bitwarden client applications: - At a given time, Bitwarden maintains the current major client version and the previous 2 major client versions. - Each client version is compatible with servers of the same major version, the previous 2 major server versions, and the subsequent 2 major server versions. [Learn how to check your client version](https://bitwarden.com/it-it/help/versioning/#client-version/). ### Bitwarden API The Bitwarden API release cycle and duration aligns with Bitwarden servers. As a practice, we aim to provide backwards compatibility to the API indefinitely through semantic versioning. However, if we add enhancements that make it difficult or impossible to maintain backwards compatibility to all prior versions, we will indicate that by incrementing the major version number. ## Platform software support The following sections describe support policies for software on which Bitwarden is installed or used: ### Platforms for Bitwarden clients For all underlying platforms on which Bitwarden clients applications are installed or used, for example desktop or mobile operating systems and web browser versions, Bitwarden aims to support those versions which are currently supported by the vendor. ### Platforms for self-hosted Bitwarden servers Unless otherwise specified in the System Requirements, self-hosted installations should be maintained on up-to-date operating systems and compute platforms under active mainstream support from their vendor(s). --- URL: https://bitwarden.com/it-it/help/blocker-access-rule/ --- # uMatrix and NoScript access rules By default, the uMatrix and NoScript extensions may block the Bitwarden Firefox extension from accessing the Bitwarden API servers. Without adding proper rules to whitelist the Bitwarden API servers, logging in and other API operations will fail. ## uMatrix The following [uMatrix rule](https://github.com/gorhill/uMatrix/wiki/Rules-syntax) is required: ``` dc8ef5f6-eb0d-4c87-9e9f-0cf803f619e8.moz-extension-scheme bitwarden.com xhr allow ``` > [!NOTE] > The UUID included in the above rule (`dc8ef5f6-eb0d-4c87-9e9f-0cf803f619e8`) will be different for your installation. > Use the `about:debugging#/runtime/this-firefox` page (navigate from Firefox's address bar) to locate your Bitwarden extension UUID. ## NoScript Whitelisting the following domain in NoScript is required: `bitwarden.com` --- URL: https://bitwarden.com/it-it/help/blocking-uris/ --- # Block Autofill on Specific Sites Users of the Bitwarden browser extensions and Android mobile app can explicitly prevent autofill from being allowed on certain domains or URIs: ### Browser extensions > [!TIP] What blocking autofill does on browser extension > Domains that are designated for blocking will block autofill, passkey prompts, and prompts to save or update your credentials. To specify domains to block for browser extensions: 1. In the Bitwarden browser extension, open the ⚙️ **Settings** tab. 2. Select **Autofill**, then scroll to the bottom of the screen and select **Blocked domains**. 3. Select **Add domain** and specify the domain you want to block on. 4. Select **Save**. ### Android > [!NOTE] Support for URI blacklisting > Autofill blocking URIs is currently only available for Bitwarden **Android 8.0 (Oreo)** or higher. To specify URIs to block autofill on for Android: 1. In the Bitwarden Android app, tap ⚙️ **Settings**. 2. Tap **Autofill**. 3. Scroll down and tap **Block autofill**. 4. Tap **New blocked URI** and enter the URIs. Separate multiple URIs with a comma, like: ``` https://instagram.com,androidapp://com.instagram.android,https://facebook.com ``` 5. Tap **Save**. #### Getting Android app URIs For websites accessed via a web browser, a proper URI will be the `https://..` address of the login page, for example `https://instagram.com` or `https://instagram.com/accounts/login`. **For Android apps**, the [URI scheme](https://bitwarden.com/it-it/help/uri-match-detection/#uri-schemes/) always starts with `androidapp://` and is usually a bit different from a typical web browser URI. For example, - The Instagram Android app has the URI `androidapp://com.instagram.android` - The Reddit Android app has the URI `androidapp://com.reddit.frontpage` - The Bitwarden Android app has the URI `androidapp://com.x8bit.bitwarden` > [!TIP] Get URI from Mobile > An easy way to obtain the proper URI for an Android app is to visit the app's page in the Google Play Store, tap the share button, and paste the copied link somewhere you can read it. The link will look like `https://play.google.com/store/apps/details?id=com.instagram.android`. The value after `id= `is your URI, in this case `com.instagram.android`. > > For iOS users, an app URI can be obtained by using autofill to open Bitwarden. Once Bitwarden is open, select the + icon on the top right corner of the screen. From here, copy the URI that has been included in the new vault item. Paste the URI into your existing login item for this app. `` --- URL: https://bitwarden.com/it-it/help/blumira-siem/ --- # Blumira SIEM Blumira is a security information and event management (SIEM) and extended detection and response (XDR) platform that centralizes log data from across your environment. Bitwarden integrates with Blumira by forwarding organization event log data, giving security teams unified visibility into password management activity alongside the rest of their security data. Bitwarden sends events to Blumira using HTTP ingestion. After generating a unique endpoint and token in Blumira, you'll add those values to the Blumira integration in the Bitwarden Admin Console. ## Requirements To set up Bitwarden as a log source in Blumira, you must: - Have a Bitwarden Teams or Enterprise organization. - Have a Blumira account with the ability to add HTTP ingestion instances. - Have administrative access to both Bitwarden and Blumira. ## Setup Integrating Bitwarden with Blumira will require short setup procedures in both platforms. ### Set up HTTP ingestion in Blumira Before connecting from Bitwarden, generate the credentials that Bitwarden will use to send events to Blumira: 1. Log in to the Blumira app and go to **Ingestion** → **HTTP Ingestion**. 2. Select **Add Ingestion Instance**: ![Add an instance in Blumira](https://bitwarden.com/assets/1MI8gE0thIwBSXgvgkBUxX/82efcf3cf23be0862ff8efa06e001087/2026-05-20_09-42-37.png) *Add an instance in Blumira* 3. In the setup window: - From the **Vendor**dropdown, select **Bitwarden**. - (Optional) Edit the pre-populated **Ingestion Instance Name**. - (Optional) Enter a **Description** for any additional context. - Select **Save**. 4. Your **Credentials** will be displayed, showing an **HTTP Event Collector URL** and **HTTP Event Collector Token**. Both are needed to complete the next section. > [!NOTE] Blumira credentials > The **HTTP Event Collector Token** will only be displayed once. Either copy and save this value to a secure location now, or keep the window open in a separate browser tab while you complete the Bitwarden side of setup. ### Connect to Blumira from Bitwarden Once you have your **HTTP Event Collector URL** and **HTTP Event Collector Token**, provide that information in your Bitwarden organization to complete setup: 1. Log in to the Bitwarden web app and open the **Admin Console**. 2. In the Admin Console, go to **Integrations** → **Event management.** 3. Find the **Blumira** card and select **Connect**: ![Connect to Blumira from Bitwarden](https://bitwarden.com/assets/21ppzLWsQU55qNt44Hf2sN/8630153cae92e04e5c15babb1c2e010d/2026-05-20_10-14-45.png) *Connect to Blumira from Bitwarden* 4. Enter your **HTTP Event Collector URL** and **HTTP Event Collector Token**. 5. Select **Save**. ## Additional resources - Learn more about [what events are surfaced by Bitwarden](https://bitwarden.com/it-it/help/event-logs/). - Learn more about [managing HTTP Ingestion in Blumira](https://blumirabeta.zendesk.com/hc/en-us/articles/51420656192147-Using-Blumira-HTTP-Ingestion). --- URL: https://bitwarden.com/it-it/help/browserext-deploy/ --- # Deploy Browser Extensions using GPOs, Linux Policies, & .plist Files When operating Bitwarden in a business setting, administrators may want to automate deployment of Bitwarden browser extensions to users with an endpoint management platform or group policy. This article will cover how to use GPOs and other templates to automate deployment of Bitwarden browser extensions to users with an endpoint management platform. ## Windows Deploying Bitwarden browser extensions to browsers on Windows generally require using Windows Group Policy to target managed computers an ADMX policy template. The procedure is slightly different for each browser: ### Chrome To deploy the browser extension on Windows and Google Chrome: 1. Download and unzip the [Chrome Enterprise Bundle](https://chromeenterprise.google/browser/download/#windows-tab) for Windows. 2. From the unzipped directory: - Copy `\Configuration\admx\chrome.admx` to `C:\Windows\PolicyDefinitions` - Copy `\Configuration\admx\en-US\chrome.adml` to `C:\Windows\PolicyDefinitions\en-US` 3. Open the Windows Group Policy Manager and create a new GPO for Bitwarden browser extension installation. 4. Right-click on the new GPO and select **Edit...**, and proceed to navigate to **Computer Configuration** → **Policies** → **Administrative Templates** → **Google Chrome** → **Extensions**. 5. In the right-hand settings area, select **Configure the list of force-installed apps and extensions**. In the dialog, toggle the **Enabled** option. 6. Select the **Show...** button and add the following: ``` nngceckbapebfimnlniiiahkandclblb;https://clients2.google.com/service/update2/crx ``` Click **OK**. 7. Still in **...Administrative Templates** → **Google Chrome**, select **Password manager** from the file tree. 8. In the right-hand settings area, right-click **Enable saving passwords to the password manager** and select **Edit**. In the dialog, toggle the **Disabled** option and select **OK**. 9. Repeat **Step 8** for the **Enable Autofill for addresses** and **Enable Autofill for credit cards** options, found in settings area for **...Administrative Templates** → **Google Chrome**. 10. Apply the newly-configured GPO to your desired scope. ### Firefox To deploy the browser extension on Windows and Firefox: 1. Download and unzip the [Firefox ADMX Template](https://github.com/mozilla/policy-templates/releases) file. 2. From the unzipped directory: - Copy `\policy_templates_\windows\firefox.admx` to `C:\Windows\PolicyDefinitions` - Copy `\policy_templates_\windows\en-US\firefox.adml` to `C:\Windows\PolicyDefinitions\en-US` 3. Open the Windows Group Policy Manager and create a new GPO for the Bitwarden browser extension installation. 4. Right-click on the new GPO and select **Edit...**, and proceed to navigate to **Computer Configuration** → **Policies** → **Administrative Templates** → **Firefox** → **Extensions**. 5. In the right-hand settings area, select **Extensions to Install**. In the dialog, toggle the **Enabled** option. 6. Select the **Show...** button and add the following: ``` https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi ``` Click **OK**. 7. Back in the file tree select **Firefox**. In the right-hand settings area, **Edit...** and disable both the **Offer to save logins** and **Offer to save logins (default)** options. 8. Apply the newly-configured GPO to your desired scope. ### Edge To deploy the browser extension on Windows and Edge: 1. Download and unzip the [Microsoft Edge Policy Files](https://www.microsoft.com/en-us/edge/business/download). 2. From the unzipped directory: - Copy `\windows\admx\msedge.admx` to `C:\Windows\PolicyDefinitions` - Copy `\windows\admx\en-US\msedge.adml` to `C:\Windows\PolicyDefinitions\en-US` 3. Open the Windows Group Policy Manager and create a new GPO for the Bitwarden browser extension installation. 4. Right-click on the new GPO and select **Edit...**, and proceed to navigate to **Computer Configuration** → **Policies** → **Administrative Templates** → **Microsoft Edge** → **Extensions**. 5. In the right-hand settings area, select **Control which extensions are installed silently**. In the dialog, toggle the **Enabled** option. 6. Select the **Show...** button and add the following: ``` jbkfoedolllekgbhcbcoahefnbanhhlh;https://edge.microsoft.com/extensionwebstorebase/v1/crx ``` Click **OK**. 7. Still in **..Administrative Templates** → **Microsoft Edge**, select **Password manager and protection** from the file tree. 8. In the right-hand settings area, right-click **Enable saving passwords to the password manager** and select **Edit**. In the dialog, toggle the **Disabled** option and select **OK**. 9. Repeat **Step 8** for the **Enable Autofill for addresses** and **Enable Autofill for payment instruments** options, found in settings area for **...Administrative Templates** → **Microsoft Edge**. 10. Apply the newly-configured GPO to your desired scope. ## MacOS Deploying Bitwarden browser extensions to browsers on macOS generally involves using a property list (`.plist`) file. The procedure is slightly different for each browser: ### Chrome To deploy the browser extension on macOS & Google Chrome: 1. Download the [Google Chrome .dmg or .pkg](https://chromeenterprise.google/browser/download/#mac-tab) for macOS. 2. Download the [Chrome Enterprise Bundle](https://chromeenterprise.google/browser/download/#windows-tab). 3. Unzip the Enterprise Bundle (`GoogleChromeEnterpriseBundle64.zip` or `GoogleChromeEnterpriseBundle32.zip`). 4. Open the `/Configuration/com.Google.Chrome.plist` file with any text editor. 5. Add the following to the `.plist` file: ``` ExtensionSettings nngceckbapebfimnlniiiahkandclblb installation_mode force_installed update_url https://clients2.google.com/service/update2/crx ``` In this codeblock, `nngceckbapebfimnlniiiahkandclblb` is the application identifier for the Bitwarden browser extension. Similarly, `https://clients2.google.com/service/update2/crx` signals Chrome to use the Chrome Web Store to retrieve the identified application. > [!NOTE] > You may also configure forced installations using the [ExtensionInstallForcelist](https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist) policy, however the [ExtensionSettings](https://support.google.com/chrome/a/answer/7517525#getID&zippy=%2Cset-custom-message-for-blocked-apps-and-extensions%2Cprevent-apps-and-extensions-from-altering-webpages) method will supersede ExtensionInstallForceList. 6. (**Recommended**) To [disable](https://chromeenterprise.google/policies/#PasswordManagerEnabled) Chrome's built-in password manager, add the following to `com.Google.Chrome.plist`: ``` PasswordManagerEnabled ``` 7. Convert the `com.Google.Chrome.plist` file to a configuration profile using a conversion tool like [mcxToProfile](https://github.com/timsutton/mcxToProfile). 8. Deploy the Chrome `.dmg` or `.pkg` and the configuration profile using your software distribution or MDM tool to all managed computers. > [!NOTE] > For more help, refer to Google's [Chrome Browser Quick Start for Mac](https://support.google.com/chrome/a/answer/9020580?hl=en&ref_topic=7650028) guide. ### Firefox To deploy the browser extension on MacOS and Firefox: 1. Download and install [Firefox for Enterprise](https://www.mozilla.org/en-US/firefox/enterprise/#download) for macOS. 2. Create a `distribution` directory in `Firefox.app/Contents/Resources/`. 3. In the created `/distribution` directory, create a new file `org.mozilla.firefox.plist`. > [!NOTE] > Use the [Firefox .plist template](https://github.com/mozilla/policy-templates/blob/master/mac/org.mozilla.firefox.plist) and [Policy README](https://github.com/mozilla/policy-templates/blob/master/README.md) for reference. 4. Add the following to `org.mozilla.firefox.plist`: ``` ExtensionSettings 446900e4-71c2-419f-a6a7-df9c091e268b installation_mode force_installed update_url https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi ``` In this codeblock, `446900e4-71c2-419f-a6a7-df9c091e268b` is the extension ID for the Bitwarden browser extension. Similarly, `https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi` signals Firefox to use the extension store to retrieve the application. 5. (**Recommended**) To [disable](https://github.com/mozilla/policy-templates/blob/master/README.md#passwordmanagerenabled) Firefox's built-in password manager, add the following to `org.mozilla.firefox.plist`: ``` PasswordManagerEnabled ``` 6. Convert the `org.mozilla.firefox.plist` file to a configuration profile using a conversion tool like [mcxToProfile](https://github.com/timsutton/mcxToProfile). 7. Deploy the Firefox `.dmg` and the configuration profile using your software distribution or MDM tool to all managed computers. ### Edge To deploy the browser extension on macOS and Microsoft Edge: 1. Download the [Microsoft Edge for macOS .pkg](https://www.microsoft.com/en-us/edge) file. 2. In Terminal, use the following command to create a `.plist` file for Microsoft Edge: ``` /usr/bin/defaults write ~/Desktop/com.microsoft.Edge.plist RestoreOnStartup -int 1 ``` 3. Use the following command to convert the `.plist` from binary to plain text: ``` /usr/bin/plutil -convert xml1 ~/Desktop/com.microsoft.Edge.plist ``` 4. Open `com.microsoft.Edge.plist` and add the following: ``` ExtensionSettings jbkfoedolllekgbhcbcoahefnbanhhlh installation_mode force_installed update_url https://edge.microsoft.com/extensionwebstorebase/v1/crx ``` In this codeblock, `jbkfoedolllekgbhcbcoahefnbanhhlh` is the application identifier for the Bitwarden browser extension. Similarly, `https://edge.microsoft.com/extensionwebstorebase/v1/crx` signals Edge to use the Edge Add-On Store to retrieve the identified application. > [!NOTE] > You may also configure forced installations using the [ExtensionInstallForceList](https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#extensioninstallforcelist), however the [ExtensionSettings](https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#extensionsettings) method will supersede ExtensionInstallForceList. 5. (**Recommended**) To [disable](https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#passwordmanagerenabled) Edge's built-in password manager, add the following to `com.microsoft.Edge.plist`: ``` PasswordManagerEnabled ``` 6. Convert the `com.microsoft.Edge.plist` file to a configuration profile using a conversion tool like [mcxToProfile](https://github.com/timsutton/mcxToProfile). 7. Deploy the Edge `.pkg` and the configuration profile using your software distribution or MDM tool to all managed computers. > [!NOTE] > **For Jamf-specific** help, refer to Microsoft's documentation on [Configuring Microsoft Edge policy settings on macOS with Jamf](https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge-on-mac-jamf). ## Linux Deploying Bitwarden browser extensions to browsers on Linux generally involves using a `.json` file to set configuration properties. The procedure is slightly different for each browser: ### Chrome To deploy the browser extension on Linux and Google Chrome: 1. Download the [Google Chrome .deb or .rpm](https://www.google.com/chrome/?platform=linux) for Linux. 2. Download the [Chrome Enterprise Bundle](https://chromeenterprise.google/browser/download/#windows-tab). 3. Unzip the Enterprise Bundle (`GoogleChromeEnterpriseBundle64.zip` or `GoogleChromeEnterpriseBundle32.zip`) and open the `/Configuration` folder. 4. Make a copy of the `master_preferences.json` (in Chrome 91+, `initial_preferences.json`) and rename it `managed_preferences.json`. 5. Add the following to `managed_preferences.json`: ``` { "policies:" { "ExtensionSettings": { "nngceckbapebfimnlniiiahkandclblb": { "installation_mode": "force_installed", "update_url": "https://clients2.google.com/service/update2/crx" } } } } ``` In this JSON object, `"nngceckbapebfimnlniiiahkandclblb"` is the application identifier for the Bitwarden browser extension. Similarly, `"https://clients2.google.com/service/update2/crx"` signals Chrome to use the Chrome Web Store to retrieve the identified application. > [!NOTE] > You may also configure forced installations using the [ExtensionInstallForcelist](https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist) policy, however the [ExtensionSettings](https://support.google.com/chrome/a/answer/7517525#getID&zippy=%2Cset-custom-message-for-blocked-apps-and-extensions%2Cprevent-apps-and-extensions-from-altering-webpages) method will supersede ExtensionInstallForceList. 6. (**Recommended**) To [disable](https://chromeenterprise.google/policies/#PasswordManagerEnabled) Chrome's built-in password manager, add the following to `managed_preferences.json` inside of `"policies": { }`: ``` { "PasswordManagerEnabled": false } ``` 7. Create the following directories if they do not already exist: ``` mkdir /etc/opt/chrome/policies mkdir /etc/opt/chrome/policies/managed ``` 8. Move `managed_preferences.json` into `/etc/opt/chrome/policies/managed`. 9. As you will need to deploy these files to users' machines, we recommend making sure only admins can write files in the `/managed` directory: ``` chmod -R 755 /etc/opt/chrome/policies ``` 10. Using your preferred software distribution or MDM tool, deploy the following to users' machines: - Google Chrome Browser - `/etc/opt/chrome/policies/managed/managed_preferences.json` > [!TIP] Linux Managed Chrome Help > For more help, refer to Google's [Chrome Browser Quick Start for Linux](https://support.google.com/chrome/a/answer/9025926?hl=en&ref_topic=9025817) guide. ### Firefox To deploy the browser extension on Linux and Firefox: 1. Download [Firefox for Linux](https://www.mozilla.org/en-US/firefox/all/#product-desktop-release). 2. Create a `distribution` directory within the Firefox installation directory. 3. In the `distrubition` directory, create a file `policies.json`. 4. Add the following to `policies.json`: ``` { "policies": { "ExtensionSettings": { "446900e4-71c2-419f-a6a7-df9c091e268b": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi" } } } } ``` In this JSON object, `"446900e4-71c2-419f-a6a7-df9c091e268b"` is the extension ID for the Bitwarden browser extension. Similarly, `"https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"` signals Firefox to use the extension store to retrieve the extension. 5. (**Recommended**) To [disable](https://github.com/mozilla/policy-templates/blob/master/README.md#passwordmanagerenabled) Firefox's built-in password manager, add the following to `policies.json` inside of `"policies": { }`: ``` { "PasswordManagerEnabled": false } ``` 6. Using your preferred software distribution or MDM tool, deploy the following to users' machines: - Firefox Browser - `/distribution/policies.json` > [!TIP] Linux Managed Firefox Help > For more help, refer to Firefox's [policies.json Overview](https://support.mozilla.org/en-US/kb/customizing-firefox-macos-using-configuration-prof) or [Policies README](https://github.com/mozilla/policy-templates/blob/master/README.md) on Github. --- URL: https://bitwarden.com/it-it/help/business-unit-portal-quick-start/ --- # Business Unit Portal Quick Start > [!NOTE] Sign up for Business Unit Portal > Interested in managing a Business Unit? [Contact us](https://bitwarden.com/it-it/contact-sales/) to learn more about the Business Unit Portal. To get started, you must have at least one Enterprise organization. ## Onboard users As the Business Unit Portal owner, you will be automatically given admin status, allowing you to fully manage all aspects of Business Unit organizations. Bitwarden strongly recommends that you provision additional admins for failover purposes. Now, begin adding your employees as service users, which will allow them to administer all Business Unit organizations and create new ones, or manage the unit itself. 1. **Invite users**. From the Business Unit Portal 🎚️ **Manage** → **Members** tab, invite users as service users (or invite additional admins): ![Invite business unit members](https://bitwarden.com/assets/3pFCcxegChJXePdeG6Qku/407a11969d79ea7c58f0845e3072922a/2025-04-23_08-56-22.png) 2. **Instruct users to accept invites**. Invited users will receive an email from Bitwarden inviting them to join the Business Unit. Inform users that they should expect an invitation and that they will need to **Log In** with an existing Bitwarden account or **Create Account** to proceed. ![Business Unit Invite](https://bitwarden.com/assets/4p9XEQjOB8nd1beMrTUo0z/2eef7bcb01b850d8544caea5703f5821/Screenshot_2025-03-27_151609.png) 3. **Confirm accepted invitations**. To complete the secure onboarding of your users, confirm accepted invitations from the Business Unit Portal **Members** tab: ![Confirm business unit invites](https://bitwarden.com/assets/40cMs63Aj1g3xrZ8SwHqMX/615ed6f09ba10c9ef3cba9d858742c3f/2025-04-23_09-08-12.png) With the assembled team of service users, you're ready to start setting up Business Unit organizations. ## Business Unit organizations Business Unit organizations are any organization that is attached to or administered by the Business Unit Portal. To your users, there's no difference between a "Business Unit" organization and a "regular" organization, except who is conducting the administration. Organizations relate Bitwarden users and vault items together for secure sharing of logins, cards, notes, and identities. Organizations have a view, the Admin Console, where service users can manage the organization's collections, manage members and groups, run reporting, import data, and configure organization settings: ![Business Unit Portal](https://bitwarden.com/assets/5nwhryDcaYUXFl72AWBeyO/8a5183b4e34803c173ca0281f641d708/2025-04-24_08-59-33.png) Members of a Business Unit organization will find shared items in the **Vaults** view alongside individually-owned items, as well as several methods for filtering the item list to only organization items or items in particular collections: ![Cassaforte abilitata per l'organizzazione](https://bitwarden.com/assets/4D2tlh9YKPzDY20SYGVKcG/dff56b66549d29405b1af211860f698e/2024-12-03_14-07-28.png) ## Create a Business Unit organization To create a new Business Unit organization, you must be as a Business Unit Admin. Navigate to the [bank] **Clients** tab of the Business Unit Portal and select the + **New** button: ![Add business unit](https://bitwarden.com/assets/3Z2OgnsPU5RUx5J05pPYs8/00f61fb7d980105bce9feb56496143a5/2025-04-24_09-02-23.png) ## Add an existing organization To add an existing organization to the Business Unit, you must be an active Business Unit admin and owner of the organization you wish to add. 1. Navigate to the **Business Unit Portal** using the product switcher and select the + **Add** button → **Existing organization**: ![Business Unit add Existing Organization](https://bitwarden.com/assets/7xFhBj38LTp1iWJdOadbU7/7f6b2185de459bef885095d8aef0951d/2025-10-02_15-38-46.png) 2. The Add existing organization dialogue will appear. Select the Organization you wish to add: ![Add existing organization to Business Unit](https://bitwarden.com/assets/2j9Zja0U0NJ761L0AzJDJv/843f4135b36ab02c01bf2c1a3f7f17c6/2025-10-02_15-54-06.png) 3. You will be prompted to confirm the subscription and billing changes to your provider subscription. Once complete, select **Add organization**. ## Setup the Business Unit organization With your newly-created Business Unit organization, start building the perfect solution for your users. Exact setup will be different for each Business Unit organization based on your needs, but will typically involve: 1. **Create collections**. A good first step is to [create a set of collections](https://bitwarden.com/it-it/help/about-collections/#create-a-collection/), which provide an organizing structure for the vault items you will add to the vault in the next step. Common collections patterns include **Collections by Department** (for example, users in the client's Marketing Team are assigned to a **Marketing** collection) or **Collections by Function** (for example, users from the client's Marketing Team are assigned to a **Social Media** collection): ![Collections](https://bitwarden.com/assets/6qodHGqBPABEFv3XJxaOUe/780cd4624a5d0a5fe315677968003e2d/collections-graphic-2.png) 2. **Import data**. Once the structure of how you will store vault items is in place, you can begin i[mporting data to the organization](https://bitwarden.com/it-it/help/import-to-org/). > [!NOTE] Service user permissions > Note that, as a service user, you will not be able to directly view, create, or manage individual items. 3. **Configure enterprise policies**. Before beginning the user management portion of setup, [configure enterprise policies](https://bitwarden.com/it-it/help/policies/) in order to set rules-of-use for things such as [master password complexity](https://bitwarden.com/it-it/help/policies/#master-password-requirements/), [use of two-step login](https://bitwarden.com/it-it/help/policies/#require-two-step-login/), and [admin password reset](https://bitwarden.com/it-it/help/account-recovery/#master-password-reset/). > [!NOTE] Enterprise policy > Enterprise policies are **only available to Enterprise organizations**. 4. **Setup login with SSO**. If your business unit uses single sign-on (SSO) to authenticate with other applications, [connect Bitwarden with their IdP](https://bitwarden.com/it-it/help/about-sso/) to allow authentication with Bitwarden using end-users' SSO credentials. 5. **Create user groups**. For teams and enterprise organizations, [create a set of groups](https://bitwarden.com/it-it/help/about-groups/#create-a-group/) for scalable permissions assignment. When you start adding users, add them to groups to have each user automatically inherit the group's configured permissions (for example, access to which collections). One common group-collection pattern is to create **Groups by Department** and **Collections by Function**, for example: ![Collections](https://bitwarden.com/assets/6qodHGqBPABEFv3XJxaOUe/780cd4624a5d0a5fe315677968003e2d/collections-graphic-2.png) ## Invite client users With the infrastructure for secure and scalable sharing of credentials in place, you can begin inviting users to the organization. Onboarding users to Bitwarden can be accomplished in three ways, depending on the size of your Business Unit: 1. **For smaller units**, you can send email invitations to users from the Admin Console 🎚️ **Members** view: ![Invita un membro a un'organizzazione](https://bitwarden.com/assets/7AJjR4oqEnCH3A89YYoWpH/498d594fa9703bee9c5f49e2af9f83d0/Invite_member_to_an_organization.png) 2. **For larger units**who leverage an IdP such as Azure AD, Okta, OneLogin, or JumpCloud, use [SCIM](https://bitwarden.com/it-it/help/about-scim/) to automatically provision users. 3. **For larger units** who leverage a directory service (Active Directory, LDAP, Okta, and more), use [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) to sync organization users from the source directory and automatically issue invitations. Regardless of whether you have invited users from the organization vault, using SCIM, or using Directory Connector, the same three-step process (Invite → Accept → Confirm) that you followed when [onboarding service users](https://bitwarden.com/it-it/help/getting-started-providers/#onboard-users/) will apply here as well. ## Managing self-hosted organizations Business Unit Portal access to managed organizations is currently available for cloud-hosted environments only. To provide administrative services for a self-hosted instance, an additional service seat will need to be purchased to manage the self-hosted instance. For more information, see [managing self-hosted organizations](https://bitwarden.com/it-it/help/getting-started-providers/#managing-self-hosted-organizations/). ### --- URL: https://bitwarden.com/it-it/help/business-unit-portal/ --- # Business Unit Portal > [!NOTE] Sign up for Business Unit Portal > Interested in managing a Business Unit? [Contact us](https://bitwarden.com/it-it/contact-sales/) to learn more about the Business Unit Portal. To get started, you must have at least one Enterprise organization. The Business Unit Portal is an administrative center that allows Enterprise administrators to create and manage any number of Enterprise organizations. Once you have requested access and been approved, the portal is accessible by selecting **Business Unit Portal**, available through the product switcher: ![Open the Business Unit Portal](https://bitwarden.com/assets/PdRRyABfSMxDBcAk7fQDb/0e394d3a94eaf85511625c1a15bff384/2025-04-24_08-59-33.png) ## What is the Business Unit Portal? The Business Unit Portal empowers administrators to manage large Enterprise organizations at scale. The Business Unit Portal streamlines administration tasks by centralizing a dedicated space to access and support each managed organization, or to create a new one: ![Business Unit Portal](https://bitwarden.com/assets/5nwhryDcaYUXFl72AWBeyO/8a5183b4e34803c173ca0281f641d708/2025-04-24_08-59-33.png) The Business Unit Portal is built with two distinct user types: - **Service users** can administer Business Units - **Unit admins** can administer business unit organizations, including adding new service users to the team. ## Why Business Unit Portal? The Business Unit Portal is a solution to efficiently create and easily manage multiple Bitwarden organizations in your business. Using the Business Unit Portal, administrators may: - View all organizations under the company's management, as well as onboard new and existing organizations. - Manage user onboarding, provisioning, organization policies, settings, and collections. - View time-stamped actions made by users in the Business Unit Portal, including: creating new organizations, inviting new users, and user's access to organizations. The Business Unit Portal is an all-in-one management experience that enables business administrators to manage Bitwarden organizations at scale. The Business Unit Portal streamlines administration tasks by centralizing a dedicated space to access and support each organization, or to create a new one. ## Business Unit organizations Business Unit organizations are any organization that is attached to or administered by a Business Unit. To your users, there's no difference between a "Business Unit" organization and a "regular" organization except for who is conducting administration. All Business Unit administrators have access to all unit organizations: ![Structure of a Provider ](https://bitwarden.com/assets/28M8mkU03SyVFq70ZgD0Bp/04e3c65eba73892ae3301d366ce97ce1/provider-diagram.png) > [!NOTE] Business Unit Credentials > **As denoted in the above diagram**, if Unit administrators want to use an [organization](https://bitwarden.com/it-it/help/about-organizations/) to manage their own credentials, they **should not** include it as a Business Unit. > > Creating an independent organization for this case will ensure users can be given the appropriate [user types and access controls](https://bitwarden.com/it-it/help/user-types-access-control/) over credentials. Organizations relate Bitwarden users and vault items together for [secure sharing](https://bitwarden.com/it-it/help/sharing/) of logins, cards, notes, and identities. Organizations have a unique view, the Admin Console, where service users can manage the organization's collections, manage members and groups, run reporting, import data, and configure organization settings: ![Access business unit collections](https://bitwarden.com/assets/556sezsEi94WR2UMFWaXY0/4e1fb093daf9cf130d44464ea60474b9/2025-04-23_08-52-47.png) Members of a business unit will find shared items in their **Vaults** view alongside individually-owned items, as well as several methods for filtering the item list to only organization items or items in particular [collections](https://bitwarden.com/it-it/help/about-collections/): ![Cassaforte abilitata per l'organizzazione](https://bitwarden.com/assets/4D2tlh9YKPzDY20SYGVKcG/dff56b66549d29405b1af211860f698e/2024-12-03_14-07-28.png) Once you have [contacted us](https://bitwarden.com/it-it/contact-sales/) and been setup with access by a member of the Bitwarden team, [start a Business Unit organization](https://bitwarden.com/it-it/help/client-org-setup/). --- URL: https://bitwarden.com/it-it/help/cancel-a-subscription/ --- # Cancel a Subscription Canceling a Bitwarden subscription will result in your account or organization losing access to paid features at the end of the billing cycle. If your subscription is less than 30 days old, [contact us](https://bitwarden.com/it-it/contact/) to receive a refund. Canceling a subscription does not automatically delete your account or organization. [Learn more](https://bitwarden.com/it-it/help/delete-your-account/). If you're self-hosting, cancel your subscription from the Bitwarden-hosted web app you created the account on. [Learn more](https://bitwarden.com/it-it/help/licensing-on-premise/). ## Cancel a personal subscription To cancel a personal subscription: 1. In the web app, navigate to **Settings** → **Subscription**: ![Subscription page](https://bitwarden.com/assets/3Ru9TSLguhRNYtLe2TLwXk/bec6794eb58efa8780504720d4acb250/2026-03-03_10-24-17.png) *Subscription page* 2. Take note of the **Next charge**date. This is when you will lose access to paid features once your subscription is cancelled. 3. Select the **Cancel subscription**button. When you confirm cancelation, your account will move into a **Pending cancellation**status until the noted **Next charge**date is reached. When the **Next charge**date is reached, you will be moved to a free account. [Learn what happens when you lose premium](https://bitwarden.com/it-it/help/premium-renewal/). > [!TIP] Reinstate Sub > If you change your mind before the end of the billing cycle, you can **Reinstate Subscription**with a single button! ## Cancel an organization subscription To cancel an organization subscription: 1. In the web app, open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Navigate to **Billing**→ **Subscription:** ![Organization subscription view](https://bitwarden.com/assets/7MT9lfZZDTOQOBmnrLGceN/1ac8c615153e35250d15ce3921148cfe/2024-12-04_10-33-12.png) > [!NOTE] Only org owners may access subscription page > Only organization owners are able to access to the organization's subscription page. 3. Take note of the **Subscription expiration**date. This is when your organization will lose access to paid features once your subscription is cancelled. 4. Scroll down and select the **Cancel subscription**button. When you confirm cancelation, your organization will move into a **Pending cancellation**status until the noted **Subscription expiration**date is reached. When the **Subscription expiration**date is reached, your subscription will end. [Learn what happens next](https://bitwarden.com/it-it/help/organization-renewal/). > [!TIP] Reinstate Sub > If you change your mind before the end of the billing cycle, you can **Reinstate Subscription**with a single button! ## --- URL: https://bitwarden.com/it-it/help/certificates/ --- # Certificate Options This article defines the certificate options available to self-hosted instances of Bitwarden. You will select your certificate option during installation. **Setting up or changing your certificate configuration will always require** you to run the `./bitwarden.sh rebuild` or `.\bitwarden.ps1 -rebuild` command before starting Bitwarden to apply the changes to your config.yml file. > [!NOTE] Certificate options not applied to Bitwarden Unified > The information in this article may not apply to Bitwarden Unified self-hosted deployments. ## Generate a certificate with Let's Encrypt [Let's Encrypt](https://letsencrypt.org/how-it-works/) is a certificate authority (CA) that issues trusted SSL certificates free of charge for any domain. The Bitwarden installation script offers the option to generate a trusted SSL certificate for your domain using Let's Encrypt and [Certbot](https://certbot.eff.org). Certificate renewal checks occur each time Bitwarden is restarted. Using Let's Encrypt will require you to enter an email address for certificate expiration reminders. > [!NOTE] Let's Encrypt port requirement > Let's Encrypt is a third-party certificate authority that requires inbound ports 80 and 443 have access from the internet in order to validate your domain and issue a certificate. If you do not have or want to set up inbound internet access, you may use one of the other certificate options in this document. ### Manually update a Let's Encrypt certificate If you change the domain name of your Bitwarden server, you will need to manually update your generated certificate. Run the following commands to create a backup, update your certificate, and rebuild Bitwarden: 🐧 🍎 Bash ``` ./bitwarden.sh stop mv ./bwdata/letsencrypt ./bwdata/letsencrypt_backup mkdir ./bwdata/letsencrypt chown -R bitwarden:bitwarden ./bwdata/letsencrypt chmod -R 740 ./bwdata/letsencrypt docker pull certbot/certbot docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /bwdata/letsencrypt:/etc/letsencrypt/ certbot/certbot certonly --email --logs-dir /etc/letsencrypt/logs ``` Select 1, then follow the instructions: ``` openssl dhparam -out ./bwdata/letsencrypt/live//dhparam.pem 2048 ./bitwarden.sh rebuild ./bitwarden.sh start ``` 🪟 PowerShell > [!NOTE] > You will need to install a build of OpenSSL for Windows. ``` .\bitwarden.ps1 -stop mv .\bwdata\letsencrypt .\bwdata\letsencrypt_backup mkdir .\bwdata\letsencrypt docker pull certbot/certbot docker run -i --rm --name certbot -p 443:443 -p 80:80 -v \bwdata\letsencrypt\:/etc/letsencrypt/ certbot/certbot certonly --email --logs-dir /etc/letsencrypt/logs Select 1, then follow instructions dhparam -out .\bwdata\letsencrypt\live\\dhparam.pem 2048 .\bitwarden.ps1 -rebuild .\bitwarden.ps1 -start ``` ## Use an existing SSL certificate You may alternatively opt to use an existing SSL certificate, which will require you to have the following files: - A server certificate (`certificate.crt`) - A private key (`private.key`) - A CA certificate (`ca.crt`) You may need to bundle your primary certificate with intermediate CA certificates to prevent SSL trust errors. All certificates should be included in the server certificate file when using a CA certificate. The first certificate in the file should be your server certificate, followed by any intermediate CA certificate(s), followed by the root CA. Under the default configuration, place your files in `./bwdata/ssl/your.domain`. You may specify a different location for your certificate files by editing the following values in `./bwdata/config.yml`: ``` ssl_certificate_path: ssl_key_path: ssl_ca_path: ``` > [!NOTE] > The values defined in `config.yml` represent locations inside the NGINX container. Directories on the host are mapped to directories within the NGINX container. Under the default configuration, mappings line up as follows: > > The following values in `config.yml`: > > > ``` > ssl_certificate_path: /etc/ssl/your.domain/certificate.crt > ssl_key_path: /etc/ssl/your.domain/private.key > ssl_ca_path: /etc/ssl/your.domain/ca.crt > ``` > > Map to the following files on the host: > > > ``` > ./bwdata/ssl/your.domain/certificate.crt > ./bwdata/ssl/your.domain/private.key > ./bwdata/ssl/your.domain/ca.crt > ``` > > **You should only ever need to work with files in**`**./bwdata/ssl/**`**. Working with files directly in the NGINX container is not recommended.** > [!TIP] IPs for OCSP Checks > If your server is logging outbound traffic to 1.1.1.1, 1.0.0.1, 9.9.9.9, or 149.112.112.112, your server is making OCSP checks. You can prevent this traffic by configuring an empty value for `ssl_ca_path:` in your `config.yml` file. Changing this value, as with changing anything in `config.yml`, requires a rebuild and restart of your server. ### Using Diffie-Hellman key exchange Optionally, if using Diffie-Hellman key exchange to generate ephemeral parameters: - Include a `dhparam.pem` file in the same directory. - Set the `ssl_diffie_hellman_path:` value in `config.yml`. > [!NOTE] > You can create your own `dhparam.pem` file using OpenSSL with `openssl dhparam -out ./dhparam.pem 2048`. ## Using a self-signed Certificate You may alternatively opt to use a self-signed certificate, however this is only recommended for testing. Self-signed certificates will not be trusted by Bitwarden client applications by default. You will be required to manually install this certificate to the trusted store of each device you plan to use Bitwarden with. Generate a self-signed certificate: ``` mkdir ./bwdata/ssl/bitwarden.example.com openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 \ -keyout ./bwdata/ssl/bitwarden.example.com/private.key \ -out ./bwdata/ssl/bitwarden.example.com/certificate.crt \ -reqexts SAN -extensions SAN \ -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:bitwarden.example.com\nbasicConstraints=CA:true')) \ -subj "/C=US/ST=New York/L=New York/O=Company Name/OU=Bitwarden/CN=bitwarden.example.com" ``` Your self-signed certificate (`.crt`) and private key (`private.key`) can be placed in the `./bwdata/ssl/self/your.domain` directory and configured in the `./bwdata/config.yml`: ``` ssl_certificate_path: /etc/ssl/bitwarden.example.com/certificate.crt ssl_key_path: /etc/ssl/bitwarden.example.com/private.key ``` ### Trust a self-signed certificate #### Windows To trust a self-signed certificate on Windows, run `certmgr.msc` and import your certificate into the Trusted Root Certification Authorities. #### Linux To trust a self-signed certificate on Linux, add your certificate to the following directories: ``` /usr/local/share/ca-certificates/ /usr/share/ca-certificates/ ``` And run the following commands: ``` sudo dpkg-reconfigure ca-certificates sudo update-ca-certificates ``` For our Linux desktop app, accessing the web vault using Chromium-based browsers, and the Directory Connector desktop app, you also need to complete [this Linux cert management procedure](https://chromium.googlesource.com/chromium/src/+/refs/heads/master/docs/linux/cert_management.md). For the [Bitwarden CLI](https://bitwarden.com/it-it/help/cli/) and [Directory Connector CLI](https://bitwarden.com/it-it/help/directory-sync-cli/), your self-signed certificate must be stored in a local file and referenced by a `NODE_EXTRA_CA_CERTS=` environment variable, for example: ``` export NODE_EXTRA_CA_CERTS=~/.config/Bitwarden/certificate.crt ``` #### Android To trust a self-signed certificate on an Android device, refer to Google's [Add & remove certificates documentation](https://support.google.com/pixelphone/answer/2844832?hl=en). > [!NOTE] Selfhosting Android > If you are **not self-hosting** and encounter the following certificate error on your android device: > > > ``` > Exception message: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. > ``` > > You will need to upload Bitwarden's certificates to your device. Refer to [this community thread](https://community.bitwarden.com/t/android-client-login-bitwarden-https-cert-problem/12132) for help finding the certificates. ## Use no certificate > [!NOTE] > If you opt to use no certificate, you **must front your installation with a proxy that serves Bitwarden over SSL**. This is because Bitwarden requires HTTPS; trying to use Bitwarden without the HTTPS protocol will trigger errors. --- URL: https://bitwarden.com/it-it/help/change-at-risk-passwords/ --- # Change At-Risk Passwords If you see a **Review and change at-risk passwords**or a**Your password is at-risk, update it now** banner, you have a password in your vault that should be replaced with something stronger. This banner is appearing to you for one of two reasons: - The administrative team for your organization has identified a weak, re-used, or exposed password and requires you to update it, you may also receive an email informing you of this. Browser extensions will report in the **Vaults** view when your admin team requires you to update a password. - As a Premium user, a weak, re-used, or exposed password has been automatically identified by underlying [vault health reporting](https://bitwarden.com/it-it/help/reports/) and suggested by Bitwarden as an important opportunity to improve your security hygiene. Browser extensions, desktop apps, and the web app will report in the **Item** view when a particular password should be improved. ![Change an at-risk password](https://bitwarden.com/assets/2N1WqXBUVvutN9qQR73WbQ/ad56aeac00234010b56e1cc74a4ba542/2025-04-25_13-08-23.png) In your browser extension, click the banner and use the **Change**button for each at-risk password to replace a weak, re-used, or exposed password with a strong new one. In most cases, the browser extension will guide you directly to that service's "Change password" page. Remember that: - You must change the password within the website's "Change password" form as well as within Bitwarden. - You should use the [password generator](https://bitwarden.com/it-it/help/generator/#tab-browser-extension-6xKx6UelBVUbCceB9IupEa/) to create a strong and unique new password. --- URL: https://bitwarden.com/it-it/help/change-client-environment/ --- # Connect Individual Clients By default, Bitwarden clients will connect to Bitwarden-hosted servers, but any client application can be configured to connect to your self-hosted Bitwarden instance instead. > [!NOTE] If you do not wish to connect to a self-hosted instance > If you are trying to connect to a Bitwarden-hosted server, but your client is attempting to connect to a self-hosted instance, select **bitwarden.com** or **bitwarden.eu** from the **Logging in on** menu. ### Browser extension To connect a browser extension to your self-hosted server: 1. On the login or registration screen, select the **Logging in on**dropdown and choose the **Self-hosted**option. ![Self-hosted server selection](https://bitwarden.com/assets/1Pq95ZZLLySxwjLr7eul5W/326732e7943499236adf16e6a16378b6/2024-12-04_10-05-14.png) 2. In the **Server URL**field, enter the domain name for your server with `https://` (for example, `https://my.bitwarden.domain.com`). 3. Select **Save**. > [!TIP] Advanced Client-Server Specification > Users with unique setups can specify the URL of each service independently in the **Custom Environment**section. ### Mobile app To connect a mobile app to your self-hosted server: 1. On the login or registration screen, select the **Logging in on**dropdown and choose the **Self-hosted**option. ![Server selection on mobile](https://bitwarden.com/assets/0mBtygWpIfx8MLtcPwxwD/0041c5a129a88b9fb5dd021a07a6da4e/2025-01-22_10-17-39.png) 2. In the **Server URL**field, enter the domain name for your server with `https://` (for example, `https://my.bitwarden.domain.com`). 3. If your self-hosted server requires it, upload a certificate. 4. Select **Save**. > [!TIP] Advanced Client-Server Specification > Users with unique setups can specify the URL of each service independently in the **Custom Environment**section. ### Desktop app [Each account](https://bitwarden.com/it-it/help/account-switching/) that's logged in to your desktop app can be connected to a different server. To connect an account to your self-hosted server: 1. On the login or registration screen, select the **Accessing**dropdown and choose the **Self-hosted**option. ![Region selector on desktop](https://bitwarden.com/assets/3FlU02971dqGGkp86WJJc5/e5c40a136a11ee48c5e74a068bda2405/2026-04-23_09-17-05.png) *Region selector on desktop* 2. In the **Server URL**field, enter the domain name for your server with `https://` (for example, `https://my.bitwarden.domain.com`). 3. Select **Save**. > [!TIP] Advanced Client-Server Specification > Users with unique setups can specify the URL of each service independently in the **Custom Environment**section. ### CLI To connect the CLI to your self-hosted server: 1. Logout using the `bw logout` command. 2. Use the following command to connect the CLI to your self-hosted server: ``` bw config server https://your.bw.domain.com ``` Users with unique setups can specify the URL of each service independently using the following commands: ``` bw config server --web-vault bw config server --api bw config server --identity bw config server --icons bw config server --notifications bw config server --events bw config server --key-connector ``` --- URL: https://bitwarden.com/it-it/help/change-theme/ --- # Change App Appearance The Bitwarden web vault, browser extension, desktop app, and mobile app come packed with stylish themes. Browser extensions also include a few other appearance options: ### Web app To change the theme of your web app: 1. Navigate to **Settings** → **Appearance**: ![Web app appearance](https://bitwarden.com/assets/7vKmhsOfJqieQbYRxALV75/0ed7782f100100ab3d86567e6b1b0a9d/2025-12-31_10-27-36.png) 2. From the **Theme** dropdown, choose your favorite theme and select **Save**! ### Browser extension To change the theme of your browser extension: 1. Open the browser extension's **Settings** tab. 2. Select **Appearance**. ![Select theme browser ext](https://bitwarden.com/assets/6IZpsItvhtnImItOfXJ9HW/5502397e3024f97c473eaf05fc7cb9cd/2024-12-03_10-51-17.png) 3. Use the **Theme** dropdown menu to select your favorite theme. 4. Use the **Extension width** dropdown menu to change the browser's extension's dimensions. 5. Use **Compact mode** to increase the information density of what's shown in the browser extension. ### Desktop To change the theme of your desktop app: 1. Open the desktop app's **Preferences** panel (on Windows, **File** → **Settings**) (on macOS, **Bitwarden** → Preferences). 2. Scroll to the **App Settings** section and use the **Theme** dropdown to select your favorite theme! ![Change theme ](https://bitwarden.com/assets/7dOzSglXr4rlM97zKoqptq/2737fefeb63bc9fd09e863f8d3690ed1/2026-04-23_11-12-59.png) *Change theme * > [!TIP] Theme + Account Switching > Theme is set globally for all logged-in accounts in the desktop app. [Learn more](https://bitwarden.com/it-it/help/account-switching/). ### Mobile To change the theme of your mobile app: 1. Open the mobile app's ⚙️ **Settings** tab. 2. Tap **Appearance**. 3. Tap the **Theme** option to select your favorite theme: ![Change theme on mobile ](https://bitwarden.com/assets/ntCXOl03Oi6zmXx5Z9j5C/1329fb58540811d4b195b638b2628aca/2025-05-20_15-28-44.png) > [!TIP] Material You for Android > On Android, you can also use the **Dynamic colors**option to match the color scheme of Bitwarden to your wallpaper. --- URL: https://bitwarden.com/it-it/help/choose-my-server/ --- # Choose My Server The Bitwarden cloud is available globally with data storage in both **United States** and **European Union** regions. > [!TIP] Why server geography is important > Bitwarden data regions are separate, and your account or organization only exists in the region where it was first created, meaning: > > - You can't log in on the EU server if your account was created on a US server, or vice versa. Trying to do so will mimic the experience of entering the wrong master password. > - Creating accounts on both servers will not cause data to sync between the two. If you use multiple Bitwarden apps and observe mismatched data, check that they're logged in to the same server. > - Accounts on one server can't join an organization on a different server. > - Accounts cannot change servers once created. To switch from a US server to an EU server, or vice versa, you must create a new account on the desired server. Once a new account has been created, you may [export your existing vault data](https://bitwarden.com/it-it/help/export-your-data/) to the new account. To choose which server you're logging into or creating an account on, use the **Server** or **Logging in on**dropdown on the login or registration screen: ### Web app ![Region selector on web app](https://bitwarden.com/assets/30W3B0aJy0dzO0pKTaBr7h/ed4fa669856dc3b13dbd80a1e0b237b5/2024-12-04_10-09-00.png) ### Browser extension ![Region selector on browser extensions](https://bitwarden.com/assets/4Kas8J6TjKZWMdaTo7pZMX/7d33be1c411bcf7eaf0816842beb824b/2025-02-18_14-09-00.png) ### Mobile app ![Region selector on mobile apps](https://bitwarden.com/assets/753jtQ6dg9u6Rln2A7TF4R/01b3d12d193d8f00432b925c29999d91/2025-02-18_14-18-33.png) ### Desktop app ![Region selector on desktop](https://bitwarden.com/assets/3FlU02971dqGGkp86WJJc5/e5c40a136a11ee48c5e74a068bda2405/2026-04-23_09-17-05.png) *Region selector on desktop* --- URL: https://bitwarden.com/it-it/help/claimed-accounts/ --- # Claimed Accounts When an Enterprise organization [claims a domain](https://bitwarden.com/it-it/help/claimed-domains/), onboarded organization member accounts that use an email address with a matching domain (e.g. `jdoe@mycompany.com`) will be claimed be the organization. Claimed accounts are functionally **owned by the organization**, resulting in a few key changes to the way the account works. > [!NOTE] Clarifying claimed member prereqs > A user must have a matching domain **and** be a [confirmed member](https://bitwarden.com/it-it/help/managing-users/#confirm/) of your Bitwarden organization to be considered a claimed account. Claiming a domain **does not** automatically invite any users and therefore will not in and of itself add to your subscription seat count. ## Deletion of claimed accounts Claimed member accounts can be outright deleted by organization administrators, instead of only being able to be removed from the organization. This includes deleting that user's individual vault, if one is available to them. If you are an organization member with a claimed account, it is especially important that you are not storing any personal credentials in that account. > [!NOTE] Learn how to delete claimed accounts > Claimed accounts can be deleted from the Admin Console's **Members** page using the ⋮ options menu: > > ![Delete claimed accounts](https://bitwarden.com/assets/6HUnGTfMstF4IasZcKBfdi/0d2dbd328ba4a006611576e7d91c70df/2025-01-14_10-45-56.png) > > Members of your organization that do not have claimed accounts can only be **Removed** from the organization instead. ## Restricted access to account actions If you are an organization member with a claimed account, you are not able to: - Change your account email address to a domain that is not claimed by your organization. (You can still change the username portion of your email address.) - Leave the organization. - Purge your vault. - Delete your account. --- URL: https://bitwarden.com/it-it/help/claimed-domains/ --- # Claimed Domains Enterprise customers can claim domain (eg. `mycompany.com`) ownership for their organizations with a valid and unique-to-Bitwarden DNS TXT record. When you claim a domain, your organization gains additional controls over accounts with matching email addresses: - **Policy to block undesired account creation**: [Turn on a policy](https://bitwarden.com/it-it/help/policies/#block-account-creation-for-claimed-domains/) to prevent email accounts with matching domains (e.g. `jdoe@mycompany.com`) from creating Bitwarden accounts on that Bitwarden server that are outside the organization. When the policy is on, email accounts with matching domains can only be used to create Bitwarden accounts on that Bitwarden server by being invited to join the organization. > [!TIP] Block account creation on cloud when self-hosting > If you're self-hosting Bitwarden but want to **block account creation on both your self-hosted server and a Bitwarden cloud server**, you must claim your domain and activate the **Block account creation** policy option on both servers. - **Claimed member accounts**: Onboarded organization member accounts that use an email address with a matching domain (e.g. `jdoe@mycompany.com`) will automatically be [claimed by your organization](https://bitwarden.com/it-it/help/claimed-accounts/), restricting users from taking some account actions and allowing administrators to [delete the accounts](https://bitwarden.com/it-it/help/delete-member-accounts/) outright instead of only being able to remove them from the organization. Onboarded organization member accounts that use an email address with a matching domain (e.g. `jdoe@mycompany.com`), referred to as [claimed accounts](https://bitwarden.com/it-it/help/claimed-accounts/), also gain the following benefits: - **Easier SSO workflow**: During SSO authentication, these members will automatically bypass the step that would require them to enter an [SSO identifier](https://bitwarden.com/it-it/help/using-sso/#get-your-organization-identifier/). - **Automatically verified emails**: These members will have their [email automatically verified](https://bitwarden.com/it-it/help/product-faqs/#q-what-features-are-unlocked-when-i-verify-my-email/) when onboarded. ## Claim a domain In order to claim a domain, Bitwarden must verify that: - No other organization has verified the domain. - Your organization has ownership of the domain. Bitwarden will use a DNS TXT record to validate a domain claim. This DNS TXT record must be kept active and available at all times, as Bitwarden will continually check for it. To claim a domain, complete the following steps as an [admin or owner](https://bitwarden.com/it-it/help/user-types-access-control/#member-roles/): 1. Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Navigate to **Settings** → **Claimed domains**: ![Claiming a domain](https://bitwarden.com/assets/6WJAs5AXufz8zSiVjEp5aA/8d9f4576f877ce74d6553430801070a9/2025-01-14_09-56-53.png) 3. On the **Claimed domains**screen you will see a list of active domains, along with status checks and options. If you have no active domains, select **New domain**. > [!TIP] Claimed a domain for the first time > When you claim a domain, the [single organization policy](https://bitwarden.com/it-it/help/policies/#single-organization/) will automatically be activated during the claiming workflow. Domains that were claimed prior to the 2025.3.0 release will not automatically activate this policy, however any subsequent domains claimed by the organization will. 4. In the pop-up window, enter a **Domain name**. > [!NOTE] domain format > The format of the domain name entry **should not** include `https://` or `www.`. 5. Copy the **DNS TXT record** and add it to your domain. 6. Select **Claim domain**. ### Manage your domains You can manage and view the status of your domains from the **Claimed domains** page. All domains will have a status of **Claimed** or **Not Claimed**: ![Claimed domain](https://bitwarden.com/assets/1sgIhVJzsRce0VyNIvH1ze/9ebaf423a88815e476bf2d81231fbf8e/2025-04-15_09-52-34.png) > [!TIP] If you need to edit your domain. > Before updating your claimed domain in Bitwarden, verify that your TXT record is publicly visible using the `dig` command: > > > ```bash > dig your.domain.com TXT > ``` > > **If the wrong TXT record is found**, your DNS changes may need more time to propagate. **If the right TXT record is found but claiming still fails**, your Bitwarden server may be configured to use a internal DNS server than the public one in which the update was made. Use the ⋮ menu located on the right side of the domain to: - Edit or delete a domain. - **Copy DNS TXT record**to provide it to your DNS provider. - Manually **verify domain** if automatic claiming was not successful. > [!NOTE] Domain verification attempts > Bitwarden will attempt to verify the domain 3 times during the first 72 hours. If the domain has not been verified within 7 days after the 3rd attempt, the domain will be removed from your organization. Domain claiming activities will be logged in the organization event logs. To view events, navigate to **Reporting** → **Event logs** in the Admin Console. ## Once your domain is claimed Once your domain is claimed and verified, your organization will gain access to the following: ### Block account creation for claimed domains Turn on [this policy](https://bitwarden.com/it-it/help/policies/#block-account-creation-for-claimed-domains/) to prevent email accounts with matching domains (e.g. `jdoe@mycompany.com`) from creating Bitwarden accounts outside the organization. When the policy on, email accounts with matching domains can only be used to create Bitwarden accounts by being invited to join the organization. ### Claimed member accounts Onboarded organization member accounts that use an email address with a matching domain (e.g. `jdoe@mycompany.com`) will automatically be [claimed by your organization](https://bitwarden.com/it-it/help/claimed-accounts/), resulting in a few key changes to the way the account works: > [!NOTE] Clarifying claimed member prereqs > A user must have a matching domain **and** be a [confirmed member](https://bitwarden.com/it-it/help/managing-users/#confirm/) of your Bitwarden organization to be considered a claimed account. Claiming a domain **does not** automatically invite any users and therefore will not in and of itself add to your subscription seat count. #### Org-managed account deletion Claimed member accounts can be outright deleted by organization administrators, instead of only being able to be removed from the organization. Owners and admins can delete a claimed account from the Admin Console's **Members** page using the ⋮ menu: ![Delete claimed accounts](https://bitwarden.com/assets/6HUnGTfMstF4IasZcKBfdi/0d2dbd328ba4a006611576e7d91c70df/2025-01-14_10-45-56.png) Members of your organization that do not have claimed accounts can be **Removed** from the organization instead. > [!NOTE] Claimed accounts with Directory Connector and SCIM > Directory Connector and SCIM do not have the ability to delete claimed accounts, this action can only be taken by admins and owners from the web app Admin Console. #### Restricted access to account actions Users with member accounts will be restricted from: - Changing their account email address to a different domain (members can still change the username portion of their email address). - Leaving the organization. - Purging their vault. - Deleting their account. --- URL: https://bitwarden.com/it-it/help/clear-sync-cache/ --- # Clear Sync Cache Directory Connector keeps a local cache while syncing changes to your Bitwarden organization. This cache helps Directory Connector to **only send the deltas between the two directories** (before and after). If a particular directory change is not syncing as expected or you encounter a sync error, like "An unhandled server error has occurred," try clearing this cache. Clearing the cache will trigger a full sync to occur during the next sync operation. To clear the local cache: ### Desktop From the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/): 1. Select the **More** tab. 2. In the Other section, select the **Clear Sync Cache** button. ### CLI Use the following command: ``` bwdc clear-cache ``` --- URL: https://bitwarden.com/it-it/help/cli-auth-challenges/ --- # CLI Authentication Challenges The August 2021 release of Bitwarden (**2021-09-21**) introduced [Captcha](https://www.hcaptcha.com/about) requirements to increase security against bot traffic. On the CLI, Captcha challenges are substituted with authentication challenges that can validated using your account's [personal API key](https://bitwarden.com/it-it/help/personal-api-key/) `client_secret`. > [!NOTE] bwlogin api key > **For automated workflows or for providing access to an external application**, we recommend using the `bw login --apikey` [method](https://bitwarden.com/it-it/help/cli/#using-an-api-key/). This method follows a more predictable authentication flow and revoking an application or machine's access can be achieved by rotating the [API key](https://bitwarden.com/it-it/help/personal-api-key/#rotate-your-api-key/). ## Get your personal API key To get your personal API key: 1. In the Bitwarden web app, navigate to **Settings** → **Security** → **Keys**: ![Keys settings](https://bitwarden.com/assets/3IHpaOpEB5a13TF3B3RqqB/fab175095404a90d9d372542745bb9bb/Keys_settings.png) 2. Select the **View API key** button and enter your master password to validate access. 3. From the **API key** dialog box, copy the **client_secret:** value, which is a random string like `efrbgT9C6BogEfXi5pZc48XyJjfpR`. ## Answering challenges Depending on your preferences, you can [save an environment variable](https://bitwarden.com/it-it/help/cli-auth-challenges/#answer-challenges-with-an-environment-variable/) to automatically pass authentication challenges or [manually enter](https://bitwarden.com/it-it/help/cli-auth-challenges/#using-the-prompt/) your `client_secret` whenever a challenge is made: ### Answer challenges with an environment variable Authentication challenges will look for a non-empty environment variable `BW_CLIENTSECRET` before prompting you to enter one manually. Saving this variable with the [retrieved client_secret value](https://bitwarden.com/it-it/help/cli-auth-challenges/#get-your-personal-api-key/) will allow you to automatically pass authentication challenges. To save this environment variable: 🐧 🍎 Bash ``` export BW_CLIENTSECRET="client_secret" ``` 🪟 PowerShell ``` env:BW_CLIENTSECRET="client_secret" ``` > [!NOTE] Client secret value incorrect > If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API key](https://bitwarden.com/it-it/help/personal-api-key/#rotate-your-api-key/) since saving the variable. [Use the above steps](https://bitwarden.com/it-it/help/cli-auth-challenges/#get-your-personal-api-key/) to retrieve the correct value. ### Answer challenges manually When an authentication challenge is made and no `BW_CLIENTSECRET` value is found, you will be prompted to manually enter your `client_secret` value: ![Login Prompt with Auth Challenge ](https://bitwarden.com/assets/6YPFmH0ALYCuKcpOs6yf8X/e12166c2a561203f4605401b716f89e6/cli-captcha-1-markup.png) > [!NOTE] Client secret value incorrect > If your `client_secret` is incorrect, you will receive an error. In most cases, this is because you have [rotated your API key](https://bitwarden.com/it-it/help/personal-api-key/#rotate-your-api-key/) since saving the variable. [Use the above steps](https://bitwarden.com/it-it/help/cli-auth-challenges/#get-your-personal-api-key/) to retrieve the correct value. --- URL: https://bitwarden.com/it-it/help/cli/ --- # Password Manager CLI The Bitwarden command-line interface (CLI) is a powerful, fully-featured tool for accessing and managing your vault. Most features that you find in other Bitwarden client applications (desktop, browser extension, etc.) are available from the CLI. ![Bitwarden CLI](https://bitwarden.com/assets/269bjiuC0f18YVu0VYJO9V/e192e552baa3bfe2f2efba30161f4a70/cli.png) The Bitwarden CLI is self-documented. From the command line, learn about the available commands using: ``` bw --help ``` Or, pass `--help `as an option on any `bw `command to see available options and examples: ``` bw list --help bw move --help ``` Most information you'll need can be accessed using `--help`, however this article replicates all that information and goes into greater depth on some topics. ## Download and install The CLI can be used cross-platform on Windows, macOS, and Linux distributions. To download and install the Bitwarden CLI: > [!NOTE] arm64 required npm > For arm64 devices, install the CLI using `npm`. ### Native Executable Natively packaged versions of the CLI are available for each platform and have no dependencies. Download using one of these links: - [Windows x64](https://bitwarden.com/download/?app=cli&platform=windows) - [macOS x64](https://bitwarden.com/download/?app=cli&platform=macos) - [Linux x64](https://bitwarden.com/download/?app=cli&platform=linux) Note that, when using the downloaded native executable, you'll need to add the executable to your PATH or else run commands from the directory the file is downloaded to. > [!NOTE] > In Linux and UNIX systems, you might get a `Permission denied` message. If you do, grant permission by running: > > > ``` > chmod +x > ``` For each bundle of the Password Manager CLI available on GitHub, there is an OSS (e.g. `bw-oss-windows-2024.12.0.zip`) and non-OSS build (e.g. `bw-windows-2024.12.0.zip`). The non-OSS version is the default package distributed on distribution platforms and includes features under a non-OSS license, such as [device approval](https://bitwarden.com/it-it/help/cli/#device-approval/) commands, that the OSS version lacks. > [!TIP] Checksums for CLI > The Bitwarden Password Manager CLI build pipeline creates SHA-256 checksum files that are available on GitHub. [Learn how to validate checksums for the CLI](https://bitwarden.com/it-it/help/security-faqs/#tab-cli-4iwx6mhPS3Bgu3eLpNthUw/). ### NPM If you have Node.js installed on your system, you can install the CLI using NPM. Installing with NPM is the simplest way to keep your installation up-to-date and should be the **preferred method for those already comfortable with NPM**: ``` npm install -g @bitwarden/cli ``` View the package on [npmjs.org](https://www.npmjs.com/package/@bitwarden/cli). > [!NOTE] npm on linux may require build-essential > Installing the Bitwarden CLI on Linux systems using `npm` may require the build-essential dependency (or distribution equivalent) to be installed first. For example: > > > > ```plain text > apt install build-essential > ``` ### Chocolatey To install with Chocolatey: ``` choco install bitwarden-cli ``` View the package on [community.chocolatey.org](https://chocolatey.org/packages/bitwarden-cli). ### Snap To install with snap: ``` sudo snap install bw ``` View the package on [snapcraft.io](https://snapcraft.io/bw). ### Flatpak The Bitwarden CLI is included with the Flatpak desktop app download. Install the Flatpak: ```bash flatpak install flathub com.bitwarden.desktop ``` View the package on [Flathub](https://flathub.org/apps/com.bitwarden.desktop). Run CLI commands using the following: ```bash flatpak run --command=bw com.bitwarden.desktop # use a shell alias to authorize a session alias bw="flatpak run --command=bw com.bitwarden.desktop" bw ``` ## Log in Before logging in, make sure your CLI is connected to the correct server (for example, [EU cloud](https://bitwarden.com/it-it/help/server-geographies/) or self-hosted) using the config command ([learn more](https://bitwarden.com/it-it/help/cli/#config/)). There are three methods for logging in to the Bitwarden CLI using the `login` command, each of which is suited to different situations. Please review the following options to determine which method to use: - [Using email and master password](https://bitwarden.com/it-it/help/cli/#using-email-and-password/) - [Using an API key](https://bitwarden.com/it-it/help/cli/#using-an-api-key/) - [Using SSO](https://bitwarden.com/it-it/help/cli/#using-sso/) > [!NOTE] CLI vs. unlock > No matter which option you use, a master password will be required to `unlock` the client in order to access data with a [session key](https://bitwarden.com/it-it/help/cli/#unlock/). The [email and master password](https://bitwarden.com/it-it/help/cli/#using-email-and-password/) option will authenticate your identity and generate a session key simultaneously, however the [API key](https://bitwarden.com/it-it/help/cli/#using-an-api-key/) or [SSO](https://bitwarden.com/it-it/help/cli/#using-sso/) will require you subsequent use of the `unlock` command to generate a session key if you will be working with data directly. > > Users who [join an organization using trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/#impact-on-master-passwords/) will not be able to access data using the CLI. There are, however, a few commands that do not require decrypted data and therefore can be used without a master password, including `config`, `encode`, `generate`, `update`, and `status`. ### Using email and password Logging in with email and password is **recommended for interactive sessions**. To log in with email and password: ``` bw login ``` This will initiate a prompt for your **Email Address**, **Master Password**, and ([if enabled](https://bitwarden.com/it-it/help/setup-two-step-login/)) at **Two-step Login code**. The CLI currently supports two-step login via [authenticator](https://bitwarden.com/it-it/help/setup-two-step-login-authenticator/), [email](https://bitwarden.com/it-it/help/setup-two-step-login-email/), or [Yubikey](https://bitwarden.com/it-it/help/setup-two-step-login-yubikey/). You *can* string these factors together into a single command as in the following example, however this isn't recommended for security reasons: ``` bw login [email] [password] --method --code ``` See [Enums](https://bitwarden.com/it-it/help/cli/#enums/) for two-step login `` values. > [!NOTE] Authenticator Request Error > Getting prompted for additional authentication or getting a `Your authentication request appears to be coming from a bot.` error? Use your API Key `client_secret` to answer the authentication challenge. [Learn more](https://bitwarden.com/it-it/help/cli-auth-challenges/). ### Using an API key Using the [personal API key](https://bitwarden.com/it-it/help/personal-api-key/) for CLI authentication is suitable for automated workflows, for providing access to an external application, or if your account uses a 2FA method not supported by the CLI (FIDO2 or Duo). The following command will prompt you for your personal `client_id` and `client_secret`: ``` bw login --apikey ``` While there are some commands that do not require your data be decrypted, to use many of the CLI commands you will need to subsequently decrypt your data using the `unlock` command ([learn more](https://bitwarden.com/it-it/help/cli/#unlock/)), unless you're a member of an organization using [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). Your API key is **not a substitute for your master password.** > [!NOTE] Organization SSO > If your organization [requires SSO](https://bitwarden.com/it-it/help/policies/#single-sign-on-authentication/), you can still use `--apikey` to log in to the CLI. #### Using API key environment variables In scenarios where automated work is being done with the Bitwarden CLI, you can save environment variables to prevent the need for manual intervention at authentication. `` | **Environment variable name** | **Required value** | |------|------| | BW_CLIENTID | `client_id` | | BW_CLIENTSECRET | `client_secret` | ### Using SSO Logging in with [SSO](https://bitwarden.com/it-it/help/about-sso/) is recommended if an organization requires SSO authentication. To log in with SSO: ``` bw login --sso ``` This will initiate the [SSO authentication flow](https://bitwarden.com/it-it/help/using-sso/) in your web browser. Once your session is authenticated, you can use the `unlock` command. [Learn more](https://bitwarden.com/it-it/help/cli/#unlock/). > [!NOTE] Organization SSO API Key > If your organization [requires SSO](https://bitwarden.com/it-it/help/policies/#single-sign-on-authentication/), you may alternatively use` --apikey` to log in to the CLI. ### Log in to multiple accounts Like using [account switching](https://bitwarden.com/it-it/help/account-switching/) on other Bitwarden apps, the CLI has the ability to log in to multiple accounts simultaneously using the `BITWARDENCLI_APPDATA_DIR` environment variable pointing to the location of a `bw` configuration file, usually named `data.json`. You can, for example, set aliases in a `.bashrc` profile for two separate configurations: ``` alias bw-personal="BITWARDENCLI_APPDATA_DIR=~/.config/Bitwarden\ CLI\ Personal /path/to/bw $@" alias bw-work="BITWARDENCLI_APPDATA_DIR=~/.config/Bitwarden\ CLI\ Work /path/to/bw $@" ``` Using this example, you could then use login to two accounts by running first `source /path/to/.bashrc`, followed by `bw-personal login` and `bw-work login`. ## Unlock Using an [API key](https://bitwarden.com/it-it/help/cli/#using-an-api-key/) or [SSO](https://bitwarden.com/it-it/help/cli/#using-sso/) to log in will require you to follow-up the `login` command with an explicit `bw unlock` if you'll be working with vault data directly. Unlocking your vault generates a **session key** which acts as a decryption key used to interact with data in your vault. The [session key must be used](https://bitwarden.com/it-it/help/cli/#using-a-session-key/) to perform any command that touches vault data (for example, `list`, `get`, `edit`). Session keys are valid until invalidated using `bw lock` or `bw logout`, however they will not persist if you open a new terminal window. Generate a new session key at any time using: ``` bw unlock ``` When you're finished, always end your session using the `bw lock` command. ### Unlock options You can use the `--passwordenv ` or `--passwordfile ` options with `bw unlock` to retrieve your master password rather than enter it manually, for example: 1. The following will look for an environment variable `BW_PASSWORD`. If `BW_PASSWORD` is non-empty and has correct values, the CLI will successfully unlock and return a session key: ``` bw unlock --passwordenv BW_PASSWORD ``` 2. The following will look for the file `~Users/Me/Documents/mp.txt` (which must have your master password as the first line). If the file is non-empty and has a correct value, the CLI will successfully unlock and return a session key: ``` bw unlock --passwordfile ~/Users/Me/Documents/mp.txt ``` > [!NOTE] > If you use the `--passwordfile` option, protect your password file by locking access down to only the user who needs to run `bw unlock` and only providing read access to that user. ### Using a session key When you unlock your vault using `bw login` with [email and password](https://bitwarden.com/it-it/help/cli/#using-email-and-password/) or `bw unlock`, the CLI will return both an `export BW_SESSION` (Bash) and `env:BW_SESSION` (PowerShell) command, including your session key. Copy and paste the relevant entry to save the required environment variable. With the BW_SESSION environment variable set, `bw` commands will reference that variable and can be run cleanly, for example: ``` export BW_SESSION="5PBYGU+5yt3RHcCjoeJKx/wByU34vokGRZjXpSH7Ylo8w==" bw list items ``` Alternatively, if you don't set the environment variable, you can pass the session key as an option with each `bw` command: ``` bw list items --session "5PBYGU+5yt3RHcCjoeJKx/wByU34vokGRZjXpSH7Ylo8w==" ``` > [!NOTE] Session Environment CLI > When you're finished, always end your session using the `bw lock` or `bw logout` commands. This will invalidate the active session key. ## Core Commands ### create The `create` command creates a new object (`item`, `attachment`, and more) in your vault: ``` bw create (item|attachment|folder|org-collection) [options] ``` The `create` command takes encoded JSON. A typical workflow for creating an object might look something like: 1. Use the `get template` command (see [get core commands](https://bitwarden.com/it-it/help/cli/#get/) for details) to output the appropriate JSON template for the object type. 2. Use a [command-line JSON processor like jq](https://stedolan.github.io/jq/) to manipulate the outputted template as required. 3. Use the `encode` command (see [details](https://bitwarden.com/it-it/help/cli/#encode/)) to encode the manipulated JSON. 4. Use the `create` command to create an object from the encoded JSON. For example: ``` bw get template folder | jq '.name="My First Folder"' | bw encode | bw create folder ``` or ``` bw get template item | jq ".name=\"My Login Item\" | .login=$(bw get template item.login | jq '.username="jdoe" | .password="myp@ssword123"')" | bw encode | bw create item ``` Upon successful creation, the newly created object will be returned as JSON. #### create other item types The create command defaults to creating a login item, but you can use a[ command-line JSON processor like jq](https://stedolan.github.io/jq/) to change a `.type=` attribute to create other [item types](https://bitwarden.com/it-it/help/managing-items/): | **Name** | **Value** | |------|------| | Login | `.type=1` | | Secure note | `.type=2` | | Card | `.type=3` | | Identity | `.type=4` | | SSH Key | .`type=5` | For example, the following command will create a secure note: ``` bw get template item | jq '.type = 2 | .secureNote.type = 0 | .notes = "Contents of my Secure Note." | .name = "My Secure Note"' | bw encode | bw create item ``` > [!NOTE] > Notice in the above example that Secure Notes require a sub-template (`.secureNote.type`). You can view item type sub-templates using `bw get template` (see [here](https://bitwarden.com/it-it/help/cli/#get-template/) for details). #### create attachment The `create attachment` command attaches a file to an **existing** item. Unlike other `create` operations, you don’t need to use a JSON processor or `encode` to create an attachment. Instead, use the `--file` option to specify the file to attach and the `--itemid` option to specify the item to attach it to. For example: ``` bw create attachment --file ./path/to/file --itemid 16b15b89-65b3-4639-ad2a-95052a6d8f66 ``` > [!NOTE] > If you don’t know the exact `itemid` you want to use, use `bw get item ` to return the item (see [details](https://bitwarden.com/it-it/help/cli/#get/)), including its `id`. ### get The `get` command retrieves a single object (`item`, `username`, `password`, and more) from your vault: ``` bw get (item|username|password|uri|totp|exposed|attachment|folder|collection|organization|org-collection|template|fingerprint) [options] ``` The `get` command takes an item `id` or string for its argument. If you use a string (for example, anything other than an exact `id`), `get` will search your vault objects for one with a value that matches. For example, the following command would return a Github password: ``` bw get password Github ``` > [!NOTE] > The `get` command can **only return one result**, so you should use specific search terms. If multiple results are found, the CLI will return an error. #### get attachment The `get attachment` command downloads a file attachment: ``` bw get attachment --itemid ``` The `get attachment` command takes a `filename` and **exact** `id`. By default, `get attachment` will download the attachment to the current working directory. You can use the `--output` option to specify a different output directory, for example: ``` bw get attachment photo.png --itemid 99ee88d2-6046-4ea7-92c2-acac464b1412 --output /Users/myaccount/Pictures/ ``` > [!NOTE] > When using `--output`, the path **must** end a forward slash (`/`) to specify a directory or a filename (`/Users/myaccount/Pictures/photo.png`). #### get notes The `get notes` command retrieves the note for any vault item: ``` bw get notes ``` The `get notes` command takes an exact item `id` or string. If you use a string (for example, anything other than an exact `id`), `get notes` will search your vault objects for one with a value that matches. For example, the following command would return a Github note: ``` bw get notes Github ``` #### get template The `get template` command returns the expected JSON formatting for an object (`item`, `item.field`, `item.login`, and more): ``` bw get template (item|item.field|item.login|item.login.uri|item.card|item.identity|item.securenote|folder|collection|item-collections|org-collection) ``` While you can use `get template` to output the format to your screen, the most common use-case is to pipe the output into a `bw create` operation, using a [command-line JSON processor like jq](https://stedolan.github.io/jq/) and `bw encode` to manipulate the values retrieved from the template, for example: ``` bw get template folder | jq '.name="My First Folder"' | bw encode | bw create folder ``` > [!NOTE] > Any `item.xxx` template should be used as a sub-object to an `item` template, for example: > > > ``` > bw get template item | jq ".name=\"My Login Item\" | .login=$(bw get template item.login | jq '.username="jdoe" | .password="myp@ssword123"')" | bw encode | bw create item > ``` #### get fingerprint Retrieve the `fingerprint` phrase of a user. You may specify `userId` directly, or use the shortcut `me` to get your own fingerprint phrase: ```plain text bw get fingerprint ``` ```plain text bw get fingerprint me ``` ### edit The `edit` command edits an object (`item`, `item-collections`, etc.) in your vault: ``` bw edit (item|item-collections|folder|org-collection) [encodedJson] [options] ``` The `edit` command takes an **exact** `id` (the object to edit) and encoded JSON (edits to be made). A typical workflow might look something like: 1. Use the `get` command (see [details](https://bitwarden.com/it-it/help/cli/#get/)) to output the object to edit. 2. Use a [command-line JSON processor like jq](https://stedolan.github.io/jq/) to manipulate the outputted object as required. 3. Use the `encode` command (see [details](https://bitwarden.com/it-it/help/cli/#encode/)) to encode the manipulated JSON. 4. Use the `edit` command (including the object `id`) to edit the object. For example, to edit the password of a login item: ``` bw get item 7ac9cae8-5067-4faf-b6ab-acfd00e2c328 | jq '.login.password="newp@ssw0rd"' | bw encode | bw edit item 7ac9cae8-5067-4faf-b6ab-acfd00e2c328 ``` Or, to edit the collection(s) an item is in: ``` echo '["5c926f4f-de9c-449b-8d5f-aec1011c48f6"]' | bw encode | bw edit item-collections 28399a57-73a0-45a3-80f8-aec1011c48f6 --organizationid 4016326f-98b6-42ff-b9fc-ac63014988f5 ``` Or, to edit a collection: ``` bw get org-collection ee9f9dc2-ec29-4b7f-9afb-aac8010631a1 --organizationid 4016326f-98b6-42ff-b9fc-ac63014988f5 | jq '.name="My Collection"' | bw encode | bw edit org-collection ee9f9dc2-ec29-4b7f-9afb-aac8010631a1 --organizationid 4016326f-98b6-42ff-b9fc-ac63014988f5 ``` The `edit` command will perform a **replace** operation on the object. Once completed, the updated object will be returned as JSON. ### list The `list` command retrieves an array of objects (`items`, `folders`, `collections`, and more) from your vault: ``` bw list (items|folders|collections|organizations|org-collections|org-members) [options] ``` You can add **filters** to the `list` command to narrow down what's returned: - `--url ` -  `--folderid ` - `--collectionid ` -  `--organizationid ` - `--trash` Any filter will accept `null` or `notnull`. Combining multiple filters in one command will perform an OR operation, for example: ``` bw list items --folderid null --collectionid null ``` This command will return items that aren't in a folder or collection. Additionally, you can **search** for specific objects using `--search `. Combining filter and search in one command will perform an AND operation, like: ``` bw list items --search github --folderid 9742101e-68b8-4a07-b5b1-9578b5f88e6f ``` This command will search for items with the string `github` in the specified folder. ### delete The `delete` command deletes an object from your vault. `delete` takes **only an exact** `id` for its argument. ``` bw delete (item|attachment|folder|org-collection) [options] ``` By default, `delete` will send an item to the [Trash](https://bitwarden.com/it-it/help/managing-items/#items-in-the-trash/), where it will remain for 30 days. You can permanently delete an item using the `-p, --permanent` option. ``` bw delete item 7063feab-4b10-472e-b64c-785e2b870b92 --permanent ``` To delete an `org-collection`, you'll also need to specify `--organizationid `. See [Organization IDs](https://bitwarden.com/it-it/help/cli/#organization-ids/). > [!NOTE] Delete function > While items that are deleted using `delete` can be recovered using the `restore` command for up to 30 days (see [details](https://bitwarden.com/it-it/help/cli/#restore/)), items that are deleted using `delete --permanent` **are completely removed and irrecoverable.** ### restore The `restore` command restores a deleted object from your trash. `restore` takes **only an exact** `id` for its argument. ``` bw restore (item) [options] ``` For example: ``` bw restore item 7063feab-4b10-472e-b64c-785e2b870b92 ``` ### send The `send` command creates a [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/) object for ephemeral sharing. This section will detail simple `send` operations, however send is a highly flexible tool and we recommend referring to the dedicated article on [Send from CLI](https://bitwarden.com/it-it/help/send-cli/). To create a simple text Send: ``` bw send -n "My First Send" -d 7 --hidden "The contents of my first text Send." ``` To create a simple file Send: ``` bw send -n "A Sensitive File" -d 14 -f /Users/my_account/Documents/sensitive_file.pdf ``` ### receive The `receive` command accesses a [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/) object. To receive a Send object: ``` bw receive --password passwordforaccess https://vault.bitwarden.com/#/send/yawoill8rk6VM6zCATXv2A/9WN8wD-hzsDJjfnXLeNc2Q ``` ## Organizations commands ### Organization IDs Accessing an organization from the CLI requires knowledge of an ID for your organization, as well as IDs for individual [members](https://bitwarden.com/it-it/help/managing-users/) and [collections](https://bitwarden.com/it-it/help/about-collections/). Retrieve this information directly from the CLI using `bw list`, for example: ``` bw list organizations bw list org-members --organizationid 4016326f-98b6-42ff-b9fc-ac63014988f5 bw list org-collections --organizationid 4016326f-98b6-42ff-b9fc-ac63014988f5 ``` > [!NOTE] bw list > You can `bw list` both `collections` and `org-collections`. The `bw list collections` command will list all collections, agnostic of which organization they belong to. `bw list org-collections` will list only collections that belong to the organization specified using `--organizationid`. ### move > [!NOTE] > **August 2021**: The `share` command has been changed to `move`. [Find out more](https://bitwarden.com/it-it/help/releasenotes/). The `move` command transfers a vault item [to an organization](https://bitwarden.com/it-it/help/sharing/): ``` bw move [encodedJson] ``` The `move` command requires you to `encode` a collection ID, and takes an **exact** `id` (the object to share) and an **exact** `organizationid` (the organization to share the object to). For example: ``` echo '["bq209461-4129-4b8d-b760-acd401474va2"]' | bw encode | bw move ed42f44c-f81f-48de-a123-ad01013132ca dfghbc921-04eb-43a7-84b1-ac74013bqb2e ``` Once completed, the updated item will be returned. ### confirm The `confirm` command confirms [invited members](https://bitwarden.com/it-it/help/managing-users/#confirm-invited-users/) to your organization who have accepted their invitation: > [!WARNING] Confirm via CLI > Before administering the `confirm` command, it is strongly advised that administrators validate the legitimacy of a request by ensuring that the fingerprint phrase self-reported by the user matches the fingerprint phrase associated with the user you expect to be confirmed: > > - From the Admin Console, you can view a user's associated fingerprint phrase [during the confirm step](https://bitwarden.com/it-it/help/managing-users/#confirm/). > - From the CLI, you can view a user's associated fingerprint phrase with the command `bw get fingerprint `, where `` is that member's user identifier. User identifiers can be retrieved [with the Public API](https://bitwarden.com/it-it/help/api/). > > Once a user is confirmed, they have the ability to decrypt organization data, so ensuring users' self-reported fingerprint phrases match expected values is an important step prior to confirming. ``` bw confirm org-member --organizationid ``` The `confirm` command takes an **exact** member `id` and an **exact** `organizationID`, for example: ``` bw confirm org-member 7063feab-4b10-472e-b64c-785e2b870b92 --organizationid 310d5ffd-e9a2-4451-af87-ea054dce0f78 ``` ### Device approval Allows admins and owners to manage device approval requests where a user has requested admin approval. > [!NOTE] Bulk Device approval only available via Bitwarden.com download > At this time, bulk device approval is only available for the Bitwarden CLI client downloaded from [Bitwarden.com](https://bitwarden.com/it-it/download/#command-line-interface/). > [!NOTE] Bulk device approval warning > In most scenarios, users are able to approve their own login requests, and admin device approval is not necessary. See [Add a trusted device](https://bitwarden.com/it-it/help/add-a-trusted-device/). Automatic or bulk approval of admin device approval requests neglect verification steps that administrators can perform in order to ensure a request is legitimate, such as checking the user's reported Fingerprint Phrase. > > Bitwarden recommends that significant security controls such as IdP credential standards, IdP MFA, and IdP device registration and trust be reviewed before enabling and using bulk device approval. The `list` command will show all pending device approval requests for an organization: ```plain text bw device-approval list --organizationid ``` The `approve` command is used to approve pending device authorization requests for an organization: ```plain text bw device-approval approve --organizationid ``` Similarly, `approve-all` command can be used to approve all current pending requests: ```plain text bw device-approval approve-all --organization ``` To `deny` a pending authorization request: ```plain text bw device-approval deny --organizationid ``` To `deny-all` pending authorization requests: ```plain text bw device-approval deny-all --organizationid ``` ## Other commands ### config The `config` command specifies settings for the Bitwarden CLI to use: ``` bw config server [value] ``` A primary use of `bw config` is to [connect your CLI to a self-hosted](https://bitwarden.com/it-it/help/change-client-environment/#tab-cli-4dQ4hW1QAwVBuReXk2Txx0/) Bitwarden server: ``` bw config server https://your.bw.domain.com ``` > [!NOTE] > Connect to the Bitwarden [EU server](https://bitwarden.com/it-it/help/server-geographies/) by running the following command: > > > ``` > bw config server https://vault.bitwarden.eu > ``` > > Pass `bw config server` without a value to read the server you're connected to. Users with unique setups may elect to specify the URL of each service independently. Note that any subsequent use of the config command will overwrite all previous specifications, so this must be run as a single command each time you make a change: ``` bw config server --web-vault \ --api \ --identity \ --icons \ --notifications \ --events \ --key-connector ``` > [!NOTE] bw config server --key-connector > The `bw config server --key-connector ` command is required if your organization uses [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/) and you’re using the `--apikey` option to login after having [removed your master password](https://bitwarden.com/it-it/help/using-sso/#login-using-sso/). > > Contact an organization owner to get the required URL. ### sync The `sync` command downloads your encrypted vault from the Bitwarden server. This command is most useful when you have changed something in your Bitwarden vault on another client application (for example web vault, browser extension, mobile app) since [logging in](https://bitwarden.com/it-it/help/cli/#log-in/) on the CLI. ``` bw sync ``` You can pass the `--last` option to return only the timestamp ([ISO 8601](https://en.wikipedia.org/wiki/ISO_8601)) of the last time a sync was performed. > [!NOTE] sync Pull from server > It’s important to know that `sync` **only performs a pull** from the server. Data is automatically pushed to the server any time you make a change to your vault (for example, `create`, `edit`, `delete`). ### encode The `encode` command Base 64 encodes stdin. This command is typically used in combination with a [command-line JSON processor like jq](https://stedolan.github.io/jq/) when performing `create` and `edit` operations, for example: ``` bw get template folder | jq '.name="My First Folder"' | bw encode | bw create folder bw get item 7ac9cae8-5067-4faf-b6ab-acfd00e2c328 | jq '.login.password="newp@ssw0rd"' | bw encode | bw edit item 7ac9cae8-5067-4faf-b6ab-acfd00e2c328 ``` ### import The `import` command imports data from a Bitwarden export or other [supported password management application](https://bitwarden.com/it-it/help/import-data/). The command must be pointed to a file and include the following arguments: ``` bw import ``` For example: ``` bw import lastpasscsv /Users/myaccount/Documents/mydata.csv ``` > [!NOTE] bw import -- formats > Bitwarden supports lots of formats for import, too many to list here! Use `bw import --formats` to return the list in your CLI, or [see here](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). > > If you are importing an [encrypted .json file that you've created with a password](https://bitwarden.com/it-it/help/encrypted-export/), you will be prompted to enter the password before import completes. #### import to an organization vault Using the import command with the --organizationid option, you can import data to an organization vault: ```plain text bw import --organizationid cf14adc3-aca5-4573-890a-f6fa231436d9 bitwardencsv ./from/source.csv ``` ### export The `export` command exports vault data as a `.json` or `.csv`, [encrypted .json](https://bitwarden.com/it-it/help/encrypted-export/), or as a `.zip` with [attachments](https://bitwarden.com/it-it/help/attachments/): ``` bw export [--output ] [--format ] [--password ] [--organizationid ] ``` By default, the `export` command will generate a `.csv` (equivalent to specifying `--format csv`) to the current working directory, however you can specify: - `--format json` to export a `.json` file - `--format encrypted_json` to export an [encrypted .json](https://bitwarden.com/it-it/help/encrypted-export/) file - `--password ` to specify a password to use to encrypt `encrypted_json` exports instead of your [account encryption key](https://bitwarden.com/it-it/help/account-encryption-key/) - `--format zip` to export a `.zip` that includes your [attachments](https://bitwarden.com/it-it/help/attachments/) - `--output ` to export to a specific location - `--raw` to return the export to stdout instead of to a file #### export from an organization vault Using the `export` command with the `--organizationid` option, you can export an organization vault: ``` bw export --organizationid 7063feab-4b10-472e-b64c-785e2b870b92 --format json --output /Users/myaccount/Downloads/ ``` ### generate The `generate` command generates a strong password or [passphrase](https://bitwarden.com/it-it/help/cli/#generate-a-passphrase/): ``` bw generate [--lowercase --uppercase --number --special --length --passphrase --separator --words ] ``` By default, the `generate` command will generate a 14-character password with uppercase characters, lowercase characters, and numbers. This is the equivalent of passing: ``` bw generate -uln --length 14 ``` You can generate more complex passwords using the options available to the command, including: - `--uppercase`, `-u` (include uppercase) - `--lowercase`, `-l` (include lowercase) - `--number`, `-n` (include numbers) - `--special`, `-s` (include special characters) - `--length ` (length of the password, min of 5) #### generate a passphrase Using the `generate` command with the `--passphrase` option, you can generate a passphrase instead of a password: ``` bw generate --passphrase --words --separator ``` By default, `bw generate --passphrase` will generate a three-word passphrase separated by a dash (`-`). This is the equivalent of passing: ``` bw generate --passphrase --words 3 --separator - ``` You can generate a complex passphrase using the options available to the command, including: - `--words ` (number of words) - `--separator ` (separator character) - `--capitalize`, `-c` (include to title-case the passphrase) - `--includeNumber` (Include a single numerical character in your passphrase) ### update The `update` command checks whether your Bitwarden CLI is running the most recent version. `update` **doesn't automatically update the CLI for you.** ``` bw update ``` If a new version is detected, you'll need to download the new version of the CLI using the printed URL for the executable, or using the tools available for the package manager you used to [download the CLI](https://bitwarden.com/it-it/help/cli/#download-and-install/) (for example, `npm install -g @bitwarden/cli`). ### status The `status` command returns status information about the Bitwarden CLI, including [configured](https://bitwarden.com/it-it/help/cli/#config/) server URL, timestamp for the last sync ([ISO 8601](https://en.wikipedia.org/wiki/ISO_8601)), user email and ID, and the vault status. ``` bw status ``` Status will return information as a JSON object, for example: ``` { "serverUrl": "https://bitwarden.example.com", "lastSync": "2020-06-16T06:33:51.419Z", "userEmail": "user@example.com", "userId": "00000000-0000-0000-0000-000000000000", "status": "unlocked" } ``` `status` may be one of the following: - `"unlocked"`, indicating you are logged in and your vault is unlocked (a `BW_SESSION` key environment variable is saved with an [active session key](https://bitwarden.com/it-it/help/cli/#using-a-session-key/)) - `"locked"`, indicating you are logged in but your vault is locked (**no** `BW_SESSION` key environment variable is saved with an [active session key](https://bitwarden.com/it-it/help/cli/#using-a-session-key/)) - `"unauthenticated"`, indicating you aren't logged in > [!NOTE] > When `"status": "unauthenticated"`, `lastSync`, `userEmail`, and `userID` will always return `null`. ### serve The `serve` command starts a local express web server that can be used to take all actions accessible from the CLI in the form of RESTful API calls from an HTTP interface. ``` bw serve --port --hostname ``` By default, `serve` will start the web server at port 8087 however you can specify an alternate port with the `--port` option. By default, `serve` will bind your API web server to `localhost` however you can specify an alternate hostname with the `--hostname` option. API requests can only be made from the bound hostname. By default, `serve` will block any request with an `Origin` header. You can circumvent this protection using the `--disable-origin-protection` option, however **this is not recommended**. > [!NOTE] Serve --hostname all warning > You can specify `--hostname all` for no hostname binding, however this will allow any machine on the network to make API requests. [View the API spec ](https://bitwarden.com/it-it/help/vault-management-api/)for help making calls with `serve`. ### Debug The debug environment variable can be added for additional troubleshooting information. ```plain text export BITWARDENCLI_DEBUG=true ``` ## Appendices ### Global options The following options are available globally: | **Option** | **Description** | |------|------| | `--pretty` | Format output. JSON is tabbed with two spaces. | | `--raw` | Return raw output instead of a descriptive message. | | `--response` | Return a JSON formatted version of response output. | | `--quiet` | Don't return anything to stdout. You might use this option, for example, when piping a credential value to a file or application. | | `--nointeraction` | Do not prompt for interactive user input. | | `--session ` | Pass session key instead of reading from an environment variable. | | `-v, --version` | Output the Bitwarden CLI version number. | | `-h, --help` | Display help text for the command. | ### ZSH shell completion The Bitwarden CLI includes support for ZSH shell completion. To setup shell completion, use one of the following methods: 1. **Vanilla ZSH:**Add the following line to your `.zshrc` file: ``` eval "$(bw completion --shell zsh); compdef _bw bw;" ``` 2. **Vanilla (vendor-completions):** Run the following command: ``` bw completion --shell zsh | sudo tee /usr/share/zsh/vendor-completions/_bw ``` 3. [zinit:](https://github.com/zdharma/zinit) Run the following commands: ``` bw completion --shell zsh > ~/.local/share/zsh/completions/_bw zinit creinstall ~/.local/share/zsh/completions ``` ### Using self-signed certificates If your self-hosted Bitwarden server exposes a self-signed TLS certificate, specify the Node.js environment variable [NODE_EXTRA_CA_CERTS](https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file): 🐧 🍎 Bash ``` export NODE_EXTRA_CA_CERTS="absolute/path/to/your/certificates.pem" ``` 🪟 PowerShell ``` $env:NODE_EXTRA_CA_CERTS="absolute/path/to/your/certificates.pem" ``` ### Enums The following tables enumerate values required in documented scenarios: #### Two-step login methods Used to specify which [two-step login method](https://bitwarden.com/it-it/help/setup-two-step-login/) to use when [logging in](https://bitwarden.com/it-it/help/cli/#log-in/): | **Name** | **Value** | |------|------| | Authenticator | 0 | | Email | 1 | | YubiKey | 3 | > [!NOTE] > FIDO2 and Duo are not supported by the CLI. #### Item types Used with the `create` command to specify a [vault item type](https://bitwarden.com/it-it/help/managing-items/): | **Name** | **Value** | |------|------| | Login | 1 | | Secure Note | 2 | | Card | 3 | | Identity | 4 | #### Login URI match types Used with the `create` and `edit` command to specify [URI match detection](https://bitwarden.com/it-it/help/uri-match-detection/) behavior for a login item: | **Name** | **Value** | |------|------| | Domain | 0 | | Host | 1 | | Starts With | 2 | | Exact | 3 | | Regular Expression | 4 | | Never | 5 | #### Field types Used with the `create` and `edit` commands to configure [custom fields](https://bitwarden.com/it-it/help/custom-fields/): | **Name** | **Value** | |------|------| | Text | 0 | | Hidden | 1 | | Boolean | 2 | #### Organization user types Indicates a [user's type](https://bitwarden.com/it-it/help/user-types-access-control/): | **Name** | **Value** | |------|------| | Owner | 0 | | Admin | 1 | | User | 2 | | Manager | 3 | | Custom | 4 | #### Organization user statuses Indicates a user's [status within the organization](https://bitwarden.com/it-it/help/managing-users/): | **Name** | **Value** | |------|------| | Invited | 0 | | Accepted | 1 | | Confirmed | 2 | | Revoked | -1 | --- URL: https://bitwarden.com/it-it/help/client-org-removal/ --- # Unlink Client Organization As a Provider, you may need to remove your Provider-client relationship with an organization if you are no longer providing services to them. In order for a client organization to be eligible for removal: - You must be a [Provider admin](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/). - The client organization must have at least one [confirmed owner](https://bitwarden.com/it-it/help/managing-users/#add-new-members/). > [!NOTE] Deleting a client organization. > Client organizations can only be unlinked from within the Provider Portal UI, not **deleted**. To delete a client organization, you must be a Provider admin and follow these steps: > > 1. [Open the client organization](https://bitwarden.com/it-it/help/manage-client-orgs/) and navigate to **Settings** → **Organization info**. > 2. Scroll to the **Danger Zone** section and select **Delete Organization**. Once these criteria are met: 1. Open the Provider Portal using the product switcher: ![Product switcher - Provider Portal](https://bitwarden.com/assets/4xn04Sj9u8n73TPxZUWi5f/dac0d56f47a05e2d8b28754e997a1391/2025-02-25_15-16-00.png) 2. In the Clients view, use the ⋮ options menu for the desired client organization to select the [close] **Unlink organization** option: ![Unlink client organization](https://bitwarden.com/assets/5U9GTBeSblIONdtg4q1duw/3579f9c80ca8f188d24a7910d8506643/2024-12-05_09-39-10.png) > [!TIP] Once a client org is removed > Once a client organization is unlinked, they will need to set up their own billing in order to retain access to Bitwarden services. --- URL: https://bitwarden.com/it-it/help/client-org-setup/ --- # Start a Client Organization This article will walk you through the [creation of a client organization](https://bitwarden.com/it-it/help/client-org-setup/#create-a-client-organization/) and outline a typical [setup procedure](https://bitwarden.com/it-it/help/client-org-setup/#initial-setup-procedure/) for getting started administering a customer's organization. ## Create a client organization To create a client organization you must be a [Provider admin](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/): 1. Open the Provider Portal using the product switcher: ![Product switcher - Provider Portal](https://bitwarden.com/assets/4xn04Sj9u8n73TPxZUWi5f/dac0d56f47a05e2d8b28754e997a1391/2025-02-25_15-16-00.png) 2. Navigate to the [bank] **Clients** tab of the Provider Portal and select + **Add** → [business]**New client**: ![New client organization](https://bitwarden.com/assets/5WjBETB0YFm7TS1zpIHeSC/a22563b9172036b1c90bfb61d9ab310b/new_client_org_1.png) 3. On the New client organization screen - Select whether to create a **Teams** or **Enterprise**organization. - Enter an **Organization name**, **Client owner email**, and **Seats**. The amount of available unassigned seats, that is seats that you have paid for but aren't utilizing, will be shown on this screen. Should you go above this number, a number of additional seats purchased will be shown. [Learn more](https://bitwarden.com/it-it/help/provider-billing/). > [!NOTE] Owner invitation > An invitation will automatically be sent to the **Client owner email** to join the organization as an [owner](https://bitwarden.com/it-it/help/user-types-access-control/). 4. Once you are happy with the organization, select **Add organization**. Once created, navigating to the client organization from the Provider Portal will bring you to the organization vault, from which you can fully complete [initial setup](https://bitwarden.com/it-it/help/client-org-setup/#initial-setup-procedure/) and engage in [ongoing administration](https://bitwarden.com/it-it/help/manage-client-orgs/): ![Client organization vault ](https://bitwarden.com/assets/5fXREt9aHmnVgLLRPBs8yg/dbecd580231e8ea2f4eec2be224a1e64/2025-02-25_15-20-08.png) ## Initial setup procedure With your newly-created client organization, you are ready to start building the perfect solution for your customer. Exact setup will be different for each client organization depending on your customers' needs, but typically will involve the following steps: 1. **Create collections**. A good first step is to [create a set of collections](https://bitwarden.com/it-it/help/about-collections/#create-a-collection/), which provide an organizing structure for the vault items you will add to the vault in the next step. Common collections patterns include **Collections by Department** (for example, users in the client's Marketing Team are assigned to a **Marketing** collection) or **Collections by Function** (such as users from the client's Marketing Team are assigned to a **Social Media** collection): ![Collections](https://bitwarden.com/assets/6kJ7wMESirqmkfZ8KlfK09/9210ef5cf3cd2442b429760edb98001f/collections-graphic-1.png) 2. **Import data**. Once the structure of how you will store vault items is in place, you can begin i[mporting data to the organization](https://bitwarden.com/it-it/help/import-to-org/). > [!NOTE] Provider restricted access > Note that, as a provider user, you will not be able to directly view, create, or manage individual items. 3. **Configure enterprise policies**. Before beginning the user management portion of setup, [configure enterprise policies](https://bitwarden.com/it-it/help/policies/) in order to set rules-of-use for things such as [master password complexity](https://bitwarden.com/it-it/help/policies/#master-password-requirements/), [use of two-step login](https://bitwarden.com/it-it/help/policies/#require-two-step-login/), and [admin password reset](https://bitwarden.com/it-it/help/account-recovery/#master-password-reset/). > [!NOTE] Enterprise policies availability > Enterprise Policies are **only available to Enterprise organizations**. 4. **Setup login with SSO**. If your customer uses single sign-on (SSO) to authenticate with other applications, [connect Bitwarden with their IdP](https://bitwarden.com/it-it/help/about-sso/) to allow authentication with Bitwarden using end-users' SSO credentials. 5. **Create user groups**. For Teams and Enterprise organizations, [create a set of groups](https://bitwarden.com/it-it/help/about-groups/#create-a-group/) for scalable permissions assignment. When you start adding users, add them to groups to have each user automatically inherit the group's configured permissions (such as access to specific collections). One common group-collection pattern is to create **Groups by Department** and **Collections by Function**, for example: ![Collections](https://bitwarden.com/assets/6qodHGqBPABEFv3XJxaOUe/780cd4624a5d0a5fe315677968003e2d/collections-graphic-2.png) 6. **Start inviting users**. Now that the infrastructure for the secure and scalable sharing of credentials is in place for your client, you can begin [inviting users to the organization](https://bitwarden.com/it-it/help/managing-users/#add-new-members/). To ensure the security of the organization, Bitwarden applies a three-step process for onboarding new users, **Invite** → **Accept**→ **Confirm**. > [!TIP] SCIM & BWDC for Providers. > **If your customer uses directory service** or IdP (active directory, an LDAP, Okta, and more), use [SCIM](https://bitwarden.com/it-it/help/about-scim/) or [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) to automatically sync organization users from the source directory and automatically issue invitations. --- URL: https://bitwarden.com/it-it/help/cloud-setup-checklist/ --- # Cloud setup checklist With cloud hosting, Bitwarden manages the infrastructure, security, and operational responsibilities. Use this checklist to understand the organizational and user management requirements for cloud deployments. ## Pre-deployment planning - Determine cloud server region (US, EU) - Choose authentication strategy (Email or SSO via identity provider) - Select encryption type (Master Password or Trusted Device) - Define user provisioning approach (Manual, Directory Connector, SCIM, Just-in-Time SSO) - Define vault ownership strategy (Individual vaults vs. Organization-only) - Identify user groups for rollout phases **Support links:** - [Server geographies](https://bitwarden.com/it-it/help/server-geographies/) - [Bitwarden authentication guide](https://bitwarden.com/it-it/resources/reference-guide-bitwarden-authentication/) - [Bitwarden implementation guide ](https://bitwarden.com/it-it/resources/bitwarden-enterprise-password-manager-implementation-guide/) ## Stakeholder selections Select key roles: - Project lead - Identity provider admin - Executive sponsor - Security and compliance admin - Support/help desk admin - Device management admin (for client deployment) - Business continuity admin - Directory/user management admin ## Security and compliance decisions - Determine cloud server region (US, EU) - Choose authentication strategy (Email or SSO via identity provider) - Select encryption type (Master Password or Trusted Device) - Define user provisioning approach (Manual, Directory Connector, SCIM, Just-in-Time SSO) - Define vault ownership strategy (Individual vaults vs. Organization-only) - Identify user groups for rollout phases **Support links:** - [SSO integration ](https://bitwarden.com/it-it/help/about-sso/) - [SCIM](https://bitwarden.com/it-it/help/about-scim/) - [Directory Connector](https://bitwarden.com/it-it/help/directory-sync-cli/) ## Organizational build-out and configuration - Identify Organization Owner(s) (recommend two for redundancy) - Add additional administrators to the organization - Configure enterprise policies (before user invitation) - Select collection management settings - Create collections for administrators and users to share - Create groups for managing users - Assign collections to groups - Test 'Read Only' and 'Hide Password' options - Add test items to collections **Support links:** - [Bitwarden implementation guide](https://bitwarden.com/it-it/resources/bitwarden-enterprise-password-manager-implementation-guide/) - [Least privilege access](https://bitwarden.com/it-it/blog/additional-enterprise-options-for-least-privileged-access-control/#flexible-collections-options-for-your-organization/) ## User provisioning and directory integration - Enable SCIM provisioning in admin console - Configure identity provider - Map user attributes and group memberships - Test SCIM synchronization - Download and install directory connector - Configure sync filters, user/group mappings **Support links:** - [Enable SCIM provisioning](https://bitwarden.com/it-it/help/about-scim/) - [Microsoft Entra ID SCIM Integration](https://bitwarden.com/it-it/help/microsoft-entra-id-scim-integration/) - [JumpCloud SCIM Integration](https://bitwarden.com/it-it/help/jumpcloud-scim-integration/) - [OneLogin SCIM Integration](https://bitwarden.com/it-it/help/onelogin-scim-integration/) - [Ping Identity SCIM Integration](https://bitwarden.com/it-it/help/ping-identity-scim-integration/) ## Deployment and go-live preparation - Complete final security review and sign off from stakeholders - Set up production monitoring and alerting systems - Coordinate with network and security teams for go-live ## Monitoring - Monitor system performance and adoption metrics - Conduct post-implementation review with stakeholders - Plan ongoing maintenance and update procedures - Document lessons learned and process improvements - Schedule regular security audits and policy reviews **Support links:** - [Vault health reports](https://bitwarden.com/it-it/help/reports/) ## Change management and training - Develop communication plan for organization - Create timeline for rollout announcements and milestones - Prepare exec updates on security benefits and ROI - Schedule admin and end-user training - Plan ongoing communication and feedback channels - Set up support processes and escalation procedures --- URL: https://bitwarden.com/it-it/help/cloudflare-zero-trust-sso-implementation/ --- # Cloudflare Zero Trust SSO This article contains **Cloudflare Zero Trust-specific** help for configuring login with SSO. Cloudflare Zero Trust is a cloud-based identity and access management platform that can integrate with multiple identity providers (IdPs). You can also configure gateways and tunneling for secure access to the platform. > [!NOTE] CFZT prerequisite information > Cloudflare Zero Trust can be configured with any IdP that operates using SAML 2.0 or OIDC SSO configurations. If you are not familiar with these configurations, refer to these articles: > > - [SAML 2.0 Configuration](https://bitwarden.com/it-it/help/configure-sso-saml/) > - [OIDC Configuration](https://bitwarden.com/it-it/help/configure-sso-oidc/) ## Why use Cloudflare Zero Trust with SSO? Cloudflare Zero Trust is a cloud-based proxy identity and access management platform that can integrate with multiple identity providers (IdPs). The benefit of using Cloudflare Zero Trust in addition to your standard IdP is its ability to configure multiple IdPs for login. Cloudflare Zero Trust can provide SSO access to Bitwarden from multiple separate directories, or sets of users within a directory. ## Open SSO in the web app > [!NOTE] Bitwarden requires SAML 2.0 > Cloudflare will only support SAML via the Access Application Gateway. This means that the **SAML 2.0** must be selected in the Bitwarden configuration. OIDC authentication can still be configured from the IdP and Cloudflare. Log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) Open your organization's **Settings** → **Single sign-on** screen: ![SAML 2.0 configuration ](https://bitwarden.com/assets/20720mRAluo6crSdTiYJrn/1175889d7f6ab42fe7614f34cdd1dcdd/2024-12-04_09-41-15.png) If you haven't already, create a unique **SSO identifier**for your organization and select **SAML**from the the **Type**dropdown. Keep this screen open for easy reference. You can turn off the **Set a unique SP entity ID**option at this stage if you wish. Doing so will remove your organization ID from your SP entity ID value, however in almost all cases it is recommended to leave this option on. > [!TIP] Self-hosting, use alternative Member Decryption Options. > There are alternative **Member decryption options**. Learn how to get started using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). ## Create a Cloudflare Zero Trust login method Create a Cloufdlare Zero Trust login method: 1. Navigate to [Cloudflare Zero Trust](https://dash.cloudflare.com/login) and log in or create an account. 2. Configure a domain, which will act as the URL used by your users to access your applications or **App Launcher**, for example `https://my-business.cloudflareaccess.com/`. From the Cloudflare Zero Trust menu , select **Settings**→**Custom Pages**: ![Team domain setting](https://bitwarden.com/assets/4lN2NFw46RAynArFfiW3kD/6dfd8ef5b844347a60f9e230b9736450/2024-12-16_15-43-43.png) 3. Begin configuring the first login method by navigating to **Settings**→ **Authentication**→ **Add new.** 4. Select the login method to connect to Cloudflare Zero Trust. If the IdP you are using is not present on the IdP list, use the SAML or OIDC generic options. In this article, Okta will be used as an example: ![Cloudflare Zero Trust IdP list ](https://bitwarden.com/assets/5Zk3txh2X9fhcPVpMZVJPC/18ad36aaf277af50df063c96f89804e8/Screen_Shot_2022-10-11_at_4.17.21_PM.png) > [!NOTE] Google Workspace app cannot be used for login methos > Google Workspace users should select the generic **SAML** setup during this step. The Google Workspace login method may result in errors. 5. After selecting your chosen IdP login method, follow the in-product guide provided by Cloudflare for integrating your IdP. > [!NOTE] Disable support groups cfzt > If the IdP you are using has a **support groups** feature, this option must be **disabled**. Bitwarden does not support group based claims, enabling this option will result in an XML element error on the Bitwarden end. ## Create a Cloudflare Zero Trust application After an IdP has been configured, you'll have to create a Cloudflare Zero Trust application for Bitwarden. **In this example we'll create a SAML application**: 1. Navigate to **Access**→ **Applications**→ **Add an application**and then select **SaaS**. ![CFZT add an application](https://bitwarden.com/assets/70oK8FUQYXpKEvX00NZ9ai/a065258c17b5b01360a6aed574ce2192/2024-07-08_10-46-37.png) 2. On the following screen, add an Application name such as **Bitwarden**. Then, Select the authentication protocol, **SAML**. Once complete, select **Add application**. ![Add an application Cloufflare Zero Trust](https://bitwarden.com/assets/1zm03fKF8Nqu30YbH7duoo/58e66188a1437c3339daee414d7f9bb3/2024-07-08_10-43-34.png) 3. In the Bitwarden web vault, open your organization and navigate to the **Settings**→ **Single Sign-On** screen. Use information from the web vault to fill-in information on the **Configure app**screen: | **Key** | **Description** | |------|------| | **Application** | Enter `Bitwarden`. | | **Entity ID** | Copy the **SP entity ID**from the Bitwarden Single Sign-On page into this field. | | **Assertion Consumer Service URL** | Copy the **Assertion consumer service (ACS) URL**from the Bitwarden Single Sign-On page into this field. | | **Name ID Format** | Select **Email**from the dropdown menu. | > [!NOTE] CFZT OIDC > For the generic OIDC configuration, the Auth URL, Token URL, and Certificate URL can be located with the well-known URL. 4. Scroll down to the **Identity providers** menu. Select the IdP(s) that you configured in the previous section, scroll back to the top, and select **Next.** 5. Next, create access policies for user access to the application. Complete the **Policy name**, **Action**, and **Session duration**fields for each policy. 6. You can choose to assign a group policy (**Access**→ **Groups**) or explicit user policy rules (such as emails, "emails ending in", "country", or "everyone"). In the following example, the group "Anon Users" has been included in the policy. An additional rule has been added as well to include emails ending in the chosen domain: ![CFZT app policy](https://bitwarden.com/assets/2VCZsMzbeUtuO9jx1oh6g7/a1fbe343872934b796ce486cf46835fb/Screen_Shot_2022-10-12_at_10.55.31_AM.png) > [!NOTE] User access to the app launcher > You can also apply user access through the **App Launcher**for access to the Bitwarden login with SSO shortcut. This can be managed by navigating to **Authentication**→ **App Launcher**→ **Manage**. The application policies in the above example can be duplicated or generated here. 7. Once access policies have been configured, scroll to the top and select **Next**. 8. While on the **Setup** screen, copy the following values and input them into their respective fields on the Bitwarden **Single Sign-On**page: | **Key** | **Description** | |------|------| | **SSO endpoint** | The SSO endpoint directs where your SaaS application will send login requests. This value will be entered into the **Single Sign On Service URL** field in Bitwarden. | | **Access Entity ID or Issuer** | The Access Entity ID or Issuer is the unique identifier of your SaaS application. This will value will be entered into the **Entity ID** field on Bitwarden. | | **Public key** | The Public key is the access public certificate that will be used to verify your identity. This value will be entered into the **X509 Public Certificate** field on Bitwarden. | 9. After the values have been entered into Bitwarden, select **Save**on the Bitwarden Single Sign-On screen and select **Done**on the Cloudflare page to save the application. 10. To create a bookmark to the Bitwarden login with SSO screen, select **Add an application**→ **Bookmark**. Check that the Bookmark is visible in the **App launcher**. ## Test the configuration Once your configuration is complete, test it by navigating to [https://vault.bitwarden.com](http://www.vault.bitwarden.com/) or [https://vault.bitwarden.eu](https://vault.bitwarden.eu/), entering your email address and selecting the **Use single sign-on** button: ![Log in options screen](https://bitwarden.com/assets/3BdlHeogd42LEoG06qROyQ/c68021df4bf45d72e9d37b1fbf5a6040/login.png) Enter the configured organization identifier and select **Log In**. If your implementation is successfully configured, you will be redirected to a Cloudflare Access screen, where you can select the IdP to login with: ![Cloudflare IdP selection](https://bitwarden.com/assets/5SyHu8lc0ZJqjpL4hF53ie/b0d661e6772b58f681c47b7b01ebbaa0/Screen_Shot_2022-10-12_at_5.15.39_PM__2_.png) After selecting your IdP, you will be directed to your IdP login page. Enter in the information used to login via your IdP: ![CFZT IdP login](https://bitwarden.com/assets/7Avc5GWZaeGSk59v3rZ531/3be901d4f137012ef6d1e3cb13d9a4eb/Screen_Shot_2022-10-13_at_4.45.02_PM.png) After you authenticate with your IdP credentials, enter your Bitwarden credentials to decrypt your vault! --- URL: https://bitwarden.com/it-it/help/collection-management/ --- # Collection Settings [Collection](https://bitwarden.com/it-it/help/about-collections/) management settings are a set of organization-wide rules that interact directly with [member roles](https://bitwarden.com/it-it/help/user-types-access-control/) and [collection permissions](https://bitwarden.com/it-it/help/collection-permissions/) to allow or limit certain actions for certain user populations. These settings can only be set by an organization owner from the Admin Console's **Settings **→ **Organization info** view. > [!NOTE] Roles, settings, and permissions overview > These member permissions work together to determine collection access: > > - [Member roles](https://bitwarden.com/it-it/help/user-types-access-control/) define who can do organization-level actions. > - [Collection settings](https://bitwarden.com/it-it/help/collection-management/) specify which member roles can create, manage, or delete collections **across the entire organization**. > - [Collection permissions](https://bitwarden.com/it-it/help/collection-permissions/) control what actions a specific user or group can take **within a single collection**. ## List of settings ### Allow owners and admins to manage all collections and items from the Admin Console This option interacts with the [owner and admin member roles](https://bitwarden.com/it-it/help/user-types-access-control/) to determine whether that user population has automatic access to all collections, and therefore all items, in your organization. | **On** | When on, owners and admins gain the equivalent of the [Manage collection permission](https://bitwarden.com/it-it/help/collection-permissions/) for all collections in your organization. Functionally, this means that owners and admins can alter or remove any collection, alter or remove the items in any collection, alter or remove the groups and members assigned to any collection, and alter the collection permissions assigned to any group or member for any collection. This does not include access to active users' [My Items](https://bitwarden.com/it-it/help/my-items/) if your organization uses the[ Centralize organization ownership](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) policy. | |------|------| | **Off** | When off, collections can only be managed in the above manner by members with the [Manage collection permission](https://bitwarden.com/it-it/help/collection-permissions/) specifically assigned to them. Owners and admins will only have access to collections to which they have permissions directly assigned. This does not prevent owners and admins from exporting all organization owned data, excluding organization member's individual [My Items](https://bitwarden.com/it-it/help/my-items/) locations. To prevent the possibility of orphaned collections, an **Add Access**badge will be displayed in the Collections view for any collection that does not have a member with [Manage collection](https://bitwarden.com/it-it/help/user-types-access-control/) permission. Owners and admins will **temporarily** gain access to these collections until they assign a member that permission. | > [!TIP] Using flexible collections option 2 > This option is suited for you if, for example, your IT team requires access to all vault items associated with your organization for regular auditing. ### Restrict collection creation to owners and admins This option interacts with the [owner and admin member roles](https://bitwarden.com/it-it/help/user-types-access-control/) to determine whether **only** that user population has the ability to create collections. | **On** | When on, only owners and admins can create collections. This user population will be required to create your organization's collection structure on behalf of your users, but can assign individual users to manage the items and people in those collections once created. | |------|------| | **Off** | When off, members with any role can create collections for themselves and their team. Members who create a collection will automatically have [Manage collection](https://bitwarden.com/it-it/help/user-types-access-control/) permission over that collection. | > [!TIP] Manage collection permission > Even if turned **on**, any user can still be granted [Manage collection permission](https://bitwarden.com/it-it/help/collection-permissions/) for a collection so that they can manage its members and contents once created. ### Restrict collection deletion to owners and admins This option interacts with the [owner, admin, and certain custom member roles](https://bitwarden.com/it-it/help/user-types-access-control/) to determine whether **only** that user population has the ability to delete collections. When on, this option also has downstream impact on the [Manage collection](https://bitwarden.com/it-it/help/user-types-access-control/) permission. | **On** | When on, only owners, admins, and custom role members with the **Delete any collection** permission can delete collections. Functionally, this option supersedes the ability to delete a collection that would have been granted to members with the [Manage collection](https://bitwarden.com/it-it/help/user-types-access-control/) permission. | |------|------| | **Off** | When off, members with any role can delete collections provided they have [Manage collection](https://bitwarden.com/it-it/help/user-types-access-control/) permission over the collection they'd like to delete. | ### Restrict item deletion to members with the Manage collection permissions This option interacts with the [Manage collection permission](https://bitwarden.com/it-it/help/collection-permissions/) to determine whether **only**that user population has the ability to delete items. When off, this option also has downstream impact on the [Can edit permissions](https://bitwarden.com/it-it/help/collection-permissions/). | **On** | When on, only users with the [Manage collection](https://bitwarden.com/it-it/help/user-types-access-control/) permission will be able to delete collection items. | |------|------| | **Off** | When off, users with [Can edit and Can edit, hidden passwords](https://bitwarden.com/it-it/help/collection-permissions/) permissions will also have the ability to delete collection items. | --- URL: https://bitwarden.com/it-it/help/collection-permissions/ --- # Collection Permissions Collection permissions determine what a [group](https://bitwarden.com/it-it/help/about-groups/) or member can do with items in a particular collection, like modifying items or changing who has access to the collection. > [!NOTE] Roles, settings, and permissions overview > These member permissions work together to determine collection access: > > - [Member roles](https://bitwarden.com/it-it/help/user-types-access-control/) define who can do organization-level actions. > - [Collection settings](https://bitwarden.com/it-it/help/collection-management/) specify which member roles can create, manage, or delete collections **across the entire organization**. > - [Collection permissions](https://bitwarden.com/it-it/help/collection-permissions/) control what actions a specific user or group can take **within a single collection**. ## Assign collection permissions Collection permissions are set when a member or group is first [assigned to a collection](https://bitwarden.com/it-it/help/assign-users-to-collections/). Depending on [member roles](https://bitwarden.com/it-it/help/user-types-access-control/) and [collection settings](https://bitwarden.com/it-it/help/collection-management/), three types of users can update collection permissions: - Any member with the **Manage collection** collection permission within a collection can alter the permissions assigned to groups and members for that same collection. - [Custom role](https://bitwarden.com/it-it/help/user-types-access-control/#custom-roles/) members granted the **Edit any collection** permission can alter the collection permissions assigned to groups and members for any collection. - All owners and admins can alter collection permissions for any collection if the **Owners and admins can manage all collections and items** setting is turned on. To review or update collection permissions: 1. Open the collection in your vault. 2. Select the [angle-down] **Arrow icon** next to the collection’s name. 3. Select **Access**: ![Edit collection permissions](https://bitwarden.com/assets/6tRILg5xNTKEkrEKBmYrGZ/7bf2c7425a0ee905821e34e5c42fab7e/Edit_collection_permissions.png) *Edit collection permissions* 4. From the **Permission** dropdown menu, choose a permission level for that group or member. 5. Select **Save**. > [!TIP] Check collection access via Member access report > Enterprise organizations can review the [Member access report](https://bitwarden.com/it-it/help/reports/#member-access/) to learn which collection(s) members have access to, their level of permission within each assigned collection, and more. ## Permissions The following table lists what each collection permission allows and when collection settings or member roles may affect them. By default, users and groups receive **View items** permission. > [!TIP] Breadth of assigning permissions vs. roles > While [member roles](https://bitwarden.com/it-it/help/user-types-access-control/#member-role/) are set at an individual-member level, [permissions](https://bitwarden.com/it-it/help/collection-permissions/) can be set for an individual member or an entire group. **Permissions assigned at the member level will override permissions set at a group level.** | **Action** | **View items** | **View items, hidden passwords** | **Edit items** | **Edit items, hidden passwords** | **Manage collection** | |------|------|------|------|------|------| | View shared items in an assigned collections | ✓ | ✓ | ✓ | ✓ | ✓ | | View shared items’ [hidden fields](https://bitwarden.com/it-it/help/custom-fields/) in an assigned collection | ✓ | [close] | ✓ | [close] | ✓ | | Can autofill shared items, including [hidden fields](https://bitwarden.com/it-it/help/custom-fields/) *Hidden fields limit but don't prevent access. Treat hidden passwords as shared credentials. | ✓ | ✓ | ✓ | ✓ | ✓ | | Add items to an assigned collection | [close] | [close] | ✓ | ✓ | ✓ | | Add items in an assigned collection to a different collection | [close] | [close] | ✓ | ✓ | ✓ | | Edit items in an assigned collection | [close] | [close] | ✓ | ✓ | ✓ | | Edit hidden fields in an assigned collection | [close] | [close] | ✓ | [close] | ✓ | | Remove items from an assigned collection | [close] | [close] | ✓ | [close] | ✓ | | Delete items from an assigned collection | [close] | [close] | ✓ if the **Restrict item deletion to members with the Manage collection permission**[setting](https://bitwarden.com/it-it/help/collection-management/#restrict-item-deletion-to-members-with-the-manage-collection-permissions/) is turned off | ✓ if the **Restrict item deletion to members with the Manage collection permission**[ setting](https://bitwarden.com/it-it/help/collection-management/#restrict-item-deletion-to-members-with-the-manage-collection-permissions/) is turned off | ✓ | | Delete an assigned collection | [close] | [close] | [close] | [close] | ✓ *The **user** [member role](https://bitwarden.com/it-it/help/user-types-access-control/#default-roles/) cannot delete an assigned collection when the **Restrict collection deletion to owners and admins**[setting](https://bitwarden.com/it-it/help/collection-management/#restrict-collection-deletion-to-owners-and-admins/) is turned on. | | Manage member and group access to an assigned collection | [close] | [close] | [close] | [close] | ✓ | | Export data from an assigned collection | [close] | [close] | [close] | [close] | ✓ | > [!NOTE] Export org data > The following [member roles](https://bitwarden.com/it-it/help/user-types-access-control/) can [export organization vault data](https://bitwarden.com/it-it/help/export-organization-items/) even if they do not have the **Manage collection** permission: > > - Owner > - Admin > - Custom role with the **Access import/export** permission > [!WARNING] Hidden Passwords > **Hidden passwords permissions**: Users may still use passwords via autofill. While hiding passwords prevents easy copy-and-paste, it does not completely prevent user access to this information. Treat hidden passwords as you would any shared credential. ## Next steps - [Learn about collections](https://bitwarden.com/it-it/help/about-collections/) at a conceptual level. - [Create a collection](https://bitwarden.com/it-it/help/create-collections/) that you can add shared items to. - [Share items with organization members](https://bitwarden.com/it-it/help/sharing/) through your new collection. - [Assign groups and members](https://bitwarden.com/it-it/help/assign-users-to-collections/) access to your new collection. - [Configure collection management settings](https://bitwarden.com/it-it/help/collection-management/) for your organization. --- URL: https://bitwarden.com/it-it/help/condition-bitwarden-import/ --- # Import from a Custom File This article describes how to format` .csv` and `.json` files for importing into Bitwarden. The formats are identical to [Bitwarden vault exports](https://bitwarden.com/it-it/help/export-your-data/). To select a file type and format, determine the destination vault and which item types you need to import: - Format your file based on whether you're importing to an [individual](https://bitwarden.com/it-it/help/import-data/#import-to-your-individual-vault/) or [organization vault](https://bitwarden.com/it-it/help/import-to-org/#import-to-an-organization-vault/). - Bitwarden `.csv` files only include logins and secure notes. If you need to also handle identities and cards, use a `.json` file. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ## Condition a .csv ### .csv for individual vault ⬇️ [Download sample csv](https://bitwarden.com/assets/4j3wYIYVQYW2MZUBogVxM3/2299910bb8fc93f6a8916d870be0458c/bitwarden_export.csv) Create a UTF-8 encoded plaintext file with the following header as the first line in the file: ``` folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp ``` For example: ``` folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp Social,1,login,Twitter,,,0,twitter.com,me@example.com,password123, ,,login,EVGA,,,,https://www.evga.com/support/login.asp,hello@bitwarden.com,fakepassword,TOTPSEED123 ,,login,My Bank,Bank PIN is 1234,"PIN: 1234",,https://www.wellsfargo.com/home.jhtml,john.smith,password123456, ,,note,My Note,"This is a secure note.",,,,, ``` When importing this file, select **Bitwarden (csv)** as your file format. ### .csv for organization ⬇️ [Download sample csv](https://bitwarden.com/assets/YYnGrBJO8O5Xv2O0dFW9Z/6de667ded7567da41dcdf4af5186311a/bitwarden_export_org.csv) Create a UTF-8 encoded plaintext file with the following header as the first line in the file: ``` collections,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp ``` For example, ``` collections,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp "Social,Marketing",login,Twitter,,,0,twitter.com,me@example.com,password123, "Finance",login,My Bank,"Bank PIN is 1234","PIN: 1234",0,https://www.wellsfargo.com/home.jhtml,john.smith,password123456, "Finance",login,EVGA,,,0,https://www.evga.com/support/login.asp,hello@bitwarden.com,fakepassword,TOTPSEED123 "Finance",note,My Note,"This is a secure note.",,0,,, ``` > [!TIP] Conditioning nested collections into a .csv > If you're conditioning a `.csv` with nested collections, create dedicated entries for **each collection that does not have an an item in it**, for example: > > > ```bash > collections,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp > Parent Collection,,,,,,,,,, > Parent Collection/First Child Collection,,,,,,,,,, > Parent Collection/First Child Collection/Second Child Collection,login,Shared Credential,,,,https://website.com,username,password,, > ``` When importing this file, select **Bitwarden (csv)** as your file format. ### Minimum required values You may not have data for all the values shown in the above formats, however most are optional. In order for the Bitwarden `.csv` importer to function properly, you are only required to have the following values for any given object: ``` folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp ,,login,Login Name,,,,,, ,,note,Secure Note Name,,,,,, ``` ## Condition a .json ⬇️ [Download sample json](https://bitwarden.com/assets/2iwtn9YFqooYJmw1JWwCXa/8b03a95f1c27240c22a7578aa703f7b1/individual.json) ### .json for individual vault Create a UTF-8 encoded plaintext file in the following format: ``` { "folders": [ { "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "name": "Folder Name" }, ], "items": [ { "passwordHistory": [ { "lastUsedDate": "YYYY-MM-00T00:00:00.000Z", "password": "passwordValue" } ], "id": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy", "organizationId": null, "folderId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "type": 1, "reprompt": 0, "name": "My Gmail Login", "notes": "This is my gmail login for import.", "favorite": false, "fields": [ { "name": "custom-field-1", "value": "custom-field-value", "type": 0 }, ], "login": { "uris": [ { "match": null, "uri": "https://mail.google.com" } ], "username": "myaccount@gmail.com", "password": "myaccountpassword", "totp": "otpauth://totp/my-secret-key" }, "collectionIds": null }, ] } ``` When importing this file, select **Bitwarden (json)** as your file format. ### .json for organization ⬇️ [Download sample json](https://bitwarden.com/assets/2Pui1E5uLs2FSw6GhO6pdU/141c68c6ad63ea8f395067c02592ddbc/organization.json) Create a UTF-8 encoded plaintext file in the following format: ``` { "collections": [ { "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "organizationId": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy", "name": "My Collection", "externalId": null }, ], "items": [ { "passwordHistory": [ { "lastUsedDate": "YYYY-MM-00T00:00:00.000Z", "password": "passwordValue" } ], "id": "vvvvvvvv-vvvv-vvvv-vvvv-vvvvvvvvvvvv", "organizationId": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy", "folderId": "zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz", "type": 1, "reprompt": 1, "name": "Our Shared Login", "notes": "A login for sharing", "favorite": false, "fields": [ { "name": "custom-field-1", "value": "custom-field-value", "type": 0 }, ], "login": { "uris": [ { "match": null, "uri": "https://mail.google.com" } ], "username": "myaccount@gmail.com", "password": "myaccountpassword", "totp": "otpauth://totp/my-secret-key" }, "collectionIds": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" }, ] } ``` When importing this file, select **Bitwarden (json)** as your file format. ### Import to existing collections By conditioning your organization .`json` file appropriately, you can import new login items to pre-existing [collections](https://bitwarden.com/it-it/help/about-collections/). The following example demonstrates the proper format for importing a single item into a pre-existing collection. Note that you will need to: - Obtain organization and collection IDs. These can be obtained by navigating to the collection in your web app and pulling them from the address bar (e.g. `https://vault.bitwarden.com/#/organizations//vault?collectionId=`). - Define a `"collections": []` array that contains data for the pre-existing collection, including organization and collection IDs (see above) as well as its name. As long as these 3 data points match, a new collection will not be created on import and instead items in the file will be imported to the pre-existing collection. ``` { "encrypted": false, "collections": [ { "id": "b8e6df17-5143-495e-92b2-aff700f48ecd", "organizationId": "55d8fa8c-32bb-47d7-a789-af8710f5eb99", "name": "My Existing Collection", "externalId": null } ], "folders": [], "items": [ { "id": "2f27f8f8-c980-47f4-829a-aff801415845", "organizationId": "55d8fa8c-32bb-47d7-a789-af8710f5eb99", "folderId": null, "type": 1, "reprompt": 0, "name": "Item to Import", "notes": "A login item for sharing.", "favorite": false, "login": { "uris": [ { "match": null, "uri": "https://mail.google.com" } ], "username": "my_username", "password": "my_password", "totp": null }, "collectionIds": ["b8e6df17-5143-495e-92b2-aff700f48ecd"] } ] } ``` ### Minimum required key-value pairs You may not have data for all the key-value pairs shown in the above formats, however most are optional. In order for the Bitwarden `.json` importer to function properly, you are only required to have the following key-value pairs for each object: ``` { "items": [ { "type": 1, "name": "Login Item's Name", "login": {} }, { "type": 2, "name": "Secure Note Item's Name", "secureNote": {} }, { "type": 3, "name": "Card Item's Name", "card": {} }, { "type": 4, "name": "Identity Item's Name", "identity": {} } ] } ``` The `"login":`, `"secureNote":`, `"card":`, and `"identity":` objects can be imported as empty objects, however we recommend conditioning files with as much data as you are able. ## Import into Bitwarden Once your `.csv` or `.json` file is ready, import it to an [individual vault](https://bitwarden.com/it-it/help/import-data/#import-to-your-individual-vault/) or [organization vault](https://bitwarden.com/it-it/help/import-to-org/#import-to-an-organization-vault/). Select **Bitwarden (csv)** or **Bitwarden (json)** from the **File format** list. --- URL: https://bitwarden.com/it-it/help/configure-clients-selfhost/ --- # Connect Managed Devices When operating a self-hosted Bitwarden server in a business setting, administrators may want to centrally configure client application settings (particularly, Server URL) before deploying to users with an endpoint management platform. Settings are applied upon installation of the client application. These processes may also be helpful if you're using the [Bitwarden EU cloud server](https://bitwarden.com/it-it/help/server-geographies/). > [!NOTE] Server connections require https > While configuring your self-host server URL, `https:// `must be included in the URL. Addresses that do **not** include `https://` such as `my.server.com` or `http://my.server.com` will result in an error message. The process for doing so will be different for each client application: ## Browser extensions ### Chrome and Chromium The following steps assume that users do not yet have the Bitwarden browser extension installed on their machines. If they do, they will need to reset to pre-configured settings, which they will be prompted to do when following [this workflow](https://bitwarden.com/it-it/help/change-client-environment/#tab-browser-extension-4dQ4hW1QAwVBuReXk2Txx0/): ### Linux To pre-configure environment URLs for Linux: 1. Create one of the following directory structures if they do not already exist on your system: - For Chrome, `/etc/opt/chrome/policies/managed/` - For Chromium, `/etc/opt/chromium/policies/managed/` 2. In the `managed` folder, create a `bitwarden.json` file with the following contents: ``` { "3rdparty": { "extensions": { "nngceckbapebfimnlniiiahkandclblb": { "environment": { "base": "https://my.bitwarden.server.com" } } } } } ``` The extension ID (`nngceckbapebfimnlniiiahkandclblb`) will vary depending on your installation method. You can find your extension ID by navigating to your browser's extension menu (for example, `chrome://extensions`). Most installations will only require the `"base":` URL, however some unique setups may require you to enter URLs for each service independently: ``` { "3rdparty": { "extensions": { "nngceckbapebfimnlniiiahkandclblb": { "environment": { "base": "https://my.bitwarden.server.com", "webVault": "https://my.bitwarden.server.com", "api": "https://my.bitwarden.server.com", "identity": "https://my.bitwarden.server.com", "icons": "https://my.bitwarden.server.com", "notifications": "https://my.bitwarden.server.com", "events": "https://my.bitwarden.server.com" } } } } } ``` > [!NOTE] Link Configure Clients Centrally to Deploy via MDM (Linux) > If you'll be using the Chrome or Chromium Web Store version of Bitwarden, you can follow [these instructions](https://bitwarden.com/it-it/help/browserext-deploy/#linux/) to force install Bitwarden on end-user machines when you distribute managed policies. You can skip overlapping steps, like creating required directories. 3. As you will need to deploy these files to users' machines, we recommend making sure only admins can write files in the `/policies` directory. 4. Using your preferred software distribution or MDM tool, deploy the following to users' machines: - The Chrome or Chromium-based browser - `/etc/opt/{chrome or chromium}/policies/managed/bitwarden.json` > [!TIP] Linux Managed Chrome Help > For more help, refer to Google's [Chrome Browser Quick Start for Linux](https://support.google.com/chrome/a/answer/9025926?hl=en&ref_topic=9025817) guide. ### Windows To pre-configure environment URLs for Windows: 1. Open the Windows Group Policy Manager and create a new Group Policy Object (GPO) or use an existing GPO scoped for your end-users. 2. Edit the GPO and navigate to **User Configuration -> Preferences -> Windows Settings -> Registry.** 3. Right-click**Registry** in the file tree and select **New > Registry Item.** 4. Create a new Registry Item with the following properties: - **Action**: Update - **Hive**: `HKEY_LOCAL_MACHINE` - **Key Path**: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\\policy\environment` The `` will vary depending on your installation method. You can find your extension ID by navigating to your browser's extension menu (for example, `chrome://extensions`). > [!NOTE] Microsoft Edge keypath > While Microsoft edge is a Chromium based browser, the **Key Path** location is different than the input for Google Chrome. For Microsoft Edge, use the following key path: > > - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\\policy\environment` - **Value name**: `base` - **Value type**: `REG_SZ` - **Value data**: Your server's configured domain > [!NOTE] HKLM Registry Keys > Registry key management systems may omit `HKEY_LOCAL_MACHINE\` from the Full Key Path. `HKEY_LOCAL_MACHINE` is a Hive and is omitted from the Key Path if the system has a separate Hive setting. 5. Select **OK**once the item is configured. Most installations will only require the `base` URL, however some unique setups may require you to enter URLs for each service independently. If your setup requires this, repeat **Step 4** to create a new Registry Item for each of the following: - Value name: `webVault` - Value name: `api` - Value name: `identity` - Value name: `icons` - Value name: `notifications` - Value name: `events` > [!NOTE] Link Configure Clients Centrally to Deploy via MDM (macOS) > You can also use a GPO to force-install the browser extension. [Learn more](https://bitwarden.com/it-it/help/browserext-deploy/#windows/). ### macOS To pre-configure environment URLs for macOS: 1. Create a new file `com.google.chrome.extensions..plist`. The `` will vary depending on your installation method. You can find your extension ID by navigating to your browser's extension menu (for example, `chrome://extensions`). 2. In the created `.plist` file, add the following contents: ``` environment base https://my.bitwarden.server.com ``` Most installations will only require the `base` `` and `` pair, however some unique setups may require you to enter URLs for each service independently: ``` environment base https://my.bitwarden.server.com webVault https://my.bitwarden.server.com api https://my.bitwarden.server.com> identity https://my.bitwarden.server.com icons https://my.bitwarden.server.com notifications https://my.bitwarden.server.com events https://my.bitwarden.server.com ``` 3. Convert the `.plist` file to a `.mobileconfig` configuration profile. > [!NOTE] Link Configure Clients Centrally to Deploy via MDM (macOS) > If you'll be using the Chrome or Chromium Web Store version of Bitwarden, you can follow [these instructions](https://bitwarden.com/it-it/help/browserext-deploy/#macos/) to force install Bitwarden on end-user machines by creating another configuration profile that can be distributed in the next step. 4. Using your preferred software distribution or MDM tool, install the following on users' machines: - The Chrome or Chromium-based browser - The `.mobileconfig` configuration profile ### Firefox ### Linux To pre-configure environment URLs for Linux: 1. Create a directory `/etc/firefox/policies`: ``` mkdir -p /etc/firefox/policies ``` 2. As you will need to deploy this directory and the files in it to users' machines, we recommend making sure old admins can write files in the `/policies` directory: ``` chmod -R 755 /etc/firefox/policies ``` 3. Create a `policies.json` file in `/etc/firefox/policies` and add the following contents: ``` { "policies": { "3rdparty": { "Extensions": { "{446900e4-71c2-419f-a6a7-df9c091e268b}": { "environment": { "base": "https://my.bitwarden.server.com" } } } } } } ``` Most installations will only require the `"base":` URL, however some unique setups may require you to enter URLs for each service independently: ``` { "policies": { "3rdparty": { "Extensions": { "{446900e4-71c2-419f-a6a7-df9c091e268b}": { "environment": { "base": "https://my.bitwarden.server.com", "webVault": "https://my.bitwarden.server.com", "api": "https://my.bitwarden.server.com", "identity": "https://my.bitwarden.server.com", "icons": "https://my.bitwarden.server.com", "notifications": "https://my.bitwarden.server.com", "events": "https://my.bitwarden.server.com" } } } } } } ``` 4. Using your preferred software distribution or MDM tool, deploy `/etc/firefox/policies/policies.json` to users' machines. ### Windows To pre-configure environment URLs for Windows: 1. Open the Windows Group Policy Manager and create a new Group Policy Object (GPO) or use an existing GPO scoped for your end-users. 2. Edit the GPO and navigate to **User Configuration > Preferences > Windows Settings > Registry**. 3. Right-click **Registry**in the file tree and select **New > Registry Item**. 4. Create a new Registry item with the following properties: - **Action**: Update - **Hive**: `HKEY_LOCAL_MACHINE` - **Key Path**: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}\environment` - **Value name**: `base` - **Value type**: `REG_SZ` - **Value data**: Your server's configured domain > [!NOTE] HKLM Registry Keys > Registry key management systems may omit `HKEY_LOCAL_MACHINE\` from the Full Key Path. `HKEY_LOCAL_MACHINE` is a Hive and is omitted from the Key Path if the system has a separate Hive setting. 5. Select **OK**once the item is configured. Most installations will only require the base URL, however some unique setups may require you to enter URLs for each service independently. If you setup requires this, repeat **Step 4** to create a new Registry item for each of the following: - Value name: `webVault` - Value name: `api` - Value name: `identity` - Value name: `icons` - Value name: `notifications` - Value name: `events` ### macOS To pre-configure environment URLs for macOS: 1. Remove the quarantining attribute automatically applied to Firefox by running the following command: ``` xattr -r -d com.apple.quarantine /Applications/Firefox.app ``` 2. Create a directory `/Applications/Firefox.app/Contents/Resources/distribution`. 3. Create a file `policies.json` in the `distribution` folder and add the following contents: ``` { "policies": { "3rdparty": { "Extensions": { "{446900e4-71c2-419f-a6a7-df9c091e268b}": { "environment": { "base": "https://my.bitwarden.server.com" } } } } } } ``` Most installations will only require the `"base":` URL, however some unique setups may require you to enter URLs for each service independently: ``` { "policies": { "3rdparty": { "Extensions": { "{446900e4-71c2-419f-a6a7-df9c091e268b}": { "environment": { "base": "https://my.bitwarden.server.com", "webVault": "https://my.bitwarden.server.com", "api": "https://my.bitwarden.server.com", "identity": "https://my.bitwarden.server.com", "icons": "https://my.bitwarden.server.com", "notifications": "https://my.bitwarden.server.com", "events": "https://my.bitwarden.server.com" } } } } } } ``` 4. Using your preferred software distribution or MDM tool, deploy `/etc/firefox/policies/policies.json` to users' machines. > [!NOTE] Central deployment to EU servers > In order to centrally deploy the Bitwarden browser extension to EU servers, `base` and `notifications` must be set to the EU cloud. For example: > > > ```plain text > "base": "https://vault.bitwarden.eu" > "notifications": "https://notifications.bitwarden.eu" > ``` > > If enabled correctly, user's browser extensions will display **Logging in on: self-hosted** but will still connect to bitwarden.eu. ## Desktop apps To centrally configure the Desktop app for deployment, first complete the following steps on a single workstation: 1. Install the Desktop app. If you're using Windows, silently install Bitwarden as an administrator using `installer.exe /allusers /S` (see [NSIS documentation](https://nsis.sourceforge.io/Docs/Chapter4.html#silent)). 2. Navigate to the Desktop app's locally stored settings. This directory is different depending on your OS (e.g. `%AppData%\Bitwarden` on Windows, `~/Library/Application Support/Bitwarden` on macOS). [Find your directory.](https://bitwarden.com/it-it/help/data-storage/) 3. In the directory, open the `data.json` file. 4. Edit `data.json` to configure the Desktop app as desired. In particular, create the following object to configure the app with your self-hosted Server URL: ``` "global_environment_environment": { "region": "Self-hosted", "urls": { "base": "self-host.com" } } ``` > [!TIP] EU instead of self-host desktop config > Customers using Bitwarden cloud servers may instead set `"region":` to `"US"` or `"EU"` to connect to those servers. 5. Once configured the way you want it, use your endpoint management solution of choice (like [Jamf](https://www.jamf.com/)) to deploy the pre-configured Desktop app as a template. > [!NOTE] Copy data.json after configuring in GUI > As an alternative to manually configuring the `data.json` file, you can assign `environmentUrls` using the Bitwarden desktop app. Select your desired region using the desktop app GUI, then close the app and[ locate your data.json file](https://bitwarden.com/it-it/help/data-storage/#on-your-local-machine/) in order to copy the environment variable information. If users are experiencing graphics or performance issues, Bitwarden includes settings that can be adjusted to improve performance. [See Password Manager FAQs](https://bitwarden.com/it-it/help/product-faqs/#q-does-bitwarden-have-any-settings-that-can-be-adjusted-for-graphics-or-performance/). ## Mobile apps Most Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions allow administrators to pre-configure applications before deployment in a standard fashion. To pre-configure Bitwarden Mobile apps to use your self-hosted Server URL, construct the following Application Configuration: | **Configuration Key** | **Value Type** | **Configuration Value** | |------|------|------| | `baseEnvironmentUrl` | string | Your self-hosted Server URL, for example `https://my.bitwarden.server.com`. | ## Web app For users of the web app, Bitwarden recommends using your endpoint, group policy, or mobile device management tool to setup a bookmark or desktop shortcut pointing to the appropriate web app URL (for example, `https://vault.bitwarden.eu` or your self-hosted server). Learn how to [deploy managed bookmarks using Google Admin Console](https://support.google.com/chrome/a/answer/10265060?hl=en#zippy=%2Cadd-a-bookmark). --- URL: https://bitwarden.com/it-it/help/configure-push-relay/ --- # Configure Push Relay By default, your self-hosted Bitwarden server is configured to communicate with Bitwarden's push relay service (`https://push.bitwarden.com`). You can configure the server with your own push relay service, connect to the EU push relay service (`https://push.bitwarden.eu`) if you're using the [EU cloud](https://bitwarden.com/it-it/help/server-geographies/), or disable push relay entirely. > [!WARNING] Disable Push Relay > Disabling push relay will prevent **mobile apps** from receiving push notifications, which may impact: > > - The ability for the app to [automatically sync](https://bitwarden.com/it-it/help/vault-sync/#automatic-sync/). Users will still be able to [manually sync](https://bitwarden.com/it-it/help/vault-sync/#manual-sync/). > - The ability for the app to automatically log users out, which may be relevant when rotating an encryption key or during offboarding. > - The ability for the app to automatically register that the user is revoked or removed from an organization, which may cause access to organization items to persist longer than intended. For each self-hosted server that uses the Bitwarden push relay service, Bitwarden collects a record including a timestamp for the most recent connection to the service and the initiating server's installation ID. ## Disable push relay To disable push relay for standard server installations: 1. Open `./bwdata/config.yml`. 2. Change the `push_notifications: true` attribute to `false`. 3. Run `./bitwarden.sh rebuild` to apply your changes. To disable push relay for offline and manual server installations: 1. Open `./bwdata/env/global.override.env`. 2. Add the line `globalSettings__pushRelayBaseUri= `(the variable should be **blank**). 3. Restart Bitwarden to apply the changes. --- URL: https://bitwarden.com/it-it/help/configure-self-hosted-environment-with-forward-proxy/ --- # Configure Self-hosted environment with forward proxy > [!NOTE] Proxy env setup required > Configuration using a forward proxy should be completed by advanced users only. This guide does not address setup of the forward proxy itself. This article demonstrates the necessary configurations required to route your Bitwarden self-hosted instance's traffic through a forward proxy. At this time, only Linux Docker Compose environments will support this proxy environment. > [!NOTE] Linux deployment setup required > In order to configure the forward proxy, follow the deployment steps for your Bitwarden self-hosted instance up to and including create a [Bitwarden local users & directory.](https://bitwarden.com/it-it/help/install-on-premise-linux/#create-bitwarden-local-user-directory/) - [Linux standard deployment](https://bitwarden.com/it-it/help/install-on-premise-linux/) - [Linux manual deployment](https://bitwarden.com/it-it/help/install-on-premise-manual/) - [Linux offline deployment](https://bitwarden.com/it-it/help/install-and-deploy-offline/) Once your self-host environment has been configured through the **Create Bitwarden local user & directory** step, you may return to this guide and continue with the forward proxy configuration. ## Configure Docker to forward to your proxy Configure Docker to route traffic through our your configured proxy: 1. Create and access `systemd` override file: ```bash # Create directory for docker.service.d sudo mkdir -p /etc/systemd/system/docker.service.d # create and edit http-proxy.conf in the new directory sudo nano -w /etc/systemd/system/docker.service.d/http-proxy.conf ``` 2. In the new file, we are going to add configuration to instruct the proxy to pull `HTTP` and `HTTPS` requests through the proxy environment, for example: ```bash [Service] Environment="HTTP_PROXY=http://10.138.0.3:3128" Environment="HTTPS_PROXY=http://10.138.0.3:3128" Environment="NO_PROXY=localhost,nginx,admin,mssql,sso,web,attachments,icons,notifications,identity,api,events" ``` > [!NOTE] retrieve docker.service.d information > Retrieve the information for the `docker.service.d` file from your proxy configuration file. 3. Apply changes: ```bash sudo systemctl daemon-reload ``` > [!NOTE] Proxy settings require sudo access > Configuring the proxy and any build-specific firewall configurations will require root access and sudo permission. These steps should be done before installing Bitwarden. When installing and setting up a Bitwarden self-host instance, using a dedicated Bitwarden user is required. 4. Restart Docker: ```bash systemctl restart docker ``` ## Edit Bitwarden local user & directory Now that you have configured Docker to send traffic through the forward proxy, additional client configurations will be required for the forward proxy setup: 1. Create a .config directory in the `/opt/bitwarden.docker` & `/home/bitwarden`.`docker` locations: ```bash mkdir /opt/bitwarden/.docker && mkdir /home/bitwarden/.docker ``` 2. Create `config.json` file and add configurations for the Docker client: ```bash sudo nano -w /opt/bitwarden/.docker/config.json # add configurations to config.json { "proxies": { "default": { "httpProxy": "http://10.138.0.3:3128", "httpsProxy": "http://10.138.0.3:3128", "noProxy": "localhost,nginx,admin,mssql,sso,web,attachments,icons,notifications,identity,api,events" } } } ``` 3. Copy `config.json` to the `bitwarden` user's `/home/` directory: ```plain text sudo cp /opt/bitwarden/.docker/config.json /home/bitwarden/.docker ``` ## Next steps Once the Docker configuration has been completed, we can continue with the Linux self-hosted install procedure. For each deployment guide ([Linux standard deployment](https://bitwarden.com/it-it/help/install-on-premise-linux/), [Linux manual deployment](https://bitwarden.com/it-it/help/install-on-premise-manual/), and [Linux offline deployment](https://bitwarden.com/it-it/help/install-and-deploy-offline/)) users will start **after**the **Create Bitwarden local user & directory**step to complete the self-hosted installation. --- URL: https://bitwarden.com/it-it/help/configure-sso-oidc/ --- # Generic OIDC ## Step 1: Set an SSO identifier Users who [authenticate their identity using SSO](https://bitwarden.com/it-it/help/using-sso/#login-using-sso/) will be required to enter an **SSO identifier** that indicates the organization (and therefore, the SSO integration) to authenticate against. To set a unique SSO Identifier: 1. Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Navigate to **Settings** → **Single sign-on**, and enter a unique **SSO Identifier** for your organization: ![Enter an identifier ](https://bitwarden.com/assets/6pr4tqMnrLCvwDBMlba5x7/7ef7563f7017f58adffff5d15ac68512/2024-12-04_09-39-25.png) 3. Proceed to **Step 2: Enable login with SSO**. > [!NOTE] Sharing organization identifier > You will need to share this value with users once the configuration is ready to be used. ## Step 2: Enable login with SSO Once you have your SSO identifier, you can proceed to enabling and configuring your integration. To enable login with SSO: 1. On the **Settings** → **Single sign-on** view, check the **Allow SSO authentication** checkbox: ![OIDC configuration](https://bitwarden.com/assets/51wSToXTHHVmBCrLrE8T0E/85aa432ea19eadf0195317f4f233e973/2024-12-04_09-41-46.png) 2. From the **Type** dropdown menu, select the **OpenID Connect** option. If you intend to use SAML instead, switch over the the [SAML Configuration guide](https://bitwarden.com/it-it/help/configure-sso-saml/). > [!TIP] Self-hosting, use alternative Member Decryption Options. > There are alternative **Member decryption options**. Learn how to get started using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). ## Step 3: Configuration From this point on, implementation will vary provider-to-provider. Jump to one of our specific **implementation guides** for help completing the configuration process: | Provider | Guide | |------|------| | Azure | [Azure Implementation Guide](https://bitwarden.com/it-it/help/oidc-azure/) | | Okta | [Okta Implementation Guide](https://bitwarden.com/it-it/help/oidc-okta/) | ### Configuration reference materials The following sections will define fields available during single sign-on configuration, agnostic of which IdP you are integration with. Fields that must be configured will be marked (**required**). > [!NOTE] OpenID proficiency > **Unless you are comfortable with OpenID Connect**, we recommend using one of the [above implementation guides](https://bitwarden.com/it-it/help/configure-sso-oidc/#step-3-configuration/) instead of the following generic material. | **Field** | **Description** | |------|------| | Callback Path | (**Automatically generated**) The URL for authentication automatic redirect. For cloud-hosted customers, this is `https://sso.bitwarden.com/oidc-signin` or `https://sso.bitwarden.eu/oidc-signin.` For self-hosted instances, this is determined by your [configured server URL](https://bitwarden.com/it-it/help/install-on-premise/#configure-your-domain/), for example `https://your.domain.com/sso/oidc-signin`. | | Signed Out Callback Path | (**Automatically generated**) The URL for sign-out automatic redirect. For cloud-hosted customers, this is `https://sso.bitwarden.com/oidc-signedout` or `https://sso.bitwarden.eu/oidc-signedout`. For self-hosted instances, this is determined by your [configured server URL](https://bitwarden.com/it-it/help/install-on-premise/#configure-your-domain/), for example `https://your.domain.com/sso/oidc-signedout`. | | Authority | (**Required**) The URL of your authorization server ("Authority"), which Bitwarden will perform authentication against. For example, `https://your.domain.okta.com/oauth2/default `or `https://login.microsoft.com//v2.0`. | | Client ID | (**Required**) An identifier for the OIDC client. This value is typically specific to a constructed IdP app integration, for example an [Azure app registration](https://bitwarden.com/it-it/help/oidc-azure/) or [Okta web app](https://bitwarden.com/it-it/help/oidc-okta/). | | Client Secret | (**Required**) The client secret used in conjunction with the client ID to exchange for an access token. This value is typically specific to a constructed IdP app integration, for example an [Azure app registration](https://bitwarden.com/it-it/help/oidc-azure/) or [Okta Web App](https://bitwarden.com/it-it/help/oidc-okta/). | | Metadata Address | (**Required if Authority is not valid**) A Metadata URL where Bitwarden can access authorization server metadata as a JSON object. For example, `https://your.domain.okta.com/oauth2/default/.well-known/oauth-authorization-server` | | OIDC Redirect Behavior | (**Required**) Method used by the IdP to respond to authentication requests from Bitwarden. Options include **Form POST**and **Redirect GET**. | | Get claims from user info endpoint | Enable this option if you receive URL too long errors (HTTP 414), truncated URLS, and/or failures during SSO. | | Additional/custom scopes | Define custom scopes to be added to the request (comma-delimited). | | Additional/custom user id claim types | Define custom claim type keys for user identification (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Additional/custom email claim types | Define custom claim type keys for users' email addresses (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Additional/custom name claim types | Define custom claim type keys for users' full names or display names (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Requested authentication context class reference values | Define authentication context class reference identifiers (`acr_values`) (space-delimited). List `acr_values `in preference-order. | | Expected "acr" Claim Value in Response | Define the `acr `claim value for Bitwarden to expect and validate in the response. | ### OIDC attributes & claims An **email address is required for account provisioning**, which can be passed as any of the attributes or claims in the below table. A unique user identifier is also highly recommended. If absent, email will be used in its place to link the user. Attributes/claims are listed in order of preference for matching, including fallbacks where applicable: | **Value** | **Claim/Attribute** | **Fallback claim/attribute** | |------|------|------| | Unique ID | Configured Custom User ID Claims NameID (when not transient) urn:oid:0.9.2342.19200300.100.1.1 Sub UID UPN EPPN | | | Email | Configured Custom Email Claims Email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress urn:oid:0.9.2342.19200300.100.1.3 Mail EmailAddress | Preferred_Username Urn:oid:0.9.2342.19200300.100.1.1 UID | | Name | Configured Custom Name Claims Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name urn:oid:2.16.840.1.113730.3.1.241 urn:oid:2.5.4.3 DisplayName CN | First Name + “ “ + Last Name (see below) | | First Name | urn:oid:2.5.4.42 GivenName FirstName FN FName Nickname | | | Last Name | urn:oid:2.5.4.4 SN Surname LastName | | --- URL: https://bitwarden.com/it-it/help/configure-sso-saml/ --- # Generic SAML ## Step 1: Set an SSO identifier Users who [authenticate their identity using SSO](https://bitwarden.com/it-it/help/using-sso/#login-using-sso/) will be required to enter an **SSO identifier** that indicates the organization (and therefore, the SSO integration) to authenticate against. To set a unique SSO Identifier: 1. Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Navigate to **Settings** → **Single sign-on**, and enter a unique **SSO Identifier** for your organization: ![Enter an identifier ](https://bitwarden.com/assets/6pr4tqMnrLCvwDBMlba5x7/7ef7563f7017f58adffff5d15ac68512/2024-12-04_09-39-25.png) 3. Proceed to **Step 2: Enable login with SSO**. > [!NOTE] Sharing organization identifier > You will need to share this value with users once the configuration is ready to be used. ## Step 2: Enable login with SSO Once you have your SSO identifier, you can proceed to enabling and configuring your integration. To enable login with SSO: 1. On the **Settings** → **Single sign-on** view, check the **Allow SSO authentication** checkbox: ![SAML 2.0 configuration ](https://bitwarden.com/assets/20720mRAluo6crSdTiYJrn/1175889d7f6ab42fe7614f34cdd1dcdd/2024-12-04_09-41-15.png) 2. From the **Type** dropdown menu, select the **SAML 2.0** option. If you intend to use OIDC instead, switch over to the [OIDC Configuration Guide](https://bitwarden.com/it-it/help/configure-sso-oidc/). You can turn off the **Set a unique SP entity ID**option at this stage if you wish. Doing so will remove your organization ID from your SP entity ID value, however in almost all cases it is recommended to leave this option on. > [!TIP] Self-hosting, use alternative Member Decryption Options. > There are alternative **Member decryption options**. Learn how to get started using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). ## Step 3: Configuration From this point on, implementation will vary provider-to-provider. Jump to one of our specific **implementation guides** for help completing the configuration process: | **Provider** | **Guide** | |------|------| | AD FS | [AD FS Implementation Guide](https://bitwarden.com/it-it/help/saml-adfs/) | | Auth0 | [Auth0 Implementation Guide](https://bitwarden.com/it-it/help/saml-auth0/) | | AWS | [AWS Implementation Guide](https://bitwarden.com/it-it/help/saml-aws/) | | Azure | [Azure Implementation Guide](https://bitwarden.com/it-it/help/saml-azure/) | | Duo | [Duo Implementation Guide](https://bitwarden.com/it-it/help/saml-duo/) | | Google | [Google Implementation Guide](https://bitwarden.com/it-it/help/saml-google/) | | JumpCloud | [JumpCloud Implementation Guide](https://bitwarden.com/it-it/help/saml-jumpcloud/) | | Keycloak | [Keycloak Implementation Guide](https://bitwarden.com/it-it/help/saml-keycloak/) | | Okta | [Okta Implementation Guide](https://bitwarden.com/it-it/help/saml-okta/) | | OneLogin | [OneLogin Implementation Guide](https://bitwarden.com/it-it/help/saml-onelogin/) | | PingFederate | [PingFederate Implementation Guide](https://bitwarden.com/it-it/help/saml-pingfederate/) | The following sections will define fields available during single sign-on configuration, agnostic of which IdP you are integration with. Fields that must be configured will be marked (**required**). > [!NOTE] SAML confidence > **Unless you are comfortable with SAML 2.0**, we recommend using one of the [above implementation guides](https://bitwarden.com/it-it/help/configure-sso-saml/#step-3-configuration/) instead of the following generic material. The single sign-on screen separates configuration into two sections: - **SAML Service Provider Configuration** will determine the format of SAML requests. - **SAML Identity Provider Configuration** will determine the format to expect for SAML responses. ### Service Provider Configuration | **Field** | **Description** | |------|------| | SP Entity ID | (**Automatically generated**) The Bitwarden endpoint for authentication requests. This automatically-generated value can be copied from the organization's **Settings** → **Single sign-on** screen and will vary based on your setup. | | SAML 2.0 Metadata URL | (**Automatically generated**) Metadata URL for the Bitwarden endpoint. This automatically-generated value can be copied from the organization's **Settings** → **Single sign-on** screen and will vary based on your setup. | | Assertion Consumer Service (ACS) URL | (**Automatically generated**) Location where the SAML assertion is sent from the IdP. This automatically-generated value can be copied from the organization's **Settings** → **Single sign-on** screen and will vary based on your setup. | | Name ID Format | Format Bitwarden will request of the SAML assertion. Must be cast as a string. Options include: -Unspecified (default) -Email address -X.509 Subject name -Windows Domain Qualified Name -Kerberos Principal Name -Entity identifier -Persistent -Transient | | Outbound Signing Algorithm | The algorithm Bitwarden will use to sign SAML requests. Options include: - `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` (default) - `http://www.w3.org/2000/09/xmldsig#rsa-sha384` - `http://www.w3.org/2000/09/xmldsig#rsa-sha512` | | Signing Behavior | Whether/when SAML requests will be signed. Options include: -If IdP wants authn requests signed (default) -Always -Never | | Minimum Incoming Signing Algorithm | Minimum strength of the algorithm that Bitwarden will accept in SAML responses. | | Expect signed assertations | Check this checkbox if Bitwarden should expect responses from the IdP to be signed. | | Validate certificates | Check this box when using trusted and valid certificates from your IdP through a trusted CA. Self-signed certificates may fail unless proper trust chains are configured within the Bitwarden login with SSO docker image. | ### Identity Provider Configuration | **Field** | **Description** | |------|------| | Entity ID | (**Required**) Address or URL of your identity server or the IdP Entity ID. This field is case sensitive and must match the IdP value exactly. | | Binding Type | Method used by the IdP to respond to Bitwarden SAML requests. Options include: -Redirect (recommended) -HTTP POST | | Single Sign On Service URL | (**Required if Entity ID is not a URL**) SSO URL issued by your IdP. | | Single log out service URL | Login with SSO currently **does not**support SLO. This option is planned for future use, however we strongly recommend pre-configuring this field. | | X509 Public Certificate | (**Required**) The X.509 Base-64 encoded certificate body. Do not include the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` lines or portions of the CER/PEM formatted certificate. The certificate value is case sensitive, extra spaces, carriage returns, and other extraneous characters inside this field will cause certificate validation failure. Copy **only**the certificate data into this field. | | Outbound Signing Algorithm | The algorithm your IdP will use to sign SAML responses/assertions. Options include: - `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` (default) - `http://www.w3.org/2000/09/xmldsig#rsa-sha384` - `http://www.w3.org/2000/09/xmldsig#rsa-sha512` | | Allow outbound logout requests | Login with SSO currently **does not**support SLO. This option is planned for future use, however we strongly recommend pre-configuring this field. | | Sign authentication requests | Check this checkbox if your IdP should expect SAML requests from Bitwarden to be signed. | > [!NOTE] X509 cert expiration > When completing the X509 certificate, take note of the expiration date. Certificates will need to be renewed to prevent any disruptions in service to SSO end-users. If a certificate expires, Admin and Owner accounts can still log in with their email address and master password. ### SAML attributes & claims An **email address is required for account provisioning**, which can be passed as any of the attributes or claims in the following table. A unique user identifier is also highly recommended. If absent, email will be used in its place to link the user. Attributes/claims are listed in order of preference for matching, including fallbacks where applicable: | **Value** | **Claim/Attribute** | **Fallback claim/attribute** | |------|------|------| | Unique ID | NameID (when not transient) urn:oid:0.9.2342.19200300.100.1.1 Sub UID UPN EPPN | | | Email | Email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress urn:oid:0.9.2342.19200300.100.1.3 Mail EmailAddress | Preferred_Username Urn:oid:0.9.2342.19200300.100.1.1 UID | | Name | Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name urn:oid:2.16.840.1.113730.3.1.241 urn:oid:2.5.4.3 DisplayName CN | First Name + “ “ + Last Name (see below) | | First Name | urn:oid:2.5.4.42 GivenName FirstName FN FName Nickname | | | Last Name | urn:oid:2.5.4.4 SN Surname LastName | | --- URL: https://bitwarden.com/it-it/help/courses/ --- # Courses Get started with Bitwarden through bite-sized courses. Whether you're deploying Bitwarden to your entire organization, setting it up for your family, or just getting started as an individual, these courses have you covered. Choose a role or product below to get started. Need more detail? Browse the [full documentation.](https://bitwarden.com/it-it/help/) ### Password Manager - [Personal](https://bitwarden.com/help/courses/password-manager-personal-overview/) - [Business](https://bitwarden.com/help/courses/password-manager-business-overview/) - [Partner](https://bitwarden.com/help/courses/password-manager-partner) ### Beyond password management - [Secrets Manager](https://bitwarden.com/help/courses/secrets-manager) - [Passwordless.dev](https://bitwarden.com/help/courses/passwordless-dev) --- URL: https://bitwarden.com/it-it/help/courses/bitwarden-for-business-admins/ --- # Bitwarden per amministratori aziendali Questo articolo è pensato per presentare agli amministratori Bitwarden tutte le funzionalità disponibili con i piani aziendali Teams ed Enterprise. Segui queste guide video e scopri i passaggi chiave per il successo della sicurezza. Scopri cosa è incluso nel tuo piano, come importare password da una soluzione esistente, condividere elementi all'interno dell'organizzazione, recuperare l'account di un utente e altri argomenti importanti per la tua implementazione. ## Demo di Bitwarden Teams ed Enterprise [![Vimeo Video](https://vumbnail.com/734127077.jpg)](https://vimeo.com/734127077) *[Watch on Vimeo](https://vimeo.com/734127077)* **Capitoli del video:** Scopri di più sui piani Bitwarden disponibili [qui](https://bitwarden.com/it-it/help/password-manager-plans/). Scopri di più sui piani Bitwarden disponibili [qui](https://bitwarden.com/it-it/help/password-manager-plans/), oppure passa ai seguenti punti del video per approfondire argomenti specifici: - **0:19**: Perché Bitwarden? - **0:49**: Crittografia a conoscenza zero in Bitwarden. - **2:14**: Opzioni di hosting del server Bitwarden e delle app client. - **3:20**: Esperienza dell'utente finale. - **3:22**: Accedere a Bitwarden. - **3:52**: Compilazione automatica da Bitwarden - **4:18**: Tipi di elementi della cassaforte. - **5:16**: Casseforti individuali e dell'organizzazione. - **6:01**: Personalizzare le tue casseforti. - **6:56**: Importare dati in Bitwarden. - **7:21**: Creare un nuovo accesso. - **8:30**: Usare Bitwarden Send. - **9:26**: Piani Bitwarden Families sponsorizzati. - **10:27**: Esperienza dell'amministratore. - **10:42**: Effettuare l'onboarding degli utenti. - **14:02**: Usare i gruppi per assegnare le autorizzazioni. - **14:38**: Condividere elementi tramite raccolte. - **15:18**: Successione degli utenti. - **15:52**: Importare dati come amministratore. - **16:09**: Configurare i criteri aziendali. - **17:17**: Analizzare i report sull'integrità della cassaforte. - **17:41**: Analizzare i log degli eventi. ## Come verificare il tuo dominio per l'SSO aziendale > [!TIP] Only available for Enterprise > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). > > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). > > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). [![Vimeo Video](https://vumbnail.com/808093301.jpg)](https://vimeo.com/808093301) *[Watch on Vimeo](https://vimeo.com/808093301)* Scopri di più sulla verifica del dominio [qui](https://bitwarden.com/it-it/help/claimed-domains/), oppure passa ai seguenti punti del video per approfondire argomenti specifici: - **0:20**: Attivare la verifica del dominio. - **1:00**: Come Bitwarden verifica un dominio. ## Single Sign-On con dispositivi attendibili > [!TIP] Only available for Enterprise > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). > > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). > > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). [![Vimeo Video](https://vumbnail.com/1075687841.jpg)](https://vimeo.com/1075687841) *[Watch on Vimeo](https://vimeo.com/1075687841)* **Capitoli del video:** Scopri di più sull'esperienza degli utenti con il flusso di accesso SSO quando l'organizzazione Enterprise è configurata per [SSO con crittografia dei dispositivi attendibili](https://learning-center-update.bw-web.dev/help/about-trusted-devices/). Scopri di più su come gli utenti vivranno il flusso di accesso SSO quando l'organizzazione Enterprise è configurata per [SSO con crittografia tramite dispositivi attendibili](https://bitwarden.com/it-it/help/about-trusted-devices/) oppure passa ai seguenti argomenti: - **0:10**: Introduzione all'accesso SSO con dispositivi attendibili - **0:40**: Avviare la procedura di accesso SSO - **1:10**: Approvare l'accesso da un altro dispositivo ## Attivare il tuo piano Families gratuito > [!TIP] Only available for Enterprise > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). > > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). > > Questa funzionalità è disponibile solo per [organizzazioni Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/). [![Vimeo Video](https://vumbnail.com/828094070.jpg)](https://vimeo.com/828094070) *[Watch on Vimeo](https://vimeo.com/828094070)* **Capitoli del video:** La tua organizzazione potrebbe offrire un [piano Bitwarden Families gratuito](https://bitwarden.com/it-it/help/families-for-enterprise/) (separato dal lavoro) per proteggere le password personali e condividerle con un massimo di 5 persone, offrendo sicurezza 24 ore su 24. Scopri di più sulle organizzazioni Families sponsorizzate da Enterprise [qui](https://bitwarden.com/it-it/help/families-for-enterprise/), oppure passa ai seguenti punti del video per scoprire di più su argomenti specifici: - **0:14**: Informazioni sui piani Families sponsorizzati. - **0:35**: Attivare un piano Families sponsorizzato. --- URL: https://bitwarden.com/it-it/help/courses/first-steps-with-bitwarden/ --- # Primi passi con Bitwarden Segui queste guide video per configurare rapidamente il tuo account Bitwarden e preparare i tuoi dispositivi per archiviare facilmente password e informazioni sensibili. ## Creare un account Bitwarden [![Vimeo Video](https://vumbnail.com/1086379394.jpg)](https://vimeo.com/1086379394) *[Watch on Vimeo](https://vimeo.com/1086379394)* Scopri di più su come creare il tuo account Bitwarden [qui](https://bitwarden.com/it-it/help/create-bitwarden-account/), oppure passa ai seguenti punti del video per approfondire argomenti specifici: - 0:06 Panoramica - 0:29 Dalla home page di Bitwarden - 1:26 Da qualsiasi client Bitwarden - 1:36 Da un invito / SSO ## Bitwarden per tutti i dispositivi [![Vimeo Video](https://vumbnail.com/796410440.jpg)](https://vimeo.com/796410440) *[Watch on Vimeo](https://vimeo.com/796410440)* Scarica le app Bitwarden per tutti i tuoi dispositivi [qui](https://bitwarden.com/it-it/download/). ## Configurare l'estensione browser Bitwarden [![Vimeo Video](https://vumbnail.com/1084695614.jpg)](https://vimeo.com/1084695614) *[Watch on Vimeo](https://vimeo.com/1084695614)* **Capitoli del video:** Scopri come funziona Bitwarden nel tuo browser, dal salvataggio di una password al primo accesso al riempimento automatico delle credenziali nelle visite successive. Scarica l'estensione browser e configuralo in pochi minuti. Scopri di più su come iniziare a usare l'estensione browser [qui](https://bitwarden.com/it-it/help/getting-started-browserext/), oppure passa ai seguenti punti del video per approfondire argomenti specifici: - 0:11 Installa Bitwarden - 0:23 Fissa l'estensione - 0:32 Accedi o crea un account - 0:37 Disattiva il gestore password integrato nel browser - 0:5 Importa elementi - 1:11 Crea un nuovo elemento - 1:42 Aggiunta di campi aggiuntivi - 1:52 Utilizzo delle cartelle - 2:11 Aggiungi un elemento ai preferiti - 2:17 Compilazione automatica - 2:39 Pop-up di salvataggio automatico - 2:45 PIN e dati biometrici - 2:58 Cambio account - 3:07 Personalizza Bitwarden ## Disattivazione dei gestori password integrati nel browser Scopri di più sulla disattivazione dei gestori password integrati nel browser. Evita richieste in conflitto per un'esperienza utente fluida e assicurati che tutti i dati vengano salvati in Bitwarden e non involontariamente nel browser. ### Chrome [![Vimeo Video](https://vumbnail.com/1077612510.jpg)](https://vimeo.com/1077612510) *[Watch on Vimeo](https://vimeo.com/1077612510)* ### Microsoft Edge [![Vimeo Video](https://vumbnail.com/1077612658.jpg)](https://vimeo.com/1077612658) *[Watch on Vimeo](https://vimeo.com/1077612658)* ## Attivare l'accesso in due passaggi per il tuo account Bitwarden [![Vimeo Video](https://vumbnail.com/1060246387.jpg)](https://vimeo.com/1060246387) *[Watch on Vimeo](https://vimeo.com/1060246387)* **Capitoli del video:** L'accesso in due passaggi tramite email è abilitato per impostazione predefinita. Esplora altri metodi, come app di autenticazione e chiavi hardware, per trovare quello più adatto a te. Scopri di più sulle opzioni di accesso in due passaggi [qui](https://bitwarden.com/it-it/help/setup-two-step-login/). Scopri di più sulle opzioni di accesso in due passaggi [qui](https://bitwarden.com/it-it/help/setup-two-step-login/), oppure passa ai seguenti punti del video per approfondire argomenti specifici: - [**0:40**](https://bitwarden.com/it-it/help/first-steps-with-bitwarden/#vimeo_chapter_1060246387=17142651/): Configura l'accesso in due passaggi tramite email. - [**0:57**](https://bitwarden.com/it-it/help/first-steps-with-bitwarden/#vimeo_chapter_1060246387=17175281/): Configura l'accesso in due passaggi usando un'app di autenticazione. - [**1:25**](https://bitwarden.com/it-it/help/first-steps-with-bitwarden/#vimeo_chapter_1060246387=17142654/): Configura l'accesso in due passaggi usando una passkey. - [**1:54**](https://bitwarden.com/it-it/help/first-steps-with-bitwarden/#vimeo_chapter_1060246387=17175355/): Configura l'accesso in due passaggi usando Yubico OTP. - [**2:14**](https://bitwarden.com/it-it/help/first-steps-with-bitwarden/#vimeo_chapter_1060246387=17142655/): Configura l'accesso in due passaggi usando Duo. - [**2:27**](https://bitwarden.com/it-it/help/first-steps-with-bitwarden/#vimeo_chapter_1060246387=17175282/): Ottieni il tuo codice di recupero. - [**3:00**](https://bitwarden.com/it-it/help/first-steps-with-bitwarden/#vimeo_chapter_1060246387=17175280/): Uso di più metodi. --- URL: https://bitwarden.com/it-it/help/courses/password-manager-admin/ --- # Amministratore Enterprise Il tuo impatto maggiore come amministratore deriva dal rendere Bitwarden facile da adottare per gli altri. Questo corso illustra configurazione, criteri intelligenti e strategie di onboarding che trasformano la sicurezza delle password in un'abitudine quotidiana. > [!TIP] Enterprise Admin > I primi passaggi del documento presuppongono che creerai un'organizzazione. Se stai entrando in un'organizzazione esistente, passa direttamente a **Oppure entra in un'organizzazione esistente**. ## Demo ### Avvia una prova gratuita (5 min) Avvia la tua prova gratuita per scoprire come Bitwarden può rafforzare la postura di sicurezza della tua organizzazione con crittografia zero-knowledge e una distribuzione senza intoppi. [Embedded content componentCtaLink]### Guarda una demo (20 min) [![Vimeo Video](https://vumbnail.com/734127077.jpg)](https://vimeo.com/734127077) *[Watch on Vimeo](https://vimeo.com/734127077)* **Capitoli del video:** Scopri di più sui piani Bitwarden disponibili [qui](https://bitwarden.com/it-it/help/password-manager-plans/). ### Partecipa a una sessione di formazione pubblica (30 min) Guarda gli esperti Bitwarden dimostrare dal vivo le configurazioni di sicurezza, gestire le autorizzazioni degli utenti e presentare le funzionalità enterprise. Scopri cosa è possibile fare e ricevi risposta alle tue domande! [Embedded content componentCtaLink]### Browse the technical deep dive library (20 min) Check out the full library of Bitwarden Brilliance sessions. [Embedded content componentCtaLink] ## Risorse per l'onboarding ### Customer Success Hub Questo hub di risorse offre ai responsabili IT e della sicurezza un percorso comprovato verso il successo nella sicurezza delle password, con una selezione curata di guide, checklist, risorse e traguardi. [Embedded content componentCtaLink]### Playbook di onboarding Questo playbook offre agli amministratori IT una roadmap flessibile per l'onboarding degli utenti a Bitwarden Password Manager in cinque fasi chiave. Anche se le fasi sono presentate in sequenza, non sono strettamente lineari. Molti passaggi possono avvenire in parallelo in base alle esigenze e alle tempistiche del tuo team. [Embedded content componentCtaLink]### Customer Activation Kit Questo toolkit completo offre tutto ciò di cui amministratori e team IT hanno bisogno per creare entusiasmo, comunicare i vantaggi della sicurezza delle password e trasformare gli utenti finali in promotori della sicurezza. Che tu stia effettuando il rollout per un piccolo team o una distribuzione a livello aziendale, queste risorse supportano un'adozione efficace su qualsiasi scala. [Embedded content componentCtaLink]### Flussi di registrazione dei membri Questo documento deve essere utilizzato per fornire istruzioni agli utenti su come registrarsi all'organizzazione. Diversi fattori influiranno sui passaggi esatti che gli utenti dovranno seguire. Usa questo albero decisionale per scegliere l'opzione corretta per gli utenti della tua organizzazione. [Embedded content componentCtaLink] ## Per iniziare ### Registrati a Bitwarden (2 min) Bitwarden offre account gratuiti senza limiti al numero di dispositivi o di accessi che puoi usare. [Inizia oggi](https://bitwarden.com/it-it/go/start-free/). ### La tua password principale Durante la registrazione, creerai una password principale per accedere a Bitwarden. È importante che la tua password principale sia: - **Facile da ricordare**: i dipendenti e i sistemi di Bitwarden non hanno **alcuna** conoscenza della tua password principale, né modo di recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Robusta**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre uno [strumento per testare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) per verificare la robustezza di alcune password facili da ricordare che stai valutando. ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) ### Crea un'organizzazione (2 min) [Crea la tua organizzazione](https://bitwarden.com/it-it/help/about-organizations/#create-an-organization/) oggi selezionando il pulsante **Nuova organizzazione** nell'app web Bitwarden: ![Nuova organizzazione](https://bitwarden.com/assets/3eSqWiTIuPSFxXdo5AAjT9/248b0fa7bb381add0d71682acd244a63/2024-12-03_13-57-58.png) ### Oppure entra in un'organizzazione esistente (1 min) Se la tua organizzazione è già stata creata, chiedi al team IT della tua azienda o al tuo responsabile informazioni su come dovresti entrare in Bitwarden. Alcune organizzazioni inviano inviti email alla casella di posta di lavoro, altre ti consentiranno di registrarti semplicemente accedendo con il tuo account single sign-on (SSO). ### Scopri la Console di amministrazione (2 min) Una volta creata, accederai alla Console di amministrazione, il punto centrale per tutto ciò che riguarda la condivisione e l'amministrazione dell'organizzazione. In qualità di proprietario dell'organizzazione, potrai vedere gli elementi della tua **Cassaforte**e le [raccolte](https://bitwarden.com/it-it/help/getting-started-organizations/#get-to-know-collections/), gestire **Membri,** eseguire **Report**, modificare le impostazioni di **Fatturazione**e configurare altre **Impostazioni dell'organizzazione**: ![Console di amministrazione dell'organizzazione gratuita](https://bitwarden.com/assets/hzBuypc5ISzqC3jUmYbea/edcb03ce3d3071cea4f9afb6c7f8eca9/2024-12-03_13-46-09.png) ### Gestione degli elementi del vault e delle raccolte (3 min) In qualità di proprietario o amministratore, potresti essere responsabile della gestione dell'accesso agli **elementi del vault**, ad esempio le credenziali condivise, per la tua azienda o il tuo team. Puoi crearli direttamente dall'app web e assegnarli alle raccolte per condividerli con il tuo team: ![Assegna a raccolte in blocco](https://bitwarden.com/assets/1u6EPNgAlCnvC9DcmUIosQ/327c0c24e09dce687540499a8eaa5aac/2024-12-02_15-47-21.png) A proposito di [**raccolte**](https://bitwarden.com/it-it/help/about-collections/), sono una struttura importante per raggruppare accessi, note, carte e identità correlati da condividere in modo sicuro con la tua organizzazione: - Le organizzazioni possono definire l'accesso alle raccolte, consentendo a utenti o gruppi di accedere solo agli elementi di cui hanno bisogno. - Gli elementi archiviati nelle raccolte di un'organizzazione non appartengono a un singolo utente, ma all'organizzazione. - Gli elementi di proprietà dell'organizzazione **devono** essere inclusi in almeno una raccolta. > [!TIP] Items can also be imported > I dati possono anche essere importati direttamente nella tua organizzazione! Scopri come [qui](https://bitwarden.com/it-it/help/import-to-org/#import-to-your-organization/). ### Criteri, integrazioni e altro (2 min) Le organizzazioni Enterprise di Bitwarden offrono potenti strumenti per migliorare la sicurezza online e integrarsi con i flussi di lavoro e gli strumenti esistenti. Altre attività che potresti gestire come amministratore della tua organizzazione includono: - Configurare [criteri](https://bitwarden.com/it-it/help/policies/) per applicare regole di sicurezza agli utenti, ad esempio imponendo l'uso dell'accesso in due passaggi. - Verificare a quali credenziali [hanno accesso i membri dell'organizzazione](https://bitwarden.com/it-it/help/reports/#member-access/). - Integrare Bitwarden con il tuo flusso di lavoro [SSO](https://bitwarden.com/it-it/help/about-sso/) esistente. - [Verificare il dominio della tua organizzazione](https://bitwarden.com/it-it/help/claimed-domains/) per un'esperienza di accesso senza interruzioni. - [Configurare](https://bitwarden.com/it-it/help/setup-sso-with-trusted-devices/) un sistema per i requisiti di attendibilità dei dispositivi per i membri oppure [approvarli](https://bitwarden.com/it-it/help/approve-a-trusted-device/). - Integrare Bitwarden con il tuo strumento SIEM esistente, come [Microsoft Sentinel](https://bitwarden.com/it-it/help/microsoft-sentinel-siem/). ## Importa i tuoi dati ### App web (1 min) [![Vimeo Video](https://vumbnail.com/1145638406.jpg)](https://vimeo.com/1145638406) *[Watch on Vimeo](https://vimeo.com/1145638406)* **Capitoli del video:** Scopri come importare le password nella tua organizzazione usando la Console di amministrazione nell'app web di Bitwarden. [Embedded content componentCtaLink] ### App desktop — include l’importazione diretta per i browser Chromium (2 min) [![Vimeo Video](https://vumbnail.com/1145638482.jpg)](https://vimeo.com/1145638482) *[Watch on Vimeo](https://vimeo.com/1145638482)* **Capitoli del video:** Scopri come [importare le tue password](https://bitwarden.com/it-it/Import:%20https://bitwarden.com/help/import-data/) e altri dati in Bitwarden usando l'app desktop. Le password del browser possono essere [importate direttamente](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) da Chrome, Edge, Opera, Brave e Vivaldi. Scarica l'app desktop direttamente dal sito web di Bitwarden per usare l'opzione "importa direttamente dal browser". [Embedded content componentCtaLink] ### Interfaccia a riga di comando (1 min) [Scopri](https://bitwarden.com/it-it/help/import-data/#tab-cli-5ALQx9afSqWXX9jfXsY5sb/) come importare dati nella tua organizzazione tramite la CLI. ### Da un file personalizzato (1 min) [![Vimeo Video](https://vumbnail.com/1145638421.jpg)](https://vimeo.com/1145638421) *[Watch on Vimeo](https://vimeo.com/1145638421)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/condition-bitwarden-import/) le tue password e altri dati da un file personalizzato. [Embedded content componentCtaLink] ## Gestione degli utenti ### Gestione di membri e gruppi (2 min) In qualità di proprietario o amministratore, potresti essere responsabile della gestione dei membri del tuo team o, più in generale, della tua azienda. I membri possono essere aggiunti alla tua organizzazione: - Direttamente dalla pagina **Membri** della Console di amministrazione ([scopri di più](https://bitwarden.com/it-it/help/managing-users/#invite/)). - Integrando Bitwarden con il tuo IdP tramite SCIM ([scopri di più](https://bitwarden.com/it-it/help/about-scim/)). - Integrando Bitwarden con il tuo servizio directory tramite Directory Connector ([scopri di più](https://bitwarden.com/it-it/help/directory-sync/)). I membri possono essere assegnati direttamente alle raccolte per regolare a quali dati del vault hanno accesso, ma lo stesso vale per i [**gruppi**](https://bitwarden.com/it-it/help/about-groups/). I gruppi mettono in relazione i singoli membri e offrono un modo scalabile per assegnare accessi e autorizzazioni a raccolte specifiche: ![Nuovo gruppo](https://bitwarden.com/assets/FefJG4qBRiWkTzsxBKfm6/53093b4dd48e534cdde9f3e249d3c382/2024-12-03_14-22-27.png) ### Flusso SSO con dispositivi attendibili (2 min) [![Vimeo Video](https://vumbnail.com/1075687841.jpg)](https://vimeo.com/1075687841) *[Watch on Vimeo](https://vimeo.com/1075687841)* **Capitoli del video:** Scopri di più sull'esperienza degli utenti con il flusso di accesso SSO quando l'organizzazione Enterprise è configurata per [SSO con crittografia dei dispositivi attendibili](https://learning-center-update.bw-web.dev/help/about-trusted-devices/). ### Rivendica il tuo dominio (2 min) [![Vimeo Video](https://vumbnail.com/808093301.jpg)](https://vimeo.com/808093301) *[Watch on Vimeo](https://vimeo.com/808093301)* Semplifica il processo SSO per il tuo team [rivendicando il tuo dominio](https://bitwarden.com/it-it/help/claimed-domains/). ## Criteri ### Proprietà dei dati (1 min) [![Vimeo Video](https://vumbnail.com/1142581672.jpg)](https://vimeo.com/1142581672) *[Watch on Vimeo](https://vimeo.com/1142581672)* **Capitoli del video:** Scopri come abilitare il criterio Enterprise "Centralizza la proprietà dell'organizzazione" per migliorare l'analisi dei rischi e la gestione delle raccolte. Leggi di più: [https://bitwarden.com/help/policies/#enforce-organization-data-ownership](https://bitwarden.com/it-it/help/policies/#enforce-organization-data-ownership/) ### Account Recovery (1 min) [![Vimeo Video](https://vumbnail.com/1190591629.jpg)](https://vimeo.com/1190591629) *[Watch on Vimeo](https://vimeo.com/1190591629)* ### Piano Families gratuito (2 min) I piani Bitwarden Families gratuiti sono abilitati per impostazione predefinita e possono essere [disabilitati](https://bitwarden.com/it-it/help/policies/#remove-free-bitwarden-families-sponsorship/) nelle impostazioni della tua organizzazione. [![Vimeo Video](https://vumbnail.com/828094070.jpg)](https://vimeo.com/828094070) *[Watch on Vimeo](https://vimeo.com/828094070)* **Capitoli del video:** La tua organizzazione potrebbe offrire un [piano Bitwarden Families gratuito](https://bitwarden.com/it-it/help/families-for-enterprise/) (separato dal lavoro) per proteggere le password personali e condividerle con un massimo di 5 persone, offrendo sicurezza 24 ore su 24. ## Reportistica ### Access Intelligence (2 min) [![Vimeo Video](https://vumbnail.com/1143606794.jpg)](https://vimeo.com/1143606794) *[Watch on Vimeo](https://vimeo.com/1143606794)* **Capitoli del video:** Scopri come Bitwarden Access Intelligence può aiutarti a identificare in modo proattivo i rischi legati alle credenziali, dare priorità alle applicazioni critiche, guidare i dipendenti nell'aggiornamento delle password e misurare i miglioramenti della sicurezza. Leggi di più: [https://bitwarden.com/help/access-intelligence/](https://bitwarden.com/it-it/help/access-intelligence/) ## Supporto ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/password-manager-business-overview/ --- # Panoramica aziendale Che tu stia amministrando la tua organizzazione o usando Bitwarden come parte del tuo team, questi corsi ti aiuteranno a lavorare in modo più sicuro ed efficiente. Scopri come gestire gli utenti, condividere le credenziali in modo sicuro e proteggere la tua azienda dai rischi legati alle password. ### Piano Teams - [Membro Teams](https://bitwarden.com/help/courses/password-manager-teams-member/) - [Amministratore Teams](https://bitwarden.com/help/courses/password-manager-teams-admin) ### Piano Enterprise - [Membro Enterprise](https://bitwarden.com/help/courses/password-manager-team-member/) - [Enterprise Help Desk](https://bitwarden.com/help/courses/password-manager-enterprise-helpdesk) - [Amministratore Enterprise](https://bitwarden.com/help/courses/password-manager-admin/) --- URL: https://bitwarden.com/it-it/help/courses/password-manager-enterprise-helpdesk/ --- # Enterprise Help Desk As an IT support professional, you're the go-to resource when employees run into Bitwarden issues. This training covers the most common help desk scenarios for Bitwarden Enterprise, from resetting a master password to troubleshooting Vault access for your organization's users. Step-by-step video videos help you resolve employee issues quickly and keep your organization's access secure and uninterrupted. ## Access ### Using the single sign-on button (1 min) [![Vimeo Video](https://vumbnail.com/1193617940.jpg)](https://vimeo.com/1193617940) *[Watch on Vimeo](https://vimeo.com/1193617940)* ### Understanding SSO identifiers (1 min) [![Vimeo Video](https://vumbnail.com/1193629881.jpg)](https://vimeo.com/1193629881) *[Watch on Vimeo](https://vimeo.com/1193629881)* ### Choosing the right server (1 min) [![Vimeo Video](https://vumbnail.com/1193387322.jpg)](https://vimeo.com/1193387322) *[Watch on Vimeo](https://vimeo.com/1193387322)* ### Approve a device request (1 min) Learn how to review and approve device access requests in the Admin Console so employees can quickly regain access to their Vault. [![Vimeo Video](https://vumbnail.com/1191294901.jpg)](https://vimeo.com/1191294901) *[Watch on Vimeo](https://vimeo.com/1191294901)* [Embedded content][Embedded content] ## Recovery ### Recover a member account (2 min) Easily recover a member account for someone who has forgotten their master password or lost all their trusted devices. [![Vimeo Video](https://vumbnail.com/1190598451.jpg)](https://vimeo.com/1190598451) *[Watch on Vimeo](https://vimeo.com/1190598451)* ## Security ### Send a password change request (1 min) Bitwarden makes it easy to prompt users to change at-risk passwords. [![Vimeo Video](https://vumbnail.com/1192034974.jpg)](https://vimeo.com/1192034974) *[Watch on Vimeo](https://vimeo.com/1192034974)* ## Support ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/password-manager-family-admin/ --- # Amministratore famiglia Pronto a diventare l'eroe delle password in famiglia? Scopri come configurare l'organizzazione della tua famiglia, invitare membri, condividere le cose importanti e mantenere la vita digitale di tutti sicura e semplice. ## Inizia ### Registrati a Bitwarden (2 min) Bitwarden offre account gratuiti senza limiti al numero di dispositivi o di accessi che puoi usare. [Inizia oggi](https://bitwarden.com/it-it/go/start-free/). ### La tua password principale Durante la registrazione, creerai una password principale per accedere a Bitwarden. È importante che la tua password principale sia: - **Facile da ricordare**: i dipendenti e i sistemi Bitwarden non hanno **alcuna** conoscenza della tua password principale, né modo di recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Robusta**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre uno [strumento per testare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) per verificare la robustezza di alcune password facili da ricordare che stai valutando. ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) ### Crea un'organizzazione (2 min) [Crea la tua organizzazione](https://bitwarden.com/it-it/help/about-organizations/#create-an-organization/) oggi selezionando il pulsante **Nuova organizzazione** nell'app web Bitwarden: ![Nuova organizzazione](https://bitwarden.com/assets/3eSqWiTIuPSFxXdo5AAjT9/248b0fa7bb381add0d71682acd244a63/2024-12-03_13-57-58.png) ### Oppure entra in un'organizzazione esistente (1 min) Se la tua organizzazione è già stata creata, chiedi all'altro membro dell'organizzazione di inviarti un invito. ### Scopri la Console di amministrazione (2 min) Una volta creata, accederai alla Console di amministrazione, il punto centrale per tutto ciò che riguarda la condivisione e l'amministrazione dell'organizzazione. In qualità di proprietario dell'organizzazione, potrai vedere i tuoi **elementi del vault**e le [raccolte](https://bitwarden.com/it-it/help/getting-started-organizations/#get-to-know-collections/), gestire **Membri,** eseguire **Report**, modificare le impostazioni di **Fatturazione**e configurare altre **Impostazioni**: ![Console di amministrazione dell'organizzazione gratuita](https://bitwarden.com/assets/hzBuypc5ISzqC3jUmYbea/edcb03ce3d3071cea4f9afb6c7f8eca9/2024-12-03_13-46-09.png) ### Gestire elementi del vault e raccolte (3 min) In qualità di proprietario o amministratore, potresti essere responsabile della gestione dell'accesso agli **elementi del vault**, come credenziali condivise, per la tua famiglia. Puoi crearli direttamente dall'app web e assegnarli alle raccolte per condividerli con la tua famiglia: ![Assegna a raccolte in blocco](https://bitwarden.com/assets/1u6EPNgAlCnvC9DcmUIosQ/327c0c24e09dce687540499a8eaa5aac/2024-12-02_15-47-21.png) A proposito di [**raccolte**](https://bitwarden.com/it-it/help/about-collections/), sono una struttura importante per raggruppare accessi, note, carte e identità correlati da condividere in modo sicuro con la tua organizzazione: - Le organizzazioni possono definire l'accesso alle raccolte, consentendo agli utenti di accedere solo agli elementi di cui hanno bisogno. - Gli elementi archiviati nelle raccolte di un'organizzazione non appartengono a un singolo utente, ma all'organizzazione. - Gli elementi di proprietà dell'organizzazione **devono** essere inclusi in almeno una raccolta. > [!TIP] Items can also be imported > I dati possono anche essere importati direttamente nella tua organizzazione! Scopri come [qui](https://bitwarden.com/it-it/help/import-to-org/#import-to-your-organization/). ### Gestire membri e gruppi (2 min) In qualità di proprietario o amministratore, potresti essere responsabile della gestione dei membri della tua famiglia più in generale. I membri possono essere aggiunti alla tua organizzazione direttamente dalla pagina **Membri** della Console di amministrazione ([scopri di più](https://bitwarden.com/it-it/help/managing-users/#invite/)): ![Invita un membro a un'organizzazione](https://bitwarden.com/assets/7AJjR4oqEnCH3A89YYoWpH/498d594fa9703bee9c5f49e2af9f83d0/Invite_member_to_an_organization.png) ### Aiuta la tua famiglia a restare protetta (3 min) Ora che hai configurato la condivisione sicura dei dati con la tua famiglia tramite Bitwarden, considera altri modi per assicurarti che i tuoi cari siano al sicuro online: - Aiuta la tua famiglia a configurare il [login in due passaggi](https://bitwarden.com/it-it/help/setup-two-step-login/) per proteggere i loro account Bitwarden. - Aiuta la tua famiglia a configurare l’[accesso di emergenza](https://bitwarden.com/it-it/help/emergency-access/) in modo che i dati importanti siano accessibili in caso di emergenza. ## Importa i tuoi dati ### App web (1 min) [![Vimeo Video](https://vumbnail.com/1145638406.jpg)](https://vimeo.com/1145638406) *[Watch on Vimeo](https://vimeo.com/1145638406)* **Capitoli del video:** Scopri come importare le password nella tua organizzazione usando la Console di amministrazione nell'app web di Bitwarden. [Embedded content componentCtaLink] ### App desktop — include l’importazione diretta per i browser Chromium (2 min) [![Vimeo Video](https://vumbnail.com/1145638482.jpg)](https://vimeo.com/1145638482) *[Watch on Vimeo](https://vimeo.com/1145638482)* **Capitoli del video:** Scopri come [importare le tue password](https://bitwarden.com/it-it/Import:%20https://bitwarden.com/help/import-data/) e altri dati in Bitwarden usando l'app desktop. Le password del browser possono essere [importate direttamente](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) da Chrome, Edge, Opera, Brave e Vivaldi. Scarica l'app desktop direttamente dal sito web di Bitwarden per usare l'opzione "importa direttamente dal browser". [Embedded content componentCtaLink] ### Estensione del browser (1 min) [![Vimeo Video](https://vumbnail.com/1145638461.jpg)](https://vimeo.com/1145638461) *[Watch on Vimeo](https://vimeo.com/1145638461)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-browser-extension-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati con l'estensione del browser Bitwarden. ### App mobile - Include importazione/esportazione diretta su iOS per le app compatibili (1 min) [![Vimeo Video](https://vumbnail.com/1145638494.jpg)](https://vimeo.com/1145638494) *[Watch on Vimeo](https://vimeo.com/1145638494)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-mobile-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app mobile Bitwarden. ### Da un file personalizzato (1 min) [![Vimeo Video](https://vumbnail.com/1145638421.jpg)](https://vimeo.com/1145638421) *[Watch on Vimeo](https://vimeo.com/1145638421)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/condition-bitwarden-import/) le tue password e altri dati da un file personalizzato. [Embedded content componentCtaLink] ## Supporto ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/password-manager-family-member/ --- # Membro della famiglia Ti diamo il benvenuto in famiglia! Questo corso ti mostra come usare il tuo account Bitwarden, accedere agli elementi condivisi dall'amministratore della famiglia e mantenere le tue password personali organizzate e al sicuro. ## Demo ### Estensione browser (4 min) [![Vimeo Video](https://vumbnail.com/1084695614.jpg)](https://vimeo.com/1084695614) *[Watch on Vimeo](https://vimeo.com/1084695614)* **Capitoli del video:** Scopri come funziona Bitwarden nel tuo browser, dal salvataggio di una password al primo accesso al riempimento automatico delle credenziali nelle visite successive. Scarica l'estensione browser e configuralo in pochi minuti. ### Partecipa a una sessione di formazione pubblica (30 min) Partecipa a una sessione live gratuita di 30 minuti condotta dal team Bitwarden. Guarda il prodotto in azione, ricevi risposte alle tue domande e scopri come sfruttare al meglio Bitwarden come nuovo utente. [Embedded content componentCtaLink] ## Inizia ### Unisciti alla tua famiglia (2 min) Controlla la tua posta in arrivo per trovare l'invito alla tua nuova organizzazione! Se hai già un account esistente, ottimo: devi solo accettare l'invito. In caso contrario, dopo aver accettato l'invito ti verrà chiesto di creare un account: ![Invito all'organizzazione](https://bitwarden.com/assets/4Fe96NuWb7yRe6muKf7UbZ/bcb1a8df0bc2ffdecbcd86b82d16c9a3/2025-09-03_10-41-25.png) ### La tua password principale (2 min) Durante la registrazione, creerai una password principale per accedere a Bitwarden. È importante che la tua password principale sia: - **Facile da ricordare**: i dipendenti e i sistemi Bitwarden non hanno **alcuna** conoscenza della tua password principale, né modo di recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Robusta**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre uno [strumento per testare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) per verificare la robustezza di alcune password facili da ricordare che stai valutando. ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) ### Scopri la tua cassaforte (2 min) L'app web di Bitwarden Password Manager elencherà tutti gli elementi della tua cassaforte, inclusi [dati di accesso, carte, identità e note sicure](https://bitwarden.com/it-it/help/managing-items/): ![App web Password Manager](https://bitwarden.com/assets/2xTpSA11EOCzx8VIuVffcF/d3bc18e7fc3c3cb0bf1779fad9262cd3/2024-12-02_13-42-14.png) Dall'app web puoi aggiungere alla tua cassaforte le informazioni da proteggere, organizzare le tue credenziali per accedervi facilmente e molto altro. Gli elementi che aggiungi in qualsiasi app Bitwarden verranno sincronizzati con le altre app Bitwarden a cui accedi, così potrai accedere ai tuoi account da ovunque. ### Condividi con la tua famiglia (2 min) Come membro della tua organizzazione, puoi condividere in modo sicuro informazioni come carte di credito e dati di accesso ai servizi di streaming con i membri della tua famiglia. È possibile accedere agli elementi condivisi tramite una cassaforte separata, che viene aggiunta alle tue app Bitwarden quando ti unisci all'organizzazione: ![Cassaforte abilitata per l'organizzazione](https://bitwarden.com/assets/4D2tlh9YKPzDY20SYGVKcG/dff56b66549d29405b1af211860f698e/2024-12-03_14-07-28.png) Gli elementi condivisi sono raggruppati in [raccolte](https://bitwarden.com/it-it/help/about-collections/), che la tua famiglia può organizzare in base a criteri come chi può accedervi (ad es. "Solo genitori"), il tipo di accessi che contengono (ad es. "Accessi streaming") e altro. Scopri [come condividere le credenziali con il tuo team](https://bitwarden.com/it-it/help/sharing/). ### Porta Bitwarden con te (1 min) La sicurezza ovunque è sicurezza dappertutto! Scarica l'app mobile Bitwarden per usare le tue password in modo sicuro anche quando sei in movimento. [Scarica](https://bitwarden.com/it-it/download/) l'app mobile e scopri come compilare automaticamente le password su [iOS](https://bitwarden.com/it-it/help/auto-fill-ios/) o [Android](https://bitwarden.com/it-it/help/auto-fill-android/): ![Bitwarden su iOS e Android](https://bitwarden.com/assets/53OzJZ4klYWemxUepHMtq4/5ab47331f033259bd2e82817a99e992f/2025-01-21_15-22-10.png) ## Importa le tue password Scopri come importare le tue password con l'estensione del browser oppure esplora altri metodi, come le app desktop e mobile, che offrono l'importazione diretta per browser e app compatibili. ## Importa le tue password ### Estensione del browser (1 min) [![Vimeo Video](https://vumbnail.com/1145638461.jpg)](https://vimeo.com/1145638461) *[Watch on Vimeo](https://vimeo.com/1145638461)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-browser-extension-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati con l'estensione del browser Bitwarden. ### App web (1 min) [![Vimeo Video](https://vumbnail.com/1145638443.jpg)](https://vimeo.com/1145638443) *[Watch on Vimeo](https://vimeo.com/1145638443)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-web-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app web Bitwarden. ### App desktop — include l’importazione diretta per i browser Chromium (2 min) [![Vimeo Video](https://vumbnail.com/1145638482.jpg)](https://vimeo.com/1145638482) *[Watch on Vimeo](https://vimeo.com/1145638482)* **Capitoli del video:** Scopri come [importare le tue password](https://bitwarden.com/it-it/Import:%20https://bitwarden.com/help/import-data/) e altri dati in Bitwarden usando l'app desktop. Le password del browser possono essere [importate direttamente](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) da Chrome, Edge, Opera, Brave e Vivaldi. Scarica l'app desktop direttamente dal sito web di Bitwarden per usare l'opzione "importa direttamente dal browser". [Embedded content componentCtaLink] ### App mobile - Include importazione/esportazione diretta su iOS per le app compatibili (1 min) [![Vimeo Video](https://vumbnail.com/1145638494.jpg)](https://vimeo.com/1145638494) *[Watch on Vimeo](https://vimeo.com/1145638494)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-mobile-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app mobile Bitwarden. ### Da un file personalizzato (1 min) [![Vimeo Video](https://vumbnail.com/1145638421.jpg)](https://vimeo.com/1145638421) *[Watch on Vimeo](https://vimeo.com/1145638421)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/condition-bitwarden-import/) le tue password e altri dati da un file personalizzato. [Embedded content componentCtaLink] ## Compilazione automatica dall'estensione del browser Scopri come usare il menu in linea per compilare automaticamente password e altre credenziali, oppure esplora altri metodi, come il pulsante di compilazione o le scorciatoie da tastiera. ## Compilazione automatica dall'estensione del browser ### Menu in linea (1 min) [![Vimeo Video](https://vumbnail.com/1140176329.jpg)](https://vimeo.com/1140176329) *[Watch on Vimeo](https://vimeo.com/1140176329)* **Capitoli del video:** Accedi all'istante ai tuoi siti web preferiti con il menu di compilazione automatica in linea, che appare esattamente dove ti serve. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Pulsante di compilazione (1 min) [![Vimeo Video](https://vumbnail.com/1141142837.jpg)](https://vimeo.com/1141142837) *[Watch on Vimeo](https://vimeo.com/1141142837)* **Capitoli del video:** Apri l'estensione del browser e fai clic sul pulsante di compilazione accanto a qualsiasi accesso per compilare automaticamente all'istante. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Menu contestuale (1 min) [![Vimeo Video](https://vumbnail.com/1141154474.jpg)](https://vimeo.com/1141154474) *[Watch on Vimeo](https://vimeo.com/1141154474)* **Capitoli del video:** Fai clic con il pulsante destro su qualsiasi campo di accesso per accedere e compilare all'istante le tue credenziali Bitwarden. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Scorciatoie da tastiera (1 min) [![Vimeo Video](https://vumbnail.com/1141160672.jpg)](https://vimeo.com/1141160672) *[Watch on Vimeo](https://vimeo.com/1141160672)* **Capitoli del video:** Compila le credenziali di accesso in pochi secondi usando Ctrl + Shift + L (o Cmd + Shift + L su Mac). Scopri come personalizzare le tue scorciatoie [qui](https://bitwarden.com/it-it/help/auto-fill-browser/#keyboard-shortcuts/). > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Compilazione automatica e salvataggio dell'indirizzo del sito web (1 min) [![Vimeo Video](https://vumbnail.com/1159228265.jpg)](https://vimeo.com/1159228265) *[Watch on Vimeo](https://vimeo.com/1159228265)* **Capitoli del video:** Scopri come usare la compilazione automatica con l'estensione del browser Bitwarden e salvare automaticamente un identificatore univoco della risorsa (URI), ad esempio l'indirizzo di un sito web. ## Compilazione automatica dall'app Android Scopri come usare i suggerimenti in linea per compilare automaticamente password e altre credenziali, oppure esplora altri metodi, come il menu popup. ## Compilazione automatica dall'app Android ### Suggerimenti in linea (1 min) [![Vimeo Video](https://vumbnail.com/1149193513.jpg)](https://vimeo.com/1149193513) *[Watch on Vimeo](https://vimeo.com/1149193513)* **Capitoli del video:** Usa Bitwarden su Android per inserire rapidamente le tue credenziali dal menu in linea sopra la tastiera. Non vedi i suggerimenti? Consulta i requisiti del dispositivo [qui](https://bitwarden.com/it-it/help/auto-fill-android/#inline/), oppure consulta la [guida alla risoluzione dei problemi di Android](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Menu popup (1 min) [![Vimeo Video](https://vumbnail.com/1149326073.jpg)](https://vimeo.com/1149326073) *[Watch on Vimeo](https://vimeo.com/1149326073)* **Capitoli del video:** Usa Bitwarden su Android per inserire rapidamente le tue credenziali dal menu popup. Non vedi il popup? Consulta la [guida alla risoluzione dei problemi di Android](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Riquadri delle azioni rapide (1 min) [![Vimeo Video](https://vumbnail.com/1153958059.jpg)](https://vimeo.com/1153958059) *[Watch on Vimeo](https://vimeo.com/1153958059)* **Capitoli del video:** Usa il riquadro delle azioni rapide di Bitwarden su Android per inserire rapidamente le tue credenziali. Consulta la [guida alla risoluzione dei problemi di Android ](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/#troubleshooting-the-accessibility-service/)per ulteriore supporto. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ## Compilazione automatica dall'app iOS Scopri come usare la compilazione automatica da tastiera per password e altre credenziali, oppure esplora altri metodi, come la pressione prolungata su un campo di testo o l'uso dell'estensione dell'app per browser ## Compilazione automatica dall'app iOS ### Compilazione automatica da tastiera (1 min) [![Vimeo Video](https://vumbnail.com/1154446838.jpg)](https://vimeo.com/1154446838) *[Watch on Vimeo](https://vimeo.com/1154446838)* **Capitoli del video:** Scopri come compilare automaticamente su iOS in modo fluido usando la tastiera. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Estensione app del browser (1 min) [![Vimeo Video](https://vumbnail.com/1154446857.jpg)](https://vimeo.com/1154446857) *[Watch on Vimeo](https://vimeo.com/1154446857)* **Capitoli del video:** Scopri come usare la compilazione automatica con l'estensione app del browser su iOS. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Tieni premuto un campo di testo (1 min) [![Vimeo Video](https://vumbnail.com/1153962151.jpg)](https://vimeo.com/1153962151) *[Watch on Vimeo](https://vimeo.com/1153962151)* **Capitoli del video:** Tieni premuto in qualsiasi campo di testo per compilare automaticamente su iOS (richiede che la compilazione automatica da tastiera sia abilitata). ## Condivisione tramite raccolte ### Accedere alle password condivise (2 min) Come membro della tua organizzazione, puoi condividere in modo sicuro informazioni come credenziali di accesso e carte di credito. Gli elementi condivisi vengono raggruppati in [raccolte](https://bitwarden.com/it-it/help/sharing/). ![Corsi - Raccolte personali](https://bitwarden.com/assets/7wwt8vRq23ZkVOg4K2eyb9/6064ce43049a04a220386ef071cf8a00/Screenshot_2025-12-13_at_1.22.55â__AM.png) *Corsi - Raccolte personali* ## Condivisione con Bitwarden Send ### Invia testo e file in modo sicuro (2 min) [![Vimeo Video](https://vumbnail.com/797850224.jpg)](https://vimeo.com/797850224) *[Watch on Vimeo](https://vimeo.com/797850224)* **Capitoli del video:** [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/) ti consente di condividere in modo sicuro testo e file tramite link crittografati e autodistruttivi, anche con persone esterne alla tua organizzazione. ## Aggiungere allegati ### Usare l'estensione del browser [![Vimeo Video](https://vumbnail.com/1175169132.jpg)](https://vimeo.com/1175169132) *[Watch on Vimeo](https://vimeo.com/1175169132)* **Capitoli del video:** Scopri come allegare un file a qualsiasi elemento della cassaforte usando l'estensione del browser, così i tuoi documenti sensibili restano al sicuro insieme alle tue credenziali di accesso. ## Supporto ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/password-manager-free-sharing-for-two/ --- # Free Sharing for Two Learn how to safely share your passwords and logins with one other person for free—perfect for couples, roommates, or best friends! ## Get started ### Sign up for Bitwarden (2 min) Bitwarden offers free accounts with no limits to the number of devices or number of logins you can use. [Get started today](https://bitwarden.com/it-it/go/start-free/). ### Your master password During sign-up, you'll create a master password for logging in to Bitwarden. It's important that your master password is: - **Memorable**: Bitwarden employees and systems have **no** knowledge of, way to retrieve, or way to reset your master password. **Do not forget your master password!** - **Strong**: A longer, more complex, and less common password is the best way to protect your account. Bitwarden provides a free [password strength testing tool](https://bitwarden.com/it-it/password-strength/) to test the strength of some memorable passwords you are considering. ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) ### Create an organization (2 min) [Create your organization](https://bitwarden.com/it-it/help/about-organizations/#create-an-organization/) today by selecting the **New organization** button in the Bitwarden web app: ![Nuova organizzazione](https://bitwarden.com/assets/3eSqWiTIuPSFxXdo5AAjT9/248b0fa7bb381add0d71682acd244a63/2024-12-03_13-57-58.png) ### Or join an existing organization (1 min) If your organization has already been created, ask the other member of your organization to send you an invite. ### Get to know the Admin Console (2 min) Once created, you'll land in the Admin Console, which is the central hub for all things sharing and organization administration. As the organization owner, you'll be able to see your **Vault**items and [collections](https://bitwarden.com/it-it/help/getting-started-organizations/#get-to-know-collections/), to manage **Members**, and configure other organization **Settings**: ![Console di amministrazione dell'organizzazione gratuita](https://bitwarden.com/assets/hzBuypc5ISzqC3jUmYbea/edcb03ce3d3071cea4f9afb6c7f8eca9/2024-12-03_13-46-09.png) ### Managing vault items and collections (3 min) As an owner or admin, you might be responsible for managing access to **vault items**, like shared credentials, for your organization. You can create directly from the web app and assign them to collections in order to share them: ![Assegna a raccolte in blocco](https://bitwarden.com/assets/1u6EPNgAlCnvC9DcmUIosQ/327c0c24e09dce687540499a8eaa5aac/2024-12-02_15-47-21.png) Speaking of [**collections**](https://bitwarden.com/it-it/help/about-collections/), they're an important construct for grouping together related logins, notes, cards, and identities for secure sharing with your organization: - Organizations can define access to collections, allowing users to access only the items they need. - Items stored in an organization's collections(s) do not belong to any individual user, but rather to the organization. - Organization-owned items **must** be included in at least one collection. - As a free organization, you can have up to two collections. > [!TIP] Items can also be imported > I dati possono anche essere importati direttamente nella tua organizzazione! Scopri come [qui](https://bitwarden.com/it-it/help/import-to-org/#import-to-your-organization/). ### Managing members and groups (2 min) As an owner, you'll be responsible for inviting the other member to your organization directly from the Admin Console's **Members** page ([learn more](https://bitwarden.com/it-it/help/managing-users/#invite/)): ![Invita un membro a un'organizzazione](https://bitwarden.com/assets/7AJjR4oqEnCH3A89YYoWpH/498d594fa9703bee9c5f49e2af9f83d0/Invite_member_to_an_organization.png) ## Importa i tuoi dati ### App web (1 min) [![Vimeo Video](https://vumbnail.com/1145638406.jpg)](https://vimeo.com/1145638406) *[Watch on Vimeo](https://vimeo.com/1145638406)* **Capitoli del video:** Scopri come importare le password nella tua organizzazione usando la Console di amministrazione nell'app web di Bitwarden. [Embedded content componentCtaLink] ### App desktop — include l’importazione diretta per i browser Chromium (2 min) [![Vimeo Video](https://vumbnail.com/1145638482.jpg)](https://vimeo.com/1145638482) *[Watch on Vimeo](https://vimeo.com/1145638482)* **Capitoli del video:** Scopri come [importare le tue password](https://bitwarden.com/it-it/Import:%20https://bitwarden.com/help/import-data/) e altri dati in Bitwarden usando l'app desktop. Le password del browser possono essere [importate direttamente](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) da Chrome, Edge, Opera, Brave e Vivaldi. Scarica l'app desktop direttamente dal sito web di Bitwarden per usare l'opzione "importa direttamente dal browser". [Embedded content componentCtaLink] ### Estensione del browser (1 min) [![Vimeo Video](https://vumbnail.com/1145638461.jpg)](https://vimeo.com/1145638461) *[Watch on Vimeo](https://vimeo.com/1145638461)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-browser-extension-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati con l'estensione del browser Bitwarden. ### App mobile - Include importazione/esportazione diretta su iOS per le app compatibili (1 min) [![Vimeo Video](https://vumbnail.com/1145638494.jpg)](https://vimeo.com/1145638494) *[Watch on Vimeo](https://vimeo.com/1145638494)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-mobile-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app mobile Bitwarden. ### Da un file personalizzato (1 min) [![Vimeo Video](https://vumbnail.com/1145638421.jpg)](https://vimeo.com/1145638421) *[Watch on Vimeo](https://vimeo.com/1145638421)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/condition-bitwarden-import/) le tue password e altri dati da un file personalizzato. [Embedded content componentCtaLink] ## Supporto ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/password-manager-msp-deployment-guide/ --- # Playlist e distribuzione MSP Segui questi passaggi e best practice per distribuire Bitwarden ai tuoi clienti. [Embedded content] ## Demo ### Demo del Provider Portal (35 min) [![Vimeo Video](https://vumbnail.com/668382756.jpg)](https://vimeo.com/668382756) *[Watch on Vimeo](https://vimeo.com/668382756)* Scopri di più su come diventare un MSP o rivenditore Bitwarden [qui](https://bitwarden.com/it-it/partners/). - **1:36**: Panoramica di Bitwarden Password Manager. - **1:46**: App client Bitwarden. - **2:15**: Come Bitwarden si integra con il tuo stack tecnologico. - **4:53**: Panoramica della terminologia e dei concetti. - **8:34**: Approfondimento sull'architettura MSP. - **10:05**: La tua organizzazione. - **16:19**: Il Provider Portal. - **23:13**: Organizzazioni cliente. - **25:49**: Gestisci i tuoi clienti. - **26:50**: Gestisci i criteri. - **27:43**: Importa dati. - **28:18**: Configura SSO e SCIM. - **29:00**: Domande e risposte. ### Fase 1 - Pre-onboarding Definisci i requisiti tecnici e la strategia di onboarding per l'organizzazione Bitwarden e l'ambiente del tuo cliente. | Passaggio | Argomento | Azione | Risorse | Durata (ore) | |------|------|------|------|------| | 1 | Scelta dell'ambiente | Stabilisci se usare un ambiente Cloud o self-hosted | [Domande frequenti sull'hosting](https://bitwarden.com/it-it/help/hosting-faqs/) | 0,5 | | 2 | Strategia di autenticazione | Stabilisci se il cliente userà il Single Sign-On (SSO) | [Informazioni su SSO](https://bitwarden.com/it-it/help/about-sso/) | 0,25 | | 3 | Metodo di decrittografia | Se si usa l'Accesso con SSO, seleziona Password principale o dispositivi attendibili per la decrittografia | [Informazioni sui dispositivi attendibili](https://bitwarden.com/it-it/help/about-trusted-devices/) | 0,25 | | 4 | Strategia di provisioning | Seleziona una strategia di provisioning come SCIM, Directory Connector o provisioning manuale. | [Gestione degli utenti](https://bitwarden.com/it-it/help/managing-users/#add-new-members/) | 0,25 | | 5 | Identificazione degli utenti | Identifica utenti, team o reparti per i gruppi di rollout | 0,25 | | 6 | Strategia di formazione | Identifica i gruppi e i promotori interni che parteciperanno alla formazione. Esempio: utenti finali, service desk, amministratori | 0,5 | | 7 | Strategia per le raccolte (condivisione) | Stabilisci come verranno configurate le raccolte. Tra gli aspetti da considerare: Gli utenti potranno creare raccolte? Le raccolte saranno configurate per reparto, progetto o funzione? I dati verranno importati da un'altra applicazione, che spesso ne definisce la struttura? Gli utenti Admin e Owner avranno accesso a tutti gli elementi condivisi, o solo i Manager delle Raccolte delegate? | [Informazioni sulle raccolte](https://bitwarden.com/it-it/help/about-collections/) | 1 | | 8 | Pianificazione dei criteri | Seleziona i criteri da configurare al momento del lancio | [Criteri](https://bitwarden.com/it-it/help/policies/) | 0,5 | | 9 | Tempistica del rollout | Stabilisci meccanismi e tempistiche di invito e onboarding | 0,5 | | 10 | Comunicazione interna | Crea messaggi interni o un memo sul rollout di Bitwarden. Consulta i modelli Bitwarden per farti un'idea delle comunicazioni | [Modelli di email di benvenuto](https://bitwarden.com/it-it/help/welcome-email-templates/) | 1 | | 11 | Comunicazione alla leadership | Comunica ai responsabili interni la strategia di distribuzione della gestione delle password | 0.25 | ### Fase 2 - Configurazione dell'organizzazione Configura la base tecnica e le impostazioni di Bitwarden per il tuo cliente. | Passaggio | Argomento | Azione | Risorse | Durata (ore) | |------|------|------|------|------| | 12 | Proprietario dell'organizzazione | Identifica il proprietario dell'organizzazione. Il proprietario è il superutente che può controllare tutti gli aspetti dell'organizzazione. Decidi se vuoi che l'email sia associata a uno specifico utente o a una casella di posta del team. Inoltre, è consigliabile avere due account proprietario per garantire ridondanza | [Ruoli dei membri](https://bitwarden.com/it-it/help/user-types-access-control/#member-roles/) | 0.25 | | 13 | Criteri Enterprise | Configura i criteri Enterprise. Eventuali criteri devono essere abilitati prima di invitare gli utenti. Assicurati di esaminare i seguenti criteri: Amministrazione del recupero dell'account Applica la proprietà dei dati dell'organizzazione Attiva la compilazione automatica | [Criteri](https://bitwarden.com/it-it/help/policies/) | 1 | | 14 | Impostazioni di gestione delle raccolte | Scegli come si comporteranno le raccolte nell'organizzazione. Queste impostazioni consentono di spaziare dal controllo completo da parte dell'amministratore al self-service totale, in cui gli utenti possono creare le proprie raccolte. Queste impostazioni possono essere usate per definire una politica del privilegio minimo | [Gestione degli utenti](https://bitwarden.com/it-it/help/managing-users/) | 0.25 | | 15 | Ambiente co-gestito | Aggiungi amministratori o proprietari all'organizzazione cliente per la co-gestione. È consigliabile configurare un secondo proprietario per garantire ridondanza | [Gestione degli utenti](https://bitwarden.com/it-it/help/managing-users/) | 0.5 | | 16 | Crea raccolte | Le raccolte sono il luogo in cui si trovano gli elementi sicuri e vengono condivisi con gruppi di utenti | [Raccolte](https://bitwarden.com/it-it/help/collections/) | 0.5 | | 17 | Crea gruppi di utenti | La creazione di gruppi di utenti consente di assegnare facilmente le raccolte. Se decidi di sincronizzare gruppi e utenti dal tuo provider di identità o servizio di directory, potresti dover riconfigurare in seguito le assegnazioni di utenti e gruppi | [Gruppi](https://bitwarden.com/it-it/help/groups/) | 0.5 | | 18 | Assegnazione delle raccolte | Assegna i gruppi alle raccolte, assicurandoti di testare e mostrare le opzioni "Sola lettura" e "Nascondi password" | [Controllo degli accessi per tipi di utente](https://bitwarden.com/it-it/help/user-types-access-control/) | 0.5 | | 19 | Aggiungi elementi | Aggiungi elementi manualmente per testare le raccolte oppure importali tramite CSV o JSON da un'altra applicazione di gestione delle password | [Raccolte](https://bitwarden.com/it-it/help/collections/) | 0.25 | | 20 | Accesso con SSO | Se applicabile, configura l'accesso con SSO e l'identificatore dell'organizzazione Configura il funzionamento con SAML 2.0 o OpenID Connect | [Introduzione all'SSO](https://bitwarden.com/it-it/help/getting-started-with-sso/) | 1.5 | | 21 | Verifica del dominio | Se applicabile, verifica i domini email aziendali e/o altri domini email per consentire agli utenti di evitare l'inserimento dell'identificatore dell'organizzazione durante il processo SSO Enterprise. Non è necessario per le organizzazioni senza SSO | [Verifica del dominio](https://bitwarden.com/it-it/help/domain-verification/) | 0.5 | ### Fase 3 - Distribuzione dell'organizzazione Distribuisci Bitwarden tra i team e le funzioni del tuo cliente. | Passaggio | Argomento | Azione | Risorse | Durata (ore) | |------|------|------|------|------| | 22 | Riunione tecnica periodica | Pianifica la fase 3 dell'implementazione con il cliente | 0.5 | | 23 | Aggiungi elementi alle raccolte | Aggiungi manualmente elementi alle raccolte di produzione o importa dati da un'altra applicazione di gestione password | [Informazioni sulle raccolte](https://bitwarden.com/it-it/help/about-collections/) | 0,25 | | 24 | Criteri aziendali | I criteri aziendali possono essere utilizzati per adattare la tua organizzazione Bitwarden alle tue esigenze di sicurezza. Abilita e configura i criteri desiderati prima dell'inizio dell'onboarding degli utenti | [Criteri](https://bitwarden.com/it-it/help/policies/) | 0,1 | | 25 | Centralizza la proprietà dell'organizzazione | Per sfruttare appieno funzionalità di reporting come Access Intelligence, valuta l'attivazione del criterio Centralizza la proprietà dell'organizzazione. In questo modo tutti gli elementi salvati in Bitwarden saranno di proprietà dell'organizzazione. | [Centralizza la proprietà dell'organizzazione](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) | 0,1 | | 26 | Accesso con SSO | Se applicabile, configura Bitwarden per l'autenticazione tramite il tuo provider di identità SAML 2.0 o OIDC | [Informazioni sull'SSO](https://bitwarden.com/it-it/help/about-sso/) | 1,5 | | 27 | Primi utenti | Aggiungi manualmente un gruppo di utenti all'organizzazione del cliente e assegnali a gruppi diversi. Con questi utenti testerai in modo generale tutte le funzionalità preconfigurate nel passaggio successivo, prima di passare a funzioni avanzate come Directory Connector. Condividi con gli utenti le istruzioni allegate per il flusso di onboarding | [Gestione degli utenti - Invito](https://bitwarden.com/it-it/help/managing-users/#invite/) [Flussi di onboarding](https://bitwarden.com/it-it/help/onboarding-workflows/) | 0,5 | | 28 | Integrazione SIEM | Se applicabile, collega Bitwarden allo strumento SIEM del cliente | [SIEM](https://bitwarden.com/it-it/help/event-logs/#siem-and-external-systems-integrations/) | 0,5 | | 29 | Client Bitwarden | Tutti i membri dell'organizzazione aggiunti al gruppo pilota devono scaricare Bitwarden su diversi dispositivi, accedere e testare l'accesso agli elementi condivisi tramite le raccolte. Devono inoltre verificare la corretta applicazione dei criteri. | [Download](https://bitwarden.com/it-it/download/) | 0,5 | | 30 | Distribuisci le applicazioni client | Configura i tuoi strumenti di gestione applicazioni o MDM per preparare la distribuzione su larga scala delle applicazioni Bitwarden | [Distribuisci le applicazioni client](https://bitwarden.com/it-it/help/browserext-deploy/) | 0,5 | | 31 | Disabilita il gestore di password integrato | Imposta Bitwarden Password Manager come gestore di password predefinito e disattiva le soluzioni integrate nei browser. Istruisci gli utenti su come fare lo stesso durante l'onboarding | [Disabilita il gestore di password integrato](https://bitwarden.com/it-it/help/getting-started-browserext/#disable-a-built-in-password-manager/) | 0,25 | | 32 | Testa l'onboarding degli utenti | Configura e testa le integrazioni SCIM o Directory Connector di Bitwarden per sincronizzare automaticamente utenti e gruppi | [Informazioni su SCIM](https://bitwarden.com/it-it/help/about-scim/) [Informazioni su Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) | 1,5 | | 33 | Onboarding degli utenti | Esegui la sincronizzazione tramite SCIM o Directory Connector per invitare altri utenti in gruppi all'organizzazione. Condividi con gli utenti le istruzioni allegate per il flusso di onboarding | [Informazioni su SCIM](https://bitwarden.com/it-it/help/about-scim/) [Informazioni su Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) [Flussi di onboarding](https://bitwarden.com/it-it/help/onboarding-workflows/) | 1 | ### Fase 4 - Formazione degli utenti Forma tutti gli utenti e gli stakeholder sull'uso di Bitwarden e fornisci formazione continua. | Passaggio | Argomento | Azione | Risorse | Durata (ore) | |------|------|------|------|------| | 33 | Formazione degli amministratori | Fornisci agli utenti amministratori una formazione essenziale sulle attività quotidiane, con l'aggiunta di eventuali argomenti speciali richiesti Esempi di argomenti speciali includono, a titolo esemplificativo: Dimostrazione del flusso di accesso SSO configurato Onboarding e offboarding degli utenti Ruoli personalizzati | [Scopri la Console di amministrazione](https://bitwarden.com/it-it/help/get-started-administrator/#get-to-know-the-admin-console/) [Bitwarden per amministratori aziendali](https://bitwarden.com/it-it/help/courses/bitwarden-for-business-admins/) | 0,75 | | 34 | Formazione del service desk | Istruisci gli utenti del service desk sul loro ruolo e sulle operazioni. Rivedi quali attività possono essere svolte con il ruolo personalizzato e quali richiedono l'intervento di un amministratore | 0,75 | | 35 | Formazione dei membri del team | Una sessione di formazione generale per gli utenti finali tratterà: Bitwarden per tutti i dispositivi Configurazione dell'estensione browser Bitwarden Creazione dell'account Familiarizzare con la cassaforte Bitwarden Come usare il Gestore password Bitwarden Bitwarden Send | [Scopri la tua cassaforte](https://bitwarden.com/it-it/help/get-started-team-member/#get-to-know-your-vault/) [Scopri il Gestore password](https://bitwarden.com/it-it/help/get-to-know-password-manager/) | 0,75 | | 36 | Formazione continua | Tutti gli utenti possono usufruire ogni mese di contenuti formativi nuovi e aggiornati nel Centro di apprendimento Bitwarden | [Corsi](https://bitwarden.com/it-it/help/courses/) | 0,75 | --- URL: https://bitwarden.com/it-it/help/courses/password-manager-partner-provider-admin/ --- # Amministratore provider Scopri come configurare e gestire il tuo Provider Portal come amministratore, inclusi l'onboarding dei clienti, la configurazione delle autorizzazioni e la supervisione dell'accesso del tuo team di assistenza alle organizzazioni cliente. > [!NOTE] MSP or Reseller Course call out > Preferisci una formazione dal vivo? Partecipa a una [sessione di formazione pubblica](https://bitwarden.com/it-it/events/tag/msp/). ## Demo ### Demo del Provider Portal (35 min) [![Vimeo Video](https://vumbnail.com/668382756.jpg)](https://vimeo.com/668382756) *[Watch on Vimeo](https://vimeo.com/668382756)* Scopri di più su come diventare un MSP o rivenditore Bitwarden [qui](https://bitwarden.com/it-it/partners/). - **1:36**: Panoramica di Bitwarden Password Manager. - **1:46**: App client Bitwarden. - **2:15**: Come Bitwarden si integra con il tuo stack tecnologico. - **4:53**: Panoramica della terminologia e dei concetti. - **8:34**: Approfondimento sull'architettura MSP. - **10:05**: La tua organizzazione. - **16:19**: Il Provider Portal. - **23:13**: Organizzazioni cliente. - **25:49**: Gestisci i tuoi clienti. - **26:50**: Gestisci i criteri. - **27:43**: Importa dati. - **28:18**: Configura SSO e SCIM. - **29:00**: Domande e risposte. ## Per iniziare ### Diventa partner (2 min) Diventare membro del Programma Partner Bitwarden è semplice e veloce. Il nostro programma di partnership è progettato per massimizzare il tuo successo in un'ampia gamma di priorità condivise, requisiti strategici e vantaggi per i clienti. [Inizia oggi stesso](https://bitwarden.com/it-it/partners/). > [!NOTE] If you're an admin joining an existing provider > Gestisci la tua organizzazione separatamente: non includerla nell'elenco clienti del tuo Provider Portal > > Se sei un amministratore che entra a far parte di un provider esistente, usa l'invito del provider nella tua casella email per accedere o creare un nuovo account Bitwarden. ### La tua password principale (2 min) ### La tua password principale Durante la registrazione, creerai una password principale per accedere a Bitwarden. È importante che la tua password principale sia: - **Memorizzabile**: dipendenti e sistemi Bitwarden non hanno **alcuna** conoscenza della tua password principale, né modo di recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Robusta**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre uno [strumento gratuito per testare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) per verificare la robustezza di alcune password memorizzabili che stai prendendo in considerazione. ### Scopri il Provider Portal (5 min) Il [Provider Portal](https://bitwarden.com/it-it/help/providers/) è un'esperienza di gestione completa che consente ai provider di gestire su larga scala le organizzazioni Bitwarden dei clienti. Semplifica le attività di amministrazione centralizzando l'accesso e il supporto per ciascun cliente, oltre a permetterti di crearne di nuovi man mano che la tua attività cresce: ![Provider Portal](https://bitwarden.com/assets/7AoSHeZgJJTBXQmpZ13UBr/56ca464fe6987c8c5fc8e7099235d640/2025-02-25_15-17-46.png) ### Invita il tuo team provider (2 min) Ogni provider di successo ha bisogno di un team di successo. Inizia a invitare i tuoi dipendenti dalla vista **Gestisci** → **Membri** per [completare il tuo team di gestione clienti](https://bitwarden.com/it-it/help/provider-users/#onboard-provider-users/): ![Aggiungi un utente provider](https://bitwarden.com/assets/6E5GA111xdiHHkA0gb5LtG/5e5b5fddb5911e1b2ed468c1d49134ad/2024-12-05_09-27-45.png) **Utenti dei servizi** possono gestire completamente qualsiasi organizzazione cliente, mentre**gli amministratori provider** possono fare lo stesso e, in più, gestire la configurazione e la fatturazione del Provider. Per garantire una ridondanza protettiva, consigliamo di includere almeno un altro amministratore provider nel tuo team. ### Effettua l'onboarding dei clienti (5 min) In qualità di amministratore provider, potrai gestire completamente tutti gli aspetti di un'organizzazione cliente per conto dei tuoi clienti, inclusa la configurazione della loro [raccolta](https://bitwarden.com/it-it/help/about-collections/) e la [struttura dei gruppi](https://bitwarden.com/it-it/help/about-groups/), [importare i dati](https://bitwarden.com/it-it/help/import-to-org/) e configurare [criteri](https://bitwarden.com/it-it/help/policies/) e [SSO](https://bitwarden.com/it-it/help/about-sso/). Scopri come [creare nuove Organizzazioni cliente](https://bitwarden.com/it-it/help/client-org-setup/) e dai un'occhiata ai [primi passaggi per configurare un'Organizzazione cliente di successo](https://bitwarden.com/it-it/help/client-org-setup/#initial-setup-procedure/). ### Gestire gli abbonamenti dei clienti (3 min) In qualità di amministratore Provider, uno dei tuoi ruoli principali sarà gestire gli abbonamenti e il numero di postazioni delle organizzazioni cliente. Scopri di più [qui](https://bitwarden.com/it-it/help/provider-billing/). ### Scopri l'amministrazione dei clienti (5 min) Le organizzazioni cliente consentono ai tuoi clienti di condividere in modo sicuro password, carte di credito e altro ancora e ti forniscono gli strumenti per gestire questi elementi per loro conto. Puoi fare molto, ma ecco alcune [attività quotidiane chiave che svolgerai come Provider](https://bitwarden.com/it-it/help/manage-client-orgs/). ## Guida all'implementazione per i clienti Segui i passaggi e le best practice riportati di seguito per distribuire Bitwarden presso i tuoi clienti. ### Fase 1 - Pre-onboarding Definisci i requisiti tecnici e la strategia di onboarding per l'organizzazione Bitwarden e l'ambiente del tuo cliente. | Passaggio | Argomento | Azione | Risorse | Durata (ore) | |------|------|------|------|------| | 1 | Scelta dell'ambiente | Stabilisci se usare un ambiente Cloud o self-hosted | [Domande frequenti sull'hosting](https://bitwarden.com/it-it/help/hosting-faqs/) | 0,5 | | 2 | Strategia di autenticazione | Stabilisci se il cliente userà il Single Sign-On (SSO) | [Informazioni su SSO](https://bitwarden.com/it-it/help/about-sso/) | 0,25 | | 3 | Metodo di decrittografia | Se si usa l'Accesso con SSO, seleziona Password principale o dispositivi attendibili per la decrittografia | [Informazioni sui dispositivi attendibili](https://bitwarden.com/it-it/help/about-trusted-devices/) | 0,25 | | 4 | Strategia di provisioning | Seleziona una strategia di provisioning come SCIM, Directory Connector o provisioning manuale. | [Gestione degli utenti](https://bitwarden.com/it-it/help/managing-users/#add-new-members/) | 0,25 | | 5 | Identificazione degli utenti | Identifica utenti, team o reparti per i gruppi di rollout | 0,25 | | 6 | Strategia di formazione | Identifica i gruppi e i promotori interni che parteciperanno alla formazione. Esempio: utenti finali, service desk, amministratori | 0,5 | | 7 | Strategia per le raccolte (condivisione) | Stabilisci come verranno configurate le raccolte. Tra gli aspetti da considerare: Gli utenti potranno creare raccolte? Le raccolte saranno configurate per reparto, progetto o funzione? I dati verranno importati da un'altra applicazione, che spesso ne definisce la struttura? Gli utenti Admin e Owner avranno accesso a tutti gli elementi condivisi, o solo i Manager delle Raccolte delegate? | [Informazioni sulle raccolte](https://bitwarden.com/it-it/help/about-collections/) | 1 | | 8 | Pianificazione dei criteri | Seleziona i criteri da configurare al momento del lancio | [Criteri](https://bitwarden.com/it-it/help/policies/) | 0,5 | | 9 | Tempistica del rollout | Stabilisci meccanismi e tempistiche di invito e onboarding | 0,5 | | 10 | Comunicazione interna | Crea messaggi interni o un memo sul rollout di Bitwarden. Consulta i modelli Bitwarden per farti un'idea delle comunicazioni | [Modelli di email di benvenuto](https://bitwarden.com/it-it/help/welcome-email-templates/) | 1 | | 11 | Comunicazione alla leadership | Comunica ai responsabili interni la strategia di distribuzione della gestione delle password | 0.25 | ### Fase 2 - Configurazione dell'organizzazione Configura la base tecnica e le impostazioni di Bitwarden per il tuo cliente. | Passaggio | Argomento | Azione | Risorse | Durata (ore) | |------|------|------|------|------| | 12 | Proprietario dell'organizzazione | Identifica il proprietario dell'organizzazione. Il proprietario è il superutente che può controllare tutti gli aspetti dell'organizzazione. Decidi se vuoi che l'email sia associata a uno specifico utente o a una casella di posta del team. Inoltre, è consigliabile avere due account proprietario per garantire ridondanza | [Ruoli dei membri](https://bitwarden.com/it-it/help/user-types-access-control/#member-roles/) | 0.25 | | 13 | Criteri Enterprise | Configura i criteri Enterprise. Eventuali criteri devono essere abilitati prima di invitare gli utenti. Assicurati di esaminare i seguenti criteri: Amministrazione del recupero dell'account Applica la proprietà dei dati dell'organizzazione Attiva la compilazione automatica | [Criteri](https://bitwarden.com/it-it/help/policies/) | 1 | | 14 | Impostazioni di gestione delle raccolte | Scegli come si comporteranno le raccolte nell'organizzazione. Queste impostazioni consentono di spaziare dal controllo completo da parte dell'amministratore al self-service totale, in cui gli utenti possono creare le proprie raccolte. Queste impostazioni possono essere usate per definire una politica del privilegio minimo | [Gestione degli utenti](https://bitwarden.com/it-it/help/managing-users/) | 0.25 | | 15 | Ambiente co-gestito | Aggiungi amministratori o proprietari all'organizzazione cliente per la co-gestione. È consigliabile configurare un secondo proprietario per garantire ridondanza | [Gestione degli utenti](https://bitwarden.com/it-it/help/managing-users/) | 0.5 | | 16 | Crea raccolte | Le raccolte sono il luogo in cui si trovano gli elementi sicuri e vengono condivisi con gruppi di utenti | [Raccolte](https://bitwarden.com/it-it/help/collections/) | 0.5 | | 17 | Crea gruppi di utenti | La creazione di gruppi di utenti consente di assegnare facilmente le raccolte. Se decidi di sincronizzare gruppi e utenti dal tuo provider di identità o servizio di directory, potresti dover riconfigurare in seguito le assegnazioni di utenti e gruppi | [Gruppi](https://bitwarden.com/it-it/help/groups/) | 0.5 | | 18 | Assegnazione delle raccolte | Assegna i gruppi alle raccolte, assicurandoti di testare e mostrare le opzioni "Sola lettura" e "Nascondi password" | [Controllo degli accessi per tipi di utente](https://bitwarden.com/it-it/help/user-types-access-control/) | 0.5 | | 19 | Aggiungi elementi | Aggiungi elementi manualmente per testare le raccolte oppure importali tramite CSV o JSON da un'altra applicazione di gestione delle password | [Raccolte](https://bitwarden.com/it-it/help/collections/) | 0.25 | | 20 | Accesso con SSO | Se applicabile, configura l'accesso con SSO e l'identificatore dell'organizzazione Configura il funzionamento con SAML 2.0 o OpenID Connect | [Introduzione all'SSO](https://bitwarden.com/it-it/help/getting-started-with-sso/) | 1.5 | | 21 | Verifica del dominio | Se applicabile, verifica i domini email aziendali e/o altri domini email per consentire agli utenti di evitare l'inserimento dell'identificatore dell'organizzazione durante il processo SSO Enterprise. Non è necessario per le organizzazioni senza SSO | [Verifica del dominio](https://bitwarden.com/it-it/help/domain-verification/) | 0.5 | ### Fase 3 - Distribuzione dell'organizzazione Distribuisci Bitwarden tra i team e le funzioni del tuo cliente. | Passaggio | Argomento | Azione | Risorse | Durata (ore) | |------|------|------|------|------| | 22 | Riunione tecnica periodica | Pianifica la fase 3 dell'implementazione con il cliente | 0.5 | | 23 | Aggiungi elementi alle raccolte | Aggiungi manualmente elementi alle raccolte di produzione o importa dati da un'altra applicazione di gestione password | [Informazioni sulle raccolte](https://bitwarden.com/it-it/help/about-collections/) | 0,25 | | 24 | Criteri aziendali | I criteri aziendali possono essere utilizzati per adattare la tua organizzazione Bitwarden alle tue esigenze di sicurezza. Abilita e configura i criteri desiderati prima dell'inizio dell'onboarding degli utenti | [Criteri](https://bitwarden.com/it-it/help/policies/) | 0,1 | | 25 | Centralizza la proprietà dell'organizzazione | Per sfruttare appieno funzionalità di reporting come Access Intelligence, valuta l'attivazione del criterio Centralizza la proprietà dell'organizzazione. In questo modo tutti gli elementi salvati in Bitwarden saranno di proprietà dell'organizzazione. | [Centralizza la proprietà dell'organizzazione](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) | 0,1 | | 26 | Accesso con SSO | Se applicabile, configura Bitwarden per l'autenticazione tramite il tuo provider di identità SAML 2.0 o OIDC | [Informazioni sull'SSO](https://bitwarden.com/it-it/help/about-sso/) | 1,5 | | 27 | Primi utenti | Aggiungi manualmente un gruppo di utenti all'organizzazione del cliente e assegnali a gruppi diversi. Con questi utenti testerai in modo generale tutte le funzionalità preconfigurate nel passaggio successivo, prima di passare a funzioni avanzate come Directory Connector. Condividi con gli utenti le istruzioni allegate per il flusso di onboarding | [Gestione degli utenti - Invito](https://bitwarden.com/it-it/help/managing-users/#invite/) [Flussi di onboarding](https://bitwarden.com/it-it/help/onboarding-workflows/) | 0,5 | | 28 | Integrazione SIEM | Se applicabile, collega Bitwarden allo strumento SIEM del cliente | [SIEM](https://bitwarden.com/it-it/help/event-logs/#siem-and-external-systems-integrations/) | 0,5 | | 29 | Client Bitwarden | Tutti i membri dell'organizzazione aggiunti al gruppo pilota devono scaricare Bitwarden su diversi dispositivi, accedere e testare l'accesso agli elementi condivisi tramite le raccolte. Devono inoltre verificare la corretta applicazione dei criteri. | [Download](https://bitwarden.com/it-it/download/) | 0,5 | | 30 | Distribuisci le applicazioni client | Configura i tuoi strumenti di gestione applicazioni o MDM per preparare la distribuzione su larga scala delle applicazioni Bitwarden | [Distribuisci le applicazioni client](https://bitwarden.com/it-it/help/browserext-deploy/) | 0,5 | | 31 | Disabilita il gestore di password integrato | Imposta Bitwarden Password Manager come gestore di password predefinito e disattiva le soluzioni integrate nei browser. Istruisci gli utenti su come fare lo stesso durante l'onboarding | [Disabilita il gestore di password integrato](https://bitwarden.com/it-it/help/getting-started-browserext/#disable-a-built-in-password-manager/) | 0,25 | | 32 | Testa l'onboarding degli utenti | Configura e testa le integrazioni SCIM o Directory Connector di Bitwarden per sincronizzare automaticamente utenti e gruppi | [Informazioni su SCIM](https://bitwarden.com/it-it/help/about-scim/) [Informazioni su Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) | 1,5 | | 33 | Onboarding degli utenti | Esegui la sincronizzazione tramite SCIM o Directory Connector per invitare altri utenti in gruppi all'organizzazione. Condividi con gli utenti le istruzioni allegate per il flusso di onboarding | [Informazioni su SCIM](https://bitwarden.com/it-it/help/about-scim/) [Informazioni su Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) [Flussi di onboarding](https://bitwarden.com/it-it/help/onboarding-workflows/) | 1 | ### Fase 4 - Formazione degli utenti Forma tutti gli utenti e gli stakeholder sull'uso di Bitwarden e fornisci formazione continua. | Passaggio | Argomento | Azione | Risorse | Durata (ore) | |------|------|------|------|------| | 33 | Formazione degli amministratori | Fornisci agli utenti amministratori una formazione essenziale sulle attività quotidiane, con l'aggiunta di eventuali argomenti speciali richiesti Esempi di argomenti speciali includono, a titolo esemplificativo: Dimostrazione del flusso di accesso SSO configurato Onboarding e offboarding degli utenti Ruoli personalizzati | [Scopri la Console di amministrazione](https://bitwarden.com/it-it/help/get-started-administrator/#get-to-know-the-admin-console/) [Bitwarden per amministratori aziendali](https://bitwarden.com/it-it/help/courses/bitwarden-for-business-admins/) | 0,75 | | 34 | Formazione del service desk | Istruisci gli utenti del service desk sul loro ruolo e sulle operazioni. Rivedi quali attività possono essere svolte con il ruolo personalizzato e quali richiedono l'intervento di un amministratore | 0,75 | | 35 | Formazione dei membri del team | Una sessione di formazione generale per gli utenti finali tratterà: Bitwarden per tutti i dispositivi Configurazione dell'estensione browser Bitwarden Creazione dell'account Familiarizzare con la cassaforte Bitwarden Come usare il Gestore password Bitwarden Bitwarden Send | [Scopri la tua cassaforte](https://bitwarden.com/it-it/help/get-started-team-member/#get-to-know-your-vault/) [Scopri il Gestore password](https://bitwarden.com/it-it/help/get-to-know-password-manager/) | 0,75 | | 36 | Formazione continua | Tutti gli utenti possono usufruire ogni mese di contenuti formativi nuovi e aggiornati nel Centro di apprendimento Bitwarden | [Corsi](https://bitwarden.com/it-it/help/courses/) | 0,75 | --- URL: https://bitwarden.com/it-it/help/courses/password-manager-partner-reseller/ --- # Rivenditore Acquisisci le competenze essenziali per essere un rivenditore Bitwarden, tra cui conoscenza del prodotto, opzioni di licenza, strategie di vendita e supporto ai clienti lungo tutto il loro percorso. ### Diventa partner (2 min) Diventare membro del Programma Partner Bitwarden è semplice e veloce. Il nostro programma di partnership è pensato per massimizzare il tuo successo su un’ampia gamma di priorità condivise, requisiti strategici e vantaggi per i clienti. [Inizia oggi](https://bitwarden.com/it-it/partners/). ### Scopri i tipi di organizzazione (2 min) In qualità di rivenditore, la maggior parte dei tuoi clienti sceglierà organizzazioni Teams o Enterprise. Scopri di più sulle funzionalità distintive di ciascun piano usando la nostra [tabella comparativa](https://bitwarden.com/it-it/help/password-manager-plans/#compare-business-plans/). ### Scopri Bitwarden (5 min) Scelto da milioni di persone, Bitwarden può aiutare i tuoi clienti a favorire la collaborazione, aumentare la produttività e condividere dati in modo sicuro, sia all’interno della stessa organizzazione sia all’esterno. Per i tuoi clienti, alcune delle funzionalità più apprezzate offerte da Bitwarden Password Manager sono: - **Importazione semplice**: [Importa](https://bitwarden.com/it-it/help/import-to-org/) le credenziali condivise della tua azienda da quasi qualsiasi soluzione di gestione delle password. - **Integrazioni per la gestione degli utenti**: sincronizza gli utenti finali con la tua organizzazione Bitwarden usando una delle numerose integrazioni [System for Cross-domain Identity Management (SCIM)](https://bitwarden.com/it-it/help/about-scim/) o [dirette alla directory](https://bitwarden.com/it-it/help/directory-sync/). - **Accesso con SSO**: [Autentica i tuoi utenti finali con la configurazione single sign-on (SSO) esistente](https://bitwarden.com/it-it/help/about-sso/) tramite qualsiasi provider di identità SAML 2.0 o OIDC. - **Criteri robusti**: applica pratiche di sicurezza per i tuoi utenti finali, ad esempio configurando la possibilità per gli amministratori di [recuperare account persi](https://bitwarden.com/it-it/help/account-recovery/), utilizzando [criteri aziendali](https://bitwarden.com/it-it/help/policies/). Bitwarden si impegna a creare prodotti che mettano la sicurezza al primo posto. Password Manager è: - **Open source**: tutto il codice sorgente è ospitato su GitHub ed è disponibile gratuitamente per la revisione e l’audit da parte di chiunque. Società di audit esterne e ricercatori di sicurezza vengono regolarmente retribuiti per farlo. - **Crittografato end-to-end**: tutta la crittografia e la decrittografia dei dati del vault avvengono lato client, quindi nessun dato sensibile arriva mai sui nostri server senza crittografia. - **Crittografato a conoscenza zero**: i membri del team Bitwarden non possono vedere i dati del tuo vault, inclusi dati come gli URL che altri gestori di password non crittografano, né la tua password principale. --- URL: https://bitwarden.com/it-it/help/courses/password-manager-partner-service-user/ --- # Utente di servizio Scopri come navigare nel Provider Portal come utente di servizio, gestire le organizzazioni cliente e occuparti delle attività quotidiane per le aziende che supporti. ## Inizia ### Unisciti al tuo provider (2 min) Controlla la posta in arrivo per trovare un invito alla tua nuova organizzazione! Se hai già un account esistente, ottimo! Ti basta accettare l'invito. In caso contrario, ti verrà chiesto di creare un account dopo aver accettato l'invito. ### La tua password principale Durante la registrazione, creerai una password principale per accedere a Bitwarden. È importante che la tua password principale sia: - **Memorabile**: i dipendenti e i sistemi Bitwarden **non** conoscono la tua password principale, né hanno modo di recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Robusta**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre uno [strumento gratuito per testare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) con cui verificare la robustezza di alcune password memorabili che stai valutando. ### Scopri il Provider Portal (5 min) Il Provider Portal è un'esperienza di gestione completa che consente ai provider di gestire su larga scala le organizzazioni Bitwarden dei clienti. Semplifica le attività di amministrazione centralizzando accesso e supporto per ogni cliente, oltre a permetterti di crearne di nuovi man mano che la tua attività cresce: ![Provider Portal](https://bitwarden.com/assets/7AoSHeZgJJTBXQmpZ13UBr/56ca464fe6987c8c5fc8e7099235d640/2025-02-25_15-17-46.png) ### Onboarding dei clienti (5 min) In qualità di utente di servizio, potrai configurare la struttura di [raccolte](https://bitwarden.com/it-it/help/about-collections/) e [gruppi](https://bitwarden.com/it-it/help/about-groups/), [importare i dati](https://bitwarden.com/it-it/help/import-to-org/) e configurare [criteri](https://bitwarden.com/it-it/help/policies/) e SSO. Scopri come muovere i primi passi per configurare un' [Organizzazione cliente di successo](https://bitwarden.com/it-it/help/client-org-setup/#initial-setup-procedure/). ### Scopri l'amministrazione dei clienti (5 min) Le organizzazioni cliente consentono ai tuoi clienti di condividere in modo sicuro password, carte di credito e altro ancora, e ti offrono gli strumenti per gestire questi elementi per loro conto. Puoi fare molto, ma ecco alcune [attività quotidiane chiave che svolgerai come Provider](https://bitwarden.com/it-it/help/manage-client-orgs/). --- URL: https://bitwarden.com/it-it/help/courses/password-manager-partner/ --- # Panoramica partner Che tu sia un provider di servizi gestiti (MSP) o rivenda Bitwarden ai tuoi clienti, questi corsi per partner ti insegnano come sfruttare il Portale provider, promuovere il prodotto presso i clienti e formarli in modo efficace. ### Provider di servizi gestiti (MSP) - [Utente del servizio](https://bitwarden.com/help/courses/password-manager-partner-service-user/) - [Amministratore provider](https://bitwarden.com/help/courses/password-manager-partner-provider-admin/) ### Rivenditore - [Rivenditore](https://bitwarden.com/help/courses/password-manager-partner-reseller/) --- URL: https://bitwarden.com/it-it/help/courses/password-manager-personal-overview/ --- # Panoramica personale Vuoi prendere il controllo delle tue password? Che tu sia da solo, condivida con un amico o gestisca la sicurezza di tutta la famiglia, questi corsi ti mostreranno tutto ciò che devi sapere per usare Bitwarden come un professionista. ### Privati - [Individuale](https://bitwarden.com/help/courses/password-manager-personal) - [Condivisione gratuita per due](https://bitwarden.com/help/courses/password-manager-free-sharing-for-two) ### Piano per famiglie - [Membro della famiglia](https://bitwarden.com/help/courses/password-manager-family-member) - [Amministratore famiglia](https://bitwarden.com/help/courses/password-manager-family-admin) --- URL: https://bitwarden.com/it-it/help/courses/password-manager-personal/ --- # Individuale Pronto a riprendere finalmente il controllo delle tue password? Questo corso ti guida nella configurazione del tuo account Bitwarden personale, nella protezione degli accessi più importanti e nel rendere la gestione delle password semplice anziché stressante. > [!NOTE] Individual Callout > Hai imparato le basi e sei pronto a iniziare a condividere? Dai un'occhiata a [Condivisione gratuita per due](https://bitwarden.com/it-it/help/courses/password-manager-free-sharing-for-two/). ## Demo ### Estensione browser (4 min) [![Vimeo Video](https://vumbnail.com/1084695614.jpg)](https://vimeo.com/1084695614) *[Watch on Vimeo](https://vimeo.com/1084695614)* **Capitoli del video:** Scopri come funziona Bitwarden nel tuo browser, dal salvataggio di una password al primo accesso al riempimento automatico delle credenziali nelle visite successive. Scarica l'estensione browser e configuralo in pochi minuti. ### Partecipa a una sessione di formazione pubblica (30 min) Partecipa a una sessione live gratuita di 30 minuti condotta dal team Bitwarden. Guarda il prodotto in azione, ricevi risposte alle tue domande e scopri come sfruttare al meglio Bitwarden come nuovo utente. [Embedded content componentCtaLink] ## Inizia ### Registrati a Bitwarden (3 min) [![Vimeo Video](https://vumbnail.com/1086379394.jpg)](https://vimeo.com/1086379394) *[Watch on Vimeo](https://vimeo.com/1086379394)* Bitwarden offre account gratuiti senza limiti al numero di dispositivi o di accessi che puoi usare. [Perché aspettare?](https://bitwarden.com/it-it/go/start-free/) Scopri di più sulla creazione del tuo account Bitwarden [qui](https://bitwarden.com/it-it/help/create-bitwarden-account/). ### La tua password principale Durante la registrazione, creerai una password principale per accedere a Bitwarden. È importante che la tua password principale sia: - **Memorizzabile**: i dipendenti e i sistemi Bitwarden non hanno **alcuna** conoscenza della tua password principale, né modo di recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Robusta**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre gratuitamente uno [strumento per testare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) per verificare la robustezza di alcune password memorizzabili che stai valutando. ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) ### Accesso in due passaggi Usare l'accesso in due passaggi, chiamato anche autenticazione a 2 fattori o 2FA, è la cosa più importante che puoi fare per proteggere i tuoi dati, oltre a usare una password principale robusta. È così importante che offriamo gratuitamente alcune opzioni, tra cui [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/), un autenticatore mobile autonomo. ### Scopri la tua cassaforte (1 min) L'app web Bitwarden Password Manager elencherà tutti gli elementi della tua cassaforte, inclusi [accessi, carte, identità e note sicure](https://bitwarden.com/it-it/help/managing-items/): ![App web Password Manager](https://bitwarden.com/assets/2xTpSA11EOCzx8VIuVffcF/d3bc18e7fc3c3cb0bf1779fad9262cd3/2024-12-02_13-42-14.png) Dall'app web puoi riempire la tua cassaforte con informazioni da proteggere, organizzare le credenziali per accedervi facilmente e altro ancora. Gli elementi che aggiungi in qualsiasi app Bitwarden verranno sincronizzati con le altre app Bitwarden a cui accedi, così potrai accedere ai tuoi account ovunque ti trovi. ### Porta Bitwarden sempre con te (1 min) Sicurezza ovunque significa sicurezza dappertutto! Installa l'app mobile Bitwarden per usare le tue password in modo sicuro anche quando sei in movimento. [Scarica](https://bitwarden.com/it-it/download/) l'app mobile e scopri come compilare automaticamente le password su [iOS](https://bitwarden.com/it-it/help/auto-fill-ios/) o [Android](https://bitwarden.com/it-it/help/auto-fill-android/): ![Bitwarden su iOS e Android](https://bitwarden.com/assets/53OzJZ4klYWemxUepHMtq4/5ab47331f033259bd2e82817a99e992f/2025-01-21_15-22-10.png) ## Importa le tue password Scopri come importare le tue password con l'estensione per browser, oppure esplora altri metodi, come le app desktop e mobile, che offrono l'importazione diretta per browser e app compatibili. ## Importa le tue password ### Estensione del browser (1 min) [![Vimeo Video](https://vumbnail.com/1145638461.jpg)](https://vimeo.com/1145638461) *[Watch on Vimeo](https://vimeo.com/1145638461)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-browser-extension-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati con l'estensione del browser Bitwarden. ### App web (1 min) [![Vimeo Video](https://vumbnail.com/1145638443.jpg)](https://vimeo.com/1145638443) *[Watch on Vimeo](https://vimeo.com/1145638443)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-web-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app web Bitwarden. ### App desktop — include l’importazione diretta per i browser Chromium (2 min) [![Vimeo Video](https://vumbnail.com/1145638482.jpg)](https://vimeo.com/1145638482) *[Watch on Vimeo](https://vimeo.com/1145638482)* **Capitoli del video:** Scopri come [importare le tue password](https://bitwarden.com/it-it/Import:%20https://bitwarden.com/help/import-data/) e altri dati in Bitwarden usando l'app desktop. Le password del browser possono essere [importate direttamente](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) da Chrome, Edge, Opera, Brave e Vivaldi. Scarica l'app desktop direttamente dal sito web di Bitwarden per usare l'opzione "importa direttamente dal browser". [Embedded content componentCtaLink] ### App mobile - Include importazione/esportazione diretta su iOS per le app compatibili (1 min) [![Vimeo Video](https://vumbnail.com/1145638494.jpg)](https://vimeo.com/1145638494) *[Watch on Vimeo](https://vimeo.com/1145638494)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-mobile-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app mobile Bitwarden. ### Da un file personalizzato (1 min) [![Vimeo Video](https://vumbnail.com/1145638421.jpg)](https://vimeo.com/1145638421) *[Watch on Vimeo](https://vimeo.com/1145638421)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/condition-bitwarden-import/) le tue password e altri dati da un file personalizzato. [Embedded content componentCtaLink] ## Compilazione automatica dall'estensione del browser Scopri come usare il menu in linea per compilare automaticamente le tue password e altre credenziali, oppure esplora altri metodi, come il pulsante Compila o le scorciatoie da tastiera. ## Compilazione automatica dall'estensione del browser ### Menu in linea (1 min) [![Vimeo Video](https://vumbnail.com/1140176329.jpg)](https://vimeo.com/1140176329) *[Watch on Vimeo](https://vimeo.com/1140176329)* **Capitoli del video:** Accedi all'istante ai tuoi siti web preferiti con il menu di compilazione automatica in linea, che appare esattamente dove ti serve. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Pulsante di compilazione (1 min) [![Vimeo Video](https://vumbnail.com/1141142837.jpg)](https://vimeo.com/1141142837) *[Watch on Vimeo](https://vimeo.com/1141142837)* **Capitoli del video:** Apri l'estensione del browser e fai clic sul pulsante di compilazione accanto a qualsiasi accesso per compilare automaticamente all'istante. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Menu contestuale (1 min) [![Vimeo Video](https://vumbnail.com/1141154474.jpg)](https://vimeo.com/1141154474) *[Watch on Vimeo](https://vimeo.com/1141154474)* **Capitoli del video:** Fai clic con il pulsante destro su qualsiasi campo di accesso per accedere e compilare all'istante le tue credenziali Bitwarden. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Scorciatoie da tastiera (1 min) [![Vimeo Video](https://vumbnail.com/1141160672.jpg)](https://vimeo.com/1141160672) *[Watch on Vimeo](https://vimeo.com/1141160672)* **Capitoli del video:** Compila le credenziali di accesso in pochi secondi usando Ctrl + Shift + L (o Cmd + Shift + L su Mac). Scopri come personalizzare le tue scorciatoie [qui](https://bitwarden.com/it-it/help/auto-fill-browser/#keyboard-shortcuts/). > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Compilazione automatica e salvataggio dell'indirizzo del sito web (1 min) [![Vimeo Video](https://vumbnail.com/1159228265.jpg)](https://vimeo.com/1159228265) *[Watch on Vimeo](https://vimeo.com/1159228265)* **Capitoli del video:** Scopri come usare la compilazione automatica con l'estensione del browser Bitwarden e salvare automaticamente un identificatore univoco della risorsa (URI), ad esempio l'indirizzo di un sito web. ## Compilazione automatica dall'app Android Scopri come usare i suggerimenti in linea per compilare automaticamente le tue password e altre credenziali, oppure esplora altri metodi, come il menu a comparsa. ## Compilazione automatica dall'app Android ### Suggerimenti in linea (1 min) [![Vimeo Video](https://vumbnail.com/1149193513.jpg)](https://vimeo.com/1149193513) *[Watch on Vimeo](https://vimeo.com/1149193513)* **Capitoli del video:** Usa Bitwarden su Android per inserire rapidamente le tue credenziali dal menu in linea sopra la tastiera. Non vedi i suggerimenti? Consulta i requisiti del dispositivo [qui](https://bitwarden.com/it-it/help/auto-fill-android/#inline/), oppure consulta la [guida alla risoluzione dei problemi di Android](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Menu popup (1 min) [![Vimeo Video](https://vumbnail.com/1149326073.jpg)](https://vimeo.com/1149326073) *[Watch on Vimeo](https://vimeo.com/1149326073)* **Capitoli del video:** Usa Bitwarden su Android per inserire rapidamente le tue credenziali dal menu popup. Non vedi il popup? Consulta la [guida alla risoluzione dei problemi di Android](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Riquadri delle azioni rapide (1 min) [![Vimeo Video](https://vumbnail.com/1153958059.jpg)](https://vimeo.com/1153958059) *[Watch on Vimeo](https://vimeo.com/1153958059)* **Capitoli del video:** Usa il riquadro delle azioni rapide di Bitwarden su Android per inserire rapidamente le tue credenziali. Consulta la [guida alla risoluzione dei problemi di Android ](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/#troubleshooting-the-accessibility-service/)per ulteriore supporto. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ## Compilazione automatica dall'app iOS Scopri come usare la compilazione automatica da tastiera per password e altre credenziali, oppure esplora altri metodi, come premere a lungo su un campo di testo o usare l'estensione dell'app del browser ## Compilazione automatica dall'app iOS ### Compilazione automatica da tastiera (1 min) [![Vimeo Video](https://vumbnail.com/1154446838.jpg)](https://vimeo.com/1154446838) *[Watch on Vimeo](https://vimeo.com/1154446838)* **Capitoli del video:** Scopri come compilare automaticamente su iOS in modo fluido usando la tastiera. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Estensione app del browser (1 min) [![Vimeo Video](https://vumbnail.com/1154446857.jpg)](https://vimeo.com/1154446857) *[Watch on Vimeo](https://vimeo.com/1154446857)* **Capitoli del video:** Scopri come usare la compilazione automatica con l'estensione app del browser su iOS. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Tieni premuto un campo di testo (1 min) [![Vimeo Video](https://vumbnail.com/1153962151.jpg)](https://vimeo.com/1153962151) *[Watch on Vimeo](https://vimeo.com/1153962151)* **Capitoli del video:** Tieni premuto in qualsiasi campo di testo per compilare automaticamente su iOS (richiede che la compilazione automatica da tastiera sia abilitata). ## Aggiungere allegati ### Usare l'estensione del browser [![Vimeo Video](https://vumbnail.com/1175169132.jpg)](https://vimeo.com/1175169132) *[Watch on Vimeo](https://vimeo.com/1175169132)* **Capitoli del video:** Scopri come allegare un file a qualsiasi elemento della cassaforte usando l'estensione del browser, così i tuoi documenti sensibili restano al sicuro insieme alle tue credenziali di accesso. ## Scopri di più ### Cambiare la lingua predefinita (2 min) [![Vimeo Video](https://vumbnail.com/795737043.jpg)](https://vimeo.com/795737043) *[Watch on Vimeo](https://vimeo.com/795737043)* ### Get Bitwarden for all your devices (1 min) [![Vimeo Video](https://vumbnail.com/796410440.jpg)](https://vimeo.com/796410440) *[Watch on Vimeo](https://vimeo.com/796410440)* Download Bitwarden apps for all your devices [here](https://bitwarden.com/it-it/download/). ### Invia testo e file in modo sicuro (2 min) [![Vimeo Video](https://vumbnail.com/797850224.jpg)](https://vimeo.com/797850224) *[Watch on Vimeo](https://vimeo.com/797850224)* **Capitoli del video:** [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/) ti consente di condividere in modo sicuro testo e file tramite link crittografati e autodistruttivi, anche con persone esterne alla tua organizzazione. ### Usare i campi personalizzati (2 min) [![Vimeo Video](https://vumbnail.com/821402921.jpg)](https://vimeo.com/821402921) *[Watch on Vimeo](https://vimeo.com/821402921)* **Capitoli del video:** Scopri di più sull'uso dei campi personalizzati [qui](https://bitwarden.com/it-it/help/custom-fields/). ## Avanzato ### Self-hosting su Raspberry Pi (4 min) [![YouTube Video](https://img.youtube.com/vi/4GjjfkMYqqs/maxresdefault.jpg)](https://www.youtube.com/watch?v=4GjjfkMYqqs) *[Watch on YouTube](https://www.youtube.com/watch?v=4GjjfkMYqqs)* Scopri di più sul self-hosting con Bitwarden Lite [qui](https://bitwarden.com/it-it/help/install-and-deploy-lite/). ## Supporto ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/password-manager-team-member/ --- # Membro Enterprise Questa formazione Bitwarden per membri Enterprise ti guida attraverso tutto ciò che ti serve per iniziare a lavorare come parte della tua organizzazione. Grazie a brevi tutorial video, imparerai come entrare nella tua organizzazione, configurare la tua cassaforte, usare il riempimento automatico su tutti i tuoi dispositivi e condividere le credenziali in modo sicuro, così Bitwarden per team sarà utile fin dal primo giorno. ## Demo ### Estensione browser (4 min) [![Vimeo Video](https://vumbnail.com/1084695614.jpg)](https://vimeo.com/1084695614) *[Watch on Vimeo](https://vimeo.com/1084695614)* **Capitoli del video:** Scopri come funziona Bitwarden nel tuo browser, dal salvataggio di una password al primo accesso al riempimento automatico delle credenziali nelle visite successive. Scarica l'estensione browser e configuralo in pochi minuti. ### Partecipa a una sessione di formazione pubblica (30 min) Partecipa a una sessione live gratuita di 30 minuti condotta dal team Bitwarden. Guarda il prodotto in azione, ricevi risposte alle tue domande e scopri come sfruttare al meglio Bitwarden come nuovo utente. [Embedded content componentCtaLink] ## Inizia ### Entra nella tua organizzazione (3 min) Esistono diversi modi per entrare in un'organizzazione Bitwarden; quello da usare dipende dalla configurazione specifica della tua azienda. Alcune organizzazioni consentono l'iscrizione semplicemente accedendo con il proprio account single sign-on (SSO), mentre altre inviano inviti via email alla casella di lavoro: ![Invito all'organizzazione](https://bitwarden.com/assets/4Fe96NuWb7yRe6muKf7UbZ/bcb1a8df0bc2ffdecbcd86b82d16c9a3/2025-09-03_10-41-25.png) Se non ne sei sicuro, chiedi al team IT della tua azienda o al tuo responsabile informazioni su come dovresti entrare in Bitwarden. [![Vimeo Video](https://vumbnail.com/1086379394.jpg)](https://vimeo.com/1086379394) *[Watch on Vimeo](https://vimeo.com/1086379394)* ### Password principale e dispositivi attendibili (2 min) ### La tua password principale Nella maggior parte dei casi, ma non in tutti, creerai una password principale per accedere a Bitwarden. Se crei una password principale, è importante che sia: - **Memorabile**: i dipendenti e i sistemi Bitwarden non hanno **alcuna** conoscenza della tua password principale, né alcun modo per recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Robusta**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre uno [strumento gratuito per testare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) per verificare la robustezza di alcune password memorabili che stai valutando. ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) ### Dispositivi attendibili In altri casi, per accedere a Bitwarden sarà necessario che il dispositivo da cui effettui l'accesso sia registrato come attendibile. Quando entri nell'organizzazione, il dispositivo usato per farlo verrà registrato automaticamente come attendibile, ma dovresti [familiarizzare con la procedura per aggiungere altri dispositivi attendibili](https://bitwarden.com/it-it/help/add-a-trusted-device/) così potrai accedere in modo sicuro alle credenziali aziendali anche in mobilità. [![Vimeo Video](https://vumbnail.com/1075687841.jpg)](https://vimeo.com/1075687841) *[Watch on Vimeo](https://vimeo.com/1075687841)* **Capitoli del video:** Scopri di più sull'esperienza degli utenti con il flusso di accesso SSO quando l'organizzazione Enterprise è configurata per [SSO con crittografia dei dispositivi attendibili](https://learning-center-update.bw-web.dev/help/about-trusted-devices/). ### Conosci la tua cassaforte (2 min) L'app web Bitwarden Password Manager elencherà tutti gli elementi della tua cassaforte, inclusi [accessi, carte, identità e note sicure](https://bitwarden.com/it-it/help/managing-items/): ![App web Password Manager](https://bitwarden.com/assets/2xTpSA11EOCzx8VIuVffcF/d3bc18e7fc3c3cb0bf1779fad9262cd3/2024-12-02_13-42-14.png) Dall'app web puoi aggiungere alla tua cassaforte le informazioni da proteggere, organizzare le credenziali per accedervi facilmente e altro ancora. Gli elementi che aggiungi in qualsiasi app Bitwarden verranno sincronizzati con le altre app Bitwarden a cui accedi, così potrai accedere ai tuoi account da ovunque. ### Piano Bitwarden Families gratuito (1 min) [![Vimeo Video](https://vumbnail.com/828094070.jpg)](https://vimeo.com/828094070) *[Watch on Vimeo](https://vimeo.com/828094070)* **Capitoli del video:** La tua organizzazione potrebbe offrire un [piano Bitwarden Families gratuito](https://bitwarden.com/it-it/help/families-for-enterprise/) (separato dal lavoro) per proteggere le password personali e condividerle con un massimo di 5 persone, offrendo sicurezza 24 ore su 24. ## Importa le tue password ### Estensione del browser (1 min) [![Vimeo Video](https://vumbnail.com/1145638461.jpg)](https://vimeo.com/1145638461) *[Watch on Vimeo](https://vimeo.com/1145638461)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-browser-extension-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati con l'estensione del browser Bitwarden. ### App web (1 min) [![Vimeo Video](https://vumbnail.com/1145638443.jpg)](https://vimeo.com/1145638443) *[Watch on Vimeo](https://vimeo.com/1145638443)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-web-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app web Bitwarden. ### App desktop — include l’importazione diretta per i browser Chromium (2 min) [![Vimeo Video](https://vumbnail.com/1145638482.jpg)](https://vimeo.com/1145638482) *[Watch on Vimeo](https://vimeo.com/1145638482)* **Capitoli del video:** Scopri come [importare le tue password](https://bitwarden.com/it-it/Import:%20https://bitwarden.com/help/import-data/) e altri dati in Bitwarden usando l'app desktop. Le password del browser possono essere [importate direttamente](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) da Chrome, Edge, Opera, Brave e Vivaldi. Scarica l'app desktop direttamente dal sito web di Bitwarden per usare l'opzione "importa direttamente dal browser". [Embedded content componentCtaLink] ### App mobile - Include importazione/esportazione diretta su iOS per le app compatibili (1 min) [![Vimeo Video](https://vumbnail.com/1145638494.jpg)](https://vimeo.com/1145638494) *[Watch on Vimeo](https://vimeo.com/1145638494)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-mobile-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app mobile Bitwarden. ### Da un file personalizzato (1 min) [![Vimeo Video](https://vumbnail.com/1145638421.jpg)](https://vimeo.com/1145638421) *[Watch on Vimeo](https://vimeo.com/1145638421)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/condition-bitwarden-import/) le tue password e altri dati da un file personalizzato. [Embedded content componentCtaLink] [Embedded content] ## Compilazione automatica dall'estensione del browser ### Menu in linea (1 min) [![Vimeo Video](https://vumbnail.com/1140176329.jpg)](https://vimeo.com/1140176329) *[Watch on Vimeo](https://vimeo.com/1140176329)* **Capitoli del video:** Accedi all'istante ai tuoi siti web preferiti con il menu di compilazione automatica in linea, che appare esattamente dove ti serve. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Pulsante di compilazione (1 min) [![Vimeo Video](https://vumbnail.com/1141142837.jpg)](https://vimeo.com/1141142837) *[Watch on Vimeo](https://vimeo.com/1141142837)* **Capitoli del video:** Apri l'estensione del browser e fai clic sul pulsante di compilazione accanto a qualsiasi accesso per compilare automaticamente all'istante. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Menu contestuale (1 min) [![Vimeo Video](https://vumbnail.com/1141154474.jpg)](https://vimeo.com/1141154474) *[Watch on Vimeo](https://vimeo.com/1141154474)* **Capitoli del video:** Fai clic con il pulsante destro su qualsiasi campo di accesso per accedere e compilare all'istante le tue credenziali Bitwarden. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Scorciatoie da tastiera (1 min) [![Vimeo Video](https://vumbnail.com/1141160672.jpg)](https://vimeo.com/1141160672) *[Watch on Vimeo](https://vimeo.com/1141160672)* **Capitoli del video:** Compila le credenziali di accesso in pochi secondi usando Ctrl + Shift + L (o Cmd + Shift + L su Mac). Scopri come personalizzare le tue scorciatoie [qui](https://bitwarden.com/it-it/help/auto-fill-browser/#keyboard-shortcuts/). > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Compilazione automatica e salvataggio dell'indirizzo del sito web (1 min) [![Vimeo Video](https://vumbnail.com/1159228265.jpg)](https://vimeo.com/1159228265) *[Watch on Vimeo](https://vimeo.com/1159228265)* **Capitoli del video:** Scopri come usare la compilazione automatica con l'estensione del browser Bitwarden e salvare automaticamente un identificatore univoco della risorsa (URI), ad esempio l'indirizzo di un sito web. ## Compilazione automatica dall'app Android ### Suggerimenti in linea (1 min) [![Vimeo Video](https://vumbnail.com/1149193513.jpg)](https://vimeo.com/1149193513) *[Watch on Vimeo](https://vimeo.com/1149193513)* **Capitoli del video:** Usa Bitwarden su Android per inserire rapidamente le tue credenziali dal menu in linea sopra la tastiera. Non vedi i suggerimenti? Consulta i requisiti del dispositivo [qui](https://bitwarden.com/it-it/help/auto-fill-android/#inline/), oppure consulta la [guida alla risoluzione dei problemi di Android](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Menu popup (1 min) [![Vimeo Video](https://vumbnail.com/1149326073.jpg)](https://vimeo.com/1149326073) *[Watch on Vimeo](https://vimeo.com/1149326073)* **Capitoli del video:** Usa Bitwarden su Android per inserire rapidamente le tue credenziali dal menu popup. Non vedi il popup? Consulta la [guida alla risoluzione dei problemi di Android](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Riquadri delle azioni rapide (1 min) [![Vimeo Video](https://vumbnail.com/1153958059.jpg)](https://vimeo.com/1153958059) *[Watch on Vimeo](https://vimeo.com/1153958059)* **Capitoli del video:** Usa il riquadro delle azioni rapide di Bitwarden su Android per inserire rapidamente le tue credenziali. Consulta la [guida alla risoluzione dei problemi di Android ](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/#troubleshooting-the-accessibility-service/)per ulteriore supporto. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ## Compilazione automatica dall'app iOS ### Compilazione automatica da tastiera (1 min) [![Vimeo Video](https://vumbnail.com/1154446838.jpg)](https://vimeo.com/1154446838) *[Watch on Vimeo](https://vimeo.com/1154446838)* **Capitoli del video:** Scopri come compilare automaticamente su iOS in modo fluido usando la tastiera. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Estensione app del browser (1 min) [![Vimeo Video](https://vumbnail.com/1154446857.jpg)](https://vimeo.com/1154446857) *[Watch on Vimeo](https://vimeo.com/1154446857)* **Capitoli del video:** Scopri come usare la compilazione automatica con l'estensione app del browser su iOS. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Tieni premuto un campo di testo (1 min) [![Vimeo Video](https://vumbnail.com/1153962151.jpg)](https://vimeo.com/1153962151) *[Watch on Vimeo](https://vimeo.com/1153962151)* **Capitoli del video:** Tieni premuto in qualsiasi campo di testo per compilare automaticamente su iOS (richiede che la compilazione automatica da tastiera sia abilitata). [Embedded content] ## Condivisione con le raccolte ### Accedere alle password condivise (2 min) In qualità di membro della tua organizzazione, puoi condividere in modo sicuro informazioni come credenziali di accesso e carte di credito. Gli elementi condivisi sono raggruppati in [raccolte](https://bitwarden.com/it-it/help/sharing/). ![Corsi - raccolte - business](https://bitwarden.com/assets/665UWKruSMsgv2tRE8Z9Zq/3eeb08d790153cb8d1c1b70f4efd45c6/Screenshot_2025-12-13_at_1.21.45â__AM.png) ## Condivisione con Bitwarden Send ### Invia testo e file in modo sicuro (2 min) [![Vimeo Video](https://vumbnail.com/797850224.jpg)](https://vimeo.com/797850224) *[Watch on Vimeo](https://vimeo.com/797850224)* **Capitoli del video:** [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/) ti consente di condividere in modo sicuro testo e file tramite link crittografati e autodistruttivi, anche con persone esterne alla tua organizzazione. ## Aggiungere allegati ### Usare l'estensione del browser [![Vimeo Video](https://vumbnail.com/1175169132.jpg)](https://vimeo.com/1175169132) *[Watch on Vimeo](https://vimeo.com/1175169132)* **Capitoli del video:** Scopri come allegare un file a qualsiasi elemento della cassaforte usando l'estensione del browser, così i tuoi documenti sensibili restano al sicuro insieme alle tue credenziali di accesso. ## Scopri di più ### Porta Bitwarden sempre con te (1 min) La sicurezza ovunque è sicurezza dappertutto! Scarica l'app mobile di Bitwarden per usare le tue password in modo sicuro anche quando sei in movimento. [Scarica](https://bitwarden.com/it-it/download/) l'app mobile e scopri come compilare automaticamente le password su [iOS](https://bitwarden.com/it-it/help/auto-fill-ios/) o [Android](https://bitwarden.com/it-it/help/auto-fill-android/). ### Get Bitwarden for all your devices (1 min) [![Vimeo Video](https://vumbnail.com/796410440.jpg)](https://vimeo.com/796410440) *[Watch on Vimeo](https://vimeo.com/796410440)* Download Bitwarden apps for all your devices [here](https://bitwarden.com/it-it/download/). ### Cambiare la lingua predefinita (2 min) [![Vimeo Video](https://vumbnail.com/795737043.jpg)](https://vimeo.com/795737043) *[Watch on Vimeo](https://vimeo.com/795737043)* ### Usare i campi personalizzati (2 min) [![Vimeo Video](https://vumbnail.com/821402921.jpg)](https://vimeo.com/821402921) *[Watch on Vimeo](https://vimeo.com/821402921)* **Capitoli del video:** Scopri di più sull'uso dei campi personalizzati [qui](https://bitwarden.com/it-it/help/custom-fields/). ## Supporto ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/password-manager-teams-admin/ --- # Amministratore Teams Scopri come configurare e gestire la tua organizzazione Bitwarden Teams, invitare i membri del team, controllare l'accesso con le raccolte e mantenere le credenziali del tuo team sicure e organizzate > [!TIP] Teams Admin > I primi passaggi del documento presuppongono che tu stia per creare un'organizzazione. Se stai entrando in un'organizzazione esistente, passa direttamente a **Oppure entra in un'organizzazione esistente**. ## Demo ### Guarda una demo (20 min) > [!NOTE] Teams Demo - Warning > Nota: alcune funzionalità richiedono il piano Enterprise. Per maggiori informazioni, [confronta funzionalità e piani business](https://bitwarden.com/it-it/pricing/business/). [![Vimeo Video](https://vumbnail.com/734127077.jpg)](https://vimeo.com/734127077) *[Watch on Vimeo](https://vimeo.com/734127077)* **Capitoli del video:** Scopri di più sui piani Bitwarden disponibili [qui](https://bitwarden.com/it-it/help/password-manager-plans/). ### Partecipa a una sessione di formazione pubblica (30 min) Guarda gli esperti Bitwarden dimostrare dal vivo le configurazioni di sicurezza, gestire le autorizzazioni degli utenti e presentare le funzionalità enterprise. Scopri cosa è possibile fare e ricevi risposta alle tue domande! [Embedded content componentCtaLink] ## Risorse per l'onboarding ### Customer Success Hub Questo hub di risorse offre ai responsabili IT e della sicurezza un percorso comprovato verso il successo nella sicurezza delle password, con una selezione curata di guide, checklist, risorse e traguardi. [Embedded content componentCtaLink]### Playbook di onboarding Questo playbook offre agli amministratori IT una roadmap flessibile per l'onboarding degli utenti a Bitwarden Password Manager in cinque fasi chiave. Anche se le fasi sono presentate in sequenza, non sono strettamente lineari. Molti passaggi possono avvenire in parallelo in base alle esigenze e alle tempistiche del tuo team. [Embedded content componentCtaLink]### Customer Activation Kit Questo toolkit completo offre tutto ciò di cui amministratori e team IT hanno bisogno per creare entusiasmo, comunicare i vantaggi della sicurezza delle password e trasformare gli utenti finali in promotori della sicurezza. Che tu stia effettuando il rollout per un piccolo team o una distribuzione a livello aziendale, queste risorse supportano un'adozione efficace su qualsiasi scala. [Embedded content componentCtaLink] ## Inizia ### Registrati a Bitwarden (2 min) Bitwarden offre account gratuiti senza limiti al numero di dispositivi o accessi che puoi usare. [Inizia oggi](https://bitwarden.com/it-it/go/start-free/). ### La tua password principale Durante la registrazione, creerai una password principale per accedere a Bitwarden. È importante che la tua password principale sia: - **Memorabile**: i dipendenti e i sistemi Bitwarden non hanno **alcuna** conoscenza della tua password principale, né modo di recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Forte**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre uno [strumento per testare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) gratuito per testare la robustezza di alcune password memorabili che stai valutando. ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) ### Crea un'organizzazione (2 min) [Crea la tua organizzazione](https://bitwarden.com/it-it/help/about-organizations/#create-an-organization/) oggi selezionando **Nuova organizzazione** pulsante nell'app web di Bitwarden: ![Nuova organizzazione](https://bitwarden.com/assets/3eSqWiTIuPSFxXdo5AAjT9/248b0fa7bb381add0d71682acd244a63/2024-12-03_13-57-58.png) ### Oppure unisciti a un'organizzazione esistente (1 min) Se la tua organizzazione è già stata creata, chiedi all'altro membro dell'organizzazione di inviarti un invito. ### Scopri la Console di amministrazione (2 min) Una volta creata, accederai alla Console di amministrazione, l'hub centrale per tutto ciò che riguarda la condivisione e l'amministrazione dell'organizzazione. In qualità di proprietario dell'organizzazione, potrai vedere i tuoi **elementi della cassaforte**e [raccolte](https://bitwarden.com/it-it/help/getting-started-organizations/#get-to-know-collections/), gestire **Membri,** eseguire **Report**, modificare le impostazioni di **Fatturazione**e configurare altre **impostazioni dell'organizzazione**: ![Console di amministrazione dell'organizzazione gratuita](https://bitwarden.com/assets/hzBuypc5ISzqC3jUmYbea/edcb03ce3d3071cea4f9afb6c7f8eca9/2024-12-03_13-46-09.png) ### Gestione degli elementi della cassaforte e delle raccolte (3 min) In qualità di proprietario o amministratore, potresti essere responsabile della gestione dell'accesso agli **elementi della cassaforte**, come credenziali condivise, per la tua azienda o il tuo team. Puoi crearli direttamente dall'app web e assegnarli a raccolte per condividerli con il tuo team: ![Assegna a raccolte in blocco](https://bitwarden.com/assets/1u6EPNgAlCnvC9DcmUIosQ/327c0c24e09dce687540499a8eaa5aac/2024-12-02_15-47-21.png) A proposito di [**raccolte**](https://bitwarden.com/it-it/help/about-collections/), sono una struttura importante per raggruppare accessi, note, carte e identità correlati da condividere in modo sicuro con la tua organizzazione: - Le organizzazioni possono definire l'accesso alle raccolte, consentendo a utenti o gruppi di accedere solo agli elementi di cui hanno bisogno. - Gli elementi archiviati nelle raccolte di un'organizzazione non appartengono a un singolo utente, ma all'organizzazione. - Gli elementi di proprietà dell'organizzazione **devono** essere inclusi in almeno una raccolta. > [!TIP] Items can also be imported > I dati possono anche essere importati direttamente nella tua organizzazione! Scopri come [qui](https://bitwarden.com/it-it/help/import-to-org/#import-to-your-organization/). ### Gestione di membri e gruppi (2 min) In qualità di proprietario o amministratore, potresti essere responsabile della gestione dei membri del tuo team o, più in generale, della tua azienda. I membri possono essere aggiunti alla tua organizzazione: - Direttamente dalla pagina **Membri** della Console di amministrazione ([scopri di più](https://bitwarden.com/it-it/help/managing-users/#invite/)). - Integrando Bitwarden con il tuo IdP tramite SCIM ([scopri di più](https://bitwarden.com/it-it/help/about-scim/)). - Integrando Bitwarden con il tuo servizio di directory tramite Directory Connector ([scopri di più](https://bitwarden.com/it-it/help/directory-sync/)). I membri possono essere assegnati direttamente alle raccolte per regolare a quali dati della cassaforte hanno accesso, ma lo stesso vale per i [**gruppi**](https://bitwarden.com/it-it/help/about-groups/). I gruppi collegano tra loro i singoli membri e offrono un modo scalabile per assegnare accesso e autorizzazioni a raccolte specifiche: ![Nuovo gruppo](https://bitwarden.com/assets/FefJG4qBRiWkTzsxBKfm6/53093b4dd48e534cdde9f3e249d3c382/2024-12-03_14-22-27.png) ### Integrazioni e altro (1 min) Le organizzazioni Bitwarden Teams offrono strumenti avanzati per migliorare la sicurezza online e integrarsi con i flussi di lavoro e gli strumenti esistenti. Altre attività che potresti gestire come amministratore della tua organizzazione includono: - Verificare a quali credenziali [hanno accesso i membri dell'organizzazione](https://bitwarden.com/it-it/help/reports/#member-access/). - Integrare Bitwarden con il tuo strumento SIEM esistente, ad esempio [Microsoft Sentinel](https://bitwarden.com/it-it/help/microsoft-sentinel-siem/). ## Importa i tuoi dati ### App web (1 min) [![Vimeo Video](https://vumbnail.com/1145638406.jpg)](https://vimeo.com/1145638406) *[Watch on Vimeo](https://vimeo.com/1145638406)* **Capitoli del video:** Scopri come importare le password nella tua organizzazione usando la Console di amministrazione nell'app web di Bitwarden. [Embedded content componentCtaLink] ### App desktop — include l’importazione diretta per i browser Chromium (2 min) [![Vimeo Video](https://vumbnail.com/1145638482.jpg)](https://vimeo.com/1145638482) *[Watch on Vimeo](https://vimeo.com/1145638482)* **Capitoli del video:** Scopri come [importare le tue password](https://bitwarden.com/it-it/Import:%20https://bitwarden.com/help/import-data/) e altri dati in Bitwarden usando l'app desktop. Le password del browser possono essere [importate direttamente](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) da Chrome, Edge, Opera, Brave e Vivaldi. Scarica l'app desktop direttamente dal sito web di Bitwarden per usare l'opzione "importa direttamente dal browser". [Embedded content componentCtaLink] ### Interfaccia a riga di comando (1 min) [Scopri](https://bitwarden.com/it-it/help/import-data/#tab-cli-5ALQx9afSqWXX9jfXsY5sb/) come importare dati nella tua organizzazione tramite la CLI. ### Da un file personalizzato (1 min) [![Vimeo Video](https://vumbnail.com/1145638421.jpg)](https://vimeo.com/1145638421) *[Watch on Vimeo](https://vimeo.com/1145638421)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/condition-bitwarden-import/) le tue password e altri dati da un file personalizzato. [Embedded content componentCtaLink] ## Supporto ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/password-manager-teams-member/ --- # Membro del team Impara rapidamente a usare Bitwarden come membro di un team. Questo corso ti mostra come accedere alle credenziali condivise, gestire la tua cassaforte e lavorare in modo sicuro con i colleghi. ## Demo ### Estensione browser (4 min) [![Vimeo Video](https://vumbnail.com/1084695614.jpg)](https://vimeo.com/1084695614) *[Watch on Vimeo](https://vimeo.com/1084695614)* **Capitoli del video:** Scopri come funziona Bitwarden nel tuo browser, dal salvataggio di una password al primo accesso al riempimento automatico delle credenziali nelle visite successive. Scarica l'estensione browser e configuralo in pochi minuti. ### Partecipa a una sessione di formazione pubblica (30 min) Partecipa a una sessione live gratuita di 30 minuti condotta dal team Bitwarden. Guarda il prodotto in azione, ricevi risposte alle tue domande e scopri come sfruttare al meglio Bitwarden come nuovo utente. [Embedded content componentCtaLink] ## Inizia ### Unisciti al tuo team (3 min) Controlla la posta in arrivo per trovare l’invito alla tua nuova organizzazione! Se hai già un account, ottimo: devi solo accettare l’invito. Se non ne hai uno, ti verrà chiesto di creare un account dopo aver accettato l’invito: ![Invito all'organizzazione](https://bitwarden.com/assets/4Fe96NuWb7yRe6muKf7UbZ/bcb1a8df0bc2ffdecbcd86b82d16c9a3/2025-09-03_10-41-25.png) [![Vimeo Video](https://vumbnail.com/1086379394.jpg)](https://vimeo.com/1086379394) *[Watch on Vimeo](https://vimeo.com/1086379394)* ### La tua password principale (1 min) Durante la registrazione creerai una password principale per accedere a Bitwarden. È importante che la tua password principale sia: - **Facile da ricordare**: i dipendenti e i sistemi Bitwarden non hanno **alcuna** conoscenza della tua password principale, né modo di recuperarla o reimpostarla. **Non dimenticare la tua password principale!** - **Robusta**: una password più lunga, più complessa e meno comune è il modo migliore per proteggere il tuo account. Bitwarden offre gratuitamente uno [strumento per verificare la robustezza delle password](https://bitwarden.com/it-it/password-strength/) per testare la robustezza di alcune password facili da ricordare che stai valutando. ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) ### Scopri la tua cassaforte (2 min) L’app web Bitwarden Password Manager elencherà tutti gli elementi della tua cassaforte, inclusi [accessi, carte, identità e note sicure](https://bitwarden.com/it-it/help/managing-items/): ![App web Password Manager](https://bitwarden.com/assets/2xTpSA11EOCzx8VIuVffcF/d3bc18e7fc3c3cb0bf1779fad9262cd3/2024-12-02_13-42-14.png) Dall’app web puoi riempire la tua cassaforte con informazioni da mantenere al sicuro, organizzare le credenziali per accedervi facilmente e molto altro. Gli elementi che aggiungi in qualsiasi app Bitwarden verranno sincronizzati con le altre app Bitwarden a cui accedi, così potrai entrare nei tuoi account da ovunque. ## Importa le tue password Scopri come importare le tue password con l’estensione browser oppure esplora altri metodi, come le app desktop e mobile, che offrono l’importazione diretta per browser e app compatibili. ## Importa le tue password ### Estensione del browser (1 min) [![Vimeo Video](https://vumbnail.com/1145638461.jpg)](https://vimeo.com/1145638461) *[Watch on Vimeo](https://vimeo.com/1145638461)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-browser-extension-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati con l'estensione del browser Bitwarden. ### App web (1 min) [![Vimeo Video](https://vumbnail.com/1145638443.jpg)](https://vimeo.com/1145638443) *[Watch on Vimeo](https://vimeo.com/1145638443)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-web-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app web Bitwarden. ### App desktop — include l’importazione diretta per i browser Chromium (2 min) [![Vimeo Video](https://vumbnail.com/1145638482.jpg)](https://vimeo.com/1145638482) *[Watch on Vimeo](https://vimeo.com/1145638482)* **Capitoli del video:** Scopri come [importare le tue password](https://bitwarden.com/it-it/Import:%20https://bitwarden.com/help/import-data/) e altri dati in Bitwarden usando l'app desktop. Le password del browser possono essere [importate direttamente](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) da Chrome, Edge, Opera, Brave e Vivaldi. Scarica l'app desktop direttamente dal sito web di Bitwarden per usare l'opzione "importa direttamente dal browser". [Embedded content componentCtaLink] ### App mobile - Include importazione/esportazione diretta su iOS per le app compatibili (1 min) [![Vimeo Video](https://vumbnail.com/1145638494.jpg)](https://vimeo.com/1145638494) *[Watch on Vimeo](https://vimeo.com/1145638494)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/import-data/#tab-mobile-app-5ALQx9afSqWXX9jfXsY5sb/) le tue password e altri dati nell'app mobile Bitwarden. ### Da un file personalizzato (1 min) [![Vimeo Video](https://vumbnail.com/1145638421.jpg)](https://vimeo.com/1145638421) *[Watch on Vimeo](https://vimeo.com/1145638421)* **Capitoli del video:** Scopri [come importare](https://bitwarden.com/it-it/help/condition-bitwarden-import/) le tue password e altri dati da un file personalizzato. [Embedded content componentCtaLink] ## Compilazione automatica dall’estensione del browser Scopri come usare il menu in linea per compilare automaticamente le password e le altre credenziali, oppure esplora altri metodi, come il pulsante Compila o le scorciatoie da tastiera. ## Compilazione automatica dall'estensione del browser ### Menu in linea (1 min) [![Vimeo Video](https://vumbnail.com/1140176329.jpg)](https://vimeo.com/1140176329) *[Watch on Vimeo](https://vimeo.com/1140176329)* **Capitoli del video:** Accedi all'istante ai tuoi siti web preferiti con il menu di compilazione automatica in linea, che appare esattamente dove ti serve. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Pulsante di compilazione (1 min) [![Vimeo Video](https://vumbnail.com/1141142837.jpg)](https://vimeo.com/1141142837) *[Watch on Vimeo](https://vimeo.com/1141142837)* **Capitoli del video:** Apri l'estensione del browser e fai clic sul pulsante di compilazione accanto a qualsiasi accesso per compilare automaticamente all'istante. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Menu contestuale (1 min) [![Vimeo Video](https://vumbnail.com/1141154474.jpg)](https://vimeo.com/1141154474) *[Watch on Vimeo](https://vimeo.com/1141154474)* **Capitoli del video:** Fai clic con il pulsante destro su qualsiasi campo di accesso per accedere e compilare all'istante le tue credenziali Bitwarden. > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Scorciatoie da tastiera (1 min) [![Vimeo Video](https://vumbnail.com/1141160672.jpg)](https://vimeo.com/1141160672) *[Watch on Vimeo](https://vimeo.com/1141160672)* **Capitoli del video:** Compila le credenziali di accesso in pochi secondi usando Ctrl + Shift + L (o Cmd + Shift + L su Mac). Scopri come personalizzare le tue scorciatoie [qui](https://bitwarden.com/it-it/help/auto-fill-browser/#keyboard-shortcuts/). > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Compilazione automatica e salvataggio dell'indirizzo del sito web (1 min) [![Vimeo Video](https://vumbnail.com/1159228265.jpg)](https://vimeo.com/1159228265) *[Watch on Vimeo](https://vimeo.com/1159228265)* **Capitoli del video:** Scopri come usare la compilazione automatica con l'estensione del browser Bitwarden e salvare automaticamente un identificatore univoco della risorsa (URI), ad esempio l'indirizzo di un sito web. ## Compilazione automatica dall’app Android Scopri come usare i suggerimenti in linea per compilare automaticamente le password e le altre credenziali, oppure esplora altri metodi, come il menu a comparsa. ## Compilazione automatica dall'app Android ### Suggerimenti in linea (1 min) [![Vimeo Video](https://vumbnail.com/1149193513.jpg)](https://vimeo.com/1149193513) *[Watch on Vimeo](https://vimeo.com/1149193513)* **Capitoli del video:** Usa Bitwarden su Android per inserire rapidamente le tue credenziali dal menu in linea sopra la tastiera. Non vedi i suggerimenti? Consulta i requisiti del dispositivo [qui](https://bitwarden.com/it-it/help/auto-fill-android/#inline/), oppure consulta la [guida alla risoluzione dei problemi di Android](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Menu popup (1 min) [![Vimeo Video](https://vumbnail.com/1149326073.jpg)](https://vimeo.com/1149326073) *[Watch on Vimeo](https://vimeo.com/1149326073)* **Capitoli del video:** Usa Bitwarden su Android per inserire rapidamente le tue credenziali dal menu popup. Non vedi il popup? Consulta la [guida alla risoluzione dei problemi di Android](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/). > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Riquadri delle azioni rapide (1 min) [![Vimeo Video](https://vumbnail.com/1153958059.jpg)](https://vimeo.com/1153958059) *[Watch on Vimeo](https://vimeo.com/1153958059)* **Capitoli del video:** Usa il riquadro delle azioni rapide di Bitwarden su Android per inserire rapidamente le tue credenziali. Consulta la [guida alla risoluzione dei problemi di Android ](https://bitwarden.com/it-it/help/auto-fill-android-troubleshooting/#troubleshooting-the-accessibility-service/)per ulteriore supporto. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ## Compilazione automatica dall’app iOS Scopri come usare la compilazione automatica da tastiera per le password e altre credenziali, oppure esplora altri metodi, come tenere premuto un campo di testo o usare l’estensione dell’app del browser ## Compilazione automatica dall'app iOS ### Compilazione automatica da tastiera (1 min) [![Vimeo Video](https://vumbnail.com/1154446838.jpg)](https://vimeo.com/1154446838) *[Watch on Vimeo](https://vimeo.com/1154446838)* **Capitoli del video:** Scopri come compilare automaticamente su iOS in modo fluido usando la tastiera. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Estensione app del browser (1 min) [![Vimeo Video](https://vumbnail.com/1154446857.jpg)](https://vimeo.com/1154446857) *[Watch on Vimeo](https://vimeo.com/1154446857)* **Capitoli del video:** Scopri come usare la compilazione automatica con l'estensione app del browser su iOS. > [!NOTE] Mobile TOTP copied to clipboard > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. > > Se il tuo accesso utilizza Bitwarden Authenticator per i TOTP, Bitwarden copia automaticamente il TOTP negli appunti dopo la compilazione automatica. Tieni premuto nel campo TOTP per incollare il codice. ### Tieni premuto un campo di testo (1 min) [![Vimeo Video](https://vumbnail.com/1153962151.jpg)](https://vimeo.com/1153962151) *[Watch on Vimeo](https://vimeo.com/1153962151)* **Capitoli del video:** Tieni premuto in qualsiasi campo di testo per compilare automaticamente su iOS (richiede che la compilazione automatica da tastiera sia abilitata). ## Condivisione con le raccolte ### Accedere alle password condivise (2 min) In qualità di membro della tua organizzazione, puoi condividere in modo sicuro informazioni come credenziali di accesso e carte di credito. Gli elementi condivisi sono raggruppati in [raccolte](https://bitwarden.com/it-it/help/sharing/). ![Corsi - raccolte - business](https://bitwarden.com/assets/665UWKruSMsgv2tRE8Z9Zq/3eeb08d790153cb8d1c1b70f4efd45c6/Screenshot_2025-12-13_at_1.21.45â__AM.png) ## Condivisione con Bitwarden Send ### Invia testo e file in modo sicuro (2 min) [![Vimeo Video](https://vumbnail.com/797850224.jpg)](https://vimeo.com/797850224) *[Watch on Vimeo](https://vimeo.com/797850224)* **Capitoli del video:** [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/) ti consente di condividere in modo sicuro testo e file tramite link crittografati e autodistruttivi, anche con persone esterne alla tua organizzazione. ## Aggiungere allegati ### Usare l'estensione del browser [![Vimeo Video](https://vumbnail.com/1175169132.jpg)](https://vimeo.com/1175169132) *[Watch on Vimeo](https://vimeo.com/1175169132)* **Capitoli del video:** Scopri come allegare un file a qualsiasi elemento della cassaforte usando l'estensione del browser, così i tuoi documenti sensibili restano al sicuro insieme alle tue credenziali di accesso. ## Scopri di più ### Porta Bitwarden con te (1 min) La sicurezza ovunque è sicurezza dappertutto! Scarica l’app mobile Bitwarden per poter usare le tue password in sicurezza anche quando sei in movimento. [Scarica](https://bitwarden.com/it-it/download/) l’app mobile e scopri come compilare automaticamente le password su [iOS](https://bitwarden.com/it-it/help/auto-fill-ios/) o [Android](https://bitwarden.com/it-it/help/auto-fill-android/): ![Bitwarden su iOS e Android](https://bitwarden.com/assets/53OzJZ4klYWemxUepHMtq4/5ab47331f033259bd2e82817a99e992f/2025-01-21_15-22-10.png) ### Get Bitwarden for all your devices (1 min) [![Vimeo Video](https://vumbnail.com/796410440.jpg)](https://vimeo.com/796410440) *[Watch on Vimeo](https://vimeo.com/796410440)* Download Bitwarden apps for all your devices [here](https://bitwarden.com/it-it/download/). ### Cambiare la lingua predefinita (2 min) [![Vimeo Video](https://vumbnail.com/795737043.jpg)](https://vimeo.com/795737043) *[Watch on Vimeo](https://vimeo.com/795737043)* ### Usare i campi personalizzati (2 min) [![Vimeo Video](https://vumbnail.com/821402921.jpg)](https://vimeo.com/821402921) *[Watch on Vimeo](https://vimeo.com/821402921)* **Capitoli del video:** Scopri di più sull'uso dei campi personalizzati [qui](https://bitwarden.com/it-it/help/custom-fields/). ## Supporto ### Chiedi a Smart Search Trova risposte all'istante con **Bitwarden Smart Search**. [Embedded content componentCtaLink]### Chiedi alla Community Entra in contatto con utenti Bitwarden esperti che condividono suggerimenti e risolvono problemi insieme. Fai domande nei [Forum della community](https://community.bitwarden.com/c/support/pm-ask-the-community/) o su [Reddit](https://www.reddit.com/r/Bitwarden/new/). ### Contatta il supporto Hai un problema tecnico o domande sull'account? Contatta il team di supporto Bitwarden per ricevere assistenza diretta. [Embedded content componentCtaLink] --- URL: https://bitwarden.com/it-it/help/courses/passwordless-dev/ --- # Passwordless.dev Scopri come Bitwarden Passwordless.dev può aiutarti a implementare un'autenticazione senza password semplice e fluida per il tuo personale o per gli utenti della tua applicazione. ### Passkey con Passwordless.dev (4 min) [![Vimeo Video](https://vumbnail.com/840978573.jpg)](https://vimeo.com/840978573) *[Watch on Vimeo](https://vimeo.com/840978573)* Scopri di più su Passwordless.dev [qui](https://bitwarden.com/it-it/products/passwordless/). 0:05: utilizzo delle passkey su un dispositivo mobile. 1:59: utilizzo delle passkey in un browser web. --- URL: https://bitwarden.com/it-it/help/courses/secrets-manager/ --- # Secrets Manager Inizia a usare Bitwarden Secrets Manager e archivia, condividi e inserisci in modo sicuro i segreti dell'infrastruttura nelle tue pipeline di sviluppo. Scopri come passare da un prodotto Bitwarden all'altro, aggiungere segreti e concedere l'accesso macchina. ### Cos'è Secrets Manager? (1 min) Bitwarden Secrets Manager è una soluzione sicura che consente a sviluppatori e team DevOps di archiviare, gestire e distribuire segreti applicativi, come chiavi API, credenziali di database e certificati, nell'intera infrastruttura e nelle pipeline CI/CD. Oltre ai video qui sotto, puoi anche consultare la [pagina del prodotto](https://bitwarden.com/it-it/products/secrets-manager/) e la [documentazione scritta](https://bitwarden.com/it-it/help/secrets-manager-overview/). ### Passare da un prodotto Bitwarden all'altro (1 min) [![Vimeo Video](https://vumbnail.com/840459200.jpg)](https://vimeo.com/840459200) *[Watch on Vimeo](https://vimeo.com/840459200)* Scopri di più su tutti i prodotti disponibili di Bitwarden [qui](https://bitwarden.com/it-it/products/). ### Aggiungere un progetto (1 min) [![Vimeo Video](https://vumbnail.com/846445432.jpg)](https://vimeo.com/846445432) *[Watch on Vimeo](https://vimeo.com/846445432)* **Capitoli del video:** Scopri di più sui progetti [qui](https://bitwarden.com/it-it/help/projects/). ### Aggiungere segreti (3 min) [![Vimeo Video](https://vumbnail.com/854758635.jpg)](https://vimeo.com/854758635) *[Watch on Vimeo](https://vimeo.com/854758635)* **Capitoli del video:** Scopri di più sui segreti [qui](https://bitwarden.com/it-it/help/secrets/). ### Creare un account macchina (1 min) [![Vimeo Video](https://vumbnail.com/845933062.jpg)](https://vimeo.com/845933062) *[Watch on Vimeo](https://vimeo.com/845933062)* **Capitoli del video:** Scopri di più sugli account macchina [qui](https://bitwarden.com/it-it/help/machine-accounts/). ### Creare e usare un token di accesso (3 min) [![Vimeo Video](https://vumbnail.com/854806168.jpg)](https://vimeo.com/854806168) *[Watch on Vimeo](https://vimeo.com/854806168)* **Capitoli del video:** Scopri di più sui token di accesso [qui](https://bitwarden.com/it-it/help/access-tokens/). ### Esportare progetti e segreti (1 min) [![Vimeo Video](https://vumbnail.com/846444688.jpg)](https://vimeo.com/846444688) *[Watch on Vimeo](https://vimeo.com/846444688)* **Capitoli del video:** Scopri di più sull'esportazione dei dati di Secrets Manager [qui](https://bitwarden.com/it-it/help/export-secrets-data/). --- URL: https://bitwarden.com/it-it/help/create-bitwarden-account/ --- # Create a Bitwarden Account We're thrilled to be a part of your secure information management journey! To create a Bitwarden account, go to our [sign-up page](https://bitwarden.com/it-it/go/start-free/) or select **Get Started Free** on our homepage. Enter your **Email** address and choose your preferred server location, **bitwarden.com** for the United States or **bitwarden.eu** for the European Union: ![Create account and choose server location](https://bitwarden.com/assets/4eNMfYMnwsCtN9UsYextW1/a7a8993752b25c8112600b6bccfda06b/Create_account.png) *Create account and choose server location* Select **Sign Up** or **Continue** and Bitwarden will email you a verification link. To finish creating your new account: 1. Within the emailed message, select **Verify email**. 2. Enter a new **Master password** that's [memorable and strong](https://bitwarden.com/it-it/help/master-password/). 3. (Optional) To ensure the password is robust, select **Check known data breaches for the password** ([learn more](https://bitwarden.com/it-it/help/reports/#data-breach-individual-vaults-only/)). 4. Select **Create account**: ![Impostare la password principale](https://bitwarden.com/assets/2pST1WXY0Xk7GQ4GpwzELn/258a7524e9ecbfe25d2b3a4e455257c0/Set_master_password.png) *Impostare la password principale* > [!NOTE] Older accounts may need to verify an email > If your account is older, you may need to proactively verify your email. Log in to the [web app](https://vault.bitwarden.com/) and select **Verify Email**. If your account email is not verified, then you cannot create [Sends](https://bitwarden.com/it-it/help/about-send/). ## Create an account from an organization invite Organizations, like an employer or family member, can invite users to sign up for Bitwarden. If you've been invited to an organization, check your email for an invitation from Bitwarden to join the organization. Open the email before it expires and select **Join Organization Now**. ![After clicking an emailed link, the invited user is prompted to accept the invitation to the organization](https://bitwarden.com/assets/3rZSnNkT3NPYThquuWqpeb/95516ccdedbb99931be5ee4d207fe2d8/image5.png) ## Next steps Now that you have created your account, we recommend: - [Getting started using the web app](https://bitwarden.com/it-it/help/getting-started-webvault/) - [Installing Bitwarden on other devices](https://bitwarden.com/it-it/download/) --- URL: https://bitwarden.com/it-it/help/create-collections/ --- # Create Collections Create collections from the Password Manager web app or Admin Console. Your ability to create collections depends on your role and your organization's [collection management settings](https://bitwarden.com/it-it/help/collection-management/). To create a collection: 1. Log in to the Bitwarden web app, select the + **New** button, and choose **Collection**from the dropdown: ![Create new collection](https://bitwarden.com/assets/3rq5lVSQlvNT9gu2M2bCbk/8741dc155e8f2fa83d2caeb69218ce64/2024-12-02_15-35-48.png) *Create new collection* 2. In the **New collection**panel: - Give your collection a **Name**. - Choose the **Organization** it should belong to. - Optionally, select a collection to nest this collection under. Collections can be nested to logically organize them for display purposes only. ![Nested collection in filter column](https://bitwarden.com/assets/7EXnVptHEKQkSfKY1FsOmI/7ffee8ed6f5712cc9fa4419c4eb88b11/Nested_collections_in_filter_column.png) *Nested collection in filter column* 3. In the **Access**tab, [assign access to any existing members or groups](https://bitwarden.com/it-it/help/assign-users-to-collections/). For each selection, assign the appropriate level of [permission](https://bitwarden.com/it-it/help/collection-permissions/). As the creator of the collection, you will have the **Manage collection** permission. 4. Select **Save** to finish creating your collection. > [!TIP] External ID (Org Entities) > The **External Id** field is only relevant if you are using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) and will be visible in the dialogue when configured using [SCIM](https://bitwarden.com/it-it/help/about-scim/), Directory Connector, or the API. ## Next steps - [Learn more about collections](https://bitwarden.com/it-it/help/about-collections/). - [Share items with organization members](https://bitwarden.com/it-it/help/sharing/). - [Assign groups and members to collections](https://bitwarden.com/it-it/help/assign-users-to-collections/). - [Configure collection permissions](https://bitwarden.com/it-it/help/collection-permissions/). - [Configure collection management settings](https://bitwarden.com/it-it/help/collection-management/). --- URL: https://bitwarden.com/it-it/help/create-send/ --- # Create a Send Anyone can create text Sends, but file Sends can only be created by [premium users](https://bitwarden.com/it-it/help/password-manager-plans/) or members of a paid organization (families, teams, or enterprise). > [!NOTE] Remove Send policy > If you are a member of an organization that activated the [Send controls policy's](https://bitwarden.com/it-it/help/policies/#send-controls/) **Remove Send** option, you cannot create new Sends or edit existing ones. While the Sends page cannot be accessed with the Bitwarden web app when this policy is enforced, you can view or delete existing Sends from any other client. Choose the Bitwarden app you want to Send from to get started: ### Web app To create a new Send from the web app: 1. Select **Send** from the navigation. > [!NOTE] About the Send View > This view will list Sends that have not reached their [deletion date](https://bitwarden.com/it-it/help/send-lifespan/#deletion-date/). Like the **Vaults** view, you can filter your Sends by selecting one of the available **Types**. 2. Select the + **New Send** button: ![New Send](https://bitwarden.com/assets/9KgYcB25tb8NfYnitr0c0/a874be205a9a09ed66ad33a8d4c95ca9/2026-02-25_10-37-01.png) *New Send* 3. On the **New Send** dialog, specify the following: - **What type of Send is this?**: Choose whether this Send will be **Text** or a **File**: | **Type** | **Steps** | |------|------| | **Text** | Type or paste the desired text into the input box. Toggle the **When accessing the Send, hide the text by default**option to require recipients to [toggle visibility](https://bitwarden.com/it-it/help/send-privacy/#hide-text/) when they open a Send. Sends may not exceed 1000 characters encrypted. When saved, the character count of a Send's text is increased due to encryption, meaning that an 700-character Send will scale to ~1,000 characters when it comes into contact with Bitwarden, triggering this error. As a rule of thumb, character counts will grow between 30-50% when encrypted. | | **File** | Select the **Choose File**button and browse for the file to Send. The maximum file size per Send is 500 MB (100 MB on Mobile). (**Requires Premium**& Verified Email) | - **Send name**: Choose an identifiable, meaningful name for this Send. - By default, a Send is scheduled for deletion seven days from its creation. You can change this and other options (see step 4), otherwise select **Save** to finish creating your Send. 4. Configure the following options as needed: | **Option** | **Description** | |------|------| | **Hide text by default** | The contents of the send will be hidden by default. | | **Deletion date** | The Send will be permanently [deleted](https://bitwarden.com/it-it/help/send-lifespan/#deletion-behavior/) on the specified date and time. By default, seven days from creation. The **maximum allowed value**is 30 days from creation. | | **Who can view** | Choose who can view: **Anyone with the link:** Anyone who receives the Send link can view the contents of the Send. **Specific people:** [Specify the email address](https://bitwarden.com/it-it/help/send-privacy/#email-verified-recipients/) of recipients who can receive this Send. They will receive a verification code in their email when accessing the Send (**Requires Premium**). **Anyone with a password set by you:**[Require a password](https://bitwarden.com/it-it/help/send-privacy/#send-passwords/) to be entered by recipients of this Send in order to gain access. | | **Limit views** | The Send will be [disabled](https://bitwarden.com/it-it/help/send-lifespan/#maximum-access-count-behavior/) after the specified access count is reached. By default, unspecified. | | **Hide your email address from viewers** | [Hide your email](https://bitwarden.com/it-it/help/send-privacy/#hide-email/) from Send recipients. | | **Private note** | Enter private notes for this Send, which will only be visible to you. | Once you are happy with your Send, select **Save** to finish. Once your Send is created, use the ⋮ **Options** menu and select the [clone] **Copy Send link** button to copy the generated link to your clipboard: ![Send options](https://bitwarden.com/assets/1PiQrX748LtTFXChfAIbFP/0ff74124a0d215254c532fe79cff9012/2026-02-25_11-08-25.png) *Send options* Once copied, share your Send link with intended recipients however you prefer. Sends are end-to-end encrypted, so you don't need to worry about exposing any data to whatever intermediary communications services you use. ### Browser extension To create a new Send from a browser extension: 1. Select the [send-f] **Send** tab. > [!NOTE] About the Send View > This view will list Sends that have not reached their [deletion date](https://bitwarden.com/it-it/help/send-lifespan/#deletion-date/). Like the **Vaults** view, you can filter your Sends by selecting one of the available **Types**. 2. Select the + **New** button and choose **Text** or **File**: ![Send view in a browser extension ](https://bitwarden.com/assets/2qOv6DJYX1is2zurmeVBOd/5d2f0fd435c2534bc3377d651cd4f7f1/2026-02-25_11-11-56.png) *Send view in a browser extension * 3. On the **New Send** view, specify the following: - **Send n****ame**: Choose an identifiable, meaningful name for this Send. - Some options will depend on whether you selected **Text** or **File**: | **Type** | **Steps** | |------|------| | **Text** | Type or paste the desired text into the input box. Toggle the **When accessing the Send, hide the text by default**option to require recipients to [toggle visibility](https://bitwarden.com/it-it/help/send-privacy/#hide-text/) when they open a Send. Sends may not exceed 1000 characters encrypted. When saved, the character count of a Send's text is increased due to encryption, meaning that an 700-character Send will scale to ~1,000 characters when it comes into contact with Bitwarden, triggering this error. As a rule of thumb, character counts will grow between 30-50% when encrypted. | | **File** | Select the **Choose File**button and browse for the file to Send. The maximum file size per Send is 500 MB (100 MB on Mobile). (**Requires Premium**& Verified Email). | By default, a Send is scheduled for deletion seven days from its creation. You can change this and other options (see Step 4), otherwise select **Save** to finish creating your Send. > [!NOTE] Firefox and Safari browser send > To create a send while using the Firefox or Safari browser extension, you must open the extension in the side bar or select the popout button: > > > ![Finestra separata dell'estensione del browser](https://bitwarden.com/assets/1cbJy0jLBmSQmRumvYzVwp/a9e43f4c154686249056924eb3e56323/pop_out_screenshot.png) > *Finestra separata dell'estensione del browser* 4. Configure the following options as needed: | **Option** | **Description** | |------|------| | **Hide text by default** | The contents of the send will be hidden by default. | | **Deletion date** | The Send will be permanently [deleted](https://bitwarden.com/it-it/help/send-lifespan/#deletion-behavior/) on the specified date and time. By default, seven days from creation. The **maximum allowed value**is 30 days from creation. | | **Who can view** | Choose who can view: **Anyone with the link:** Anyone who receives the Send link can view the contents of the Send. **Specific people:** [Specify the email address](https://bitwarden.com/it-it/help/send-privacy/#email-verified-recipients/) of recipients who can receive this Send. They will receive a verification code in their email when accessing the Send (**Requires Premium**). **Anyone with a password set by you:**[Require a password](https://bitwarden.com/it-it/help/send-privacy/#send-passwords/) to be entered by recipients of this Send in order to gain access. | | **Limit views** | The Send will be [disabled](https://bitwarden.com/it-it/help/send-lifespan/#maximum-access-count-behavior/) after the specified access count is reached. By default, unspecified. | | **Hide your email address from viewers** | [Hide your email](https://bitwarden.com/it-it/help/send-privacy/#hide-email/) from Send recipients. | | **Private note** | Enter private notes for this Send, which will only be visible to you. | Once you are happy your Send, select **Save** to finish. Once your Send is created, you may Copy the link or select the ⋮ and then **Copy Send link**to copy the generated link to your clipboard: ![Copy a Send link ](https://bitwarden.com/assets/1lLksK7QbomKPRueO41c4d/7af290d439cb39056564454b78e52936/2026-02-25_11-18-05.png) *Copy a Send link * Once copied, share your Send link with intended recipients however you prefer. Sends are end-to-end encrypted, so you don't need to worry about exposing any data to whatever intermediary communications services you use. ### Desktop To create a new Send from a desktop app: 1. Select the [send-f] **Send** tab. > [!NOTE] About the Send View > This view will list Sends that have not reached their [deletion date](https://bitwarden.com/it-it/help/send-lifespan/#deletion-date/). Like the **Vaults** view, you can filter your Sends by selecting one of the available **Types**. 2. Select the **New Send** button: ![Send view in a Desktop App ](https://bitwarden.com/assets/2O01p5FyMpUhlhi5bAq7mH/3135d39e953c52bb0d843ee6afeb1121/2026-04-23_11-48-19.png) *Send view in a Desktop App * 3. In the right-most column, specify the following: - **Name**: Choose an identifiable, meaningful name for this Send. - **Type**: Choose whether this Send will be **Text** or a **File**: | **Type** | **Steps** | |------|------| | **Text** | Type or paste the desired text into the input box. Toggle the **When accessing the Send, hide the text by default**option to require recipients to [toggle visibility](https://bitwarden.com/it-it/help/send-privacy/#hide-text/) when they open a Send. Sends may not exceed 1000 characters encrypted. When saved, the character count of a Send's text is increased due to encryption, meaning that an 700-character Send will scale to ~1,000 characters when it comes into contact with Bitwarden, triggering this error. As a rule of thumb, character counts will grow between 30-50% when encrypted. | | **File** | Select the **Choose File**button and browse for the file to Send. The maximum file size per Send is 500 MB (100 MB on Mobile). (**Requires Premium**& Verified Email). | By default, a Send is scheduled for deletion seven days from its creation. You can change this and other options (see step 4), otherwise select **Save** to finish creating your Send. 4. Configure the following options as needed: | **Option** | **Description** | |------|------| | **Hide text by default** | The contents of the send will be hidden by default. | | **Deletion date** | The Send will be permanently [deleted](https://bitwarden.com/it-it/help/send-lifespan/#deletion-behavior/) on the specified date and time. By default, seven days from creation. The **maximum allowed value**is 30 days from creation. | | **Who can view** | Choose who can view: **Anyone with the link:** Anyone who receives the Send link can view the contents of the Send. **Specific people:** [Specify the email address](https://bitwarden.com/it-it/help/send-privacy/#email-verified-recipients/) of recipients who can receive this Send. They will receive a verification code in their email when accessing the Send (**Requires Premium**). **Anyone with a password set by you:**[Require a password](https://bitwarden.com/it-it/help/send-privacy/#send-passwords/) to be entered by recipients of this Send in order to gain access. | | **Limit views** | The Send will be [disabled](https://bitwarden.com/it-it/help/send-lifespan/#maximum-access-count-behavior/) after the specified access count is reached. By default, unspecified. | | **Hide your email address from viewers** | [Hide your email](https://bitwarden.com/it-it/help/send-privacy/#hide-email/) from Send recipients. | | **Private note** | Enter private notes for this Send, which will only be visible to you. | Once you are happy your Send, select **Save** to finish. Once your Send is created, select the ⋮ and then **Copy Send link**to copy the generated link to your clipboard: ![Send options on desktop](https://bitwarden.com/assets/4IgMnKAEjk16bJdbuUkVeH/fb20d049505d8a69dce6f39e4e4a9c4c/2026-04-23_11-49-34.png) *Send options on desktop* Once copied, share your Send link with intended recipients however you prefer. Sends are end-to-end encrypted, so you don't need to worry about exposing any data to whatever intermediary communications services you use. ### Mobile To create a new Send from a mobile app: 1. Tap the [send-f] **Send** tab. > [!NOTE] About the Send View > This view will list Sends that have not reached their [deletion date](https://bitwarden.com/it-it/help/send-lifespan/#deletion-date/). Like the **Vaults** view, you can filter your Sends by selecting one of the available **Types**. 2. Tap the + **New send** button: ![Send on mobile](https://bitwarden.com/assets/5vHsSA3o9O735MitlnOPVr/e2eeb5387bf1358f4aa0aaafbfaa3d5c/new_send_mobile.png) *Send on mobile* 3. On the **Add Send** view, specify the following: - **Type**: Choose whether this Send will be **Text** or a **File**: | **Type** | **Steps** | |------|------| | **Text** | Type or paste the desired text into the input box. Toggle the **When accessing the Send, hide the text by default**option to require recipients to [toggle visibility](https://bitwarden.com/it-it/help/send-privacy/#hide-text/) when they open a Send. Sends may not exceed 1000 characters encrypted. When saved, the character count of a Send's text is increased due to encryption, meaning that an 700-character Send will scale to ~1,000 characters when it comes into contact with Bitwarden, triggering this error. As a rule of thumb, character counts will grow between 30-50% when encrypted. | | **File** | Select the **Choose File**button and browse for the file to Send. The maximum file size per Send is 500 MB (100 MB on Mobile). (**Requires Premium**& Verified Email). | - **Send n****ame**: Choose an identifiable, meaningful name for this Send. - By default, a Send is scheduled for deletion seven days from its creation. You may change this and other options using the [angle-down] **Additional options** menu (see Step 4), otherwise tap **Save** to finish creating your Send. 4. Configure the following options as needed: | **Option** | **Description** | |------|------| | **Hide text by default** | The contents of the send will be hidden by default. | | **Deletion date** | The Send will be permanently [deleted](https://bitwarden.com/it-it/help/send-lifespan/#deletion-behavior/) on the specified date and time. By default, seven days from creation. The **maximum allowed value**is 30 days from creation. | | **Who can view** | Choose who can view: **Anyone with the link:** Anyone who receives the Send link can view the contents of the Send. **Specific people:** [Specify the email address](https://bitwarden.com/it-it/help/send-privacy/#email-verified-recipients/) of recipients who can receive this Send. They will receive a verification code in their email when accessing the Send (**Requires Premium**). **Anyone with a password set by you:**[Require a password](https://bitwarden.com/it-it/help/send-privacy/#send-passwords/) to be entered by recipients of this Send in order to gain access. | | **Limit views** | The Send will be [disabled](https://bitwarden.com/it-it/help/send-lifespan/#maximum-access-count-behavior/) after the specified access count is reached. By default, unspecified. | | **Hide your email address from viewers** | [Hide your email](https://bitwarden.com/it-it/help/send-privacy/#hide-email/) from Send recipients. | | **Private note** | Enter private notes for this Send, which will only be visible to you. | Once you are happy your Send, select **Save** to finish. Once your Send is created, select the ⋯ and then choose the **Share link** option: ![Share a send on mobile](https://bitwarden.com/assets/6WZTQUop3KXnQKoGqgVzgu/8bf9c1b068a97856c5d13b09449a1fdf/shore-mobile-send.png) *Share a send on mobile* > [!TIP] Send via iOS Share Menu > If you are using iOS, you can also share your send directly from the iOS [Share Menu](https://developer.apple.com/design/human-interface-guidelines/ios/extensions/sharing-and-actions/). Share your Send link with intended recipients however you prefer. Sends are end-to-end encrypted, so you don't need to worry about exposing any data to whatever intermediary communications services you use. ### CLI The following are sample commands to help you get started using Send from the CLI. For more examples and help writing your own send command, we recommend reading [Send from CLI](https://bitwarden.com/it-it/help/send-cli/). To create a simple text Send with a [deletion date](https://bitwarden.com/it-it/help/send-lifespan/#deletion-date/) set to 14 days from creation: ``` bw send -n "My Text Send" -d 14 "My first secret message." ``` To create a simple file Send with a [deletion date](https://bitwarden.com/it-it/help/send-lifespan/#deletion-date/) set to 14 days from creation: ``` bw send -n "My File Send" - d 14 -f /Users/myaccount/Documents/my_file.pdf ``` --- URL: https://bitwarden.com/it-it/help/custom-fields/ --- # Custom Fields Custom fields, available for any [vault item type](https://bitwarden.com/it-it/help/managing-items/), allow you to store additional well-structured data fields for a vault item. Custom fields are saved as `Name:Value` pairs, and can be one of four types: - **Text**: Field value stores a freeform input (text, numbers, and more). - **Hidden**: Field value stores freeform input that is hidden from view (particularly useful for organizations using [hidden passwords permissions](https://bitwarden.com/it-it/help/collection-permissions/)). - **Checkbox**: (**Boolean** on some clients) Field value stores a boolean value (true/false). - **Linked**: Field value is linked to the item's username or password. Given the [right field name](https://bitwarden.com/it-it/help/custom-fields/#custom-field-names/), linked custom fields can be used to solve issues where your browser extension can't autofill usernames and passwords for a particular site ([learn more](https://bitwarden.com/it-it/help/auto-fill-custom-fields/#using-linked-custom-fields/)). > [!NOTE] custom fields for keys > **Custom fields for keys** > > In addition to common web service inputs like PINs and security questions, custom fields can be used to store values up to 5000 characters in length, for example RSA 4096-bit SSH keys. > > Character limits for custom field values are imposed on the **post-encryption character count**. For example, a 3383-character RSA-4096 Private SSH key would grow to about 4400-characters when it's encrypted and stored in your Vault. ## Creating custom fields Custom fields can be added to a vault item from any Bitwarden client using the **Custom Fields** section of the **Edit Item** panel: ![Custom fields in web app](https://bitwarden.com/assets/NoGCwyAZcnzss1EeYXKD1/23a7e619dfdcb4baa023f54923335050/2024-12-02_14-52-43.png) ### Custom field names The specified **Name** is important to get right in order to successfully [autofill a custom field](https://bitwarden.com/it-it/help/auto-fill-custom-fields/). Using the Bitwarden browser extension, you can quickly get the correct field name using the **Copy custom field name** option in the context menu (in most cases, by right-clicking on the form element): ![Copy custom field name](https://bitwarden.com/assets/5nnPLqyzgAhDCinQNB0uUC/a721194f39f0a8fa919066d73ff9e2c8/2024-10-29_10-50-34.png) Selecting this context menu option will copy the form element's `id`, `name`, `aria-label`, or `placeholder` value (in that order of preference). Once you have saved a custom field, you can [autofill it from the browser extension](https://bitwarden.com/it-it/help/auto-fill-custom-fields/). #### Find custom field names manually If you don't use the browser extension, the best way to find a field name is to use your web browser's developer tools, as in the following example: [![Vimeo Video](https://vumbnail.com/1139125687.jpg)](https://vimeo.com/1139125687) *[Watch on Vimeo](https://vimeo.com/1139125687)* To locate a custom field name: 1. On the webpage with the custom field, right-click the field you want to autofill and select **Inspect**. The HTML element will open and be highlighted in the developer console. 2. Find and copy the element `id` (find `id="xxx"`, where `xxx` is the element's `id` value). 3. In the relevant vault item's **Custom fields** section, choose the appropriate field type and select the + **New custom field** button. 4. Paste the copied element `id` in the **Name** field. 5. Specify the desired information to be autofilled (in the above example, a telephone number) in the **Value** field. 6. Save the vault item. Once you have saved a custom field, you can [autofill it from the browser extension](https://bitwarden.com/it-it/help/auto-fill-custom-fields/). ### More about custom field names #### Order of preference If you are naming a custom field manually, you should use one of the following HTML form element attributes/values **in order of preference**: 1. HTML form element's `id` attribute. 2. HTML form element's `name` attribute. 3. HTML form element's `aria-label` attribute. 4. HTML form element's `placeholder` attribute. #### Matching Field name matching is an **exact** and **case-insensitive** comparison. For example, if your custom field has the name `PIN`: - **Autofill is offered** for `pin`, `PiN`, `PIN`, etc. - **Autofill is not offered** for `pin2` or `mypin` #### Prefixing There are two cases in which you can exercise more control over [matching](https://bitwarden.com/it-it/help/custom-fields/#matching/) by using prefixes: - **csv**: Prefixing your custom field's name with `csv=` allows you to specify multiple names to search for and compare against for autofill, for example `csv=pin,mypin,pincode`. - **regex**: Prefixing your custom field's name with `regex=` allows you to perform [regular expression comparisons](https://regexone.com) when auto-fill is performed. For example, `regex=^first.*name` will offer autofill for `firstName`, `First_name`, and `First Name`. --- URL: https://bitwarden.com/it-it/help/customer-activation-kit/ --- # Customer Activation Kit Welcome to the Bitwarden Customer Activation Kit. This comprehensive toolkit provides everything admins and IT teams need to build excitement, communicate password security benefits, and turn your end users into security champions. Whether you're rolling out to a small team or enterprise-wide deployment, these resources support successful adoption at any scale. ## Brochures Introduce Bitwarden to your teams with comprehensive explainer documents: - [Explainer for end users](https://start.bitwarden.com/hubfs/PUBLIC_bitwarden-intro.pdf): a concise, user-friendly overview - [Explainer for admins and IT teams](https://start.bitwarden.com/hubfs/PUBLIC_bitwarden-1page.pdf): covers deployment tips and core product benefits - [Posters for internal promotion](https://bitwarden.com/it-it/resources/bitwarden-posters/): eye-catching, on-brand printables to keep Bitwarden top of mind ![ ](https://bitwarden.com/assets/2lOqXRI2qegaZGm0OfxBtx/b95d7d3435e3fb80f529f8f6f58bdf27/one-pagers.jpg) ## Videos Understand Bitwarden quickly, or explore comprehensive training with these videos: - [Bitwarden in 30 Seconds](https://vimeo.com/799946080): high-level introduction - [Overview of individual vs. organization vault](https://vimeo.com/823390347): ensuring proper separation of individual and organizational credentials - [Bitwarden 101 admin walkthrough](https://youtube.com/playlist?list=PL-IZTwAxWO4XtrO78m2GrHRGS_YKzNmYW&si=R5ihNY1HMIonViMY): comprehensive training videos covering organization setup, organizational reporting capabilities, and user management best practices - Additional [b-roll](https://vimeo.com/showcase/11841052) and [educational clips](https://drive.google.com/drive/folders/1nZiUlOA5b5ljjnG29R_mqhKVn8uTIEts?usp=drive_link): suitable for internal presentations or onboarding decks ![ ](https://bitwarden.com/assets/3u8EFXlixwuVXCsvh5eJJZ/85066b90a3f04de13a67204c80c95dbc/videos.jpg) ## Documentation and templates Step-by-step documentation, templates, and resources to help teams embrace credential management: - [Admin and owner onboarding templates](https://bitwarden.com/it-it/help/admin-team-onboarding-emails/): pre-written email templates for effective team communication throughout deployment, including welcome emails, admin onboarding sequences, and end user engagement campaigns - End user training resources: user-friendly tutorials providing step-by-step instruction on core Bitwarden features, [understanding vault item types](https://bitwarden.com/it-it/learning/individual-and-organizational-vaults/). - Importing passwords from [Chrome](https://bitwarden.com/it-it/help/import-from-chrome/#export-from-chrome/), [macOS and Safari](https://bitwarden.com/it-it/help/import-from-safari/), [Firefox](https://bitwarden.com/it-it/help/import-from-firefox/). - [Disabling browser autofill and password storage](https://bitwarden.com/it-it/help/disable-browser-autofill/): instructions to replace browser-based password storage with Bitwarden's secure autofill capabilities ![ ](https://bitwarden.com/assets/6fQemeZ7Iqy11zxI7bjua7/584dedcb621d17abbc66fccbf9fb4c8a/documentation.jpg) ## Bitwarden merch Spread awareness with Bitwarden merch - [Magic Background Maker](https://bitwarden.com/it-it/magic-background/): Enhance your team's virtual meetings with branded backgrounds when using the Magic Background Maker - [Password Security Animations](https://bitwarden.com/it-it/blog/password-security-gifs/): Fun animations featuring boy bands and judgmental squirrels to make your security communications actually entertaining - [The Bitwarden Shop](https://shop.bitwarden.com/): Encourage adoption by delivering Bitwarden-exclusive merch directly to your team ![ ](https://bitwarden.com/assets/37t7bjm21Y8wVkbFvKtJ5p/5eba0df4d7f5eb9944dd093792fbc278/store.jpg) ## Brand and design resources Stay on-brand and create your own assets - [Bitwarden brand guidelines and downloads](https://bitwarden.com/it-it/brand/) - Product mockups and imagery - [Bitwarden Password Manager](https://drive.google.com/drive/folders/10LNjuihl6PBWRef-CenXrJNNi1fu-N0P?usp=sharing) - [Bitwarden Secrets Manager](https://drive.google.com/drive/folders/1_NWWPeecq5FRZwXimAhOw2g6gazaT6Mn?usp=sharing) --- URL: https://bitwarden.com/it-it/help/customer-success-hub/ --- # Customer Success Hub A proven path to password management success for IT and security leaders via guides, checklists, resources, and milestones. | **Evaluation** | **Onboarding** | **Adoption & Success** | |------|------|------| | Requirements Assessment Decision | Training Setup Prep/rollout | Engagement Impact Leadership | | 📋 [Critical capabilities for enterprise password management](https://bitwarden.com/it-it/resources/critical-capabilities-for-enterprise-password-management/) - Must-have features and requirements | 📚 [Bitwarden Onboarding Playbook ](https://bitwarden.com/it-it/help/bitwarden-onboarding-playbook/) - 5 phase roadmap covering Training, Setup, Planning, Rollout, Adoption  | 🎨 [Customer Activation Kit](https://bitwarden.com/it-it/help/customer-activation-kit/) - Brochures, explainer  materials, and user enablement resources | | 🔍 [Enterprise Trial Guide](https://bitwarden.com/it-it/resources/enterprise-trial-guide/) - Step-by-step trial planning - Assessment framework | 🔧 [Personalized Setup Guide](https://setup.bitwarden.com/) - Customized setup path - Implementation guidance | 📧 Adoption Campaigns - [End-user adoption emails](https://bitwarden.com/it-it/help/end-user-adoption-emails/) - [Change management strategies](https://bitwarden.com/it-it/resources/90-adoption-across-220-employees-in-4-months-one-agencys-success-story/) | | 📊 Third-party Reports - [InfoTech Data Quadrant](https://bitwarden.com/it-it/go/password-management-data-quadrant-report/) - [G2 Grid Report](https://bitwarden.com/it-it/blog/bitwarden-g2-2023-enterprise-grid/) | 📚 [Enterprise Password Manager Implementation Guide](https://bitwarden.com/it-it/resources/bitwarden-enterprise-password-manager-implementation-guide/) - Step-by-step deployment instructions | 🛡️ [Access Intelligence](https://bitwarden.com/it-it/products/access-intelligence/) - Identify and prioritize at-risk credentials - Monitor security improvements  | | 🎯 Leadership Alignment - [Convince your leadership team](https://bitwarden.com/it-it/resources/bitwarden-business-insights-report/) - [Build company-wide alignment](https://bitwarden.com/it-it/resources/successful-top-down-approach-with-your-password-manager/) | 📧 Rollout Templates - [Welcome email templates](https://bitwarden.com/it-it/help/welcome-email-templates/) - [Announcement slide deck](https://docs.google.com/presentation/d/1zK8NDB6E8ID_ok_yxn5x5qjO7mzeI5CZ-kqcOsfcQcU/edit?slide=id.g37260cb3e91_1_0#slide=id.g37260cb3e91_1_0) | 📊 [Security Impact Report](https://bitwarden.com/it-it/resources/bitwarden-security-impact-report/) - Data-backed ROI insights - Demonstrate security improvements | ## Evaluation: Requirements, assessment, decision For teams that are actively comparing, evaluating, and trialing solutions, the resources below will help you see how Bitwarden fits your needs. **Set requirements** - [Critical capabilities for enterprise password management](https://bitwarden.com/it-it/resources/critical-capabilities-for-enterprise-password-management/): Explore the must-have features that set enterprise-grade password managers apart, from secure credential sharing and role-based access control to integration with SSO, SCIM provisioning, and audit logs. - [Password management for global organizations](https://bitwarden.com/it-it/resources/password-management-for-global-organizations/#what-exactly-is-password-management-for-global-organizations/): Learn how Bitwarden supports distributed workforces with multilingual interfaces, compliance, and secure access for users in every location, ideal for multinational teams operating at scale. - [The credential lifecycle starts with central ownership](https://bitwarden.com/it-it/resources/credential-lifecycle-management-security-perspective/#how-bitwarden-supports-credential-lifecycle-management/): Understand why centralized control over credentials is foundational to security. See how Bitwarden enables IT and security teams to manage credential creation, storage, access, rotation, and revocation across the full lifecycle. **Make an assessment** - [Prepare your trial for production](https://bitwarden.com/it-it/help/prepare-your-org-for-prod/): Get the most from your Bitwarden trial. This resource walks you through key setup steps and considerations to ensure your trial mirrors a production-ready environment. - [Enterprise trial guide](https://bitwarden.com/it-it/resources/enterprise-trial-guide/): A step-by-step guide to planning, configuring, and evaluating a successful enterprise trial of Bitwarden. **Decision** - [InfoTech Data Quadrant Report](https://bitwarden.com/it-it/go/password-management-data-quadrant-report/): See how Bitwarden ranks across key satisfaction and feature categories in a third-party comparison of password management vendors, based on real user feedback from IT leaders. - [G2 Grid Report](https://bitwarden.com/it-it/blog/bitwarden-g2-2023-enterprise-grid/): Bitwarden top rankings in the G2 Grid Report reflect high satisfaction, ease of use, and market presence. Compare peer reviews and ratings to see how Bitwarden stacks up against competitors. - [Convince your leadership team](https://bitwarden.com/it-it/resources/bitwarden-business-insights-report/): Arm your executive stakeholders with data on password-related risks, user behavior, and IT priorities, based on enterprise customer findings from security and IT professionals across industries. - [Build company-wide alignment](https://bitwarden.com/it-it/resources/successful-top-down-approach-with-your-password-manager/): Learn how security conscious organizations secure buy-in from executives and champion a security-first culture, starting at the top. ## **Onboarding: Setup, rollout, and training** Congratulations! You’ve selected Bitwarden as your password manager. Now it’s time to implement Bitwarden into your current systems, train your teams, prepare for a successful deployment, and introduce password management to users across your company. **Technical foundation setup** - [Personalized Setup Guide](https://setup.bitwarden.com/): Interactive tool that generates a customized implementation roadmap based on your deployment model, organizational size, and technical requirements, ensuring you focus on the right priorities from day one. - [Enterprise Password Manager implementation guide](https://bitwarden.com/it-it/resources/bitwarden-enterprise-password-manager-implementation-guide/): Step by step instructions on how to successfully launch Bitwarden Password manager across your teams - [Cloud setup checklist](https://bitwarden.com/it-it/help/cloud-setup-checklist/): A checklist to guide your team through setting up Bitwarden in the cloud. Covers key steps from account creation to policy configuration. - [Self host setup checklist](https://bitwarden.com/it-it/help/self-host-setup-checklist/): A checklist for a successful self-hosted deployment, including infrastructure requirements and installation steps. **Prepare for rollout** - [Bitwarden onboarding playbook](https://bitwarden.com/it-it/help/bitwarden-onboarding-playbook/)**:** A comprehensive 5-phase implementation roadmap for IT administrators, complete with actionable checklists and step-by-step recommendations to ensure successful user adoption across your organization. - [Announcement slide deck template](https://docs.google.com/presentation/d/1zK8NDB6E8ID_ok_yxn5x5qjO7mzeI5CZ-kqcOsfcQcU/edit?slide=id.g37260cb3e91_1_0#slide=id.g37260cb3e91_1_0): Slide deck template to announce the Bitwarden Password Manager to your whole organization. - [Welcome email templates](https://bitwarden.com/it-it/help/welcome-email-templates/): Email templates to announce the Bitwarden Password Manager rollout to your end users, administrative users, and IT teams. - [Admin team onboarding emails](https://bitwarden.com/it-it/help/admin-team-onboarding-emails/): Onboarding emails automatically sent to new business admins and owners. Read them all at once or grab them and adapt them to your team's needs. - [Onboarding workflows](https://bitwarden.com/it-it/help/onboarding-workflows/): Guidance for onboarding users across different organizational setups, whether you’re using SSO, SCIM, manual provisioning, or directory sync. **Training and ongoing support** - [Bitwarden newsletter](https://bitwarden.com/it-it/newsletter-subscribe/): Stay informed on the latest from Bitwarden. - [Product updates](https://bitwarden.com/it-it/help/releasenotes/): Get release news for product enhancements and capabilities. - [Bitwarden community](https://community.bitwarden.com): Where security enthusiasts gather for feature requests, best practices, and tips. - **Custom training:** Dig deeper into advanced functionalities with dedicated training sessions for select customers. Reach out to your account representative for details. ## **Adoption & Success: Engagement, impact, and leadership** From driving user engagement to demonstrating measurable security improvements to contributing to the broader security community—these resources help you maximize your Bitwarden investment and establish your organization as a password security leader. **Drive user adoption and engagement** - [Customer Activation Kit](https://bitwarden.com/it-it/help/customer-activation-kit/): Brochures, explainer materials, and user enablement resources to help build excitement and drive adoption across your organization. - [End-user adoption emails](https://bitwarden.com/it-it/help/end-user-adoption-emails/): Emails automatically sent to Bitwarden Enterprise and Teams admins and owners to help increase overall team adoption of their new password manager. Read them all at once or grab them and adapt them to your team's needs. - [Change management success story](https://bitwarden.com/it-it/resources/90-adoption-across-220-employees-in-4-months-one-agencys-success-story/): These change strategies helped this customer achieve 90% adoption in under 4 months. **Prove Bitwarden is paying off** - [Access Intelligence](https://bitwarden.com/it-it/products/access-intelligence/): Proactively identify, prioritize, and remediate credential risks across your organization. Monitor at-risk passwords, prioritize vulnerabilities based on critical applications, send automated alerts to employees for resolution, and track security improvements over time to validate your password management investment. - [Security impact report](https://bitwarden.com/it-it/resources/bitwarden-security-impact-report/): Use these insights to build a strong, data-backed business case for investing in enterprise password management. **Share your success, contribute to the security community** - [Open Source Security Summit](https://bitwarden.com/it-it/open-source-security-summit/): Share your expertise, spotlight your team's innovation, and contribute to thought leadership shaping the future of secure open source software. - [Customer reference and success story program](https://bitwarden.com/it-it/case-studies/#case-studies/): Highlight your achievements through case studies, speaking engagements, and press features, while building your brand as a security-forward leader. - [Influence product roadmap](https://community.bitwarden.com): As a valued customer, your feedback helps guide development priorities. - [Bitwarden on GitHub](https://github.com/bitwarden/): Explore the Bitwarden codebase, contribute to the community, and stay informed on active development. --- URL: https://bitwarden.com/it-it/help/data-storage/ --- # Data Storage This articles describes where Bitwarden stores your vault data and administrative data. Bitwarden **always** encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. **Bitwarden servers are only used for storing encrypted data.** For more information, see [Encryption](https://bitwarden.com/it-it/help/what-encryption-is-used/). Some encrypted data, including a user's protected symmetric key and master password hash, are also transparently encrypted at rest by the application, meaning they're encrypted and decrypted again as they flow in and out of the Bitwarden database. Bitwarden additionally uses Azure transparent data encryption (TDE) to protect against the threat of malicious offline activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest. ## On Bitwarden servers Bitwarden processes and stores all vault data securely in the [Microsoft Azure Cloud](https://en.wikipedia.org/wiki/Microsoft_Azure) in the [US or EU](https://bitwarden.com/it-it/help/server-geographies/) using services that are managed by the team at Microsoft. Since Bitwarden only uses service offerings provided by Azure, there is no server infrastructure to manage and maintain. All uptime, scalability, security updates, and guarantees are backed by Microsoft and their cloud infrastructure. Review the [Microsoft Azure Compliance Offerings](https://learn.microsoft.com/en-us/azure/compliance/) documentation for more detail. Bitwarden maintains point-in-time restore (PITR) policies for disaster recovery. The functionality leveraged by Bitwarden for this purpose **does not** involve creating or storing a BACPAC or otherwise moveable backup file, but instead allows for disaster recovery by reverse-processing transactional logs to make the database consistent with a selected point-in-time (see [Microsoft’s documentation](https://learn.microsoft.com/en-us/azure/azure-sql/database/hyperscale-automated-backups-overview?view=azuresql)). Bitwarden has configured a strict 7-day retention policy for PITR and a policy of no long-term retention. This functionality is for **disaster recovery purposes only**, users and organizations are responsible for creating and securely storing backups of their own vault data. Blob-stored data, specifically attachments and Send files, are not subject to PITR functionality and are irrecoverable once deleted from Bitwarden. Don't trust Bitwarden servers? You don't have to. Open source is beautiful. You can easily host the entire Bitwarden stack yourself. You control your data. Learn more [here](https://bitwarden.com/it-it/help/install-on-premise-linux/). ## On your local machine Data that is stored on your computer/device is encrypted and only decrypted when you unlock your vault. Decrypted data is stored **in memory** only and is **never written to persistent storage**. Encrypted data is stored in the following locations at rest: #### Desktop app - Windows - Standard installation: `%AppData%\Roaming\Bitwarden` - Microsoft Store installation: ``` %LocalAppData%\Packages\8bitSolutionsLLC.bitwardendesktop_h4e712dmw3xyy\LocalCache\Roaming\Bitwarden ``` - Portable: `.\bitwarden-appdata` - macOS - Standard installations: `~/Library/Application Support/Bitwarden` - Mac App Store: `~/Library/Containers/com.bitwarden.desktop/Data/Library/Application Support/Bitwarden` - Linux - Standard installations: `~/.config/Bitwarden` - Flatpak: `~/.var/app/com.bitwarden.desktop/` - Snap: `~/snap/bitwarden/current/.config/Bitwarden` > [!NOTE] desktop app storage location > You can override the storage location for your Bitwarden desktop app data by setting the `BITWARDEN_APPDATA_DIR` environment variable to an absolute path. #### Browser extension - Windows - Chrome: `%LocalAppData%\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb` - Edge: `%LocalAppData%\Microsoft\Edge\User Data\Default\Local Extension Settings\jbkfoedolllekgbhcbcoahefnbanhhlh` - Brave: `%LocalAppData%\BraveSoftware\Brave-browser\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb` - Vivaldi: `%LocalAppData%\Vivaldi\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb` > [!TIP] Default profile in storage location > In Chromium browsers, `Default` represents the name of a browser profile. If you've installed Bitwarden under a different profile, substitute that profile's name in the path. - Firefox: `%AppData%\Mozilla\Firefox\Profiles\your_profile\storage\default\moz-extension+++[UUID]^userContextId=[integer]`, where `your_profile` is the label of your Firefox profile (typically, `xxxxxxxx.default` or `xxxxxxxx.default-release`) - Opera: `%AppData%\Opera Software\Opera Stable\Local Extension Settings\ccnckbpmaceehanjmeomladnmlffdjgn` - macOS - Chrome: `~/Library/Application Support/Google/Chrome/Default/Local Extension Settings/nngceckbapebfimnlniiiahkandclblb` - Edge:` ~/Library/Application Support/Microsoft Edge/Default/Local Extension Settings/jbkfoedolllekgbhcbcoahefnbanhhlh` > [!TIP] Default profile in storage location > In Chromium browsers, `Default` represents the name of a browser profile. If you've installed Bitwarden under a different profile, substitute that profile's name in the path. - Firefox: `~/Library/Application Support/Firefox/Profiles/your_profile/storage/default/moz-extension+++[UUID]^userContextID=[integer]`, where `your_profile` is the label of your Firefox profile (typically, `xxxxxxxx.default` or `xxxxxxxx.default-release`) - Safari: `~/Library/Safari/Databases` - Linux - Chrome: `~/.config/google-chrome/Default/Local Extension Settings/nngceckbapebfimnlniiiahkandclblb` - Edge:` ~/.config/microsoft-edge/Default/Local Extension Settings/`jbkfoedolllekgbhcbcoahefnbanhhlh > [!TIP] Default profile in storage location > In Chromium browsers, `Default` represents the name of a browser profile. If you've installed Bitwarden under a different profile, substitute that profile's name in the path. - Firefox: `~/.mozilla/firefox/your_profile/storage/default/moz-extension+++[UUID]^userContextID=[integer]`, where `your_profile` is the label of your Firefox profile (typically, `xxxxxxxx.default` or `xxxxxxxx.default-release`) > [!NOTE] Firefox UUID > To enhance security, Firefox uses universally unique identifiers (UUIDs) within extension storage folder names. In the address bar, navigate to `about:debugging#/runtime/this-firefox` to locate your Bitwarden extension UUID. Replace `[UUID]` with that value. > > Firefox also allows users to customize where to store their profiles (and thus local Bitwarden extension data). The location specified above is the default. #### Mobile - iOS: app group for `group.com.8bit.bitwarden` - Android: `/data/data/com.x8bit.bitwarden/` #### Web - Chrome: ⋮ **Menu → More Tools → Developer Tools**, then select the **Application** **→** **Local storage**. - Safari: **Develop →** **Show Web Inspector →** **Storage** **→ Local Storage**. - Firefox: ☰ **Menu** **→ More tools → Web Developer Tools → Storage → Local Storage**. - Edge: ⋯ **Menu** **→ More tools → Developer tools → Application → Local storage**. - Opera: - Windows: **Menu** **→ Developer** **→ Developer Tools → Application → Local storage**. - MacOS: **Developer** **→ Developer Tools → Application → Local storage**. #### CLI - Windows: `%AppData%\Bitwarden CLI` - macOS: `~/Library/Application Support/Bitwarden CLI` - Linux: `~/.config/Bitwarden CLI` > [!NOTE] Bitwarden CLI Location > You can override the storage location for your Bitwarden CLI app data by setting the `BITWARDENCLI_APPDATA_DIR` environment variable to an absolute path. --- URL: https://bitwarden.com/it-it/help/database-options/ --- # Database Options ## Default database for server deployments All Bitwarden self-hosted server deployments, except for [Lite](https://bitwarden.com/it-it/help/install-and-deploy-lite/), ship with an MSSQL Express image by default. This colocates your encrypted vault data with the application containers and simplifies deployments by ensuring that updates, maintenance, and backups are delivered concurrently with the rest of the code. This default database does not require additional licensing and is pre-configured to Bitwarden standards to securely store and automatically backup vault data ([learn more](https://bitwarden.com/it-it/help/backup-on-premise/)). ### Using an external database for server deployments In those self-hosted server deployments that are shipped with an MSSQL Express image, use of that container is optional. For high-availability or to leverage existing infrastructure, customers may connect to an external MSSQL server or cluster ([learn more](https://bitwarden.com/it-it/help/external-db/)) of version 2022. Regardless of whether you use the included MSSQL Express image or your own external MSSQL server or cluster, standard Bitwarden deployments must currently use MSSQL. ## Databases for Lite deployments Bitwarden Lite self-host deployments do not ship with a built-in database, but can connect to an existing MySQL/MariaDB, MSSQL, SQLite, or PostgreSQL database ([learn more](https://bitwarden.com/it-it/help/install-and-deploy-lite/)). **Only lite deployments** support these database options, standard deployments require MSSQL. > [!NOTE] Lite database require your management. > Because Bitwarden lite databases are not provided by or collocated with the application container, database maintenance, including updates, maintenance, and backups, must be fully managed by you. ## Optional database jobs ### Database preparation In non-Lite self-host deployments, Bitwarden will check for the existence of the database specified in the constructed connection string and, if it doesn't exist, create it. This job requires the configured SQL user to have administrative privileges within the database server. Insufficient privileges will cause this job to fail. If you are deploying your own external database, deactivate this deployment step by setting the following environment variable in `global.override.env`: ```plain text globalSettings__sqlServer__skipDatabasePreparation=true ``` ### Database maintenance In all self-hosted deployments, including Lite, Bitwarden runs scheduled jobs on the database to perform routine maintenance, such as computing database statistics and building indices. These jobs require the configured SQL user to have administrative privileges within the database server. Insufficient privileges will cause this job to fail, which will be logged to `admin` container logs. If you prefer to run these maintenance jobs as a separate user, deactivate this behavior by setting the following environment variable in `global.override.env`: ```plain text globalSettings__sqlServer__disableDatabaseMaintenanceJobs=true ``` > [!NOTE] Skipping database maintenance jobs > If you deactivate database maintenance jobs, manually review database clean-up and index creations regularly. --- URL: https://bitwarden.com/it-it/help/deactivate-browser-password-managers/ --- # Deactivate Browser Password Managers Using Device Management This article will direct you on how to disable various web browser's built-in password managers using group policy. These steps will help prevent corporate logins from being saved and synchronized to personal accounts. You may also consider deploying the [Bitwarden browser extension to all browsers](https://bitwarden.com/it-it/help/browserext-deploy/) as part of this same policy. ## Disable with Windows GPO ### Disable Edge 1. Open Group Policy Management Editor on your managing Windows server. 2. [Download the appropriate Edge Policy Template](https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ). 3. In Group Policy Editor, create a new GPO for Edge and provide an appropriate name. 4. Choose your desired scope. 5. Right-click the new Group Policy **Object** → **Edit**. 6. On the Group Policy Management Editor, go to **User Configuration** → **Policies** → **Administrative Templates**→**Microsoft Edge**. 7. Set the following policies: - Open "Password manager and protection," disable the policy **Enable saving passwords to the password manager**. - Disable the policy **Enable AutoFill for addresses**. - Disable the policy **Enable AutoFill for payment instruments**. - Optionally, you can enable the policy **Disable synchronization of data using Microsoft sync services**. Once complete, the GPO **settings** should show the following: ![Edge Settings](https://bitwarden.com/assets/7JYNg4j0ETWUYqxvC1aA35/b2330512b7ccfd0c2371d14349f6f91d/image.png) 8. Ensure the GPO link is enabled. ### Disable Chrome 1. Open Group Policy Management Editor on your managing Windows server. 2. [Download the Google Chrome Administrative Templates.](https://support.google.com/chrome/a/answer/187202?hl) 3. In the `ADMX` file, copy the following: `policy_templates\windows\admx\chrome.admx `and` policy_templates\windows\admx\google.admx `**TO** `C:\Windows\PolicyDefinitions` 4. In the `ADML` file, copy the following: `policy_templates\windows\admx\en-us\chrome.adml `and` policy_templates\windows\admx\en-us\google.adml ` **TO** `C:\Windows \PolicyDefinitions\en-us` 5. In Group Policy Editor, create a new GPO for Chrome and provide an appropriate name. 6. Choose your desired scope. 7. Right-click the **Group Policy Object** → **Edit**. 8. Go to **User Configuration** → **Policies** → **Administrative Templates** → **Google** → **Google Chrome**. 9. Edit the following settings: - Under "Password Manager," disable the policy **Enable saving passwords to the password manager**. - Disable the policy **Enable AutoFill for Addresses**. - Disable the policy**Enable AutoFill for credit cards**. 10. Once complete, the GPO **settings** should show the following: ![Chrome Settings](https://bitwarden.com/assets/4g4UFkO53OhzFhZlnSPoKY/000e4a638d423783c6e1c94c10b13395/chrome_gpo.png) 11. Ensure the GPO link is enabled. ### Disable Firefox 1. Open Group Policy Editor on your managing Windows server. 2. [Download the latest Firefox Policy Templates .zip file.](https://github.com/mozilla/policy-templates/releases) 3. Copy the **ADMX** file: **FROM** the downloaded folder `policy_templates_v1.##\windows\firefox.admx & mozilla.admx` **TO** `C:\Windows\PolicyDefinitions` 4. Copy the **ADML** file **FROM** `policy_templates\windows\en-us\firefox.adml & mozilla.adml` **TO** `C:\Windows \PolicyDefinitions\en-us` 5. In Group Policy Editor, create a new GPO for FireFox and provide an appropriate name. 6. Choose your desired scope. 7. Right-click the **new group policy** → **Edit**. 8. Open **User Configuration** → **Policies** → **Administrative Templates** → **Mozilla**→ **Firefox**. 9. Locate and edit the following policies: - Enable the policy **Disable Firefox Accounts**. - Disable the policy **Offer to save logins**. - Disable the policy **Offer to save logins (default)**. - Disable the policy **Password Manager**. 10. Once complete, the GPO **settings** should show the following: ![Firefox Settings](https://bitwarden.com/assets/75Do1uQgOThyyIfdXU3ti7/5ab03c79118217b0fdd6485ad8c71527/image.png) 11. Ensure the GPO link is enabled. ### How to check if it worked? Check that the previous steps worked correctly for your setup: ### Edge 1. On a user's computer, Open the command line, and run: `gpupdate /force`. 2. Open Edge, then click the three dots for settings **...** → **Settings** → **Passwords**. 3. Ensure "Offer to save passwords" is turned off and managed by the organization. > [!NOTE] Disable Edge GPO > **Sign-in automatically** is still checked because there is no policy setting to turn this off. > > Any logins previously saved in Edge will not be removed and will continue to be displayed to the user, despite autofill being disabled. Be sure to instruct the user to [import any saved logins](https://bitwarden.com/it-it/help/import-from-chrome/) into Bitwarden before deleting them from Edge. ### Chrome 1. On a user's computer, Open the command line, and run: `gpupdate /force`. 2. Open Chrome and click the **profile** **icon** on the top right. See that the user is not signed in. 3. Open Chrome, then click the three dots **...** → **Settings** → **Passwords**. See that **Offer to save passwords** is unchecked and managed by the organization. ### Firefox 1. On a user's computer, Open the command line, and run: `gpupdate /force`. 2. Open Firefox and select **Logins and Passwords** from the menu bar. 3. Ensure that a "Blocked Page" message is displayed. ## Disable on Linux ### Chrome To disable the Chrome Password Manager via group policy: 1. Download the [Google Chrome .deb or .rpm](https://www.google.com/chrome/?platform=linux) for Linux. 2. Download the [Chrome Enterprise Bundle](https://chromeenterprise.google/browser/download/#windows-tab). 3. Unzip the Enterprise Bundle (`GoogleChromeEnterpriseBundle64.zip` or `GoogleChromeEnterpriseBundle32.zip`) and open the `/Configuration` folder. 4. Make a copy of the `master_preferences.json` (in Chrome 91+, `initial_preferences.json`) and rename it `managed_preferences.json`. 5. To [disable](https://chromeenterprise.google/policies/#PasswordManagerEnabled) Chrome's built-in password manager, add the following to `managed_preferences.json` inside of `"policies": { }`: ```plain text { "PasswordManagerEnabled": false } ``` 6. Create the following directories if they do not already exist: ```plain text mkdir /etc/opt/chrome/policies mkdir /etc/opt/chrome/policies/managed ``` 7. Move `managed_preferences.json` into `/etc/opt/chrome/policies/managed`. 8. As you will need to deploy these files to users' machines, we recommend making sure only admins can write files in the `/managed` directory. ```plain text chmod -R 755 /etc/opt/chrome/policies ``` 9. Additionally, we recommend admins should add the following to files to prevent modifications to the files themselves: ```plain text chmod 644 /etc/opt/chrome/policies/managed/managed_preferences.json ``` 10. Using your preferred software distribution or MDM tool, deploy the following to users' machines: 1. Google Chrome Browser 2. `/etc/opt/chrome/policies/managed/managed_preferences.json` > [!NOTE] Refer to Google's guide to chome for linux > For more help, refer to Google's [Chrome Browser Quick Start for Linux](https://support.google.com/chrome/a/answer/9025926?hl=en&ref_topic=9025817) guide. ### Firefox To disable the Firefox Manager via group policy: 1. Download [Firefox for Linux](https://www.mozilla.org/en-US/firefox/linux/). 2. Open a terminal and navigate to the directory your download has been saved to. For example:` cd ~/Downloads ` 3. `Extract to contents of the downloaded file: ` ```plain text tar xjf firefox-*.tar.bz2 ``` The following commands must be executed as root, or preceded by `sudo`. 4. Move the uncompressed Firefox folder to `/opt`: ```plain text mv firefox /opt ``` 5. Create a symlink to the Firefox executable: ```plain text ln -s /opt/firefox /usr/local/bin/firefox ``` 6. Download a copy of the desktop file: ```plain text wget https://raw.githubusercontent.com/mozilla/sumo-kb/main/install-firefox-linux/firefox.desktop -P /usr/local/share/applications ``` 7. To disable Firefox's built-in password manager, add the following to `policies.json` inside of `"policies": {}`: ```plain text { "PasswordManagerEnabled": false } ``` 8. Create the following directory if it does not already exist: ```plain text mkdir /opt/firefox/distribution ``` 9. Modify the directory with the following: ```plain text chmod 755 /opt/firefox/distribution ``` 10. Additionally, we recommend admins should add the following to files to prevent modifications to the files themselves: ```plain text chmod 644 /opt/firefox/distribution/policies.json ``` 11. Using your preferred software distribution or MDM tool, deploy the following to users' machines: 12. Firefox Browser 13. `/distribution/policies.json` > [!NOTE] disable firefox group policy > For more help, refer to Firefox's [policies.json Overview](https://support.mozilla.org/en-US/kb/customizing-firefox-macos-using-configuration-prof) or [Policies README](https://github.com/mozilla/policy-templates/blob/master/README.md) on Github. ## Disable on MacOS ### Chrome 1. Download the [Google Chrome .dmg or .pkg](https://chromeenterprise.google/browser/download/#mac-tab) for macOS. 2. Download the [Chrome Enterprise Bundle](https://support.google.com/chrome/a/answer/7650032?hl=en&sjid=15647115866896992845-NA). 3. Unzip the Enterprise Bundle (`GoogleChromeEnterpriseBundle64.zip` or `GoogleChromeEnterpriseBundle32.zip`). 4. Open the `/Configuration/com.Google.Chrome.plist` file with any text editor. 5. To [disable](https://chromeenterprise.google/policies/#PasswordManagerEnabled) Chrome's built-in password manager, add the following to `com.Google.Chrome.plist`: ```plain text PasswordManagerEnabled ``` 6. Convert the `com.Google.Chrome.plist` file to a configuration profile using a conversion tool of your choice. 7. Deploy the Chrome `.dmg` or `.pkg` and the configuration profile using your software distribution or MDM tool to all managed computers. > [!NOTE] disable google chrome mac > For more help, refer to Google's [Chrome Browser Quick Start for Mac](https://support.google.com/chrome/a/answer/9020580?hl=en&ref_topic=7650028) guide. For additional information, see [Chrome's documentation](https://support.google.com/chrome/a/answer/7550274?hl=en) for setting up Chrome browser on Mac. ### Firefox 1. Download and install [Firefox for Enterprise](https://www.mozilla.org/en-US/firefox/enterprise/#download) for macOS. 2. Create a `distribution` directory in `Firefox.app/Contents/Resources/`. 3. In the created `/distribution` directory, create a new file `org.mozilla.firefox.plist`. > [!NOTE] > Use the [Firefox .plist template](https://github.com/mozilla/policy-templates/blob/master/mac/org.mozilla.firefox.plist) and [Policy README](https://github.com/mozilla/policy-templates/blob/master/README.md) for reference. 4. To [disable](https://github.com/mozilla/policy-templates/blob/master/README.md#passwordmanagerenabled) Firefox's built-in password manager, add the following to `org.mozilla.firefox.plist`: ```plain text PasswordManagerEnabled ``` 5. Convert the `org.mozilla.firefox.plist` file to a configuration profile using a conversion tool of your choice. 6. Deploy the Firefox `.dmg` and the configuration profile using your software distribution or MDM tool to all managed computers. For additional information, see [Firefox's documentation ](https://support.mozilla.org/en-US/kb/customizing-firefox-macos-using-configuration-prof)for MacOS configuration profiles. ### Edge 1. Download the [Microsoft Edge for macOS .pkg](https://www.microsoft.com/en-us/edge) file. 2. In Terminal, use the following command to create a `.plist` file for Microsoft Edge: ```plain text /usr/bin/defaults write ~/Desktop/com.microsoft.Edge.plist RestoreOnStartup -int 1 ``` 3. Use the following command to convert the `.plist` from binary to plain text: ```plain text /usr/bin/plutil -convert xml1 ~/Desktop/com.microsoft.Edge.plist ``` 4. To [disable](https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#passwordmanagerenabled) Edge's built-in password manager, add the following to `com.microsoft.Edge.plist`: ```plain text PasswordManagerEnabled ``` 5. Deploy the Edge `.pkg` and the configuration profile using your software distribution or MDM tool to all managed computers. > [!NOTE] > **For Jamf-specific** help, refer to Microsoft's documentation on [Configuring Microsoft Edge policy settings on macOS with Jamf](https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge-on-mac-jamf). For additional information, see [Edge's documentation](https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge-on-mac#configure-microsoft-edge-policies-on-macos) for configuration profiles. --- URL: https://bitwarden.com/it-it/help/delete-member-accounts/ --- # Delete Organization Member Accounts > [!WARNING] Danger Zone > Deleting an account is permanent and cannot be undone or restored. To create a backup of your vault data to store in a safe location, [export your vault data](https://bitwarden.com/it-it/help/export-your-data/). Depending on your organization's setup, you may be able to delete member accounts. Deleting an account is different than removing a user. ## Delete an account You may be able delete a member's account using one of the following methods: - If you have a [claimed domain](https://bitwarden.com/it-it/help/claimed-domains/), any users with account email addresses that have a matching domain (e.g. `jdoe@mycompany.com`) can be outright deleted by organization administrators: ![Delete claimed accounts](https://bitwarden.com/assets/6HUnGTfMstF4IasZcKBfdi/0d2dbd328ba4a006611576e7d91c70df/2025-01-14_10-45-56.png) - If you are self-hosting Bitwarden, an authorized administrator can delete the account from the [System Administrator Portal](https://bitwarden.com/it-it/help/system-administrator-portal/). - If the account has an `@yourcompany.com` email address that your company controls, you can use [this procedure](https://bitwarden.com/it-it/help/delete-your-account/#tab-without-logging-in-4KcOdFa6zVp6H7xo9Ui9vc/) to initiate and confirm deletion within the `@yourcompany.com` inbox. If none of these methods fit your organization's Bitwarden configuration, [remove the member](https://bitwarden.com/it-it/help/remove-users/) from your organization. They can then [delete their personal account](https://bitwarden.com/it-it/help/delete-your-account/#delete-an-individual-account/). ## Remove an account If you don't want to permanently delete account data, consider [removing the member](https://bitwarden.com/it-it/help/remove-users/) from the organization. **Removing a user does not delete their Bitwarden account.** Instead, they lose all access to the organization and its data. If they know their master password, they can still log in to the account and access any personally-owned items. --- URL: https://bitwarden.com/it-it/help/delete-your-account/ --- # Delete an Account or Organization > [!WARNING] Danger Zone > Deleting an account is permanent and cannot be undone or restored. To create a backup of your vault data to store in a safe location, [export your vault data](https://bitwarden.com/it-it/help/export-your-data/). Deleting a Bitwarden account or organization permanently deletes the account or organization and **all data that is associated with it**. Bitwarden does not "soft delete" any data. Deleting an account or organization does not automatically cancel a subscription. [Learn how to cancel a subscription](https://bitwarden.com/it-it/help/cancel-a-subscription/) before deleting an account. If you are locked out of your vault and deleting your account so that you can create a new one, [contact us](https://bitwarden.com/it-it/contact/) and we can help transfer your subscription to the new account. ## Delete an individual account To delete your individual account: ### Without logging in To delete your account without needing to log in (for example, if you have lost your master password): 1. Open [https://vault.bitwarden.com/#/recover-delete](https://vault.bitwarden.com/#/recover-delete) (or [https://vault.bitwarden.eu/#/recover-delete](https://vault.bitwarden.eu/#/recover-delete), or `https://your-server.com/#/recover-delete` if you're self-hosting) in a web browser. 2. Enter the **Email Address**associated with the account to issue a deletion confirmation email. 3. In your inbox, open the email and verify you want to delete this Bitwarden account. If you are deleting your account to start a new one, here are a few next steps: - If you delete a Bitwarden account that has a premium subscription associated with it, [contact us](https://bitwarden.com/it-it/contact/) and we will reapply your existing subscription to the new account. - If you were able to successfully export your vault data prior to deletion, you can easily [import it into the new account](https://bitwarden.com/it-it/help/import-data/). > [!NOTE] Deleting account as a sole owner > If you are the sole owner of an [organization](https://bitwarden.com/it-it/help/about-organizations/), you can't delete your account until you add a second owner to the organization or delete the organization itself. If you've forgotten your master password, [contact us](https://bitwarden.com/it-it/contact/) from the email address that owns the organization. The email address associated with your deleted account should be available to re-register with Bitwarden, should you wish to do so, immediately. ### Web app To delete your Bitwarden account using the web app: 1. Go to **Settings** → **My account**. 2. Scroll down to **Danger Zone**and select **Delete account**.: ![My account settings](https://bitwarden.com/assets/74BqYDU6qE9evz6wEz8K7Y/2cd5b482c2dd160f47ec330464a43c11/My_account_settings.png) *My account settings* You will be prompted to enter your master password to confirm you have the authority to take this action. ### Mobile To delete your Bitwarden account using the mobile app: 1. Select the **Settings**tab. 2. Select **Account security**. 3. Scroll to the bottom and select **Delete account**. 4. Confirm that you want to **Delete account**. You will be prompted to enter your master password to confirm you have the authority to take this action. ### Desktop To delete your Bitwarden account using the desktop app: 1. From the menu bar select **Account** → **Delete account**. 2. Enter your master password and select **Delete account**. Organization owners, admins, and some custom role members may be able to [delete member accounts](https://bitwarden.com/it-it/help/delete-member-accounts/). ## Delete an organization Only [organization owners](https://bitwarden.com/it-it/help/user-types-access-control/) can delete an organization. (If you are an organization member, you can instead [leave the organization](https://bitwarden.com/it-it/help/org-faqs/#q-how-do-i-leave-an-organization/).) To delete an organization: 1. Open the Admin Console: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Select the Organization you want to delete. Then, go to **Settings** → **Organization info**. 3. Scroll down to the **Danger Zone** and select **Delete Organization**. 4. When prompted, enter your master password to confirm you have the authority to take this action. --- URL: https://bitwarden.com/it-it/help/deploy-browser-extensions-with-intune/ --- # Deploy Browser Extensions with Intune When operating Bitwarden in a business setting, administrators may want to automate deployment of Bitwarden browser extensions to users with **Microsoft Intune**. This article will cover how to use Intune to deploy Bitwarden Password Manager browser extensions to your endpoints. > [!NOTE] Configure server for managed devices > If your organization uses a self-hosted or EU Bitwarden server, configure managed devices to connect to the correct server URL. For more information, see [Connect managed devices](https://bitwarden.com/it-it/help/configure-clients-selfhost/). ## Get extension ID & update URL In order to deploy Bitwarden browser extensions using Intune, you'll need an extension ID and update URL. This identifier will be different for each browser: ### Chrome - Extension ID: `nngceckbapebfimnlniiiahkandclblb` - Update URL: `https://clients2.google.com/service/update2/crx` ### Edge - Extension ID: `jbkfoedolllekgbhcbcoahefnbanhhlh` - Update URL: `https://edge.microsoft.com/extensionwebstorebase/v1/crx` ## Create configuration profile Next, open the Microsoft Intune portal and complete the following steps: 1. In the Intune Portal, navigate to **Devices** → **Configuration** and select **Create** → **New Policy**. 2. In the Create a profile window: - Select a **Platform** (for example, **Windows 10 and later**). - From the **Profile type** dropdown, select **Settings catalog**. 3. Select **Create**. 4. On the next screen, give your configuration profile a **Name**and **Description** and select **Next**. 5. On the Configuration settings screen, select **Add settings**. 6. In the Settings picker: - For Google Chrome, search for **Configure the list of force-installed apps and extensions**, select the **Google Google Chrome Extensions**category, and toggle that option on. - For Microsoft Edge, search for Control which extensions are installed silently, select the **Microsoft Edge\Extensions** category, and toggle that option on. > [!TIP] Disable built-in with Intune > From the Settings picker, you can also deactivate the built-in password manager that comes available on many web browsers. Typically, for Chrome or a Chromium browser like Microsoft Edge, this setting will be labelled **Enable saving passwords to the password manager** or something similar. 7. Close the Settings picker. 8. Still on the Configuration settings screen, enable whichever option(s) you chose and enter the retrieved extension ID and update URL in the format `;`. 9. Select **Next**. 10. On the Scope tags screen, enter any scope you wish to apply to the configuration and select **Next**. 11. On the Assignments screen, add and groups or users to the configuration and select **Next**. 12. On the **Review + create** screen, select **Create**. --- URL: https://bitwarden.com/it-it/help/deploy-desktop-apps-with-intune/ --- # Deploy Desktop Apps with Intune When operating Bitwarden in a business setting, administrators may want to automate deployment of Bitwarden desktop apps to users with **Microsoft Intune**. This article will cover how to use Intune to deploy Bitwarden Password Manager desktop apps to your endpoints. > [!NOTE] Configure server for managed devices > If your organization uses a self-hosted or EU Bitwarden server, configure managed devices to connect to the correct server URL. For more information, see [Connect managed devices](https://bitwarden.com/it-it/help/configure-clients-selfhost/). Bitwarden desktop apps can be deployed to endpoints using either a Win32 application (*recommended*) or via the Microsoft App Store: ### Win32 App To deploy the Win32 version of Bitwarden Password Manager, complete the following steps: 1. Download the latest Bitwarden Windows desktop app installer from [bitwarden.com/download/](https://bitwarden.com/it-it/download/). 2. Use the [Microsoft Win32 Content Prep Tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) to convert the installer into the required `.intunewin` format ([learn more](https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-prepare)). 3. Open the Intune Portal, navigate to **Apps** → **Windows** and select + **Add**. 4. In the Select app type window, use the **App type** dropdown to select **Windows app (Win32)**. 5. Hit **Select**. 6. On the App information screen, select **Select app package file.** 7. On the App package file window, use the file explorer to select your converted `.intunewin` installer and select **OK**. 8. Take note of the **Name** of your app before proceeding, particularly the version number in the executable. 9. Select **Next**. 10. On the Program screen: - Specify the following **Install command**: `Bitwarden-installer-{version}.exe /allusers /S`. Make sure to replace `{version}` with the correct version of the application, for example `2024.8.0`, as seen in the App name (Step 8). - Specify the following **Uninstall command**: `C:\Program Files\Bitwarden\Uninstall Bitwarden.exe /allusers /S`. - Choose an **Install behavior**, more information can be found by hovering over the ℹ️ icon on that page. 11. Select **Next**. 12. On the Requirements screen: - Specify an **Operating system architecture** of **64-bit / 32-bit.** - Specify a **Minimum operating system**of **Windows 10 1607**. 13. Select **Next**. 14. On the Detection rules screen: - From the **Rules** dropdown, select **Manually configure detection rules**. - Select **Add**. - From the **Rule type**dropdown, select **File**. - Specify a **Path** of `C:\Program Files\Bitwarden`. - Specify a **File or folder** of `Bitwarden.exe`. - From the **Detection method** dropdown, select **File or folder exists**. - For **Associated with a 32-bit app on 64-bit clients**, choose **No**. 15. Select **Next**. 16. On the Dependencies screen, select **Next**. 17. On the Assignments screen, add and groups or users to the configuration and select **Next**. 18. On the **Review + create** screen, select **Create**. ### App Store > [!TIP] Endpoints must qualify for app store method > In order for this method to work, endpoint devices must have access to the Microsoft App Store and must support the Intune Management Extension (IME). > > Please note that Bitwarden desktop apps from the Microsoft App Store do not currently support biometric integration with browser extensions ([learn more](https://bitwarden.com/it-it/help/biometrics/)). To deploy the Microsoft App Store version of Bitwarden Password Manager, open the Microsoft Intune portal and complete the following steps: 1. In the Intune Portal, navigate to **Apps** → **Windows** and select + **Add**. 2. In the Select app type window, use the **App type** dropdown to select **Microsoft Store app (new)**. 3. Hit **Select**. 4. On the App information screen, select **Search the Microsoft Store app (new**). 5. Search for Bitwarden and hit **Select** once you've found and highlighted it. 6. Choose an **Install behavior**, more information can be found by hovering over the ℹ️ icon on that page. 7. Select **Next**. 8. On the Assignments screen, add and groups or users to the configuration and select **Next**. 9. On the **Review + create** screen, select **Create**. --- URL: https://bitwarden.com/it-it/help/deploy-key-connector/ --- # Deploy Key Connector > [!NOTE] TDE is a good alternative to KC. > Bitwarden recommends [trusted device decryption](https://bitwarden.com/it-it/help/about-trusted-devices/) as an alternative option to Key Connector that facilitates member login without a master password and does not require deploying or managing a key server. This article will walk you through the procedure for enabling and configuring Key Connector in an existing self-hosted environment. **Before proceeding**, please thoroughly review the [about Key Connector](https://bitwarden.com/it-it/help/about-key-connector/) article to ensure a full understanding of what Key Connector is, how it works, and the impacts of implementation. Bitwarden supports deployment of one Key Connector for use by one organization for a self-hosted instance. ## Requirements > [!NOTE] > Management of cryptographic keys is incredibly sensitive and is **only recommended for enterprises with a team and infrastructure** that can securely support deploying and managing a key server. In order to use Key Connector you must: - [Have an Enterprise organization](https://bitwarden.com/it-it/help/password-manager-plans/#enterprise-organizations/). - [Have a self-hosted Bitwarden server deployed with Docker](https://bitwarden.com/it-it/help/install-on-premise-linux/). - [Have an active SSO implementation](https://bitwarden.com/it-it/help/about-sso/). - [Activate the Single organization and Require single sign-on policies](https://bitwarden.com/it-it/help/policies/). If your organization meets or can meet these requirements, including a team and infrastructure that can support management of a key server, [contact us](https://bitwarden.com/it-it/contact/) and we'll activate Key Connector. ## Setup & deploy Key Connector **Once you have contacted us regarding Key Connector**, we'll reach out to kick off a Key Connector discussion. The steps that follow in this article must be completed in collaboration with Bitwarden customer success & implementation specialists. ### Obtain new license file Once you have contacted us regarding Key Connector, a member of the customer success & implementation team will generate a Key Connector-enabled license file for your organization. When your Bitwarden collaborator instructs you it is ready, complete the following steps to obtain the new license: 1. Open the Bitwarden cloud web app and navigate to your organization's **Billing** → **Subscription** screen in the Admin Console. 2. Scroll down and select the **Download License** button. 3. When prompted, enter the installation ID that was used to install your self-hosted server and select **Submit**. If you don't know your installation ID off-hand, you can retrieve it from `./bwdata/env/global.override.env`. You won't need your license file immediately, but you will be required to upload it to your self-hosted server [in a later step](https://bitwarden.com/it-it/help/deploy-key-connector/#activate-key-connector/). ### Initialize Key Connector To prepare your Bitwarden server for Key Connector: 1. Save a [backup](https://bitwarden.com/it-it/help/backup-on-premise/) of, at a minimum, `.bwdata/mssql`. Once Key Connector is in use, it's recommended that you have access to a pre-Key Connector backup image in case of an issue. > [!NOTE] Using external MSSQL > If you are using an [external MSSQL database](https://bitwarden.com/it-it/help/external-db/), take a backup of your database in whatever way fits your implementation. 2. Update your self-hosted Bitwarden installation in order to retrieve the latest changes: ``` ./bitwarden.sh update ``` 3. Edit the `.bwdata/config.yml` file and enable Key Connector by toggling `enable_key_connector` to `true`. ``` nano bwdata/config.yml ``` 4. Rebuild your self-hosted Bitwarden installation: ``` ./bitwarden.sh rebuild ``` 5. Update your self-hosted Bitwarden installation again in order to apply the changes: ``` ./bitwarden.sh update ``` ### Configure Key Connector To configure Key Connector: 1. Edit the `.bwdata/env/key-connector.override.env` file that will have been downloaded with the `./bitwarden.sh update`. ``` nano bwdata/env/key-connector.override.env ``` > [!NOTE] > This file will be pre-populated with default values that will spin up a functional local Key Connector setup, however the **default values are not recommended for production environments**. 2. In `key-connector.override.env`, you will need to specify values for the following: - [Endpoints](https://bitwarden.com/it-it/help/deploy-key-connector/#endpoints/): What Bitwarden endpoints Key Connector can communicate with. - [Database](https://bitwarden.com/it-it/help/deploy-key-connector/#database/): Where Key Connector will store and retrieve user keys. - [RSA key pair](https://bitwarden.com/it-it/help/deploy-key-connector/#rsa-key/): How Key Connector will access an RSA key pair to protect user keys at rest. #### Endpoints Automated setup will populate endpoint values based on your installation configuration, however it's recommended that you confirm the following values in `key-connector.override.env` are accurate for your setup: ``` keyConnectorSettings__webVaultUri=https://your.bitwarden.domain.com keyConnectorSettings__identityServerUri=http://identity:5000 ``` #### Database Key Connector must access a database which stores encrypted user keys for your organization members. Create a secure database to store encrypted users keys and replace the default `keyConnectorSettings__database__` values in `key-connector.override.env` with the values designated in the **Required Values** column for the chosen database: > [!NOTE] > Migration from one database to another is **not supported** at this time. Regardless of which provider you choose, **implement a frequent automated backup schedule** for the database. | **Database** | **Required values** | |------|------| | Local JSON (**default**) | **Not recommended outside of testing.** `keyConnectorSettings__database__provider=json` `keyConnectorSettings__database__jsonFilePath={File_Path}` | | Microsoft SQL Server | `keyConnectorSettings__database__provider=sqlserver` `keyConnectorSettings__database__sqlServerConnectionString={Connection_String}` [Learn how to format MSSQL connection strings](https://docs.microsoft.com/en-us/sql/connect/ado-net/connection-string-syntax?view=sql-server-ver15) | | PostgreSQL | `keyConnectorSettings__database__provider=postgresql` `keyConnectorSettings__database__postgreSqlConnectionString={Connection_String}` [Learn how to format PostgreSQL connection strings](https://www.npgsql.org/doc/connection-string-parameters.html) | | MySQL/MariaDB | `keyConnectorSettings__database__provider=mysql` `keyConnectorSettings__database__mySqlConnectionString={Connection_String}` [Learn how to format MySQL connection strings](https://dev.mysql.com/doc/connector-net/en/connector-net-connections-string.html) | | MongoDB | `keyConnectorSettings__database__provider=mongo` `keyConnectorSettings__database__mongoConnectionString={Connection_String}` `keyConnectorSettings__database__mongoDatabaseName={DatabaseName}` [Learn how to format MongoDB connection strings](https://docs.mongodb.com/manual/reference/connection-string/) | #### RSA key pair Key Connector uses an RSA key pair to protect user keys at rest. Create a key pair and replace the default `keyConnectorSettings__rsaKey__` and `keyConnectorSettings__certificate__` values in `key-connector.override.env` with the values required for your chosen implementation. > [!NOTE] > The RSA key pair must be **at a minimum** 2048 bits in length. Generally, your options include granting Key Connector access to an X509 **Certificate** that contains the key pair or granting Key Connector access directly to the **Key Pair**. Key Connector does not support rotation of certificates or RSA key pairs. ### Certificate To use an X509 certificate that contains an RSA key pair, specify the values required depending on the location where your certificate is stored (see **Filesystem**, **OS Certificate Store**, and so on): > [!NOTE] > The certificate **must** be made available as a PKCS12 `.pfx` file, for example: > > > ``` > openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout bwkc.key -out bwkc.crt -subj "/CN=Bitwarden Key Connector" -days 36500 > > openssl pkcs12 -export -out ./bwkc.pfx -inkey bwkc.key -in bwkc.crt -passout pass:{Password} > ``` > > In all certificate implementations, you'll need the `CN` value shown in this example. #### Filesystem (default) If the certificate is stored on the filesystem of the machine running Key Connector, specify the following values: > [!NOTE] > By default, Key Connector will be configured to create a `.pfx` file located at `etc/bitwarden/key-connector/bwkc.pfx` with a generated password. **It is not recommended** for enterprise implementations to use these defaults. ``` keyConnectorSettings__rsaKey__provider=certificate keyConnectorSettings__certificate__provider=filesystem keyConnectorSettings__certificate__filesystemPath={Certificate_Path} keyConnectorSettings__certificate__filesystemPassword={Certificate_Password} ``` #### Azure Blob Storage If the certificate is uploaded to Azure Blob Storage, specify the following values: ``` keyConnectorSettings__rsaKey__provider=certificate keyConnectorSettings__certificate__provider=azurestorage keyConnectorSettings__certificate__azureStorageConnectionString={Connection_String} keyConnectorSettings__certificate__azureStorageContainer={Container_Name} keyConnectorSettings__certificate__azureStorageFileName={File_Name} keyConnectorSettings__certificate__azureStorageFilePassword={File_Password} ``` Set `azureStorageConnectionString` to a **Connection string**you can generate in your Azure portal from the **Shared access signature** (SAS) page of your storage account. The SAS must have: - Allowed services: Blob and File - Allowed resource types: Service, Container, and Object - Allowed permissions: Read, Write, and List - Allowed blob index permissions: Read/Write and Filter #### Azure Key Vault If certificate is stored in Azure Key Vault, specify the following values: > [!NOTE] > To use Azure Key Vault to store your `.pfx` certificate, you'll need to create an Active Directory **App Registration**. This App Registration must: > > - Give delegated API permissions to access Azure Key Vault > - Have a client secret generated to allow access by Key Connector ``` keyConnectorSettings__certificate__provider=azurekv keyConnectorSettings__certificate__azureKeyvaultUri={Vault_URI} keyConnectorSettings__certificate__azureKeyvaultCertificateName={Certificate_Name} keyConnectorSettings__certificate__azureKeyvaultAdTenantId={ActiveDirectory_TenantId} keyConnectorSettings__certificate__azureKeyvaultAdAppId={AppRegistration_ApplicationId} keyConnectorSettings__certificate__azureKeyvaultAdSecret={AppRegistration_ClientSecretValue} ``` #### Hashicorp Vault If the certificate is stored in Hashicorp Vault, specify the following values: > [!NOTE] > Key Connector integrates with the Hashicorp Vault KV2 Storage Engine. As per the top of this tab, the certificate file should be in PKCS12 format and stored base64-encoded as the value to a named key in your Vault. If following a Vault tutorial for the KV2 Storage Engine, the key name may be `file` unless otherwise specified. ``` keyConnectorSettings__rsaKey__provider=certificate keyConnectorSettings__certificate__provider=vault keyConnectorSettings__certificate__vaultServerUri={Server_URI} keyConnectorSettings__certificate__vaultToken={Token} keyConnectorSettings__certificate__vaultSecretMountPoint={Secret_MountPoint} keyConnectorSettings__certificate__vaultSecretPath={Secret_Path} keyConnectorSettings__certificate__vaultSecretDataKey={Secret_DataKey} keyConnectorSettings__certificate__vaultSecretFilePassword={Secret_FilePassword} ``` ### Cloud key pair To use a cloud provider or physical device to store to a RSA 2048 key pair, specify the values required depending on your chosen implementation (see **Azure Key Vault**, **Google Cloud Key Management**, and so on): #### Azure Key Vault If you are using Azure Key Vault to store a RSA 2048 key pair, specify the following values: > [!NOTE] > To use Azure Key Vault to store your RSA 2048 key, you'll need to create an Active Directory **App Registration**. This App Registration must: > > - Give delegated API permissions to access Azure Key Vault > - Have a client secret generated to allow access by Key Connector ``` keyConnectorSettings__rsaKey__provider=azurekv keyConnectorSettings__rsaKey__azureKeyvaultUri={Vault_URI} keyConnectorSettings__rsaKey__azureKeyvaultKeyName={Key_Name} keyConnectorSettings__rsaKey__azureKeyvaultAdTenantId={ActiveDirectory_TenantId} keyConnectorSettings__rsaKey__azureKeyvaultAdAppId={AppRegistration_ApplicationId} keyConnectorSettings__rsaKey__azureKeyvaultAdSecret={AppRegistration_ClientSecretValue} ``` [Learn how to use Azure Key Vault to create a key pair](https://docs.microsoft.com/en-us/azure/key-vault/keys/quick-create-portal) #### Google Cloud Key Management If you are using Google Cloud Key Management to store a RSA 2048 key pair, specify the following values: ``` keyConnectorSettings__rsaKey__provider=gcpkms keyConnectorSettings__rsaKey__googleCloudProjectId={Project_Id} keyConnectorSettings__rsaKey__googleCloudLocationId={Location_Id} keyConnectorSettings__rsaKey__googleCloudKeyringId={Keyring_Id} keyConnectorSettings__rsaKey__googleCloudKeyId={Key_Id} keyConnectorSettings__rsaKey__googleCloudKeyVersionId={KeyVersionId} ``` [Learn how to use Google Cloud Key Management Service to create key rings and asymmetric keys](https://cloud.google.com/kms/docs/creating-asymmetric-keys) #### AWS Key Management Service If you are using AWS Key Management Service (KMS) to store a RSA 2048 key pair, specify the following values: ``` keyConnectorSettings__rsaKey__provider=awskms keyConnectorSettings__rsaKey__awsAccessKeyId={AccessKey_Id} keyConnectorSettings__rsaKey__awsAccessKeySecret={AccessKey_Secret} keyConnectorSettings__rsaKey__awsRegion={Region_Name} keyConnectorSettings__rsaKey__awsKeyId={Key_Id} ``` [Learn how to use AWS KMS to create asymmetric keys](https://docs.aws.amazon.com/kms/latest/developerguide/asymm-create-key.html) ### PKCS#11 HSM If you are using a physical HSM device with the PKCS#11 provider to store a private key, you will need to: 1. Upload the corresponding public key, configured as a PEM-encoded certificate, to a location which can be accessed by the Key Connector container (see **Certificates** tab). 2. Configure Key Connector with the following values, which include *both* PKCS#11-specific values (e.g. `keyConnectorSettings__rsaKey__pkcs11...`) and values specific to the location you've chosen store your public key (e.g. k`eyConnectorSettings_certificate_...`): ``` keyConnectorSettings__rsaKey__provider=pkcs11 keyConnectorSettings__rsaKey__pkcs11Provider={Provider} keyConnectorSettings__rsaKey__pkcs11SlotTokenSerialNumber={Token_SerialNumber} keyConnectorSettings__rsaKey__pkcs11LoginUserType={Login_UserType} keyConnectorSettings__rsaKey__pkcs11LoginPin={Login_PIN} ONE OF THE FOLLOWING TWO: keyConnectorSettings__rsaKey__pkcs11PrivateKeyLabel={PrivateKeyLabel} keyConnectorSettings__rsaKey__pkcs11PrivateKeyId={PrivateKeyId} OPTIONALLY: keyConnectorSettings__rsaKey__pkcs11LibraryPath={path/to/library/file} ``` > [!TIP] Referencing local files for PKCS#11 Configuration > Key Connector may need to access specific files, such as a local PEM certificate or PPKCS#11 driver files. By default, the directory `./bwdata/key-connector` is mounted into the container at `/etc/bitwarden/key-connector`, meaning that a certificate file stored in the host OS at `/opt/bitwarden/bwdata/key-connector/certificate.pem` is available to the container at `/etc/bitwarden/key-connector/certificate.pem`. Key Connector configurations **must** reference files in their mounted locations, as in the following example: > > > ```plain text > keyConnectorSettings__certificate__filesystemPath=/etc/bitwarden/key-connector/certificate.pem > ``` **Required in all circumstances:** - `keyConnectorSettings__rsaKey__provider=`: Must be `pkcs11`. - `keyConnectorSettings__rsaKey__pkcs11Provider=`: Must be `yubihsm` or `opensc`. - `keyConnectorSettings__rsaKey__pkcs11SlotTokenSerialNumber=`: Serial number used to identify the token to be used. - `keyConnectorSettings__rsaKey__pkcs11LoginUserType=`: Can be `user`, `so`, or `context_specific`. - `keyConnectorSettings__rsaKey__pkcs11LoginPin=`: PIN code used to access the token. - `keyConnectorSettings__certificate__provider=`: Can be `filesystem`, `azurestorage`, `azurekv`, or `vault`. **Required in some circumstances**: - `keyConnectorSettings__rsaKey__pkcs11PrivateKeyLabel=`: (Required if not using `...__pkcsPrivateKeyId=`, see below) Label, or "alias", of your privatekey. - `keyConnectorSettings__rsaKey__pkcs11PrivateKeyId=`: (Required if not using `...__pkcs11PrivateKeyLabel=`) Unique identifier of your private key. - `keyConnectorSettings__certificate__filesystem...=`: Set both `...__certificate__filesystem...` values if you store your public key on a file system (see **Certificates** tab). - `keyConnectorSettings__certificate__azure...=`: Set all `...__certificate__azure...` values if you store your public key in Azure Blob Storage (see **Certificates** tab). - `keyConnectorSettings__certificate__azureKeyvault...=`: Set all `...__certificate__azureKeyvault...` values if you store your public key in Azure Key Vault (see **Certificates** tab). - `keyConnectorSettings__certificate__vault...=`: Set all `...__certificate__vault...` values if you store your public key in Hashicorp Vault (see **Certificates** tab). **Optional**: - `keyConnectorSettings__rsaKey__pkcs11LibraryPath=`: Optionally, point Key Connector to a library file, for example `=/etc/bitwarden/libfxpkcs11.so`. Doing so will supersede the value `keyConnectorSettings__rsaKey__pkcs11Provider=`. ### Securing Key Connector Additional security measures for Key Connector users are recommended to maintain zero-knowledge encryption for databases and data transfers. - Organizations who use a TLS intercepting proxy will be required to take additional steps in order to maintain zero-knowledge encryption. To ensure security, add the Bitwarden URL to your proxy's exclusion list, this will ensure that the data transfer with Key Connector remains encrypted and un-logged throughout the entire data transfer process. - It is not always possible to migrate between encryption mechanisms. - Migration from one database to another is **not supported** at this time. Be sure to implement a frequent automated backup schedule for the database. > [!NOTE] > Management of cryptographic keys is incredibly sensitive and is **only recommended for enterprises with a team and infrastructure** that can securely support deploying and managing a key server. ### Activate Key Connector Now that Key Connector is [fully configured](https://bitwarden.com/it-it/help/deploy-key-connector/#configure-key-connector/) and you have a [Key Connector-enabled license](https://bitwarden.com/it-it/help/deploy-key-connector/#obtain-a-new-license/), complete the following steps: 1. Restart your self-hosted Bitwarden installation in order to apply the configuration changes: ``` ./bitwarden.sh restart ``` 2. Log in to your self-hosted Bitwarden as an organization**owner** and navigate to the Admin Console's **Billing** → **Subscription** screen. 3. Select the **Update license** button and upload the Key Connector-enabled license [retrieved in an earlier step](https://bitwarden.com/it-it/help/deploy-key-connector/#obtain-new-license-file/). 4. If you haven't already, navigate to the **Settings**→ **Policies** screen and enable the [Single organization](https://bitwarden.com/it-it/help/policies/#single-organization/) and [Require single sign-on authentication](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/) policies. **Both are required to use Key Connector**. 5. Navigate to the **Settings**→ **Single sign-on** screen. > [!NOTE] > The next few steps assume that you already have an active [login with SSO](https://bitwarden.com/it-it/help/about-sso/) implementation using [SAML 2.0](https://bitwarden.com/it-it/help/configure-sso-saml/) or [OIDC](https://bitwarden.com/it-it/help/configure-sso-oidc/). **If you don't**, please implement and test login with SSO before proceeding. 6. In the **Member decryption options** section, select **Key Connector**. 7. In the **Key Connector URL** input, enter the address Key Connector is running at (by default, `https://your.domain/key-connector`) and select the **Test** button to ensure you can reach Key Connector. 8. Scroll to the bottom of the screen and select **Save**. --- URL: https://bitwarden.com/it-it/help/deploy-mobile-apps-with-intune/ --- # Deploy Mobile Apps with Intune When operating Bitwarden in a business setting, administrators may want to automate deployment of Bitwarden mobile apps to users with **Microsoft Intune**. Bitwarden mobile apps can be deployed to managed devices with Intune. On **Android,** the Google Play store and on iOS, use the **Apple** App Store. Follow Microsoft's official documentation for instructions on how to do this: - **Android**: See Microsoft's documentation [here](https://learn.microsoft.com/en-us/mem/intune-service/apps/store-apps-android). - **iOS**: See Microsoft's documentation [here](https://learn.microsoft.com/en-us/mem/intune-service/apps/store-apps-ios). --- URL: https://bitwarden.com/it-it/help/desktop-app-feature-support/ --- # Desktop App Feature Support The Bitwarden desktop app is available for Windows, macOS, and Linux through a variety of channels, or installation methods, however each channel may offer different functionality. This article defines which features are available through which channels, and can be used to help you decide which method you'd like to use to install the desktop app: > [!TIP] Features descriptions are below. > Jump to the bottom of this page for [descriptions of each of the features](https://bitwarden.com/it-it/help/desktop-app-feature-support/#feature-descriptions/) listed in these tables. ## Operating systems ### Windows | Feature | [Installer (.exe)](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) | [Microsoft Store](https://apps.microsoft.com/detail/9pjsdv0vpk04?hl=en-US&gl=US) | [Portable App (.exe)](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) | |------|------|------|------| | Automatic Updates | ✓ | ✓ | | | Desktop Biometrics | ✓ | | ✓ | | Extension Biometrics | ✓ | | ✓ | | Integration with OS | ✓ | ✓ | ✓ | | Startup on Launch | ✓ | | ✓ | | Direct Importer | ✓ | | | | Secure Storage | ✓ | ✓ | | | Process Isolation | ✓ | ✓ | | ### macOS | Feature | [Installer (.dmg)](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) | [App Store](https://apps.apple.com/us/app/bitwarden/id1352778147?mt=12) | |------|------|------| | Automatic Updates | ✓ | ✓ | | Desktop Biometrics | | ✓ | | Extension Biometrics | | ✓ | | Integration with OS | ✓ | ✓ | | Startup on Launch | ✓ | ✓ | | Direct Importer | ✓ | | | Secure Storage | ✓ | ✓ | | Process Isolation | ✓ | ✓ | ### Linux | Feature | [AppImage](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) | [Snap](https://snapcraft.io/bitwarden) | [Flatpak](https://flathub.org/apps/com.bitwarden.desktop) | [.deb](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) | [.rpm](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) | |------|------|------|------|------|------| | Automatic Updates | * | ✓ | ✓ | | | | Desktop Biometrics | ✓ | ✓ | ** | ✓ | ✓ | | Extension Biometrics | ✓ | ✓ | ✓ | ✓ | ✓ | | Integration with OS | * | ✓ | ✓ | ✓ | ✓ | | Startup on Launch | | ✓ | ✓ | ✓ | ✓ | | Direct Importer | ✓ | | | | | | Secure Storage | ✓ | *** | *** | *** | *** | | Process Isolation | **** | | ✓ | **** | **** | * - Can be set up with applications like AppImageLauncher. ** - Requires manual installation of [this policy](https://github.com/bitwarden/clients/blob/main/apps/desktop/resources/com.bitwarden.desktop.policy) via Polkit. *** - Requires `libsecret` to be installed. **** - Only the `main` process is isolated. ## Feature descriptions | Feature | Description | |------|------| | Automatic Updates | The desktop app will automatically update to the newest version when one is available. | | Desktop Biometrics | The desktop app can be unlocked with biometrics. | | Integration with OS | The desktop app will automatically integrate with your desktop for features like desktop shortcuts and application shortcuts. | | Startup on Launch | The desktop app can be set to automatically startup on the launch of your device. | | Extension Biometrics | The desktop app can be used to unlock a browser extension with biometrics. | | Direct Importer | The desktop app can be used to directly import data from a supported web browser's credential manager (e.g. Google Password Manager). | | Secure Storage | The desktop app will store access tokens and biometric unlock data securely according to OS methodologies: - On Windows, Windows Credential Manager. - On macOS, Keychain. - On Linux, `libsecret`. | | Process Isolation | The desktop app separates components into different sandboxed processes, so that if one component is compromised, attackers cannot easily access sensitive data like encryption keys or system resources in the other processes. | --- URL: https://bitwarden.com/it-it/help/developer-quick-start/ --- # Developer Quick Start Bitwarden Secrets Manager enables developers, DevOps, and cybersecurity teams to centrally store, manage, and deploy secrets at scale. The [Secrets Manager CLI](https://bitwarden.com/it-it/help/secrets-manager-cli/) is your primary vehicle for injecting [secrets](https://bitwarden.com/it-it/help/secrets/) into your applications and infrastructure through an authenticated [machine account](https://bitwarden.com/it-it/help/machine-accounts/). In this article, we'll demonstrate use of the Secrets Manager CLI by looking at a few ways to retrieve database credentials stored in your vault to be injected at container runtime for a [Bitwarden Unified](https://bitwarden.com/it-it/help/install-and-deploy-lite/) Docker image. > [!TIP] Look for SDK > If you're looking for SDK information and language wrappers for Secrets Manager functionality, refer to [this article](https://bitwarden.com/it-it/help/secrets-manager-sdk/). If you haven't already gone through the [Secrets Manager Quick Start](https://bitwarden.com/it-it/help/secrets-manager-quick-start/) article, we recommend doing so before reading on. ## Basic tutorial In this most simple example, you'll retrieve database credentials stored in your vault and store them as temporary environment variables on a Linux system. Once stored, you'll inject them at runtime inside a `docker run` command. To do this, you'll need to have installed: - Bitwarden [Secrets Manager CLI](https://bitwarden.com/it-it/help/secrets-manager-cli/) - [Docker](https://docs.docker.com/get-docker/) - A [command-line JSON processor like jq](https://stedolan.github.io/jq/)  ### Authenticate The Secrets Manager CLI can be logged in to using an [access token](https://bitwarden.com/it-it/help/access-tokens/) generated for a particular [machine account](https://bitwarden.com/it-it/help/machine-accounts/). This means that **only secrets and projects which the machine account has access to**may be interacted with using the CLI (learn more about [machine account permissions](https://bitwarden.com/it-it/help/service-accounts/#create-a-service-account/)). There are a number of ways to authenticate a CLI session, but for the simplest option do so by saving an environment variable `BWS_ACCESS_TOKEN` with the value of your access token, for example: ``` export BWS_ACCESS_TOKEN=0.48c78342-1635-48a6-accd-afbe01336365.C0tMmQqHnAp1h0gL8bngprlPOYutt0:B3h5D+YgLvFiQhWkIq6Bow== ``` ### Retrieve the secret Next, use the following command to retrieve your database username and store it as a temporary environment variable. In this example, `fc3a93f4-2a16-445b-b0c4-aeaf0102f0ff` represents the specific identifier for the database username secret: ``` export SECRET_1=$(bws secret get fc3a93f4-2a16-445b-b0c4-aeaf0102f0ff | jq '.value') ``` This command will save the `value` of your secret to a temporary environment variable, which will be cleared on system reboot, user logout, or in any new shell. Now, run the same command for the database password: ``` export SECRET_2=$(bws secret get 80b55c29-5cc8-42eb-a898-acfd01232bbb | jq '.value') ``` ### Inject the secret Now that your database credentials are saved as temporary environment variables, they can be injected inside a `docker run` command. In this example, we've omitted many of variables required by [Bitwarden Unified](https://bitwarden.com/it-it/help/install-and-deploy-lite/) to emphasize the injected secrets: ``` docker run -d --name bitwarden .... -env BW_DB_USERNAME=$SECRET_1 BW_BD_PASSWORD=$SECRET_2 .... bitwarden/self-host:beta ``` When this command is run, your Docker container will start up and inject your database credentials from the temporarily stored environment variables, allowing you to securely spin up Bitwarden Unified without passing sensitive values as plaintext. ## Advanced tutorial In this example, you'll use the Secrets Manager CLI in your Docker image to inject database credentials stored in your vault at runtime. You'll accomplish this by manipulating your Dockerfile to install the CLI on the image, instead of on the host, and to retrieve the database credentials at container runtime. You'll then prepare your environment variables file for injection and string it all together by running a container. ### Setup your Dockerfile To install the Secrets Manager CLI in your Docker image, you'll need to add the following to your Dockerfile: ```plain text # Install dependencies ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && \ apt-get install -y \ ca-certificates \ curl \ jq \ unzip && \ rm -rf /var/lib/apt/lists/* # Download bws RUN curl -LO https://github.com/bitwarden/sdk/releases/download/bws-v1.0.0/bws-x86_64-unknown-linux-gnu-1.0.0.zip && \ unzip bws-x86_64-unknown-linux-gnu-1.0.0.zip -d /usr/local/bin/ && \ rm -f bws-x86_64-unknown-linux-gnu-1.0.0.zip # Add anything else you will need to your image # Entrypoint script will retrieve secrets at runtime COPY ./entrypoint.sh / ENTRYPOINT ["/entrypoint.sh"] ``` Next, use an `entrypoint.sh` file in order to inject secrets at run time. One method is to construct `RUN` statements in your `entrypoint.sh` file that will retrieve each credential . This however, is not the only method you'd be able to implement: ```plain text #!/usr/bin/env bash # One way to retrieve individual secrets is to use the `get` command and extract the value: SECRET_1=$(bws secret get fc3a93f4-2a16-445b-b0c4-aeaf0102f0ff | jq '.value') # Another option., this method is sensitive to spaces in the secret name. See the `run` command documentation for more options bws run -- 'echo $SECRET_NAME' # Run your project ``` These `RUN` statements will prompt your Dockerfile to retrieve the indicated secrets, where `fc3a93f4-2a16-445b-b0c4-aeaf0102f0ff` represents the secret's specific identifier. The other option included in the code example represents the secret's name, `'echo $SECRET_NAME'`. ### Build the image To build the docker image, first make `entrypoint.sh` executable: ```plain text chmod +x ./entrypoint.sh ``` Build the image: ```plain text docker build -t image-name ``` ### Run the container Now that your database credentials are primed and ready for injection, start up your container: ``` docker run --rm -it -e BWS_ACCESS_TOKEN= image-name ``` When this command is run, your Docker container will start up and inject your database credentials from the values retrieved by the container, allowing you to securely spin up Bitwarden Unified without passing sensitive values as plaintext. --- URL: https://bitwarden.com/it-it/help/directory-sync-cli/ --- # Directory Connector CLI The Directory Connector CLI is suited toward work in environments where a desktop GUI is unavailable, or if you want to programmatically script directory sync operations using tools provided by the operating system (cron job, scheduled task, and more). The Directory Connector CLI can be used cross-platform on Windows, macOS, and Linux distributions. ## Getting started > [!TIP] Using BWDC GUI to Get Started > The desktop app and CLI [share a database and configurations](https://bitwarden.com/it-it/help/directory-sync-shared/), so **simultaneous** use on a single machine is not recommended. The recommended path is to complete configuration and testing using the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/), and subsequently using the [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/) to [schedule automatic syncing](https://bitwarden.com/it-it/help/schedule-directory-sync/) to your production organization. To get started using the Bitwarden Directory Connector CLI: 1. Download the CLI from one of the following links: - 🪟 [Windows CLI](https://bitwarden.com/download/?app=connector&platform=windows&variant=cli-zip) - 🍎 [macOS CLI](https://bitwarden.com/download/?app=connector&platform=macos&variant=cli-zip) - 🐧 [Linux CLI](https://bitwarden.com/download/?app=connector&platform=linux&variant=cli-zip) 2. Extract the `.zip` and move the contents (`bwdc` and `keytar.node`) to `/usr/local/bin` or another directory in your `$PATH`. Please note, `keytar.node` **must** be in the same directory as the primary `bwdc` executable. **Linux only:** If not already installed, install `libsecret` with your package manager of choice. Note that the package is titled `libsecret-1-0` for Ubuntu and Debian specifically, users should find the equivalent title for their particular distribution: ``` apt-get install libsecret-1-0 brew install libsecret ``` **Windows only:** Windows users can add `bwdc.exe` [to the current user's PATH](https://www.howtogeek.com/118594/how-to-edit-your-system-path-for-easy-command-line-access/). 3. Verify that the `bwdc` command works in your terminal by running the following: ``` bwdc --help ``` 4. Connect Directory Connector to your directory using the `bwdc config ` command (see [here](https://bitwarden.com/it-it/help/directory-sync-cli/#config/)). 5. Configure sync options by editing your `data.json` file (to learn more, see [Directory Connector File Storage](https://bitwarden.com/it-it/help/directory-sync-shared/)). Use the `bwdc data-file` command to obtain the absolute path of your `data.json` file. Available **sync options** depend on the directory type in use, so refer to one of the following articles for a list of options available to you: - [Sync with Active Directory or LDAP](https://bitwarden.com/it-it/help/ldap-directory/) - [Sync with Microsoft Entra ID](https://bitwarden.com/it-it/help/microsoft-entra-id/) - [Sync with G Suite (Google)](https://bitwarden.com/it-it/help/workspace-directory/) - [Sync with Okta](https://bitwarden.com/it-it/help/okta-directory/) - [Sync with OneLogin](https://bitwarden.com/it-it/help/onelogin-directory/) 6. Run the `bwdc test` command to check whether your configuration would sync the expected results. 7. Once your directory and sync options are properly configured, and `bwdc test` yields the expected results, run the `bwdc sync` command to start a live sync operation. > [!NOTE] --pretty in bwdc > The `--pretty` flag can be included in bdwc commands to modify the output for readability. ## Commands reference ### login Use the `login` command to log in to Directory Connector with your [organization API key](https://bitwarden.com/it-it/help/public-api/#authentication/). If you don't have the API key, reach out to an [organization owner](https://bitwarden.com/it-it/help/user-types-access-control/). There are a few ways to use the `login` command: - By itself: ``` bwdc login ``` Passing `bwdc login` by itself will prompt you to subsequently enter `client_id` and `client_secret`. - With parameters: ``` bwdc login organization.b5351047-89b6-820f-ad21016b6222 yUMB4trbqV1bavhEHGqbuGpz4AlHm9 ``` - With saved environment variables: ``` BW_CLIENTID="organization.b5351047-89b6-820f-ad21016b6222" BW_CLIENTSECRET="yUMB4trbqV1bavhEHGqbuGpz4AlHm9" bwdc login ``` Saving the environment variables `BW_CLIENTID` and `BW_CLIENTSECRET` allows you to login to Directory Connector using only `bwdc login`, which will check for those variables and use them if present. If these environment variables aren't present, you will be prompted to enter your `client_id` and `client_secret`. ### logout Use the `logout` command to logout of the Directory Connector CLI. ``` bwdc logout ``` ### help The Bitwarden Directory Connector CLI is self-documented with `--help` content and examples for every command. List all available commands using the global `--help` option: ``` bwdc --help ``` Use the `--help` option on any specific command to learn more about that command: ``` bwdc test --help bwdc config --help ``` ### test The `test` command queries your directory and prints a JSON formatted array of groups and users that would be synced to your Bitwarden organization whenever you run a real sync operation. ``` bwdc test ``` Use the `--last` option to test only the changes since the last successful sync. ``` bwdc test --last ``` ### sync The `sync` command runs a live sync operation and pushes data to your Bitwarden organization. ``` bwdc sync ``` Synced users and groups will be immediately available in your Bitwarden organization. Newly added users will receive an email invite to your organization. > [!NOTE] Teams Starter + BWDC > If you're on the Teams Starter plan, you are limited to 10 members. Directory Connector will display an error and stop syncing if you try to sync more than 10 members. > > **This plan is no longer available for purchase**. This error does not apply to Teams plans. ### last-sync The `last-sync` command returns an [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) timestamp for the last sync operation that was performed for users or groups. You must specify either `users` or `groups` as an `` to run the command against: ``` bwdc last-sync ``` Returns an empty response if no sync has been performed for the given object. ### config The `config` command allows you to specify your directory settings: ``` bwdc config ``` Available options are: | **Option** | **Description** | |------|------| | `server ` | URL of your self-hosted installation (e.g. `https://business.bitwarden.com`) or EU server (`https://vault.bitwarden.eu`). | | `directory ` | Type of directory to use. See the following table for enumerated values. | | `ldap.password ` | Password for connection to the LDAP server. | | `entra.key ` | Entra ID secret key. | | `gsuite.key ` | Google Workspace/GSuite private key. | | `okta.token ` | Okta token. | | `onelogin.secret ` | OneLogin client secret. | #### `directory-type` values | **Source directory** | **Value** | |------|------| | Active Directory/LDAP | 0 | | Entra ID | 1 | | Google Workspace/GSuite | 2 | | Okta | 3 | | OneLogin | 4 | ### data-file The `data-file` command returns an absolute path to the `data.json` configuration file used by the Directory Connector CLI: ``` bwdc data-file ``` Some configuration settings can be modified for the Directory Connector CLI by editing the `data.json` configuration file directly in your favorite text editor, however `ldap.password`, entra`.key`, `gsuite.key`, `okta.token`, and `onelogin.secret` can **only** be modified from the CLI using [`config`](https://bitwarden.com/it-it/help/directory-sync-cli/#config/)#config, or from the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). ### clear-cache The `clear-cache` command allows you to clear cached data that the application stores while performing sync operations. For more information, see [Clear Sync Cache](https://bitwarden.com/it-it/help/clear-sync-cache/). ``` bwdc clear-cache ``` ### update The `update` command allows you to check if your Directory Connector CLI is up-to-date: ``` bwdc update ``` If a newer version is found, the command will return a URL to download a new version. **The Directory Connector CLI will not automatically update.** You will need to use this URL download the new version manually. > [!NOTE] BWDC desktop and CLI > If you using the CLI and desktop app together, it is important to ensure their versions match whenever in use. Running two different versions may cause unexpected issues. > > Check the version of the Directory Connector CLI using the `--version` global option. ## Troubleshooting ### libsecret missing If you receive an error message referring to the libsecret shared object `Error: libsecret-1.so.0: cannot open shared object file: No such file or directory`, you may need to install libsecret which is required to store things securely on the host. ### dbus Errors If you receive an error message referring to the dbus when using `bwdc config`, for example `Failed to execute child process "dbus-launch" (No such file or directory)` or `Cannot autolaunch D-Bus without X11`, assign the following environment variable to allow plaintext storage of secrets in `data.json`: ``` export BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS=true ``` ### Debug The debug environment variable can be added for troubleshooting information. ```plain text export BITWARDENCLI_CONNECTOR_DEBUG=true ``` ### Unable to get local issuer certificate If you receive an error message that states `unable to get local issuer certificate`, set the `NODE_EXTRA_CA_CERTS` variable to your `root.pem`, for example: ``` export NODE_EXTRA_CA_CERTS="absolute/path/to/your/certificates.pem" ``` If you're using the desktop app, this may also manifest as the following error: `Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.` ### Failing to set private key If you are receiving error `Object does not exist at path "/org/freedesktop/secrets/collection/login" `while configuring your private key, see the following steps to correct the issue. The Bitwarden Directory Connector uses Linux's keyring, check that the following dependancies have been installed: ```bash sudo apt install dbus-x11 gnome-keyring ``` Next, run the following commands to start the daemon: ```bash export $(dbus-launch) dbus-launch gnome-keyring-daemon --start --daemonize --components=secrets echo '' | gnome-keyring-daemon -r -d --unlock ``` Following these commands, try to run the key again, for example: ```bash bwdc config gsuite.key /path/to/key/ ``` --- URL: https://bitwarden.com/it-it/help/directory-sync-desktop/ --- # Directory Connector Desktop App The Directory Connector desktop app is a standalone desktop application that can be used to sync users, groups, and group associations from a selection of directory services. ![Directory Connector Desktop App ](https://bitwarden.com/assets/7r6eylncijFasEUrKXe2Hk/b6eec60c8a6452a300eeba5272c46ea4/app.png) Directory Connector is also available as a [CLI tool](https://bitwarden.com/it-it/help/directory-sync-cli/). The desktop app and CLI [share a database and configurations](https://bitwarden.com/it-it/help/directory-sync-shared/), so **simultaneous** use on a single machine is not recommended. The recommended path is to complete configuration and testing using the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/), and subsequently using the [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/) to [schedule automatic syncing](https://bitwarden.com/it-it/help/schedule-directory-sync/) to your production organization. ## Getting started To get started using the Directory Connector desktop app: 1. Download the latest version of the app from our [GitHub releases page](https://github.com/bitwarden/directory-connector/releases) or by using one of the following official links: - 🪟 [Windows Installer (.exe)](https://bitwarden.com/download/?app=connector&platform=windows) - 🪟 [Windows Portable (.exe)](https://bitwarden.com/download/?app=connector&platform=windows&variant=portable) - 🍎 [macOS (.dmg)](https://bitwarden.com/download/?app=connector&platform=macos) - 🐧 [Linux (.AppImage)](https://bitwarden.com/download/?app=connector&platform=linux) 2. Set the server URL used by Directory Connector before logging in. This is required if you are self-hosting Bitwarden or using the [EU server](https://bitwarden.com/it-it/help/server-geographies/): 1. On the Login screen, select **Settings**. 2. In the **Server URL** field, enter the domain name for Bitwarden instance with `https://`. For example, `https://vault.bitwarden.eu` or `https://your.domain.bitwarden.com`. 3. Select **Save**. 3. Log in to Directory Connector using your [organization API key](https://bitwarden.com/it-it/help/public-api/#authentication/). If you don't have the API key, reach out to an [organization owner](https://bitwarden.com/it-it/help/user-types-access-control/). 4. On the ⚙️ **Settings** tab, connect to your directory and configure [sync options](https://bitwarden.com/it-it/help/user-group-filters/). This procedure will vary based on the directory in use, so refer to one of the following articles for instruction: - [Sync with Active Directory or LDAP](https://bitwarden.com/it-it/help/ldap-directory/) - [Sync with Azure Active Directory](https://bitwarden.com/it-it/help/microsoft-entra-id/) - [Sync with G Suite (Google)](https://bitwarden.com/it-it/help/workspace-directory/) - [Sync with Okta](https://bitwarden.com/it-it/help/okta-directory/) - [Sync with OneLogin](https://bitwarden.com/it-it/help/onelogin-directory/) > [!NOTE] Clear sync cache > If you are re-configuring sync options, rather than setting them for the first time, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations ([learn more](https://bitwarden.com/it-it/help/clear-sync-cache/)). 5. On the ⚙️ **Settings** tab, select your organization from the organization dropdown. 6. **Perform a Test Sync**. To check that your directory connection and sync options are successfully configured and working as expected: 1. Open the [dashboard] **Dashboard** tab. 2. Select the **Test Now** button. Sync testing will query the directory server and print the results to the dashboard. Results will include: - A list of users that will be synced from the directory. - A list of groups that will be synced from the directory. - A list of users that will be disabled based on their status in the directory. - A list of users that will be deleted from your organization based on their status in the directory. ![Directory Connector test sync](https://bitwarden.com/assets/6HK5d7qPL22HYTHbgRS1tp/42127d0fde4fea4f645ea7ce807ebadc/Screenshot_2024-08-19_at_1.44.23_PM.png) *Directory Connector test sync* If the printed results match your expectations, you're ready to [start syncing](https://bitwarden.com/it-it/help/directory-sync-desktop/#sync-with-directory-connector/). ## Sync with Directory Connector Directory Connector can be used to run a one-time [manual sync](https://bitwarden.com/it-it/help/directory-sync-desktop/#manual-sync/) or [automatic sync polling](https://bitwarden.com/it-it/help/directory-sync-desktop/#automatic-sync/): ### Manual sync To run a one-time manual sync from your directory to your Bitwarden organization, open the [dashboard] **Dashboard** tab and select the [generate] **Sync Now** button. Synced users will be invited to your organization, and groups will be immediately created. ### Automatic sync Automatic syncing will poll your directory based on the **Interval** specified in your [sync options](https://bitwarden.com/it-it/help/user-group-filters/) as long as the application is open. If you exit or close the application, automatic sync polling will stop. To start automatic sync polling with Directory Connector, open the [dashboard] **Dashboard** tab and select the [play] **Start Sync** button. > [!NOTE] Teams Starter + BWDC > If you're on the Teams Starter plan, you are limited to 10 members. Directory Connector will display an error and stop syncing if you try to sync more than 10 members. > > **This plan is no longer available for purchase**. This error does not apply to Teams plans. --- URL: https://bitwarden.com/it-it/help/directory-sync-shared/ --- # Directory Connector File Storage The desktop app and CLI [share a database and configurations](https://bitwarden.com/it-it/help/directory-sync-shared/), so **simultaneous** use on a single machine is not recommended. The recommended path is to complete configuration and testing using the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/), and subsequently using the [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/) to [schedule automatic syncing](https://bitwarden.com/it-it/help/schedule-directory-sync/) to your production organization. > [!NOTE] Desktop and CLI configuration > We recommend using the desktop app or CLI prior to conditioning the Directory Connector configuration file, as **it is not possible to setup the entirety of Directory Connector from this file**. Authentication values, like keys or secrets, must be set from either the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/) or [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/). ## Config file The Directory Connector configuration file (`data.json`) contains objects you may directly edit in order to: - Set the connection to your directory - Configure sync options It is not possible to setup the entirety of Directory Connector from `data.json`. Authentication values, like keys or secrets, must be set from either the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/) or [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/). ⬇️ [Download a sample configuration file](https://bitwarden.com/assets/1Bkzdf50jZRPq0MRJ85FPi/68b92adf2f5399dc50df1b897a0c0729/data.json) > [!NOTE] Modifying BWDC data.json > Avoid opening or modifying `data.json` while the Directory Connector desktop app or CLI executable is running. ### Location The location of `data.json` depends on which platform is in use: - Windows : `%AppData%\Bitwarden Directory Connector` - Portable: `.\bitwarden-connector-appdata` - macOS: `~/Library/Application Support/Bitwarden Directory Connector` - Linux: `~/.config/Bitwarden Directory Connector` > [!NOTE] > Using the Directory Connector [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/), run the `data-file` command to discover the absolute path to the `data.json`. ## Secret storage By default, the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/) and [CLI](https://bitwarden.com/it-it/help/directory-sync-desktop/) both use a secure method for persisting sensitive data (such as your directory account password, API keys, and so on). On Linux systems this requires [GNOME Keyring](https://wiki.archlinux.org/index.php/GNOME/Keyring) and [X11](https://en.wikipedia.org/wiki/X_Window_System), which are usually reserved for desktop environments. If you are using a headless Linux environment you may encounter errors such as: ``` Cannot autolaunch D-Bus without X11 $DISPLAY ``` ### Secret storage in headless environments If a secure storage environment is not available, you can configure the Directory Connector CLI to use plaintext storage of secrets. To do so, set the following environment variable to override secure storage, for example by running `sudo -H gedit /etc/environment`: ``` BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS=true ``` With plaintext storage enabled, you can then configure all settings directly, in plaintext, from the `data.json` configuration file. > [!NOTE] Plaintext storage not compatible with BWDC desktop app > Plaintext storage of secrets is not compatible with the Directory Connector desktop app. You should only use the Directory Connector CLI with plaintext storage of secrets. --- URL: https://bitwarden.com/it-it/help/directory-sync/ --- # About Directory Connector > [!NOTE] Different user provisioning methods > This article discusses only one of the available methods to invite users and manage your subscription’s seat count: > > - All organizations can [manually invite users](https://bitwarden.com/it-it/help/managing-users/) and update the [seat count](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/). > - Teams and Enterprise organizations can use [SCIM](https://bitwarden.com/it-it/help/about-scim/). > - Teams and Enterprise organizations can use [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/). > - Enterprise organizations can use [just-in-time (JIT)](https://bitwarden.com/it-it/help/jit-provisioning/). The Bitwarden Directory Connector app automatically provisions users, groups, and group associations in your Bitwarden organization by pulling from a selection of source directory services. Provisioned users will be issued invitations to join the organization, and can subsequently complete the normal [onboarding procedure](https://bitwarden.com/it-it/help/managing-users/#add-new-members/). Directory Connector can be configured to remove users from your Bitwarden organization when they are disabled from the source directory. This won't delete their Bitwarden accounts, but they will lose all access to your organization. > [!NOTE] Directory connector teams and enterprises > To use Directory Connector, you must have access to your [organization API key](https://bitwarden.com/it-it/help/public-api/#authentication/) which can only be retrieved by an [organization owner](https://bitwarden.com/it-it/help/user-types-access-control/) and securely shared using [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/). ![Directory Connector Diagram](https://bitwarden.com/assets/6RFsU5sJGDLMPawg64sBqM/85c9e9f6e7758944d76c8ecb79ca4af9/Marketing_Diagram_2024__1_.png) A Directory Connector sync operation can be run on-demand or automatically on a configured interval. Directory Connector applications can be installed as an agent on the server that hosts your directory, an administrator's workstation, or any other desktop device that can access the source directory. Directory Connector supports sync from the following sources: - [Active Directory](https://bitwarden.com/it-it/help/ldap-directory/) - [Any LDAP-based directory](https://bitwarden.com/it-it/help/ldap-directory/) - [Microsoft Entra ID](https://bitwarden.com/it-it/help/microsoft-entra-id/) - [Google Workspace](https://bitwarden.com/it-it/help/workspace-directory/) - [Okta](https://bitwarden.com/it-it/help/okta-directory/) - [OneLogin](https://bitwarden.com/it-it/help/onelogin-directory/) ## Directory Connector applications Directory Connector is available as a cross-platform [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/) and as a [command line interface (CLI)](https://bitwarden.com/it-it/help/directory-sync-cli/). The desktop app and CLI [share a database and configurations](https://bitwarden.com/it-it/help/directory-sync-shared/), so **simultaneous** use on a single machine is not recommended. The recommended path is to complete configuration and testing using the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/), and subsequently using the [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/) to [schedule automatic syncing](https://bitwarden.com/it-it/help/schedule-directory-sync/) to your production organization. ![Directory Connector Desktop App ](https://bitwarden.com/assets/7r6eylncijFasEUrKXe2Hk/b6eec60c8a6452a300eeba5272c46ea4/app.png) ### Download Directory Connector Use the following links to download Directory Connector: ### Desktop app Download the latest version of the Directory Connector desktop app from our [GitHub releases page](https://github.com/bitwarden/directory-connector/releases) or by using one of the following official links: - 🪟 [Windows Installer (.exe)](https://bitwarden.com/download/?app=connector&platform=windows) - 🪟 [Windows Portable (.exe)](https://bitwarden.com/download/?app=connector&platform=windows&variant=portable) - 🍎 [macOS (.dmg)](https://bitwarden.com/download/?app=connector&platform=macos) - 🐧 [Linux (.AppImage)](https://bitwarden.com/download/?app=connector&platform=linux) ### CLI Download the latest version of the Directory Connector CLI from one of the following links: - 🪟 [Windows CLI (.exe)](https://bitwarden.com/download/?app=connector&platform=windows&variant=cli-zip) - 🍎 [macOS CLI](https://bitwarden.com/download/?app=connector&platform=macos&variant=cli-zip) - 🐧 [Linux CLI](https://bitwarden.com/download/?app=connector&platform=linux&variant=cli-zip) ## Source code As with everything at Bitwarden, Directory Connector is open source and hosted on GitHub at [github.com/bitwarden/directory-connector](https://github.com/bitwarden/directory-connector). --- URL: https://bitwarden.com/it-it/help/disable-browser-autofill/ --- # Deactivate My Browser's Built-in Password Manager If you're new to Bitwarden, your web browser likely saves and autofills your passwords. Most web browsers enable this by default, even though experts generally agree that [built-in password managers are more vulnerable](https://www.wired.com/2016/08/browser-password-manager-probably-isnt-enough/) than dedicated solutions like Bitwarden. We recommend turning off your browser's built-in password manager to improve your security and prevent interference with Bitwarden. > [!NOTE] Deploying Browser across organization > The Bitwarden browser extension can be deployed across managed endpoints. Learn more about [deploying the Bitwarden browser extension to managed devices](https://bitwarden.com/it-it/help/browserext-deploy/). ## Manually disable a browser's built-in password manager Learn how to disable the built-in password manager for major browsers. > [!NOTE] Chromium instructions > Several modern browsers, including Edge, Opera, and Brave, use a Google Chrome framework called "Chromium". If you are using one of those browsers, use the **Chrome/Chromium** instructions. ### Chrome/Chromium In Chrome or any Chromium-based browser (Opera, and Brave), navigate to the **Passwords** page by entering `chrome://password-manager/settings` in the address bar, substituting `chrome` for your browser name (for example, `brave://password-manager/settings`). On this page, toggle off both the **Offer to save passwords** option and the **Auto Sign-in** option: ![Chrome Password Options ](https://bitwarden.com/assets/6bpi4fkyZhnkhW5RBtugDW/d8e2de4536d6a34f092fd9d5975fd04a/chrome-disable-autofill.png) *Chrome Password Options * This page will also list any **Saved Passwords** that are being stored by the browser: ![Chrome Saved Passwords ](https://bitwarden.com/assets/4P5alfndwwNgCpTYrSCg61/b3545839a8429f28ee7b6ac66559c3ce/chrome-delete-passwords.png) *Chrome Saved Passwords * If you haven't already saved these passwords in Bitwarden, [export them](https://bitwarden.com/it-it/help/import-from-chrome/#export-from-chrome/) to prepare for future import to Bitwarden. Once exported, you should delete these passwords from the browser's storage. ### Edge While Edge is a Chromium based browser, the steps will slightly differ. Navigate to `edge://wallet/settings`. On this page, select **Microsoft Password Manager**: ![Edge disable password](https://bitwarden.com/assets/6tRRYJbZ2xmQZ0ehL2xbvh/4c9c416b6e52c9bd1b3eaf9b75eaaca7/edge-disable-autosave.png) *Edge disable password* Then, set the toggle for **Ask to save password** and **Autofill passwords and passkeys**to **off**: ![Toggle save passwords](https://bitwarden.com/assets/3minVF9zEGs9SuGDSQ9FAE/4c3e66b91f7905a5f65ff164afbb3e01/edge_disable_all.png) *Toggle save passwords* ### Firefox In Firefox, navigate to **Settings** → **Privacy & Security**. Scroll down and uncheck all pre-checked options in the **Passwords**, **Payment methods**, and **Addresses and more**sections: ![Firefox password options ](https://bitwarden.com/assets/72yK5CCMKa9pcfCcdvUZqL/95494d5079e32ae509ea62347ccc9ee8/Firefox_settings.png) *Firefox password options * > [!TIP] Bitwarden has more reporting than Firefox, duh. > Bitwarden Password Manager offers a variety of [reports](https://bitwarden.com/it-it/help/reports/) for premium users, like the Exposed Passwords and Reused Passwords reports, and a **free Data Breach report for all users**. You may also review any logins Firefox has already saved by selecting the **Saved Passwords** button: ![Firefox Saved Logins ](https://bitwarden.com/assets/5UrQ6bGCjV0VdHvy6rzece/a2148eaa8dcaaf4f7158e8d806dcb97b/2025-08-06_16-53-15.png) *Firefox Saved Logins * ![Firefox Saved Logins ](https://bitwarden.com/assets/5UrQ6bGCjV0VdHvy6rzece/a2148eaa8dcaaf4f7158e8d806dcb97b/2025-08-06_16-53-15.png) If you haven't already saved these passwords in Bitwarden, [export them](https://bitwarden.com/it-it/help/import-from-firefox/) for future import to Bitwarden. Once exported, you should 🗑️ **Remove** these passwords from Firefox. ### Safari In Safari, open **Settings** from the menu bar and navigate to the **AutoFill** tab. On this tab, uncheck all the pre-checked options: ![Safari Password Options ](https://bitwarden.com/assets/4nuEz911vsIAUegHVL0Zec/7d663935c4f9e65297c14598f1037b72/safari-disable.png) *Safari Password Options * You should also find out which passwords Safari has already saved by navigating to the **Passwords** tab. If you have passwords saved, this tab will lead you to the Apple Passwords app. ![Safari Saved Passwords ](https://bitwarden.com/assets/6eZMZC98Grc7sbdHbBfXtK/4c72d19c26e56ad7dfb3267f466bd119/safari-delete.png) *Safari Saved Passwords * If you haven't already saved these passwords in Bitwarden, create login items in Bitwarden for these passwords. Once all saved passwords are in Bitwarden, **Remove** these passwords from Safari. ### Vivaldi In Vivaldi, open the ⚙️ **Vivaldi Settings** window and select [eye] **Privacy** from the left-hand navigation. Scroll down to the Passwords section and uncheck the **Save Webpage Passwords** option: ![Vivaldi Password Options ](https://bitwarden.com/assets/6nk9FVDeg8XaUz22Xahr8T/ee0f597cc264da5a30853588d541f074/vivaldi-disable.png) *Vivaldi Password Options * You should also find out which passwords Vivaldi has already saved by selecting the **Show Saved Passwords** button: ![Vivaldi Saved Passwords ](https://bitwarden.com/assets/1j5qvcTAVsXficByKFewec/fd6f86731a9e15d38e0cbc39f4f64197/vivaldi-delete.png) *Vivaldi Saved Passwords * If you haven't already saved these passwords in Bitwarden, create login items in Bitwarden for these passwords. Once all saved passwords are in Bitwarden, remove these passwords from Vivaldi. [Learn how](https://help.vivaldi.com/desktop/privacy/password-management/#Deleting_passwords). ### Tor Despite sharing roots with Firefox, Tor is unique in that it doesn't save your logins by default. If you haven't manually configured Tor to save and autofill logins, you are already all set. If you did, navigate to the **Passwords** page by entering `about:preferences#privacy` in the address bar, and scroll down to the Logins and Passwords section. Toggle off all the options that you had checked: ![Tor Password Option ](https://bitwarden.com/assets/4FcJnbhCUhDNITJjiy9ciD/d0f83af69188afaf619788c7e60c9a1b/tor-disable.png) *Tor Password Option * You should also find out which logins Tor has already saved by selecting the **Saved Logins...** button: ![Tor Saved Passwords ](https://bitwarden.com/assets/3NHOIo5RIwTjVecqRPeT5Y/6c1e26dc5385006a498b77c48e1048c2/tor-delete.png) *Tor Saved Passwords * If you haven't already saved these passwords in Bitwarden, create login items in Bitwarden for these passwords. Once all saved passwords are in Bitwarden, 🗑️ **Remove** these passwords from Tor. ### DuckDuckGo In DuckDuckGo, navigate to **Settings → Autofill**. From this screen, uncheck the box for **Usernames and passwords**. ![Disable DuckDuckGo Password Manager](https://bitwarden.com/assets/6kAbV4w8EiJX20O9VZOQyl/c6df545c4bc464122b250527b80494d3/Screenshot_2023-11-03_at_11.06.54_AM.png) *Disable DuckDuckGo Password Manager* You can create a backup of your existing data by selecting **Export Passwords**. Once you have created a backup file, select **View Autofill Content...**and delete the stored autofill data to remove previously saved suggestions. In the Password Manager section, macOS users can choose to use Bitwarden. Learn more about the Bitwarden DuckDuckGo macOS browser integration [here](https://bitwarden.com/it-it/help/duckduckgo-macos-browser-integration/). ## Make Bitwarden your default password manager in Chrome > [!NOTE] Make Bitwarden default is exclusive to chrome > The **Make Bitwarden your default password manager** option is only available for the Chrome and Edge browser extensions. For other browsers, [manually disable their built-in password manager](https://bitwarden.com/it-it/help/disable-browser-autofill/#manually-disable-a-browsers-built-in-password-manager/). The Bitwarden browser extension on Chrome and Edge has a built-in setting to disable your browser's default password manager. To use this setting: 1. Navigate to the ⚙️ **settings** tab in the Bitwarden browser extension and then select **Autofill**. 2. Click to enable the **Make Bitwarden your default password manager**. ![Make Bitwarden default password manager](https://bitwarden.com/assets/5fyBdu5X6JCLu2UsaqYUO0/abfb44cb460314112805bfd0312c1f8f/2025-10-14_12-44-35.png) *Make Bitwarden default password manager* 3. A dialogue will appear on screen, select **allow** to give Bitwarden permission to make changes to your browser settings. --- URL: https://bitwarden.com/it-it/help/duckduckgo-macos-browser-integration/ --- # DuckDuckGo macOS Browser Integration > [!TIP] Use DDG download, not app store > In order to use the DuckDuckGo macOS app integration with Bitwarden, you'll need to download the DuckDuckGo macOS browser from [https://duckduckgo.com/mac](https://duckduckgo.com/mac) instead of from the macOS App Store. Bitwarden and DuckDuckGo have partnered to offer Bitwarden functionality inside the DuckDuckGo macOS browser! The integration allows for seamless autofilling, creating, and updating of credentials in your Bitwarden vault while using login forms in DuckDuckGo: ![Bitwarden in DuckDuckGo](https://bitwarden.com/assets/4bfRWX1qSH0NK9HG2bBDTb/bfe35d198efed114e64ef1b97d6f9508/ddg_macos.png) The integration requires the Bitwarden [desktop app](https://bitwarden.com/it-it/help/getting-started-desktop/) to be installed on your machine and unlocked in order to access vault items from DuckDuckGo. ## Set up the integration To set up the integration between the DuckDuckGo macOS browser and Bitwarden: 1. Open DuckDuckGo's **Settings**screen and select **Passwords & Autofill**from the menu. 2. In the Password Manager section, select **Bitwarden**. A wizard will help you through integration setup, but we'll outline the remaining steps here as well. 3. Install the Bitwarden desktop app if it isn't already on your machine. 4. Open the Bitwarden desktop app and log in or unlock your vault. 5. Select **Bitwarden > Settings**from the macOS menu bar. 6. Scroll to find the **App Settings (All Accounts)** section. 7. Check **Allow DuckDuckGo browser integration**. 8. In DuckDuckGo select **Connect** when the browser detects Bitwarden is ready. 9. In Bitwarden, select **Yes**to approve DuckDuckGo's request to connect. > [!TIP] DDG Integration Vault Status > Once Bitwarden is connected, you can return to the **Settings** > **Autofill** page in DuckDuckGo to see the current status of the integration (for example, whether you need to unlock Bitwarden to autofill, create, or update credentials). ## Use the integration ### Autofill credentials To autofill credentials from Bitwarden, select login form input boxes. If credentials are detected, they'll be offered for autofill: ![DuckDuckGo Auto-fill](https://bitwarden.com/assets/34RVEdeI6m5IiMXxEBmYJb/5fa66cccef09aed7ef03011a522ad3a3/Screen_Shot_2022-11-14_at_9.25.24_AM.png) ### Add or update credentials If a set of credentials you use is not detected in or different from what's stored in Bitwarden, you'll be prompted to add or update: ![DuckDuckGo Add or Update](https://bitwarden.com/assets/4YmcbgoaQ92Lhj2wBS8g0R/f74b7ead6f4711cf6a3dac46d73b3f71/ddg_macos_copy.png) --- URL: https://bitwarden.com/it-it/help/elastic-siem/ --- # Elastic SIEM Elastic is a solution that can provide search and observability options for monitoring your Bitwarden organization. Elastic Agent provides the capability to monitor `collection`, `event`, `group`, and `policy` information with the [Elastic Bitwarden integration](https://www.elastic.co/docs/reference/integrations/bitwarden). ## Setup ### Create a Elastic account To begin, start by [creating an Elastic account](https://www.elastic.co/). This step is required in order to set up a dashboard to monitor data with Elastic's cloud hosted service (recommended), or on-premise service. ### Add Bitwarden integration Monitoring data will require the use of Elastic Search as well as Kibana to visualize data. 1. On the Elastic home screen, scroll down and locate **Add Integrations**. ![Add Elastic Integration](https://bitwarden.com/assets/3Ka8ZepztzAq9YiGJO7pSM/879c6c6719eac019f4eb53f5383b3e92/2023-09-08_10-15-52.png) 2. Once you are on the integrations catalogue, enter **Bitwarden**into the search field and select Bitwarden. ![Bitwarden Elastic Integration](https://bitwarden.com/assets/5mlMtswqip5Fbc9Z3u6zFX/1d202883452499e85a852fb9ac01e70a/2023-09-08_10-21-12.png) 3. Select the **Add Bitwarden** button to install the integration. 4. If this is your first Elastic integration, you will be required to install Elastic Agent. On the following screen, select **Install Elastic Agent**and follow the installation instructions. ![Install Elastic Agent](https://bitwarden.com/assets/2v3y1bfqiFdk2H9aLElJ26/f86ba44de90afcc37e38c06233ad0f70/2023-09-08_10-24-05.png) 5. In order to run the Bitwarden integration, Elastic Agent is required to maintain the integration data. Once the installation is complete, Elastic will detect the successful installation. After the agent has been successfully setup, select **Add the integration**. ![Elastic setup](https://bitwarden.com/assets/25pXseQDpZp8jly8kFKIub/22257e4116e67f12647a2e33071ba37f/2023-11-07_11-55-35.png) ### Connect Integration to Bitwarden Once you have added the Bitwarden integration, you will be brought to the setup screen to configure the integration. Keep this screen open, on another tab, log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) Navigate to your organization's **Settings** → Organization info screen and select the **View API key**button. You will be asked to re-enter your master password in order to access your API key information. ![Organization api info](https://bitwarden.com/assets/6gHjAyqgeqDj6UPT6agsBK/3a614e043cb3836a41bd68f226835e53/2024-12-04_09-51-07.png) Input the following information into the corresponding fields: | Elastic Field | Value | |------|------| | URL | For Bitwarden cloud users, the default url will be `https://api.bitwarden.com`. For self-hosted Bitwarden users, input your self-hosted URL. Be sure that the URL does not include any trailing forward slashes at the end of the URL "`/`" | | Client ID | Input the value for `client_id` from the Bitwarden organization API key window. | | Client Secret | Input the value for `client_secret` from the Bitwarden organization API key window. | > [!NOTE] Org API information sensitive > Your organization API key information is sensitive data. Do not share these values in nonsecure locations. Once you have completed the required fields, continue scrolling down the page to apply desired data collection settings. Select **Confirm incoming data** once you are finished. > [!NOTE] Elastic integration advanced settings > Additional **Advanced options** are available for configuration at this point. The minimum required fields are highlighted above to add the Bitwarden integration. To access the integration at a later point to edit the setup, go to the menu and select **Integrations**→ **Installed integrations**→ **Bitwarden**→ **Integration policies**. If all the data was entered correctly, Elastic will confirm incoming data and provide a preview of incoming data. Select **View assets** to monitor your data. ### Start monitoring data Once setup is completed you can begin reviewing your Bitwarden Organization data. Select any of the Bitwarden Dashboards to monitor data relative to the dashboard. Here is a brief overview of each dashboard's monitored data: | Log | Description | |------|------| | [Logs Bitwarden] Policy | Review policy changes for an organization such as enabling, disabling, or updating organizational policies. | | [Logs Bitwarden] Group and Collection | Monitor recorded event for groups and collections related to the organization. | | [Logs Bitwarden] Event | Monitor organizational event logs. Learn more about event logs [here](https://bitwarden.com/it-it/help/event-logs/). | ### Understanding the dashboards #### Queries Elastic data monitoring utilized the Kibana Query Language (KQL) for filtering data. To learn more about queries and searches, see the [Elastic query documentation](https://www.elastic.co/guide/en/kibana/current/kuery-query.html). --- URL: https://bitwarden.com/it-it/help/emails-from-bitwarden/ --- # Identify Legitimate Emails from Bitwarden Like using strong passwords, avoiding suspicious emails is an important tool in your online security toolkit. We recommend familiarizing yourself with these [FTC Guidelines](https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams) for spotting and avoiding phishing. Here are some guidelines to help you determine whether an email that looks like it's from Bitwarden is legitimate: ## Automated emails ### Product interaction emails Emails such as new device alerts, invitations to [join an organization](https://bitwarden.com/it-it/help/managing-users/), [request access to Secrets Manager](https://bitwarden.com/it-it/help/secrets-manager-quick-start/#getting-to-secrets-manager/), and [two-step login codes](https://bitwarden.com/it-it/help/setup-two-step-login-email/), or [Send-verification codes](https://bitwarden.com/it-it/help/send-privacy/#email-verified-recipients/) will come from `no-reply@bitwarden.com` or `.eu` or, if you are self-hosting, a [configured domain](https://bitwarden.com/it-it/help/install-on-premise-linux/#install-bitwarden/) like `no-reply@my.domain.com`. > [!NOTE] Email Verification Email > Email verification requests, which as of 2024.9.2 are sent to cloud users during the account creation, are also issued from `no-reply@bitwarden.com`: > > > ![Email verification](https://bitwarden.com/assets/2QR4MYirRuYyMJnkx5ce6e/858d2d1fc23440e31ce87a8ff6efa4f5/2024-09-26_10-01-00.png) > *Email verification* These emails will **never contain attachments**. If you are prompted to download a file, please report the email to us. Some of these emails, such as organization invites, will contain buttons. Always check the validity of the hyperlink **before clicking on it**by confirming that it leads to `https://vault.bitwarden.com` or your organization's self-hosted domain. If you don't know your organization's domain, ask a member of your IT team or an administrator. ![Invito all'organizzazione](https://bitwarden.com/assets/4Fe96NuWb7yRe6muKf7UbZ/bcb1a8df0bc2ffdecbcd86b82d16c9a3/2025-09-03_10-41-25.png) ### Payments emails Automated payments emails for individual premium and paid organizations subscriptions will come from an `invoice+statements@bitwarden.com` address. These emails **will contain**attachments, specifically PDF invoices and receipts. If a payment ever fails, a notification email will come from a `failed-payments@bitwarden.com` address. ### Renewals emails Paid users will be reminded of upcoming renewals via emails for each Bitwarden subscription that is approaching its renewal date. These emails will come from `no-reply@bitwarden.com` or `.eu` and `upcoming-invoice@bitwarden.com` addresses. ## Opt-in emails While you will receive [automated emails](https://bitwarden.com/it-it/help/emails-from-bitwarden/#automated-emails/) as part of everyday use of Bitwarden, you might also receive emails from the following addresses if you have interacted with various parts of the Bitwarden ecosystem: - Support requests will be received from `support@bitwarden.com`. - Product announcements will be received from `productupdates@bitwarden.com`. - Trial information will be received from `trial@bitwarden.com`. - Marketing campaigns will be received from `marketing@bitwarden.com` and `care@bitwarden.com`. - Emails from members of the Bitwarden team will be received from `@bitwarden.com` email addresses. ## Alert emails Bitwarden will send an email alert for suspicious activities such as logging in from an unknown device, and failed login attempts from an unknown device. These emails will **never contain attachments**. If you are prompted to download a file or click an unknown link, please contact us. ### New device verification The first time you log in from a device you have not logged in to previously, if your account does not use two-step login, you will receive an email containing a verification code . Learn more [here](https://bitwarden.com/it-it/help/new-device-verification/). ### New device logged in If your account successfully logs in from an unknown device, you will receive an email containing information about the login. ![Login from unknown device email](https://bitwarden.com/assets/3BPGGp6Wvm3NzDopPbkkj2/b8ff436931e2791d366dda3ea8ed078e/Screenshot_2023-03-29_at_4.05.28_PM.png) The email will contain: - Date - IP Address - Device type If you do not recognize this login, see [here](https://bitwarden.com/it-it/help/security-faqs/#q-what-do-i-do-if-i-dont-recognize-a-new-device-logging-into-bitwarden/) and take immediate steps to protect your account. ### Trusted device request approved When a request to an organization administrator to [add a trusted device](https://bitwarden.com/it-it/help/add-a-trusted-device/) is approved, the requesting user is sent an email informing them they can continue logging in on that device. **The user must take action by logging in to the new device within 12 hours, or the approval will expire.** The email will contain: - Date - IP address - Device type ### Failed login attempts detected If an incorrect two-step login attempt, for example the entering of an incorrect TOTP code, is detected you will receive an email informing you of this: ![Failed login attempt email](https://bitwarden.com/assets/7oGzZ6B0WTuRKeKu7DBmAE/8a7b4517cab6b76fd474e05171be5fba/2025-08-28_11-07-13.png) If the attempt was you, you can safely ignore the message. If the attempt **was not you**, you should [change your master password](https://bitwarden.com/it-it/help/master-password/#change-master-password/) immediately. ## Announcement emails ### Subject: Upcoming login changes (Dec. 2024) This email, sent in December 2024 from `no-reply@bitwarden.com`, was sent to inform users of upcoming changes to new device verification. --- URL: https://bitwarden.com/it-it/help/emergency-access/ --- # Log in with Emergency Access Emergency access allows you to designate and manage trusted emergency contacts, who can request access to your vault in cases of emergency. Contacts can be granted either view or takeover user access, giving you control over what they can do if they ever need to step in: - **View**: When an emergency access request is granted, this user is granted view/read access to all items in your individual vault, including login items' passwords and attachments. - **Takeover**: When an emergency access request is granted, this user must create a master password for permanent read/write access to your vault. This will **replace** your previous master password and remove any [two-step login methods](https://bitwarden.com/it-it/help/setup-two-step-login/) that were previously set up. [Embedded content]## Add trusted emergency contacts Only premium users, including members of paid organizations (Families, Teams, or Enterprise) can appoint trusted emergency contacts. Anyone with a free or premium Bitwarden account on the same [Bitwarden server](https://bitwarden.com/it-it/help/server-geographies/) can be designated as a trusted emergency contact. There is no limit to the number of trusted emergency contacts you can have. Setting up emergency access is a three-step process: 1. You **invite**another user to become your trusted emergency contact. 2. They **accept** the invitation. 3. You **confirm**them as your trusted emergency contact. ### Invite As someone who wants to grant emergency access to your vault, invite a trusted emergency contact: 1. In the Bitwarden web app, go to **Settings** → **Emergency access**. 2. Select + **Add emergency contact**: ![Emergency access page](https://bitwarden.com/assets/3gb0Zm4K935RUmzjd62eJq/a3930a8381fe1205b655e7a7bb0eca47/2025-12-31_09-50-39.png) *Emergency access page* 3. Enter the **Email** of your trusted emergency contact. Trusted emergency contacts must have a Bitwarden account (free or premium) and be on the same [server geography](https://bitwarden.com/it-it/help/server-geographies/): ![Invite an emergency contact](https://bitwarden.com/assets/2IEldGj87MY2IMDQpty6Vr/f0e9750c278663903be46f4a5d5a4f8c/2025-12-31_09-52-02.png) *Invite an emergency contact* 4. Set a **User Access** level for the trusted emergency contact, **View** or **Takeover**. 5. Set a **Wait time**. This is how long your trusted emergency contact must wait after requesting account access before it's granted, unless you [manually approve the request](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/) earlier. The minimum wait time is one day. 6. Select **Save** to send the invitation. Your trusted emergency contact **must now accept the invitation**. > [!NOTE] Emergency contact invite time > Invitations to become a trusted emergency contact are only valid for five days. ### Accept As someone who wants to receive emergency access to another vault, accept the invitation: 1. Open the emailed invitation and select **Become emergency contact**: ![Emergency access invitation ](https://bitwarden.com/assets/1S7YBbeECgEdl1v9r4E5BU/37c6c4207cb8c6df7f69a63ea12751fd/Screenshot_2024-02-27_at_9.23.46_AM.png) *Emergency access invitation * 2. A login page will open in your browser. Depending on if you have an account, select **Log in** or **Create account** to accept the invitation. After you accept the invitation, the inviting user **must confirm your acceptance** before you can [initiate access requests](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/). ### Confirm As someone who wants to grant emergency access to your vault, confirm your new trusted emergency contact after they accept your invitation: 1. In the Bitwarden web app, go to **Settings** → **Emergency access.** 2. When the invited user displays the `Needs Confirmation` status, click the ⋮ **Menu icon**. 3. Select **Confirm** from the dropdown menu: ![Confirm an emergency contact](https://bitwarden.com/assets/jEvLxG2nmFJRnlTbcpwRO/891f14df501abae6c1e93ce57a527ec4/2025-12-31_09-53-35.png) *Confirm an emergency contact* 4. To ensure the integrity of your encryption keys, verify the displayed [fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/) with the grantee and then select **Confirm**. ## Use emergency access Once [set up](https://bitwarden.com/it-it/help/emergency-access/#add-trusted-emergency-contacts/), a trusted emergency contact can **request access** to your account. If you can still log in to your account, you can **approve or deny the request** during the specified wait time. When you no longer want a trust contact to be able to **access your account**, you can **revoke their emergency access**. ### Request access To request access to an account: 1. When logged in to the account that's set up as a trusted emergency contact and in the Bitwarden web app, go to **Settings** → **Emergency access**. 2. In the **Designated as emergency contact** section, select the ⋮ **Menu icon**: ![Request emergency access](https://bitwarden.com/assets/6x38VldDaEOAqpuCQ4htRJ/7946735436fd16b660aad5d7969dba8d/2025-12-31_09-54-39.png) *Request emergency access* 3. Select **Request Access** from the confirmation that appears. An email is sent to the account holder, telling them that access to their account was requested. You will be provided access to the grantor's vault after the wait time specified **or** when the grantor manually approves your emergency access request. ### Approve or deny requests You can manually approve or reject an emergency access request before the set wait time lapses. To approve or reject an emergency access request: 1. In the Bitwarden web app, go to **Settings** → **Emergency access**. 2. In the **Trusted emergency contacts** section, use the ⋮ **Menu icon**. 3. Select **Approve** or **Reject:** ![Approve or reject emergency access](https://bitwarden.com/assets/7iPFwb2NfsjeVywrwlZxSx/8ff35e1f5d8e2febf34089528ecea5ff/2025-12-31_09-55-14.png) *Approve or reject emergency access* 4. Select **Approve** or **Reject**. ### Access the account To access the vault after your request is approved or the wait time elapses: 1. In the Bitwarden web app, go to **Settings** → **Emergency access**. 2. In the **Designated as emergency contact** section, select the ⋮ **Menu icon** and choose the option from the dropdown menu that corresponds with your [assigned access](https://bitwarden.com/it-it/help/emergency-access/#user-access/): - **View**: This will display the grantor's vault items. - **Takeover**: This will prompt you to enter and confirm a new master password for the grantor's account. Select **Save** and log in with the grantor's email address and the new master password. > [!NOTE] Emergency access, takeover an org. member > When you use emergency access to **takeover an account that is in an organization**, there are a few important considerations: > > - If turned on for the organization, the [master password requirements](https://bitwarden.com/it-it/help/policies/#master-password-requirements/) policy will be enforced when you change the master password for the takeover. > - The account will be automatically removed from any organization(s) that they are not the [owner](https://bitwarden.com/it-it/help/user-types-access-control/). > - If the account is the organization owner, they will not be removed from or lose permissions within their organization(s). As such, policies not enforced on owners will still not be enforced after the takeover. ### Revoke access You may want to revoke a trusted contact's access to your vault. The steps to remove someone's previously granted emergency access to your account depends on if the user was granted view or takeover access. ## View access When someone is granted **view** access via emergency access, they can view your vault items until their access is manually revoked. To revoke someone's view access granted via emergency access: 1. Go to **Settings** → **Emergency access**. 2. Select the ⋮ **Menu icon** on the same line as their email. 3. Select [close] **Reject**: ![Reject emergency access ](https://bitwarden.com/assets/7dhQEDLZNKCwwspstJnhj0/543dd12da8a8d64952763027678cf15a/2025-12-31_09-55-33.png) *Reject emergency access * ## Takeover access When a trusted emergency contacts is granted and use **takeover** access, they change the master password on your account. As a result, the only way to remove their access is to: 1. Obtain the new master password they created for your account and use it to log in the [web vault](https://bitwarden.com/it-it/help/getting-started-webvault/). 2. [Change your master password](https://bitwarden.com/it-it/help/master-password/#change-your-master-password/) to one that they do not know. ## Manage trusted emergency contacts You can update your trusted emergency access contacts at any time. To change an emergency access contact's user access or wait time: 1. Go to **Settings** → **Emergency access**. 2. Click on the user's email, which will open their details. 3. Update the **User access** or **Wait time** as desired. 4. Select **Save**. To remove someone as a trusted emergency contact: 1. Go to **Settings** → **Emergency access**. 2. Select the ⋮ **Menu icon**. 3. Select **Remove**. 4. Select **Yes** to confirm. After access to your account is granted to a trusted contact, you can [revoke their access](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/). ## How it works > [!NOTE] WP: See encryption section > The following information references encryption key names and processes that are discussed in [hashing, key derivation, and encryption](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#hashing-key-derivation-and-encryption/). Consider reading those details first. Emergency access uses public key exchange and encryption/decryption to allow users to give a trusted emergency contact permission to access vault data in a zero-knowledge encryption environment: 1. A Bitwarden user (the grantor) invites another Bitwarden user to become a trusted emergency contact (the grantee). The invitation specifies a user access level, includes a request for the grantee's **RSA Public Key**, and is valid for only five days. 2. Grantee is notified of the invitation via email and accepts the invitation to become a trusted emergency contact. On acceptance, the grantee's **RSA Public Key** is stored with the user record. 3. Grantor is notified of the invitation's acceptance via email and confirms the grantee as their trusted emergency contact. On confirmation, the grantor's **User Symmetric Key** is encrypted using the grantee's **RSA Public Key** and stored with the invitation. Grantee is notified of confirmation. 4. An emergency occurs, resulting in grantee requiring access to grantor's vault. Grantee submits a request for emergency access. 5. Grantor is notified of the request via email. The grantor may manually approve the request at any time, otherwise the request is bound by a grantor-specified wait time. When the request is approved or the wait time lapses, the **Public Key-encrypted User Symmetric Key** is delivered to the grantee for decryption with the grantee's **RSA Private Key**. Alternatively, the grantor may reject the request, which will prevent the grantee gaining access as described in the next step. Rejecting a request will not remove the grantee from being a trusted emergency contact or prevent them from making access requests in the future. 6. Depending on the specified user access level, the grantee will either: - **View**: Obtain view/read access to items in the grantor's vault. - **Takeover**: Be asked to create a new master password for the grantor's vault. ## Frequently asked questions ### What happens when my trusted emergency contact changes their account email address? A user's status as a trusted emergency contact is tied to a unique Bitwarden account ID, meaning that if a trusted emergency contact [changes their email address](https://bitwarden.com/it-it/help/product-faqs/) there is no reconfiguration required to maintain their emergency access. Likewise, if the emergency access grantor changes their email address, no reconfiguration is required. ### What happens when my trusted emergency contact deletes their account? If a trusted emergency contact creates a new Bitwarden account and [deletes](https://bitwarden.com/it-it/help/delete-your-account/) the old account, they will automatically be removed as a trusted emergency contact and must be [re-invited](https://bitwarden.com/it-it/help/emergency-access/#add-trusted-emergency-contacts/). ### Will emergency access still work if my premium features are cancelled or lapse due to a failed payment? If your premium features are cancelled, your trusted emergency contacts will still be able to request and obtain access to your vault. You will not, however be able to add new or edit existing trusted emergency contacts. --- URL: https://bitwarden.com/it-it/help/encrypted-export/ --- # Encrypted Exports Vault data can be exported in an encrypted `.json` file [for individuals](https://bitwarden.com/it-it/help/export-your-data/) and [for organizations](https://bitwarden.com/it-it/help/export-organization-items/). Two encrypted export types are available: - **Account restricted:** Export an encrypted file that can only be re-imported to the Bitwarden account or organization that generated the encrypted export file. This process utilizes the relative [account](https://bitwarden.com/it-it/help/account-encryption-key/) or organization encryption key specific to the restricted export. - **Password protected:** Export an encrypted file protected with a password of your choosing. This file can be decrypted with the password and can be imported to any Bitwarden account. The specified password is salted, used to derive an encryption key using [your configured KDF settings](https://bitwarden.com/it-it/help/kdf-algorithms/#changing-kdf-algorithms/), and finally stretched with HDKF into a new encryption key, which encrypts your data, and message authentication code (MAC). > [!WARNING] Encryption Key Impact on Encrypted Exports > **Account restricted**exports can only be imported to the same account where it originated. Account restricted exports **cannot** be imported to a different account, including: > > - An account with the same email on a different [geographic](https://bitwarden.com/it-it/help/server-geographies/) or self-hosted server > - Another account with the same email address, even if the originating account was deleted > > Additionally, [rotating your account's encryption key](https://bitwarden.com/it-it/help/account-encryption-key/) will render an account restricted export impossible to decrypt. **If you rotate your account encryption key, replace any old files with new ones that use the new encryption key.** > > If you wish to import an encrypted `.json` file into a different Bitwarden account, generate a **Password protected**export instead. Encrypted exports will include items like logins, cards, secure notes, and identities. An encrypted export of the following plaintext login item: ``` { ... "login": { "username": "mylogin", "password": "mypassword", "totp": "otpauth://totp/my-secret-key" }, ... ``` Will look something like: ``` { ... "login": { "username": "9.dZwQ+b9Zasp98dnfp[g|dHZZ1p19783bn1KzkEsA=l52bcWB/w9unvCt2zE/kCwdpiubAOf104os}", "password": "1o8y3oqsp8n8986HmW7qA=oiCZo872b3dbp0nzT/Pw=|A2lgso87bfDBCys049ano278ebdmTe4:", "totp": "2CIUxtpo870B)*^GW2ta/xb0IYyepO(*&G(&BB84LZ5ByZxu0E9hTTs6PHg0=8q5DHEPU&bp9&*bns3EYgETXpiu9898sxO78l" }, ... ``` ## Next steps - Create an encrypted export [as an individual user](https://bitwarden.com/it-it/help/export-your-data/). - Create an encrypted export [of your organization data](https://bitwarden.com/it-it/help/export-organization-items/). - Re-import an encrypted export [as an individual user](https://bitwarden.com/it-it/help/import-data/). - Re-import an encrypted export [as an organization](https://bitwarden.com/it-it/help/import-to-org/). --- URL: https://bitwarden.com/it-it/help/end-user-adoption-emails/ --- # End-user Adoption Emails This page includes a series of emails that we send to Bitwarden Enterprise and Teams admins and owners in order to help them increase adoption of their new password manager within their team. Feel free to read them all at once below, or grab them and adapt them to your team's needs. ### Enterprise ### Program intro > [!NOTE] Email - Program 2, Email 1, Enterprise > **Subject**: Tips to get your team to use Bitwarden > > **Body**: > > Hi *[name]*, > > Getting the right start with password management can lead to a successful deployment for employees. > > You'll soon receive a six-day plan to help increase user adoption of your new password manager among your colleagues. > > These brief, actionable emails will cover essential strategies including: > > 1. Appoint an implementation champion > 2. Communicate your rollout plan > 3. Explain the top benefits of a password manager > 4. Use email templates for easy sharing > 5. Share get-started guides > > Also, remember that Bitwarden Enterprise plans include complimentary Families plans for personal use. Let your team know they can [redeem their free Bitwarden Families plan](https://bitwarden.com/it-it/learning/free-families-plan-for-enterprise/) to keep their data safe both at work and at home. > > You can use [this example email](https://bitwarden.com/it-it/resources/email-for-admin-to-users/) to share the free Families plan with your team. ### Appoint an implementation champion > [!NOTE] Email - Program 2, Email 2, Enterprise & Teams > **Subject**: Appoint an implementation champion > > **Body**: > > Hi *[name]*, > > A designated cybersecurity champion can accelerate password management adoption across your organization. This person will rally feedback, suggestions, and overall excitement for your new tool! By appointing an implementation champion, or even a bench of experts, you can ensure someone is always available to answer questions or provide guidance. > > Your implementation champion should be empowered to: > > - Host workshops or open office hours to review [Bitwarden Courses](https://bitwarden.com/it-it/help/courses/) material with users. > - Help teams [set up collections](https://bitwarden.com/it-it/help/about-collections/#create-a-collection/) through use of a [member role](https://bitwarden.com/it-it/help/user-types-access-control/#member-roles/) such as manager or the custom role. > - Assist users in downloading [Bitwarden clients](https://bitwarden.com/it-it/download/) to all their devices. > > An implementation champion can significantly increase user adoption, and will have your organization on the road to password security in no time! ### Communicate your rollout plan > [!NOTE] Email - Program 2, Email 3, Enterprise & Teams > **Subject**: Communicate your rollout plan > > **Body**: > > Hi *[name]*, > > Put end-users at ease by communicating the implementation plan for your new password manager far in advance. > > - Let employees know exactly what to expect. > - Communicate specific action items they will need to complete, and the due data. This will help ensure a smooth rollout for your employees. > > Here's a [sample implementation plan](https://bitwarden.com/it-it/help/prepare-your-org-for-prod/) you can use as a guide - just download them and customize them to work for your organization. ### Tout the benefits of a password manager > [!NOTE] Email - Program 2, Email 4, Enterprise & Teams > **Subject**: Promote the top benefits > > **Body**: > > Hi *[name]*, > > Make sure the end-users understand the value and benefits a password manager will bring to their work. > > To get your team excited about Bitwarden, here are three primary benefits to share with everyone: > > 1. Easily access all your passwords anytime, anywhere, on any device. > 2. Securely share credentials with others. > 3. Streamline logging into your accounts with auto-fill. > > **Here are a few resources on the benefits of a password manager that you can send to employees**: > > - Share this [password strength testing tool](https://bitwarden.com/it-it/password-strength/) - let the gamification begin! > - [Blog] [How a password manager adds productivity at the office](https://bitwarden.com/it-it/blog/how-a-password-manager-adds-to-productivity-at-the-office/) > - [Blog] [A better password workflow with Bitwarden](https://bitwarden.com/it-it/blog/a-better-password-workflow-with-bitwarden/) > - [Blog] [How to better manage your financial information in Bitwarden](https://bitwarden.com/it-it/blog/how-to-better-manage-your-financial-information-in-bitwarden/) > - [Blog] [7 steps to create a secure (and private) profile online](https://bitwarden.com/it-it/blog/7-steps-to-create-a-secure-and-private-profile-online/) ### Templates to share on internal messaging systems > [!NOTE] Email - Program 2, Email 5, Enterprise > **Subject**: Use these templates for easy sharing > > **Body**: > > Hi *[name]*, > > Here are a few pre-written posts to share on your organization's internal messaging systems. These can help boost enthusiasm and adoption of your new password manager. > > ***Template 1: Get started with Bitwarden*** > > ***Subject****: Introducing Bitwarden password manager for company-wide deployment* > > ***Body****: * > > *Hi team, we are happy to announce the company-wide deployment of Bitwarden Password Manager. Bitwarden is a respected, industry-leading company with a strong security record.* > > *You will find Bitwarden to be simple and easy to use.* > > *Here are three reasons we're excited to get you on Bitwarden:* > > 1. *Easily access all your passwords anytime, anywhere, on any device.* > 2. *Securely share credentials with others.* > 3. *Streamline logging into your accounts with auto-fill.* > > *You will receive an invite via email to join Bitwarden.* > > ***Template 2: Complimentary Bitwarden Families plan for all users*** > > ***Subject****: Your Bitwarden account comes with a free Families plan* > > ***Body****:* > > *Dear [company] employees,* > > *We use Bitwarden for secure password management and sharing secure information across teams and the organization. Proper password management is an important part of our security strategy and we're happy that together we can practice secure password habits.* > > *We can now share password management to you and your family. Through our Bitwarden Enterprise subscription, every employee connected to our Bitwarden instance can redeem a complimentary Bitwarden Families plan using a personal email address and invite five additional family members to join. Every user on the Families plan will have access to secure password sharing and premium features, such as advanced two-step login, emergency access, encrypted file attachments, and more.* > > *We hope that every employee will take advantage of this opportunity to protect themselves and their families. Internet and password security is important both in the office and at home, and staying secure across our personal and work lives is a shared responsibility.* > > *A walkthrough from Bitwarden is available *[*here*](https://bitwarden.com/it-it/learning/free-families-plan-for-enterprise/)*.* > > *Thank you,* > > *[IT admin name, title]* ### Share detailed guides on how to get started > [!NOTE] Email - Program 2, Email 6, Enterprise & Teams > **Subject**: Make it easy to get started with these guides > > **Body**: > > Hi *[name]*, > > Put together an email, internal message, or document with a list of useful resources about Bitwarden onboarding. Here's a quick template you can use: > > *Hi there,* > > *Here are three resources that will help you get started with your new password manager:* > > - *[Guide] *[*Get started with Bitwarden Password Manager*](https://bitwarden.com/it-it/learning/getting-started-password-manager/) > - *[Guide] *[*Get started with Bitwarden as an individual user*](https://bitwarden.com/it-it/learning/getting-started-as-an-individual-user/) > - *[Video series] *[*Password Manager 101*](https://bitwarden.com/it-it/learning/pm-101-getting-started-as-a-user/) > > *[Name] is the Bitwarden implementation champion, so feel free to reach out directly with any questions.* ### Teams ### Program intro > [!NOTE] Email - Program 2, Email 1, Teams > **Subject**: Tips to get your team to use Bitwarden > > **Body**: > > Hi *[name]*, > > Getting the right start with password management can lead to a successful deployment for employees. > > You'll soon receive a six-day plan to help increase user adoption of your new password manager among your colleagues. > > These brief, actionable emails will cover essential strategies including: > > 1. Appoint an implementation champion > 2. Communicate your rollout plan > 3. Explain the top benefits of a password manager > 4. Share get-started guides > 5. Use email templates for easy sharing > > Be on the lookout for the adoption program coming your way shortly. ### Appoint an implementation champion > [!NOTE] Email - Program 2, Email 2, Enterprise & Teams > **Subject**: Appoint an implementation champion > > **Body**: > > Hi *[name]*, > > A designated cybersecurity champion can accelerate password management adoption across your organization. This person will rally feedback, suggestions, and overall excitement for your new tool! By appointing an implementation champion, or even a bench of experts, you can ensure someone is always available to answer questions or provide guidance. > > Your implementation champion should be empowered to: > > - Host workshops or open office hours to review [Bitwarden Courses](https://bitwarden.com/it-it/help/courses/) material with users. > - Help teams [set up collections](https://bitwarden.com/it-it/help/about-collections/#create-a-collection/) through use of a [member role](https://bitwarden.com/it-it/help/user-types-access-control/#member-roles/) such as manager or the custom role. > - Assist users in downloading [Bitwarden clients](https://bitwarden.com/it-it/download/) to all their devices. > > An implementation champion can significantly increase user adoption, and will have your organization on the road to password security in no time! ### Communicate your rollout plan > [!NOTE] Email - Program 2, Email 3, Enterprise & Teams > **Subject**: Communicate your rollout plan > > **Body**: > > Hi *[name]*, > > Put end-users at ease by communicating the implementation plan for your new password manager far in advance. > > - Let employees know exactly what to expect. > - Communicate specific action items they will need to complete, and the due data. This will help ensure a smooth rollout for your employees. > > Here's a [sample implementation plan](https://bitwarden.com/it-it/help/prepare-your-org-for-prod/) you can use as a guide - just download them and customize them to work for your organization. ### Tout the benefits of a password manager > [!NOTE] Email - Program 2, Email 4, Enterprise & Teams > **Subject**: Promote the top benefits > > **Body**: > > Hi *[name]*, > > Make sure the end-users understand the value and benefits a password manager will bring to their work. > > To get your team excited about Bitwarden, here are three primary benefits to share with everyone: > > 1. Easily access all your passwords anytime, anywhere, on any device. > 2. Securely share credentials with others. > 3. Streamline logging into your accounts with auto-fill. > > **Here are a few resources on the benefits of a password manager that you can send to employees**: > > - Share this [password strength testing tool](https://bitwarden.com/it-it/password-strength/) - let the gamification begin! > - [Blog] [How a password manager adds productivity at the office](https://bitwarden.com/it-it/blog/how-a-password-manager-adds-to-productivity-at-the-office/) > - [Blog] [A better password workflow with Bitwarden](https://bitwarden.com/it-it/blog/a-better-password-workflow-with-bitwarden/) > - [Blog] [How to better manage your financial information in Bitwarden](https://bitwarden.com/it-it/blog/how-to-better-manage-your-financial-information-in-bitwarden/) > - [Blog] [7 steps to create a secure (and private) profile online](https://bitwarden.com/it-it/blog/7-steps-to-create-a-secure-and-private-profile-online/) ### Templates to share on internal messaging systems > [!NOTE] Email - Program 2, Email 5, Teams > **Subject**: Use this template for easy sharing > > **Body**: > > Hi *[name]*, > > Here is a pre-written post to share on your organization’s internal messaging systems and let employees know that you’re moving to Bitwarden. This post can help boost enthusiasm and adoption of your new password manager. > > ***Template: Get started with Bitwarden*** > > ***Subject****: Introducing Bitwarden password manager for company-wide deployment* > > ***Body****: * > > *Hi team, we are happy to announce the company-wide deployment of Bitwarden Password Manager. Bitwarden is a respected, industry-leading company with a strong security record.* > > *You will find Bitwarden to be simple and easy to use.* > > *Here are three reasons we're excited to get you on Bitwarden:* > > 1. *Easily access all your passwords anytime, anywhere, on any device.* > 2. *Securely share credentials with others.* > 3. *Streamline logging into your accounts with auto-fill.* > > *You will receive an invite via email to join Bitwarden.* ### Share detailed guides on how to get started > [!NOTE] Email - Program 2, Email 6, Enterprise & Teams > **Subject**: Make it easy to get started with these guides > > **Body**: > > Hi *[name]*, > > Put together an email, internal message, or document with a list of useful resources about Bitwarden onboarding. Here's a quick template you can use: > > *Hi there,* > > *Here are three resources that will help you get started with your new password manager:* > > - *[Guide] *[*Get started with Bitwarden Password Manager*](https://bitwarden.com/it-it/learning/getting-started-password-manager/) > - *[Guide] *[*Get started with Bitwarden as an individual user*](https://bitwarden.com/it-it/learning/getting-started-as-an-individual-user/) > - *[Video series] *[*Password Manager 101*](https://bitwarden.com/it-it/learning/pm-101-getting-started-as-a-user/) > > *[Name] is the Bitwarden implementation champion, so feel free to reach out directly with any questions.* --- URL: https://bitwarden.com/it-it/help/end-user-onboarding-emails/ --- # End User Onboarding Emails This article includes the onboarding emails sent to new Bitwarden Enterprise and Teams users from **care@bitwarden.com**. Read them all at once below, or copy/paste and adapt them to your team's needs. ## Get started: Install the Bitwarden browser extension (1/5) > [!NOTE] Example: User email 1 > **Subject**: Get started: Install the Bitwarden browser extension (1/5) > > **Body**: > > Hi there, > > Your organization is using Bitwarden to secure passwords and other sensitive data. You will receive five emails with tips on how to get started. > > Today's stop is to head over to the [download page](https://bitwarden.com/it-it/download/#downloads-web-browser-extensions/) and install the Bitwarden extension on your favorite browser. > > ![Download the browser extension](https://bitwarden.com/assets/7kZTVY6b76BSZqzPp8Cl3o/a486ba616fef768f0835d1d779d2f2b9/email1.png) > > The rest of your onboarding checklist: > > - [**Download the browser extension**](https://bitwarden.com/it-it/download/#downloads-web-browser-extensions/) > - [Add logins and passwords to your account](https://bitwarden.com/it-it/help/getting-started-webvault/#add-a-login/) > - [Learn how to autofill](https://bitwarden.com/it-it/help/auto-fill-browser/) > - [Learn how to share items with collections](https://bitwarden.com/it-it/learning/individual-and-organizational-vaults/) > > Stay secure, > > Team Bitwarden ## Add passwords and usernames to Bitwarden (2/5) > [!NOTE] Example: User email 2 > **Subject**: Add passwords and usernames to Bitwarden (2/5) > > **Body**: > > Hi there, > > Do you have passwords saved in a browser, like Chrome? Or are you coming to Bitwarden from another password manager? You can [import logins directly to Bitwarden](https://bitwarden.com/it-it/help/import-data/) to avoid copy-and-pasting. > > Another way is to directly [add items into your vault](https://bitwarden.com/it-it/help/getting-started-webvault/#first-steps/). > > ![Add an item](https://bitwarden.com/assets/2SLEEUhriP0KyLlGssGlC4/3aca88e134bf79dc4c55e8df5f249ec6/email2.gif) > > The rest of your onboarding checklist: > > - ✓ [Download the browser extension](https://bitwarden.com/it-it/download/#downloads-web-browser-extensions/) > - [**Add logins and passwords to your account**](https://bitwarden.com/it-it/help/getting-started-webvault/#add-a-login/) > - [Learn how to autofill](https://bitwarden.com/it-it/help/auto-fill-browser/) > - [Learn how to share items with collections](https://bitwarden.com/it-it/learning/individual-and-organizational-vaults/) > > Stay secure, > > Team Bitwarden ## Autofill is auto-AMAZING (3/5) > [!NOTE] Example: User email 3 > **Subject**: Autofill is auto-AMAZING (3/5) > > **Body**: > > Hi there, > > Now that you've [installed the browser extension](https://bitwarden.com/it-it/download/#downloads-web-browser-extensions/) and added a few items to your vault, learn how to autofill for one-click logins! > > Today's task is to get acquainted with the [autofill feature](https://bitwarden.com/it-it/help/auto-fill-browser/). Here's what it looks like: > > ![Autofill](https://bitwarden.com/assets/6ZkegsfKZ2OhVizNrXQ4zA/475d853b525c096ed33ac326cc7b2b64/email3.png) > > Head over to Help for [instructions](https://bitwarden.com/it-it/help/auto-fill-browser/). > > The rest of your onboarding checklist: > > - ✓ [Download the browser extension](https://bitwarden.com/it-it/download/#downloads-web-browser-extensions/) > - ✓ [Add logins and passwords to your account](https://bitwarden.com/it-it/help/getting-started-webvault/#add-a-login/) > - [**Learn how to autofill**](https://bitwarden.com/it-it/help/auto-fill-browser/) > - [Learn how to share items with collections](https://bitwarden.com/it-it/learning/individual-and-organizational-vaults/) > > Stay secure, > > Team Bitwarden ## Understand the power of collections (4/5) > [!NOTE] Example: User email 4 > **Subject**: Understand the power of collections (4/5) > > **Body**: > > Hi there, > > Share items and logins with team members using collections, which are like shared folders to which you can assign access for other members or groups - they allow you to share items between yourself and your team members. Today, [share a login](https://bitwarden.com/it-it/help/sharing/) with your team by adding it to a [shared collection](https://bitwarden.com/it-it/help/about-collections/). > > ![Share](https://bitwarden.com/assets/4LhwocsJ5hpLsU4lPguSUV/b84e87bdbc1b3b9c85ffd2ff2fc81e35/email4.gif) > > The rest of your onboarding checklist: > > - ✓ [Download the browser extension](https://bitwarden.com/it-it/download/#downloads-web-browser-extensions/) > - ✓ [Add logins and passwords to your account](https://bitwarden.com/it-it/help/getting-started-webvault/#add-a-login/) > - ✓ [Learn how to autofill](https://bitwarden.com/it-it/help/auto-fill-browser/) > - [**Learn how to share items with collections**](https://bitwarden.com/it-it/learning/individual-and-organizational-vaults/) > > Stay secure, > > Team Bitwarden ## More security goodness to come! (5/5) > [!NOTE] Example: User email 5 > **Subject**: More security goodness to come! (5/5) > > **Body**: > > Hi there, > > Here's a review of your onboarding accomplishments: > > - ✓ [Download the browser extension](https://bitwarden.com/it-it/download/#downloads-web-browser-extensions/) > - ✓ [Add logins and passwords to your account](https://bitwarden.com/it-it/help/getting-started-webvault/#add-a-login/) > - ✓ [Learn how to autofill](https://bitwarden.com/it-it/help/auto-fill-browser/) > - ✓ [Learn how to share items with collections](https://bitwarden.com/it-it/learning/individual-and-organizational-vaults/) > > What's next? > > - Check in with your colleagues and see if they completed onboarding. If not, will you lend a hand? > - Expect product updates, newsletters, and security tips to land in your email soon. > - Become your team's Bitwarden expert - the [Learning Center](https://bitwarden.com/it-it/help/learning-center/) has everything you need. > - Stay in touch with Bitwarden on social media (links to find Bitwarden below). > > Stay secure, > > Team Bitwarden > > [X](https://twitter.com/Bitwarden), [Reddit](https://www.reddit.com/r/Bitwarden/), [Community](https://community.bitwarden.com/), [GitHub](https://github.com/bitwarden/), [YouTube](https://www.youtube.com/bitwarden), [LinkedIn](https://www.linkedin.com/company/bitwarden1/) --- URL: https://bitwarden.com/it-it/help/enterprise-feature-list/ --- # Scheda tecnica delle funzionalità Bitwarden per Enterprise Questo documento descrive e illustra le funzionalità disponibili per le [Organizzazioni Enterprise di Bitwarden](https://bitwarden.com/it-it/products/business/) in diverse categorie: #### Ambito applicativo e facilità d'uso | Funzionalità Enterprise | Descrizione | |------|------| | Opzioni di distribuzione | Usa il servizio cloud Bitwarden incluso oppure installa una soluzione self-hosted su cloud privato o on-premise. Bitwarden può anche essere installato completamente offline in un ambiente isolato dalla rete (air-gapped). | | Applicazione web | App web cloud completamente crittografata su [https://vault.bitwarden.com](https://vault.bitwarden.com/), oppure sul tuo server self-hosted. | | App mobili | Disponibile per iOS e Android. [Scopri di più](https://bitwarden.com/it-it/help/getting-started-mobile/). | | Estensioni del browser | Disponibile per Chrome, Firefox, Opera, Edge, Vivaldi, Brave, Tor e Safari. [Scopri di più](https://bitwarden.com/it-it/help/getting-started-browserext/). | | Applicazioni desktop | Disponibile per Windows, Mac e Linux. [Scopri di più](https://bitwarden.com/it-it/help/getting-started-desktop/). | | Interfaccia a riga di comando (CLI) | Disponibile per Windows, Mac e Linux. [Scopri di più](https://bitwarden.com/it-it/help/cli/). | #### Funzionalità e capacità amministrative | Funzionalità Enterprise | Descrizione | |------|------| | Gestione semplice degli utenti | Aggiungi o rimuovi postazioni e attiva o disattiva gli utenti direttamente dall'app web. [Scopri di più](https://bitwarden.com/it-it/help/managing-users/). | | Controllo degli accessi basato sui ruoli | Assegna accessi basati sui ruoli agli utenti dell'organizzazione, inclusi un ruolo personalizzato e autorizzazioni granulari (ad es. Nascondi password, Sola lettura). [Scopri di più](https://bitwarden.com/it-it/help/user-types-access-control/). | | Sincronizzazione della directory | Sincronizza la tua organizzazione Bitwarden con la directory utenti esistente. Esegui il provisioning e deprovisioning di utenti, gruppi e associazioni ai gruppi. [Scopri di più](https://bitwarden.com/it-it/help/directory-sync/). | | Supporto SCIM | Usa il protocollo SCIM per gestire ed eseguire il provisioning di utenti, gruppi e associazioni ai gruppi di Bitwarden dal tuo Identity Provider o servizio di directory, per semplificare l'onboarding e la gestione del turnover dei dipendenti. [Scopri di più](https://bitwarden.com/it-it/help/about-scim/). | | Recupero dell'account | Gli amministratori designati possono reimpostare e assegnare una master password agli account degli utenti finali se un dipendente perde l'accesso. [Scopri di più](https://bitwarden.com/it-it/help/admin-reset/). | | Raccolte con accesso selezionato e controllo degli accessi basato sui ruoli (RBAC) | Crea un numero illimitato di raccolte di password contenenti un numero illimitato di password. Le raccolte possono essere assegnate a gruppi o a singoli utenti. [Scopri di più](https://bitwarden.com/it-it/help/about-collections/). | | Criteri aziendali | Applica regole di sicurezza per tutti gli utenti, ad esempio rendendo obbligatorio l'uso della verifica in due passaggi. [Scopri di più](https://bitwarden.com/it-it/help/policies/). | | Domini e account rivendicati | Gli amministratori possono rivendicare la proprietà dei domini email, dando all'organizzazione il controllo sugli account Bitwarden registrati con indirizzi email aziendali, anche prima che tali utenti vengano formalmente inseriti. [Scopri di più.](https://bitwarden.com/it-it/help/claimed-domains/) | | Condivisione e generazione temporanea di password | Crea e condividi dati effimeri con Bitwarden Send. [Scopri di più](https://bitwarden.com/it-it/help/about-send/). | | Supporto per la distribuzione gestita dei client | Distribuisci estensioni del browser, app desktop e app mobili su larga scala usando strumenti MDM come Microsoft Intune, GPO e file di criteri Linux/macOS. [Scopri di più.](https://bitwarden.com/it-it/help/browserext-deploy/) | | Piano Families gratuito per gli utenti | Tutti gli utenti enterprise ricevono un piano famiglia gratuito per uso personale, così da adottare buone abitudini di sicurezza anche fuori dal lavoro. [Scopri di più](https://bitwarden.com/it-it/help/families-for-enterprise/). | #### Reportistica | Funzionalità Enterprise | Descrizione | |------|------| | Access Intelligence | Ottieni visibilità operativa su schemi di accesso rischiosi o insoliti all'interno del vault della tua organizzazione, aiutando i team di sicurezza a identificare e affrontare in modo proattivo i problemi di salute delle credenziali. [Scopri di più.](https://bitwarden.com/it-it/help/access-intelligence/) | | Report sullo stato di salute del vault | Esegui report su password esposte, password riutilizzate, password deboli e altro ancora. [Scopri di più](https://bitwarden.com/it-it/help/reports/). | | Report sulle violazioni dei dati | Esegui report sui dati compromessi in violazioni note (ad es. indirizzi email, password). [Scopri di più](https://bitwarden.com/it-it/help/reports/). | | Log eventi verificabili e integrazione SIEM | Registri con marca temporale degli eventi che si verificano nel vault della tua organizzazione, facilmente utilizzabili nell'app web o acquisibili dagli strumenti SIEM. Le integrazioni integrate includono Splunk, Microsoft Sentinel, Elastic, Rapid7, Panther e Sumo Logic. Altre possono essere supportate tramite chiamate API. [Scopri di più](https://bitwarden.com/it-it/help/event-logs/). | #### Autenticazione | Funzionalità Enterprise | Descrizione | |------|------| | 2FA per i singoli utenti | Un solido insieme di opzioni 2FA per qualsiasi utente Bitwarden. [Scopri di più](https://bitwarden.com/it-it/help/setup-two-step-login/). | | 2FA a livello di organizzazione | Abilita la 2FA tramite Duo per l'intera organizzazione. [Scopri di più](https://bitwarden.com/it-it/help/setup-two-step-login-duo/). | | Autenticazione biometrica | Disponibile per estensione del browser, applicazioni desktop e mobili. [Scopri di più](https://bitwarden.com/it-it/help/biometrics/). | | Accedi con il dispositivo | Gli utenti possono approvare l'accesso da un dispositivo attendibile invece di inserire una password principale, riducendo gli attriti e mantenendo la sicurezza. [Scopri di più.](https://bitwarden.com/it-it/help/log-in-with-device/) | | Accedi con passkey | Gli utenti possono accedere utilizzando una passkey conforme a FIDO che supporta l'estensione WebAuthn PRF sia nell'app web sia nelle estensioni del browser (per i browser compatibili). L'accesso con passkey elimina la necessità della verifica in due passaggi, della password principale e dell'indirizzo email di accesso, rendendo questo metodo ideale per un account amministratore break-glass. [Scopri di più.](https://bitwarden.com/it-it/help/login-with-passkeys/) | | Verifica dell'accesso da un nuovo dispositivo | Protegge dagli accessi non autorizzati richiedendo una verifica quando viene effettuato un tentativo di accesso da un dispositivo non riconosciuto e l'account non ha configurato l'accesso in due passaggi né è soggetto a criteri SSO. [Scopri di più.](https://bitwarden.com/it-it/help/new-device-verification/) | | SSO con dispositivi attendibili | SSO con dispositivi attendibili consente agli utenti di autenticarsi tramite SSO e decifrare il proprio vault usando una chiave di crittografia archiviata sul dispositivo, eliminando la necessità di inserire una password principale. [Scopri di più.](https://bitwarden.com/it-it/help/about-trusted-devices/) | | Accesso con SSO | Sfrutta il tuo Identity Provider (IdP) esistente per autenticare gli utenti della tua organizzazione Bitwarden tramite SAML 2.0 o OpenID Connect (OIDC). [Scopri di più](https://bitwarden.com/it-it/help/about-sso/). Con Accesso con SSO, puoi usare una delle due opzioni di decrittazione per stabilire come gli utenti decifrano i dati del vault una volta autenticati. [Scopri di più](https://bitwarden.com/it-it/help/sso-decryption-options/). | | SSO con crittografia gestita dal cliente (solo self-host) | I dipendenti usano le proprie credenziali SSO per autenticarsi e decifrare tutto in un unico passaggio. Questa opzione trasferisce alle aziende la conservazione delle password principali degli utenti, richiedendo all'azienda di distribuire un key connector per archiviare le chiavi utente. [Scopri di più. ](https://bitwarden.com/it-it/help/about-key-connector/) | #### Sicurezza | Funzionalità Enterprise | Descrizione | |------|------| | Archiviazione sicura per accessi, passkey, note, carte, identità e chiavi SSH. | Gli [elementi del vault](https://bitwarden.com/it-it/help/managing-items/) di Bitwarden vengono crittografati prima di essere archiviati ovunque. [Scopri di più](https://bitwarden.com/it-it/help/what-encryption-is-used/). | | Crittografia zero-knowledge | Tutti i dati del vault sono crittografati end-to-end. [Scopri di più](https://bitwarden.com/it-it/blog/vault-security-bitwarden-password-manager/). | | Generatore sicuro di nomi utente e password | Genera credenziali sicure, casuali e univoche per ogni elemento del vault. [Scopri di più](https://bitwarden.com/it-it/help/generator/). | | Esportazione crittografata | Scarica esportazioni crittografate per l'archiviazione sicura dei backup dei dati del vault. [Scopri di più](https://bitwarden.com/it-it/help/encrypted-export/). | | Autenticazione biometrica | Disponibile per l'estensione del browser e per le applicazioni desktop e mobili. [Scopri di più](https://bitwarden.com/it-it/help/biometrics/). | | Accesso di emergenza | Gli utenti possono designare e gestire contatti di emergenza attendibili, che possono richiedere l'accesso al loro vault in caso di emergenza. [Scopri di più](https://bitwarden.com/it-it/help/emergency-access/). | | Frase identificativa dell'account | Misura di sicurezza che identifica in modo univoco e sicuro un account utente Bitwarden quando vengono eseguite operazioni relative alla crittografia o di onboarding. [Scopri di più](https://bitwarden.com/it-it/help/fingerprint-phrase/). | | Criteri Enterprise per timeout e blocco del vault | Applica impostazioni di timeout e blocco a livello di organizzazione per ridurre il rischio di esposizione nelle sessioni inattive. [Scopri di più.](https://bitwarden.com/it-it/help/policies/#session-timeout/) | | Sub-responsabili del trattamento | Consulta l'elenco completo dei sub-responsabili del trattamento: [Sub-responsabili del trattamento di Bitwarden](https://bitwarden.com/it-it/help/subprocessors/). | #### Conformità, audit, certificazioni | Funzionalità Enterprise | Descrizione | |------|------| | SOC 2 Type II e SOC 3 | [Leggi le certificazioni SOC di Bitwarden](https://bitwarden.com/it-it/blog/bitwarden-achieves-soc-2-certification/). | | ISO 27001 | Bitwarden è certificato ISO 27001 ed è conforme ai controlli ISO 27001 relativi alla sicurezza dei dati. | | Valutazioni di sicurezza e conformità | Bitwarden investe in audit annuali di terze parti, valutazioni di sicurezza e altri standard di conformità. Tutti i report sono disponibili nella [pagina di conformità di Bitwarden](https://bitwarden.com/it-it/compliance/). | | GDPR, CCPA e HIPAA | [Scopri la conformità di Bitwarden ai vari framework sulla privacy](https://bitwarden.com/it-it/compliance/). | | Test white-box | Eseguiti tramite unit test e da ingegneri QA. | | Test black-box | Eseguiti tramite automazione e test manuali. | | Programma Bug Bounty | Svolto tramite HackerOne. [Scopri di più](https://hackerone.com/bitwarden/?type=team). | #### API ed estendibilità | Funzionalità Enterprise | Descrizione | |------|------| | Accessibile a livello programmatico | API pubbliche e private per le organizzazioni. [Scopri di più](https://bitwarden.com/it-it/help/public-api/). | | Interfaccia a riga di comando | Strumento a riga di comando completo e auto-documentato. [Scopri di più](https://bitwarden.com/it-it/help/cli/). | | Supporto per l'estendibilità | Automatizza i flussi di lavoro combinando API e CLI. | | Agente SSH | L'app desktop Bitwarden può fungere da agente SSH, archiviando e fornendo in modo sicuro le chiavi SSH a terminali e strumenti di sviluppo senza esporre le chiavi private sul disco. [Scopri di più.](https://bitwarden.com/it-it/help/ssh-agent/) | | Secrets Manager | Un prodotto dedicato alla gestione dei segreti (richiede un abbonamento separato) per team DevOps e di ingegneria, per archiviare, condividere e iniettare in modo sicuro i segreti (chiavi API, token, credenziali) nelle pipeline CI/CD e negli strumenti di infrastruttura. Si integra con GitHub Actions, GitLab CI/CD, Ansible, Terraform e Kubernetes. [Scopri di più.](https://bitwarden.com/it-it/products/secrets-manager/) | #### Resilienza | Funzionalità Enterprise | Descrizione | |------|------| | Aree geografiche dei server | Scegli dove ospitare i tuoi dati cloud su server Microsoft Azure basati negli Stati Uniti o nell'UE. [Scopri di più.](https://bitwarden.com/it-it/help/server-geographies/) | | Cache locale e accesso offline | I client con accesso effettuato possono accedere ai vault Bitwarden con una cache in sola lettura che rimane sul dispositivo per 30 giorni. [Scopri di più](https://bitwarden.com/it-it/help/security-faqs/). | | Strumenti di backup dei dati | Oltre alle esportazioni dei vault che possono essere eseguite tramite script, le distribuzioni self-hosted hanno accesso a [set di strumenti di supporto per il backup dei dati](https://bitwarden.com/it-it/help/backup-on-premise/) e il ripristino. Le distribuzioni cloud sono supportate da [criteri di ripristino point-in-time di Azure](https://bitwarden.com/it-it/help/data-storage/#on-bitwarden-servers/) per il disaster recovery. | | Supporto clienti dedicato | I clienti Enterprise ricevono supporto prioritario e accesso a risorse dedicate per il customer success, inclusi playbook di onboarding, il [Customer Success Hub](https://bitwarden.com/it-it/help/customer-success-hub/), e canali di supporto diretto. [Scopri di più.](https://bitwarden.com/it-it/products/business-support/) | --- URL: https://bitwarden.com/it-it/help/enterprise-free-trial/ --- # Start an Enterprise Trial ## New to Bitwarden? If you are new to Bitwarden, we would love to help you through the process of setting up an account and starting your 7-day free trial Enterprise organization with our dedicated signup page. [Start your Enterprise free trial](https://bitwarden.com/it-it/go/start-enterprise-trial/). Or, to learn more about the [Bitwarden enterprise offering](https://bitwarden.com/it-it/products/business/), see [Bitwarden Plans and Pricing](https://bitwarden.com/it-it/pricing/business/) or [Password Manager Plans](https://bitwarden.com/it-it/help/password-manager-plans/#enterprise-organizations/) and [Secrets Manager Plans](https://bitwarden.com/it-it/help/secrets-manager-plans/). ## Already a user? If you already have a Bitwarden account, complete the following steps to start your 7-day free trial of Bitwarden Enterprise: 1. Log in to the Bitwarden web app and select the **New organization**button: ![Nuova organizzazione](https://bitwarden.com/assets/3eSqWiTIuPSFxXdo5AAjT9/248b0fa7bb381add0d71682acd244a63/2024-12-03_13-57-58.png) 2. On the **New organization** screen, enter an **Organization name** for your new organization and the **Billing email** we can reach you at. > [!NOTE] Seven day trial charge > We won't charge you until your 7 day free trial of the Enterprise plan is over. You can cancel your subscription at any time in the **Settings** tab of your organization. 3. If you are trialing the Enterprise plan on behalf of a business: - Check the **This account is owned by a business** checkbox. - Provide your **Business name**. 4. Select the **Enterprise** plan option. Doing so will trigger additional enterprise-oriented fields to be displayed. 5. In the **Users** section, enter the number of **User seats** you need. Seats will be added if you exceed this number, unless you [specify a limit](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/#set-a-seat-limit/). 6. In the **Addons** section, enter the amount of **Additional storage (GB)** you need. Your plan comes with 5 GB of shared encrypted file attachments, and you can add additional storage later if required. 7. In the **Summary** section, select whether you'd like to be billed **Annually** or **Monthly**. > [!TIP] Activate SM during org creation > If you want to use [Secrets Manager](https://bitwarden.com/it-it/help/secrets-manager-overview/), complete the following steps to add it to your plan: > > 1. In the More from Bitwarden section, select the **Add Secrets Manager**checkbox. > 2. In the **User seats** field, specify the number of seats to purchase for Secrets Manager. This must be lower than or equal to the number of seats specified for your Password Manager subscription. > 3. In the **Additional service accounts**field, specify the number of service accounts to add to Secrets Manager. Teams and Enterprise plans come pre-packaged with 50 and 200 service accounts, respectively. 8. Enter your **Payment information** and select **Submit**. ### Next steps Now that you have created your trial Enterprise organization, we recommend that you: - [Add users to your organization](https://bitwarden.com/it-it/help/managing-users/) - [Create a collection](https://bitwarden.com/it-it/help/about-collections/) - Set up [login with SSO](https://bitwarden.com/it-it/help/about-sso/) - See [self-hosting an organization](https://bitwarden.com/it-it/help/self-host-an-organization/) --- URL: https://bitwarden.com/it-it/help/environment-variables/ --- # Environment Variables Some features of Bitwarden are not configured by the `bitwarden.sh` installer. Configure these settings by editing the environment file, located at `./bwdata/env/global.override.env`. This `.env` file comes pre-baked with configurable variables (see [Included variables](https://bitwarden.com/it-it/help/environment-variables/#included-variables/)), however there are additional variables which can be manually added (see [Optional variables](https://bitwarden.com/it-it/help/environment-variables/#optional-variables/)). **Whenever you make changes to** `global.override.env`**, perform a** `./bitwarden.sh restart` **to apply your changes.** > [!NOTE] Doesn't apply to Lite. > The information in this article may not apply to Bitwarden Lite self-hosted deployments. ## Included variables The following variables are among those that already exist in `global.override.env`: | **Variable** | **Description** | |------|------| | `globalSettings__baseServiceUri__vault=` | Enter the domain of your Bitwarden instance. If not configured, domain will default to localhost. Must not include a trailing slash. | | `globalSettings__sqlServer__connectionString=` | Use this field to [connect to an external MSSQL database](https://bitwarden.com/it-it/help/external-db/). | | `globalSettings__oidcIdentityClientKey=` | A randomly generated OpenID Connect client key. For more information, see [OpenID Documentation](https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse). | | `globalSettings__duo__aKey=` | A randomly generated Duo akey. For more information, see [Duo's Documentation](https://duo.com/docs/duoweb-v2#1.-generate-an-akey). | | `globalSettings__yubico__clientId=` | Client ID for YubiCloud Validation Service or self-hosted Yubico Validation Server. If YubiCloud, get your client ID and secret key [here](https://upgrade.yubico.com/getapikey/). If self-hosted, see optional variable `globalSettings__yubico__validationUrls`. | | `globalSettings__yubico__key=` | Secret Key for YubiCloud Validation Service or self-hosted Yubico Validation Server. If YubiCloud, get your client ID and secret key [here](https://upgrade.yubico.com/getapikey/). If self-hosted, see optional variable `globalSettings__yubico__validationUrls`. | | `globalSettings__mail__replyToEmail=` | Email address used for invitations, typically `no_reply@smpt__host`. | | `globalSettings__mail__smtp__host=` | Your SMTP server hostname (recommended) or IP address. | | `globalSettings__mail__smtp__port=` | The SMTP port used by the SMTP server. | | `globalSettings__mail__smtp__ssl=` | (Boolean) Whether your SMTP server uses an encryption protocol: `true` = SSL `false` = TLS | | `globalSettings__mail__smtp__username=` | A valid username for the `smtp__host`. | | `globalSettings__mail__smtp__password=` | A valid password for the `smtp__host`. Dollar sign `$` characters are not supported in SMTP passwords. | | `globalSettings__disableUserRegistration=` | Specify `true` to disable new users signing up for an account on this instance via the registration page. | | `globalSettings__hibpApiKey=` | Your HaveIBeenPwned (HIBP) API Key, available [here](https://haveibeenpwned.com/API/Key). This key allows users to run the [Data Breach report](https://bitwarden.com/it-it/help/reports/#data-breach-individual-vaults-only/) and to check their master password for presence in breaches when they create an account. | | `adminSettings__admins=` | Email addresses which may access the [System Administrator Portal](https://bitwarden.com/it-it/help/system-administrator-portal/). | [Embedded content]## Optional variables The following variables do not already exist in `global.override.env`, and can be manually added: | Variable | Description | |------|------| | `globalSettings__logDirectory=` | Specifies the directory to save container log file output to. This must be a directory inside the container, by default, `globalSettings__logDirectory=etc/bitwarden/logs`. | | `globalSettings__logRollBySizeLimit=` | Specify the size limit in bytes to use for container log files (for example, `globalSettings__logRollBySizeLimit=1073741824`). | | `globalSettings__mail__smtp__trustServer=` | Specify `true `to explicitly trust the certificate presented by the SMTP server (**not recommended for production**). | | `globalSettings__mail__smtp__sslOverride=` | Specify `true `to use SSL (not TLS) on port 25. | | `globalSettings__mail__smtp__startTls=` | Specify `true `to force STARTTLS (Opportunistic TLS). | | `globalSettings__organizationInviteExpirationHours=` | Specify the number of hours after which an organization invite will expire (`120 `by default). | | `globalSettings__yubico__validationUrls__0=` | Primary URL for self-hosted Yubico Validation Server. For example: `=https://your.url.com/wsapi/2.0/verify` Add additional validation server URLs by creating incremented environment variables, for example  `globalSettings__yubico__validationUrls__1=`, `globalSettings__yubico__validationUrls__2=` | | `globalSettings__enableCloudCommunication=` | Set to `true `to allow communication between your server and our cloud system. Doing so [enables billing and license sync](https://bitwarden.com/it-it/help/self-host-an-organization/#step-4-setup-billing-and-license-sync/). | | `adminSettings__deleteTrashDaysAgo=` | Specify the number of days after which to permanently delete items from the trash. By default, `adminSettings__deleteTrashDaysAgo=30`. | | `globalSettings__sso__enforceSsoPolicyForAllUsers=` | Specify `true` to enforce the [Require SSO authentication](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/) policy for owner and admin roles. | | `globalSettings__baseServiceUri__cloudRegion=` | Specify `US` or `EU` to designate [which cloud server](https://bitwarden.com/it-it/help/server-geographies/) your self-hosted server should hyperlink to. If you're using EU, you'll also need to setup a few other variables as documented [here](https://bitwarden.com/it-it/help/server-geographies/#connect-your-self-hosted-server/). | | `globalSettings__sqlServer__DisableDatabaseMaintenanceJobs=` | Specify `true` to skip application-side maintenance of the statistics and index rebuild tasks in the database. These tasks require elevated MSSQL privileges and should be reconfigured to run as a database user if this value is set to `true`. [Learn more](https://bitwarden.com/it-it/help/database-options/). | | `globalSettings__sqlServer__SkipDatabasePreparation=` | Specify `true` to skip application-side database preparation. If not specified, database preparation checks on installation whether a database with the name specified in `globalSettings__sqlServer__connectionString=` exists and, if not, creates one. This task requires elevated MSSQL privileges and, if this value is set to `true`, the named database must exist before initiating installation. [Learn more](https://bitwarden.com/it-it/help/database-options/). | ### Load balancers requiring authentication Bitwarden clients without access to a shared cookie store (such as the Desktop and Mobile clients) cannot communicate with a self-hosted server utilizing a load balancer that requires authentication. To launch an SSO session whose cookie will be copied into the Bitwarden client cookie store, add the following variables to the `global.override.env` file: | Variable | Descrition | |------|------| | `globalSettings__communication__bootstrap=` | To enable this feature, set to `ssoCookieVendor`. | | `globalSettings__communication__ssoCookieVendor__cookieName=` | The name of the SSO cookie set by the identity provider (for example, `sso_token`). | | `globalSettings__communication__ssoCookieVendor__cookieDomain=` | The domain from which the SSO cookie is read (such as `example.com`). | ### Refresh token variables Refresh token variables allow you to change the timeout of tokens. Administrators can use these values, for example, to require users to log in every day. Use the following variables to configure the handling of refresh tokens by your server: | Variable | Description | |------|------| | `globalSettings__IdentityServer__ApplyAbsoluteExpirationOnRefreshToken=` | Specify `true` to use **only** a specified absolute lifetime for refresh tokens and ignore expiration sliding based on usage. When true, only `__AbsoluteRefreshTokenLifetimeSeconds=` will be considered to determine behavior. Specify `false` to allow refresh token expiration to slide (i.e. extend validity for a specified period of time) when they're used. When `false`, both of the following options will be considered to determine behavior. | | `globalSettings__IdentityServer__AbsoluteRefreshTokenLifetimeSeconds=` | Specify a integer. Refresh tokens will expire after the absolute lifetime of that integer in seconds, regardless of whether sliding is allowed or not. This variable may only be `0` if `__ApplyAbsoluteExpirationOnRefreshToken=true`, in which case refresh tokens are always rejected. | | `globalSettings__IdentityServer__SlidingRefreshTokenLifetimeSeconds=` | Specify a integer greater than `0`. Refresh tokens will extend their validity upon use by that integer, in seconds. Refresh tokens will always expire after their configured absolute lifetime, regardless of what's set here. | --- URL: https://bitwarden.com/it-it/help/event-logs/ --- # Event Logs Track your organization's activity and investigate incidents with event logs, timestamped records that capture changes and usage across your Teams or Enterprise organization. You can access these logs through the [web app](https://bitwarden.com/it-it/help/event-logs/#access-event-logs/) and `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/it-it/help/event-logs/#api-responses/). While event log data is retained indefinitely, you can only view up to 367 days worth of data at a time. ## Access event logs To review event logs in the Bitwarden web app: 1. Open the Admin Console from the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) *Product switcher* 2. Select **Reporting** → **Event logs**. 3. (Optional) Adjust the date range and select **Update**. Some events include a pink resource identifier in the **Event** column: ![Event identifier](https://bitwarden.com/assets/011fNmRs4fFzD5RjtL7bVT/bda04d6785c1749e0e85d9ee3d60872e/Event_identifier.png) *Event identifier* Select the event identifier to: - View a list of all associated events, like when an item was edited or an [Enterprise policy](https://bitwarden.com/it-it/help/policies/) was turned on. - Go to the page where you can access and, if available, modify the resource. For example, selecting a member's identifier from**Event logs** will take you to the **Members** view and automatically filter the list down to that member. You can also [export logs as .csv](https://bitwarden.com/it-it/help/event-logs/#export-events/) from the web app or as JSON via the [Bitwarden Public API](https://bitwarden.com/it-it/help/event-logs/#api-responses/). ## When events are saved Bitwarden captures events at both the client and server level. While server events are recorded instantly, client events, the majority, are transmitted to the server every 60 seconds. As such, recent activity may show a brief delay. Clients automatically retry failed transmissions, but events cannot be recorded if the client loses API connectivity or is somehow modified to not send events. > [!NOTE] Event log vulnerability > Event logs rely on user-reported and client-level data, which technically could be modified or suppressed. Because of this potential situation, Bitwarden event logs may not suffice for security, legal forensics, or auditing purposes for all users and organizations. ## Event types Bitwarden records over 60 event types, and each is listed below with their type codes. For each event, the event logs page displays the: - **Timestamp** of the event - **Client** application and IP address (hover over the **Client** column's value or the client icon for details) - **Member** connected to the event - **Event** description Events are associated with a type code (`1000`, `1001`, etc...) that identifies the action captured by the event. Type codes are used by the [Bitwarden Public API](https://bitwarden.com/it-it/help/public-api/) to identify the action documented by an event. ### User events - Logged in (`1000`) - Changed account password. (`1001`) - Two-step login saved (`1002`) - Two-step login turned off (`1003`) - [Recovered account](https://bitwarden.com/it-it/help/two-step-recovery-code/) from two-step login. (`1004`) - Login attempted failed with incorrect password. (`1005`) - Login attempt failed with incorrect two-step login. (`1006`) - User exported their individual vault items. (`1007`) - User reset their master password through [account recovery.](https://bitwarden.com/it-it/help/account-recovery/) (`1008`) - User migrated their decryption key with [Key Connector.](https://bitwarden.com/it-it/help/about-key-connector/) (`1009`) - User requested [device approval.](https://bitwarden.com/it-it/help/approve-a-trusted-device/) (`1010`) - User set a master password during TDE offboarding. (`1011`). ### Item events - Created item `item-identifier`. (`1100`) - Edited item `item-identifier`. (`1101`) - Permanently Deleted item `item-identifier`. (`1102`) - Created attachment for item `item-identifier`. (`1103`) - Deleted attachment for item `item-identifier`. (`1104`) - Moved item `item-identifier` to an organization. (`1105`) - Edited collections for item `item-identifier`. (`1106`) - Viewed item `item-identifier`. (`1107`) - Viewed password for item `item-identifier`. (`1108`) - Viewed hidden field for item `item-identifier`. (`1109`) - Viewed security code for item `item-identifier`. (`1110`) - Copied password for item `item-identifier`. (`1111`) - Copied hidden field for item `item-identifier`. (`1112`) - Copied security code for item `item-identifier`. (`1113`) - Auto-filled item `item-identifier`. (`1114`) - Sent item `item-identifier` to trash. (`1115`) - Restored item `item-identifier`. (`1116`) - Viewed Card Number for item `item-identifier`. (`1117`) - Viewed security code for item `item-identifier`. (`1118`) ### Collection events - Created collection `collection-identifier`. (`1300`) - Edited collection `collection-identifier`. (`1301`) - Deleted collection `collection-identifier`. (`1302`) ### Group events - Created group `group-identifier`. (`1400`) - Edited group `group-identifier`. (`1401`) - Deleted group `group-identifier`. (`1402`) ### Organization events - Invited user `user-identifier`. (`1500`) - Confirmed user `user-identifier`. (`1501`) - Edited user `user-identifier`. (`1502`) - Removed user `user-identifier`. (`1503`) - Edited groups for user `user-identifier`. (`1504`) - Unlinked SSO for user `user-identifier`. (`1505`) - User `user-identifier` enrolled in account recovery. (`1506`) - User `user-identifier` withdrew from account recovery. (`1507`) - [Account recovery](https://bitwarden.com/it-it/help/account-recovery/) with master password initiated for `user-identifier`. (`1508`) - Reset SSO link for user `user-identifier`. (`1509`) - `user-identifier` logged in using SSO for the first time. (`1510`) - Revoked organization access for `user-identifier`.* *(`1511`) - Restored organization access for `user-identifier`.* *(`1512`) - Approved device for `user-identifier`. (`1513`) - Denied device for `user-identifier`. (`1514`) - Deleted user `user-identifier`. (`1515`) - User `user-identifier` left organization. (`1516`) - Automatically confirmed user `user-identifier`. (`1517`) - User `user-identifier` self-revoked from organization. (`1518`) - [Account recovery](https://bitwarden.com/it-it/help/account-recovery/) with two-step login initiated for user-identifier. (`1519`) - Edited organization settings. (`1600`) - Purged organization vault. (`1601`) - Exported organization vault. (`1602`) - Organization Vault accessed by a managing [Provider.](https://bitwarden.com/it-it/help/providers/) (`1603`) - Organization enabled SSO. (`1604`) - Organization disabled SSO. (`1605`) - Organization enabled Key Connector. (`1606`) - Organization disabled Key Connector. (`1607`) - Families Sponsorships synced. (`1608`) - Modified collection management setting. (`1609`) - Turned on [Restrict collection creation](https://bitwarden.com/it-it/help/collection-management/#restrict-collection-creation-to-owners-and-admins/) setting. (`1610`) - Turned off [Restrict collection creation](https://bitwarden.com/it-it/help/collection-management/#restrict-collection-creation-to-owners-and-admins/) setting. (`1611`) - Turned on [Restrict collection deletion](https://bitwarden.com/it-it/help/collection-management/#restrict-collection-deletion-to-owners-and-admins/) setting. (`1612`) - Turned off [Restrict collection deletion](https://bitwarden.com/it-it/help/collection-management/#restrict-collection-deletion-to-owners-and-admins/) setting. (`1613`) - Turned on [Restrict item deletion](https://bitwarden.com/it-it/help/collection-management/#restrict-item-deletion-to-members-with-the-manage-collection-permissions/) setting. (`1614`) - Turned off [Restrict item deletion](https://bitwarden.com/it-it/help/collection-management/#restrict-item-deletion-to-members-with-the-manage-collection-permissions/) setting. (`1615`) - Turned on [Allow owners and admins to manage all collections and items](https://bitwarden.com/it-it/help/collection-management/#allow-owners-and-admins-to-manage-all-collections-and-items-from-the-admin-console/) setting. (`1616`) - Turned off [Allow owners and admins to manage all collections and items](https://bitwarden.com/it-it/help/collection-management/#allow-owners-and-admins-to-manage-all-collections-and-items-from-the-admin-console/) setting. (`1617`) - Accepted transfer to organization ownership. (`1618`) - Revoked for declining transfer to organization ownership. (`1619`) - Turned on Automatic user confirmation setting. (`1620`) - Turned off Automatic user confirmation setting. (`1621`) - Added Automatic user confirmation policy. (`1622`) - Removed Automatic user confirmation policy. (`1623`) - Modified policy `policy-identifier`. (`1700`) - Added domain `domain-name`. (`2000`) - Removed domain `domain-name`. (`2001`) - `domain-name` verified. (`2002`) - `domain-name `not verified. (`2003`) ### Phishing blocker events - User attempted to access known phishing site (`2400`) - User exited phishing warning page (`2401`) - User bypassed phishing warning page (`2402`) ### Secrets Manager events Secrets Manager events are available both from the **Reporting** tab of your organization vault and from the [machine account Event logs page](https://bitwarden.com/it-it/help/service-accounts/#service-account-events/). Secrets Manager events can be reviewed by Admins, Owners, and individuals with the appropriate custom role to view, regardless of individual access to Secrets Manager. The following Secrets Manager events are captured: - Accessed a secret with identifier: `secret-identifier`. (`2100`) - Created a new secret with identifier: `secret-identifier` (`2101`) - Edited a secret with with identifier: `secret-identifier`* *(`2102`) - Deleted a secret with identifier: `secret-identifier`* *(`2103`) - Accessed a project with identifier: `project-identifier`.* *(`2200`) - Created a new project with identifier: `project-identifier`* *(`2201`) - Edited a project with identifier: `project-identifier` (`2202`) - Deleted a project with identifier: `project-identifier`* *(`2203`) - Added user: `user-identifier` to machine account with identifier: `machine-account-identifier` (`2300`) - Removed user: `user-identifier` from machine account with identifier: `machine-account-identifier` (`2301`) - Added group: `group-identifier` to machine account with identifier: `machine-account-identifier` (`2302`) - Removed group: `group-identifier` from machine account with identifier: `machine-account-identifier`* *(`2303`) - Created machine account with identifier: `machine-account-identifier` (`2304`) - Deleted machine account with identifier: `machine-account-identifier `(`2305`) ### Provider events When any of the above events is executed by a member of an [administering provider](https://bitwarden.com/it-it/help/providers/), the **User** column will record the name of the provider. Additionally, a provider-specific event will record whenever a member of an administering provider accesses your organization vault: ![Provider accessing events](https://bitwarden.com/assets/4e95ZWDt6ZBPfina42MZhP/d4653c6aebb2bcff6186e6d49415da61/2024-12-05_09-47-18.png) *Provider accessing events* ## Export events To export a `.csv` of all events within the specified date range, select **Export**: ![Export Event Logs ](https://bitwarden.com/assets/QL3nTOsAOsCPQtQTONOEw/53652d49e4bf8eaa67c972c1b55c12fc/2024-12-04_09-48-02.png) *Export Event Logs * For example: ``` message,appIcon,appName,userId,userName,userEmail,date,ip,type Logged in.,fa-globe,Web Vault - Chrome,1234abcd-56de-78ef-91gh-abcdef123456,Alice,alice@bitwarden.com,2021-06-14T14:22:23.331751Z,111.11.111.111,User_LoggedIn Invited user zyxw9876.,fa-globe,Unknown,1234abcd-56de-78ef-91gh-abcdef123456,Alice,alice@bitwarden.com,2021-06-14T14:14:44.7566667Z,111.11.111.111,OrganizationUser_Invited Edited organization settings.,fa-globe,Web Vault - Chrome,9876dcba-65ed-87fe-19hg-654321fedcba,Bob,bob@bitwarden.com,2021-06-07T17:57:08.1866667Z,222.22.222.222,Organization_Updated ``` > [!TIP] Member list export > You can also download a .`.csv` [list of members](https://bitwarden.com/it-it/help/managing-users/#download-list-of-members/) that includes account-specific details, like whether Secrets Manager is activated and their status in the organization. ## API responses Access event logs from the `/events` endpoint of the [Bitwarden Public API](https://bitwarden.com/it-it/help/public-api/) to return a JSON response, such as: ``` { "object": "list", "data": [ { "object": "event", "type": 1000, "itemId": "string", "collectionId": "string", "groupId": "string", "policyId": "string", "memberId": "string", "actingUserId": "string", "date": "2020-11-04T15:01:21.698Z", "device": 0, "ipAddress": "xxx.xx.xxx.x" } ], "continuationToken": "string" } ``` ## SIEM and external systems integrations Bitwarden provides a comprehensive set of integrations with Security Information and Event Management (SIEM) platforms that leverage event logs: - [Elastic SIEM](https://bitwarden.com/it-it/help/elastic-siem/) - [Microsoft Sentinel SIEM](https://bitwarden.com/it-it/help/microsoft-sentinel-siem/) - [Panther SIEM](https://bitwarden.com/it-it/help/panther-siem/) - [Rapid7 SIEM](https://bitwarden.com/it-it/help/rapid7-siem/) - [Sumo Logic SIEM](https://bitwarden.com/it-it/help/sumo-logic-siem/) - [Splunk SIEM](https://bitwarden.com/it-it/help/splunk-siem/) Bitwarden also provides multiple methods for accessing data that may be relevant to SIEM platforms for which there is not currently a specific integration. For help configuring a SIEM that isn't listed above, refer to [Non-native SIEM](https://bitwarden.com/it-it/help/non-native-siem/). --- URL: https://bitwarden.com/it-it/help/exclude-domains/ --- # Block Autosave on Specific Sites Bitwarden browser extensions can be configured to exclude specific sites from triggering [autosave notifications](https://bitwarden.com/it-it/help/autosave-from-browser-extensions/). When a domain is in the **Excluded domains** list, Bitwarden won't issue the notification any of the available notifications, including to save a new login, update an existing login, or to save or use a passkey: ![Richiedi di aggiungere l'accesso](https://bitwarden.com/assets/4vsurEuH5deik26BWn4n1p/82757186b081890fbe92b4d73baeae53/screenshot_7.png) To configure excluded domains, navigate to **Settings** → **Notification** → **Excluded domains**: ![Excluded Domains Configuration ](https://bitwarden.com/assets/qUGIVQR379ac3R2dXdoy8/06b4dec0b9e02911903052789c44723c/2024-12-03_11-00-24.png) Domain exclusion does not register "full" URLs, only the domain component. For example, `https://github.com/bitwarden/browser` would resolve to `github.com` when saved, meaning that the browser extension would explicitly not offer to save credentials for Github. --- URL: https://bitwarden.com/it-it/help/export-organization-items/ --- # Export Organization Items For organizations, exporting data and storing it in a secure location is a great way of ensuring access to a backup. Organizations can export data from the web app and CLI. Vault data is decrypted locally by the client before export, meaning no unencrypted data is transported over the internet when you create an export. There are two ways to export organization data: - Organization members with the [Manage collection permission](https://bitwarden.com/it-it/help/collection-permissions/) can export item data from collections for which they have that permission by following [this process](https://bitwarden.com/it-it/help/export-your-data/). - Organization [admins, owners, and custom users with the correct permissions](https://bitwarden.com/it-it/help/user-types-access-control/) can export all organization item data by using this instructions in this article. - Organizations that have enabled the [Centralize organization ownership policy](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) cannot export organization members' [My Items](https://bitwarden.com/it-it/help/my-items/) while the user is active in the organization. Exports can be made in a few different formats, however Bitwarden recommends using an [encrypted .json option](https://bitwarden.com/it-it/help/encrypted-export/) for best security and a more complete export, as `.csv` files won't currently export cards or identities, and only `.json` exports include [stored passkeys](https://bitwarden.com/it-it/help/storing-passkeys/) and [SSH keys](https://bitwarden.com/it-it/help/ssh-agent/). For a complete list of all the items and fields included in an organizations vault export, see this ⬇️ [JSON sample](https://bitwarden.com/assets/2oQPd5ZsY1N0hph4N6pBrY/b5fc7c05ac238d71d9a1902a58559cc6/Organization_vault_export.json). ### Web app To export your organization data from the web app: 1. Open the **Admin Console** using the product switcher. 2. Select **Settings** → **Export** from the navigation: ![Export organization items](https://bitwarden.com/assets/2UQyeVwsMcc1f7vcJOnnUO/92b2bb7eee6bcf9e183f9b039aec5d33/2025-12-17_11-08-49.png) *Export organization items* 3. On the vault export page, choose a **File format** (`.json`, `.csv`, or `.json (Encrypted)`) and select the **Confirm format**button. > [!WARNING] Careful w/ Exports > Unless you are using an [encrypted export](https://bitwarden.com/it-it/help/encrypted-export/), do not store or send the exported file over insecure channels, like email, and delete the file immediately after use. 4. Enter your master password and select the **Export** button. > [!NOTE] Exported Org data event > Exporting an organization's vault data will be captured by event logs. [Learn more](https://bitwarden.com/it-it/help/event-logs/). ### CLI > [!TIP] Sync before export on CLI > Sync your vault with `bw sync` before exporting to ensure the most up-to-date information is included. To export your organization data from the CLI, use the `export` command with the `--organizationid` option. By default, `export` will export your vault as a `.csv` and save the file to the working directory, however this behavior can be altered using options: ``` bw export my-master-password --organizationid 7063feab-4b10-472e-b64c-785e2b870b92 --output /users/me/documents/ --format json --session my-session-key ``` > [!TIP] Getting organizationid with bw list > If you don't know your `organizationid` value off-hand, you can access it at the command-line using `bw list organizations`. For more detail, see our [CLI documentation](https://bitwarden.com/it-it/help/cli/). > [!NOTE] Exported Org data event > Exporting an organization's vault data will be captured by event logs. [Learn more](https://bitwarden.com/it-it/help/event-logs/). --- URL: https://bitwarden.com/it-it/help/export-secrets-data/ --- # Export Data You can export your secrets data from the web app as a `.json` file. Exports will include [projects](https://bitwarden.com/it-it/help/projects/) and [secrets](https://bitwarden.com/it-it/help/secrets/), but not [machine accounts](https://bitwarden.com/it-it/help/machine-accounts/) or [access tokens](https://bitwarden.com/it-it/help/access-tokens/). Only the Secrets Manager data associated with organization currently selected from the organization selector will be exported. Items in other products or from other organizations will not be included. To export your data: [![Vimeo Video](https://vumbnail.com/846444688.jpg)](https://vimeo.com/846444688) *[Watch on Vimeo](https://vimeo.com/846444688)* **Capitoli del video:** Scopri di più sull'esportazione dei dati di Secrets Manager [qui](https://bitwarden.com/it-it/help/export-secrets-data/). > [!NOTE] Secrets export role > To export Secrets Manager data, your user account must be an owner or admin within the organization. 1. Select **Settings**→ **Export data** from the left-hand navigation: ![Export data](https://bitwarden.com/assets/4UTBBbo0rrqRtsYSBmiCLy/0af1a1818c660f8baf24c46999a8a81d/2024-12-03_13-41-37.png) 2. Select the **Export data** button. When prompted, enter your master password. --- URL: https://bitwarden.com/it-it/help/export-your-data/ --- # Export Vault Data Export your vault data, including logins and notes, to back up important information or [transfer to a new Bitwarden vault](https://bitwarden.com/it-it/help/import-data/). No unencrypted data is transferred over the internet, because data is decrypted locally by the client before exporting. > [!TIP] Cloud-stored, no need for export > If you’re adding Bitwarden to a new device and your account is hosted on our cloud servers, you don’t need to create an export. Instead, [download Bitwarden](https://bitwarden.com/it-it/download/) on your new device and log in with your existing account. > [!WARNING] Careful w/ Exports > Unless you are using an [encrypted export](https://bitwarden.com/it-it/help/encrypted-export/), do not store or send the exported file over insecure channels, like email, and delete the file immediately after use. ## Export file types Exports can be downloaded in a few formats: - `.json` (plaintext) - `.csv` (plaintext) - [.json (Encrypted)](https://bitwarden.com/it-it/help/encrypted-export/) - `.zip (with attachments)` (includes a `.json` file and your attachments) > [!NOTE] .zip exports > `.zip` exports are currently only available for individual vault data. - (**iOS 26 only**) export directly to another app > [!NOTE] What is CXP > Exporting directly to another app requires that the target app supports the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications). Review [example .csv and .json files](https://bitwarden.com/it-it/help/condition-bitwarden-import/) to decide which format is best for you. We recommend the encrypted `.json` option for best security and most complete export. Only `.json` exports include: - Cards - Identities - [Stored passkeys](https://bitwarden.com/it-it/help/storing-passkeys/) - [SSH keys](https://bitwarden.com/it-it/help/ssh-agent/) No export formats include trash items or [Sends](https://bitwarden.com/it-it/help/about-send/). For a complete list of all items and fields included in an individual vault export, check out this ⬇️ [.json sample](https://bitwarden.com/assets/3klSoZBBd57skEvwFkcMJc/9dfe5d696c102cd32da88dc325706738/Individual_vault_export.json). ## Export an individual vault > [!NOTE] Exporting personal data; no org data > Individual vault exports do not include organization-owned data. Only admins, owners, and some custom roles can [export organization items](https://bitwarden.com/it-it/help/export-organization-items/) via the web app or CLI. Members with **Manage collection** [permission](https://bitwarden.com/it-it/help/collection-permissions/) can, however, export data from collections they can access. ### Web app To export vault data: 1. Select **Tools**. 2. Select **Export**: ![Export items](https://bitwarden.com/assets/5PUGzasNsQnABG9gtso4o3/4e4880193ff45c22f0474c129e68e4e3/2025-12-17_11-43-59.png) *Export items* 3. From the **Export from** dropdown menu, select which data to download: - Select **My vault** for your individual vault’s items. - Select an organization vault’s name, which will include data from collections where you have [**Manage collection**](https://bitwarden.com/it-it/help/collection-permissions/) permission. 4. Select a **File Format**: `.json`, `.csv`, `.json (Encrypted)`, or `.zip (with attachments)`). 5. (Optional) If you choose `.json (Encrypted)`, select an **Export type**for the [encrypted file](https://bitwarden.com/it-it/help/encrypted-export/): - **Account restricted:** This file can only be imported to the current Bitwarden account that generated the encrypted export file. > [!WARNING] Encryption Key Impact on Encrypted Exports > **Account restricted**exports can only be imported to the same account where it originated. Account restricted exports **cannot** be imported to a different account, including: > > - An account with the same email on a different [geographic](https://bitwarden.com/it-it/help/server-geographies/) or self-hosted server > - Another account with the same email address, even if the originating account was deleted > > Additionally, [rotating your account's encryption key](https://bitwarden.com/it-it/help/account-encryption-key/) will render an account restricted export impossible to decrypt. **If you rotate your account encryption key, replace any old files with new ones that use the new encryption key.** > > If you wish to import an encrypted `.json` file into a different Bitwarden account, generate a **Password protected**export instead. - **Password protected:**This file can be imported to any Bitwarden account by utilizing the password set during the encrypted export process. > [!TIP] Password generator for export > Select [generate] to securely generate a unique password for the export. If you do, be sure to save that password in a safe place. 6. Select **Export**. 7. Enter your master password or an email verification code to confirm. Export files will be saved **to the location set by your browser**. By default this is typically a Downloads folder, but you can change it within the web browser. ### Browser extension To export vault data: 1. Select the ⚙️ **Settings** icon. 2. Select **Vault options**. 3. Select **Export vault**. 4. From the **Export from** dropdown menu, select which data to download: - Select **My vault** for your individual vault’s items. - Select an organization vault’s name, which will include data from collections where you have [**Manage collection**](https://bitwarden.com/it-it/help/collection-permissions/) permission. 5. Select a **File Format**: `.json`, `.csv`, `.json (Encrypted)`, or `.zip (with attachments)`). 6. (Optional) If you choose `.json (Encrypted)`, select an **Export type**for the [encrypted file](https://bitwarden.com/it-it/help/encrypted-export/): - **Account restricted:** This file can only be imported to the current Bitwarden account that generated the encrypted export file. > [!WARNING] Encryption Key Impact on Encrypted Exports > **Account restricted**exports can only be imported to the same account where it originated. Account restricted exports **cannot** be imported to a different account, including: > > - An account with the same email on a different [geographic](https://bitwarden.com/it-it/help/server-geographies/) or self-hosted server > - Another account with the same email address, even if the originating account was deleted > > Additionally, [rotating your account's encryption key](https://bitwarden.com/it-it/help/account-encryption-key/) will render an account restricted export impossible to decrypt. **If you rotate your account encryption key, replace any old files with new ones that use the new encryption key.** > > If you wish to import an encrypted `.json` file into a different Bitwarden account, generate a **Password protected**export instead. - **Password protected:**This file can be imported to any Bitwarden account by utilizing the password set during the encrypted export process. > [!TIP] Password generator for export > Select [generate] to securely generate a unique password for the export. If you do, be sure to save that password in a safe place. 7. Select **Export vault**. 8. Enter your master password or an email verification code to confirm. 9. Select **Export vault**. Export files will be saved **to the location set by your browser**. By default this is typically a Downloads folder, but you can change it within the web browser. ### Desktop To export vault data: 1. Select **Export** from the navigation menu. 2. From the **Export from** dropdown menu, select which data to download: - Select **My vault** for your individual vault’s items. - Select an organization vault’s name, which will include data from collections where you have [**Manage collection**](https://bitwarden.com/it-it/help/collection-permissions/) permission. 3. Select a **File Format**: `.json`, `.csv`, `.json (Encrypted)`, or `.zip (with attachments)`). 4. (Optional) If you choose `.json (Encrypted)`, select an **Export type**for the [encrypted file](https://bitwarden.com/it-it/help/encrypted-export/): - **Account restricted:** This file can only be imported to the current Bitwarden account that generated the encrypted export file. > [!WARNING] Encryption Key Impact on Encrypted Exports > **Account restricted**exports can only be imported to the same account where it originated. Account restricted exports **cannot** be imported to a different account, including: > > - An account with the same email on a different [geographic](https://bitwarden.com/it-it/help/server-geographies/) or self-hosted server > - Another account with the same email address, even if the originating account was deleted > > Additionally, [rotating your account's encryption key](https://bitwarden.com/it-it/help/account-encryption-key/) will render an account restricted export impossible to decrypt. **If you rotate your account encryption key, replace any old files with new ones that use the new encryption key.** > > If you wish to import an encrypted `.json` file into a different Bitwarden account, generate a **Password protected**export instead. - **Password protected:**This file can be imported to any Bitwarden account by utilizing the password set during the encrypted export process. > [!TIP] Password generator for export > Select [generate] to securely generate a unique password for the export. If you do, be sure to save that password in a safe place. 5. Select **Export vault**. 6. Enter your master password or an email verification code to confirm. 7. Select **Export vault**. Export files will be saved **to the location set by your device**. By default this is typically a Downloads folder, but you can change it within the device settings. ### Mobile To export vault data: 1. Tap the ⚙️ **Settings** icon. 2. Tap **Vault**. 3. Tap **Export vault**. > [!NOTE] CXP on iOS > On iOS 26+, you can choose between **Export vault to a file**and **Export vault to another app**. > > If you choose **Export vault to a file**, continue with these instructions. If you choose **Export vault to another app**, follow the simple on-screen process to export data directly to any other app that supports the [FIDO Credential Exchange Protocol](https://fidoalliance.org/specifications-credential-exchange-specifications). 4. Select a **File Format**: `.json`, `.csv`, or `.json (Password protected)`. ![Export vault on mobile](https://bitwarden.com/assets/6IvRA9oYfTvO9GxylX2MMh/528b65ca6d83f0f28c469b62078570d5/2025-01-22_09-51-29.png) 5. (Optional) If you choose `json (Password protected)`, enter a new password. If you import this file back into Bitwarden, you'll need to enter that password. 6. Enter your master password. 7. Select **Export**. Export files will be saved **to the location set by your device**. By default this is typically a Downloads folder, but you can change it within the device settings. ### CLI > [!TIP] Sync before export on CLI > Sync your vault with `bw sync` before exporting to ensure the most up-to-date information is included. To export your individual vault data from the [CLI](https://bitwarden.com/it-it/help/cli/), use the `export` command. By default, `export` will export your vault as a `.csv` and save the file to the working directory. This behavior can be altered using options: ``` bw export --output /users/me/documents/ --format json --password mYP@ssw0rd ``` The `--password` option can be used to specify a password to use to encrypt `encrypted_json` exports instead of your [account encryption key](https://bitwarden.com/it-it/help/account-encryption-key/). --- URL: https://bitwarden.com/it-it/help/external-db/ --- # Connect to an External MSSQL Database By default, self-hosted instances of Bitwarden will use a Microsoft SQL Server (MSSQL) database image created as a normal part of [installation setup](https://bitwarden.com/it-it/help/install-on-premise-linux/), however you configure Bitwarden to use an external MSSQL database. > [!NOTE] > Bitwarden only **supports and recommends SQL Server 2022**. Learn about the system requirements for SQL Server on [Windows](https://learn.microsoft.com/en-us/sql/sql-server/install/hardware-and-software-requirements-for-installing-sql-server-2022?view=sql-server-ver17#pmosr) and [Linux](https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-setup?view=sql-server-ver16#supported-platforms). > > At this time, Bitwarden does not support SQL Server 2025, and mainstream support ended for Server 2017 and Server 2019. Deprecation of support for a specific SQL server version will be noted here and in the [release notes](https://bitwarden.com/it-it/help/releasenotes/) for a given release if Bitwarden implements features that are not available on a specific version of SQL Server. ## Setup external database To setup your self-hosted instance with an external database: ### Docker 1. Create a new MSSQL database. 2. (**Recommended**) Create a dedicated DBO for your database. 3. In the `global.override.env` file for your server, edit the `globalSettings__sqlServer__connectionString=` value for the following information: - Replace `"Data Source=tcp:mssql,1433";` with your MSSQL server name, for example `"Data Source=protocol:server_url,port"`. - Replace the `vault` in `Initial Catalog=vault`; with your database name. - Replace the `sa` in `User ID=sa;` with your DBO User ID. - Replace the `` in `Password=;` with your DBO password. 4. Save your changes to `global.override.env`. 5. Start Bitwarden (`./bitwarden.sh start`). Once the above steps are complete, you can test the connection by creating a new user through the web vault and querying the external `vault` database for creation of the new user. ### Helm 1. Create a new MSSQL database. 2. (**Recommended**) Create a dedicated DBO for your database. 3. In your `my-values.yaml` configuration file, set the value `database.enabled: false` to stop the included SQL pod from being deployed. 4. In the Kubernetes secrets object used for deployment, set a `globalSettings__sqlServer__connectionString=` value with the following information: > [!NOTE] Different methods for K8S secret object > The method you use to configure your secrets object may depend on your deployment, for example [AWS deployments](https://bitwarden.com/it-it/help/aws-eks-deployment/) and [Azure deployments](https://bitwarden.com/it-it/help/azure-aks-deployment/) may use a CSI SecretProviderClass to do so. - `Data Source=tcp:,1433` where `` is your MSSQL server's name. - `Initial Catalog=` where `` is your database name. - `Persist Security Info=False`. - `User ID=` where `` is your DBO user ID. - `Password=` where `` is your DBO password. - `Multiple Active Result Sets=False`. - `Connect Timeout=30`. - `Encrypt=True`. - `Trust Server Certificate=true`. This value can be set to `false` if your require that the Bitwarden server validates your MSSQL server's certificate. ## Validate a server certificate To configure Bitwarden to validate your MSSQL database server's certificate: ### Docker 1. Copy your root CA certificate into `./bwdata/ca-certificates`. 2. Run the `./bitwarden.sh restart` command to apply the certificate to your containers and restart your server. ### Helm 1. In your `my-values.yaml` configuration file, set the value `caCertificate.enabled: true`. 2. Create a ConfigMap object that contains your certificate file. The simplest way is to add a `preInstall` [RawManifest](https://bitwarden.com/it-it/help/add-rawmanifest-files/) to your `my-values.yaml` file, as in the following example: ```bash rawManifests: preInstall: - kind: ConfigMap apiVersion: v1 metadata: name: cacert data: rootca.crt: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- postInstall: ``` --- URL: https://bitwarden.com/it-it/help/families-for-enterprise-self-hosted/ --- # Self-hosting Families Sponsorships Members of [enterprise organizations](https://bitwarden.com/it-it/help/about-organizations/#types-of-organizations/) are offered a **free Families organization** sponsorship that can be applied to a new or pre-existing Families organization and redeemed directly from the web vault. > [!NOTE] Families License > If you're looking for information on updating a license for a non-sponsored self-hosted Families organization, see [here](https://bitwarden.com/it-it/help/licensing-on-premise/#update-organization-license/). You will need to enable automatic billing sync to allow your self-hosted enterprise organization to issue sponsorships for cloud Families organizations. To set up automatic sync: ## Step 1: Enable cloud communication First, you'll need to configure your server to allow communication with our cloud systems. > [!TIP] Who can Enable Cloud Comms > This step must be completed by someone with access to your self-hosted instance's configuration files. Configure your server to allow communication with Bitwarden cloud systems by setting the following lines in `bwdata/env/global.override.env`: ``` globalSettings__enableCloudCommunication=true globalSettings__baseServiceUri__cloudRegion=US ``` If your cloud organization was created on EU servers, you'll need make the following changes to configure for communication with EU cloud servers: - Change the second of these lines to `globalSettings__baseServiceUri__cloudRegion=EU`. - Set the following 3 additional values: ``` globalSettings__installation__identityUri=https://identity.bitwarden.eu globalSettings__installation__apiUri=https://api.bitwarden.eu globalSettings__pushRelayBaseUri=https://push.bitwarden.eu ``` > [!NOTE] Installation id region > Make sure before proceeding that your configuration correctly correlates to the data region selected when retrieving your [installation ID & key](https://bitwarden.com/it-it/host/) as described above. Once you have set these values, apply your changes by running the `./bitwarden.sh restart `command. > [!NOTE] Self-hosting communication fire walls > Enabling automatic sync requires communication with Bitwarden's cloud systems. If your environment uses a firewall to block outbound traffic, you will need to allow `https://api.bitwarden.com` or `.eu` and `https://identity.bitwarden.com` or `.eu`. ## Step 2: Retrieve billing sync token Once cloud communication is enabled at the server-level, a sync token needs to be passed from the cloud organization you use for billing to your self-hosted organization. To retrieve your sync token from the cloud web vault you must be an organization owner. To retrieve the token: 1. Open the cloud web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Navigate to **Billing** → **Subscription**. 3. Scroll down to the Self-hosting section and select the **Set up billing sync **button. 4. Enter your master password and select **Generate token**. 5. Copy the generated token. ## Step 3: Apply billing sync token To apply the billing sync token to your self-hosted organization: > [!WARNING] F4E on Old Server Version > At this stage, if you're upgrading your self-hosted deployment from an earlier version, you may need to [manually update your license file](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/) before proceeding. 1. Open the self-hosted Admin Console and navigate to **Billing** → **Subscription**. 2. In the License and billing management section, choose the **Automatic sync** option. 3. Select the **Manage billing sync** button. 4. Paste your generated **Billing sync token** and select **Save**. > [!NOTE] Sync Status `Never` > Sync for [Families for Enterprise](https://bitwarden.com/it-it/help/families-for-enterprise-self-hosted/) will occur once daily once you've triggered your first sync. The **Last sync** field in this section will report **Never** until you trigger your first sync. > > Sync for license updates must always be done manually by selecting the **Sync license** button (see the next section for details). ## Step 4: Trigger sync Trigger a sync once you've completed setup. Billing sync will occur **once daily**, however you can manually trigger a sync at any time. To trigger a sync: 1. Open the self-hosted [System Administrator Portal](https://bitwarden.com/it-it/help/system-administrator-portal/) and navigate to **Organization** and select the enterprise organization. 2. Locate the Connections section and select the **Manually Sync**button. > [!NOTE] organization license error > If you receive a `version not supported` error message, update your server and try uploading your license file again. To update your server, make a backup of the `bwdata` directory and follow [these instructions](https://bitwarden.com/it-it/help/updating-on-premise/). In between syncs, users may see the status `Awaiting Sync` after redeeming or changing a sponsorship. This indicates your self-hosted Bitwarden server is waiting to sync with the Bitwarden cloud before a sponsorship can be fully redeemed or changed. --- URL: https://bitwarden.com/it-it/help/families-for-enterprise/ --- # Sponsored Families for Members As a benefit to employees, Enterprise organizations can offer sponsorships for free Families organizations. Sponsored families organizations allow users to securely share personal credentials with up to five family members or friends, encouraging good security habits at home as well as at work. This article pertains to Families sponsorships for employees who are currently a member of the Bitwarden organization, however organizations may also opt to allow [sponsorships for non-members](https://bitwarden.com/it-it/help/organization-sponsored-families-plans/). Sponsored Families organizations for members: - Require members to have or create a Bitwarden account separate from their work account, ensuring separation of personal and professional credentials. - Include all premium Bitwarden features for all six users, including [advanced two-step login methods](https://bitwarden.com/it-it/help/setup-two-step-login/), [encrypted file attachments](https://bitwarden.com/it-it/help/attachments/), [emergency access](https://bitwarden.com/it-it/help/emergency-access/), and more. - Can be turned off by organizations that don't wish to offer it using a [policy](https://bitwarden.com/it-it/help/policies/#remove-free-bitwarden-families-sponsorship/). > [!TIP] Enabling F4E for self-hosted organizations. > If your Enterprise organization is self-hosted, an administrator will need to [complete these steps](https://bitwarden.com/it-it/help/families-for-enterprise-self-hosted/) before employees can redeem their Families sponsorships. The remainder of the instructions on this page will help members redeem their Families sponsorships. ## Redeem a sponsorship To redeem the Families sponsorship offered to your by your organization: 1. Log in to the Bitwarden web app with the account through which you're offered a sponsorship. In other words, log in with your work account. 2. From the navigation, select **Settings**→ **Free Bitwarden Families**: ![Free Bitwarden Families](https://bitwarden.com/assets/4N84OPFobJYDw7pr05Ls1W/caf30220fd12b3635f6c3e420645b9bf/2024-12-04_10-20-37.png) 3. On this screen: - If you're offered sponsorships through multiple organizations, select **Which Free Families offer** to redeem. - Enter the**personal email** that you'll use for your Families organization account. > [!TIP] For F4E, use your personal account if you already have one. > If you have a personal account separate from your work account, use that account's email address. Otherwise, you'll create a new account later in this process. > > In either case, your personal account [**must be in the same region**](https://bitwarden.com/it-it/help/choose-my-server/) as the organization offering the sponsorship. If you already have a Families organization in the correct region, you can apply the sponsorship to that subscription. Reach out to an administrator if you're not sure which region you need to use. - Once you've entered the required information, select **Redeem**. 4. Check your personal email inbox. When you get an email inviting you to activate your free Families subscription, select **Accept Offer**: ![Accept Families for Enterprise Offer](https://bitwarden.com/assets/1G0VmQSY0lCTEgsetHc2cy/81347ce663fcfc717b6dd21295ada1a1/Screen_Shot_2022-05-23_at_9.38.42_AM.png) 5. Follow the prompts on-screen to log in with your personal Bitwarden account or create a new one. 6. Once logged in, you'll be directed to a screen where you can redeem your sponsorship for a **New Families organization** or apply the sponsorship to an **Existing Families organization**: ### New Families organization Select **New Families organization**from the dropdown: ![New Free Bitwarden Families](https://bitwarden.com/assets/3NnhjGPkYir4aMCLzvmJf1/db51c17a40db8d7a399ed49ec65d98f5/2024-12-04_10-24-32.png) Fill in the following information: - An **Organization name** - A **Billing email** - Whether you want to add **Additional storage (GB)**. Your sponsorship covers 5 GB free. - **Payment information** You won't have to make any payments for the Families organization as long as you are an active member of the sponsoring organization, unless you add **Additional storage**. When you are done filling in your information, select **Submit.** ### Existing Families organization Select the organization from the dropdown and select **Accept Offer:** ![Existing Free Bitwarden Families](https://bitwarden.com/assets/5HIpHzcAzTsBjE4UZhjCV0/1f3ce019f188b2a1be20cc1587534864/2024-12-04_10-24-53.png) When you accept the offer, your old subscription will be replaced by the Enterprise sponsorship. You won't have to make any payments for the Families organization, unless you add **Additional storage**, for as long as you are an active member of the sponsoring organization. > [!NOTE] F4E for 2019 Families > If you are on the [2019 Families plan](https://bitwarden.com/it-it/help/updates-to-plans/), you can still redeem a sponsorship but your organization will not automatically include all features released after 2020. To upgrade your current plan, navigate to the **Subscriptions**→ **Billing** page and select **Upgrade plan**. > [!NOTE] You'll still get renewal emails when you're F4E. > After redeeming your sponsorship, you may still get renewal reminder emails for your Families organization in your personal inbox. As long as you're still an active member of that sponsoring Enterprise organization, you can ignore these emails. If you're no longer a member, navigate to **Billing** → **Payment method**, and check that the payment method is valid. ## Next steps Once you've setup your sponsored Families organization: - Learn the basics of [administering a Families organization](https://bitwarden.com/it-it/help/courses/password-manager-family-admin/). - Dig deeper into [how to use an organization to share data with your family or friends](https://bitwarden.com/it-it/help/getting-started-organizations/). --- URL: https://bitwarden.com/it-it/help/favorites/ --- # Favorites Any item can be designated as a **Favorite** to allow quick access to your most used items. Even items [shared with you from an organization](https://bitwarden.com/it-it/help/sharing/) can be designated a favorite, but this will only impact how they appear in your individual vault (i.e. you won't make that item a favorite for other users with access to the organization or collection). > [!TIP] What happens to favorites > Items marked as a favorite will appear at the top of your 🔒 **Vault** view in browser extensions and mobile apps, and in the ⭐ **Favorites** filter in your web vault and desktop apps. > > In browser extensions, login items will jump from the **Favorites**section to the **Autofill suggestions** section when you're browsing the web page they're associated with. ## Designating favorites Designate any vault item as a favorite when you initially create it, or at any time by editing the item: ### Web app On the Add or Edit screen, select the ⭐ **Star** icon in the top-right corner and **Save** the item: ![Favorite an item](https://bitwarden.com/assets/4XpFH5NFI6Lso21BpGNKsu/e90cd1d0d6c3e4e7296d2e0300ab3ab2/2024-12-02_16-26-17.png) ### Browser extension Select an item and open the Edit screen. Select the **Favorite** checkbox and **Save** the item: ![Favorite an item](https://bitwarden.com/assets/36QXVM3xcSN7vALkOWQPYr/fd82e56cb60b38e4ff6a96bfb7b5d54d/2024-10-29_11-53-27.png) ### Desktop On the Add Item or Edit Item screen, check the **Favorite** checkbox and **Save** the item: ![Favorite an item](https://bitwarden.com/assets/2BtbpzNSnydUYBu92j1bCH/12674ca7b80eaa8d327e5eb88175665d/2026-04-23_10-48-31-1.png) *Favorite an item* ### Mobile On the Add Item or Edit Item screen, select the **Favorite** ⭐ and **Save** the item: ![Favorite an item on mobile](https://bitwarden.com/assets/1rvKA8zNjd1RktotXjBEUg/f25cc45f33b29b901ec8e1f3ddc96d7c/2025-01-22_09-46-54.png) --- URL: https://bitwarden.com/it-it/help/filter-your-vault/ --- # Filter your Vault Filtering your vault will control which items will be listed in the Vault or Vaults views. To control vault filtering: ### Web app Either: - Select a characteristic from the **Filter**column (in the following screenshot, **Login**). - Select one of the colored cards next to an item (in the following screenshot, either **Me**or **My Organization**). ![Web app filtering](https://bitwarden.com/assets/1UhfLlwmahJgbi0bcBtPLT/b4b1875602b0ea555626c98a388779b8/2024-12-02_14-23-39.png) ### Browser extension Use the **Vault**, **Collection**, **Folder**, or **Type** selectors at the top of the 🔒 **Vault** tab. You toggle the visibility of the filter dropdown menus with the 🎚️ button: ![Filtri e suggerimenti dell'estensione del browser](https://bitwarden.com/assets/12UsFuA2sxbUCBMIczJsxv/6376ae661b966e4698375c2af2c27c0d/Browser_extension_filters.png) ### Mobile Choose a vault by selecting the **Vault**menu button (⋯ ) on the **Vaults**tab: ![Filter vaults on mobile](https://bitwarden.com/assets/44WqYfqzP9JOJPSZ4Yrzjb/9167f19bc2e27a158be5ed3fc29a5689/2025-01-21_15-38-59.png) ### Desktop Select a filter criterion from the left-most column: ![Filtering on desktop](https://bitwarden.com/assets/2Lng0L2TRQ177CaU8EUQ1m/650d82f70422611353ce70a347a99c72/2026-04-23_10-14-43.png) *Filtering on desktop* ### CLI Use the `bw list` command with the `--organizationid` option, which can take either an organization identifier or `null`, to list items by vault. [Learn more](https://bitwarden.com/it-it/help/cli/#list/). --- URL: https://bitwarden.com/it-it/help/fingerprint-phrase/ --- # Account Fingerprint Phrase > [!TIP] Fingerprints aren't biometric fingerprints > Are you looking to unlock your vault with a fingerprint reader? If so, check out [biometrics](https://bitwarden.com/it-it/help/biometrics/) instead. Each Bitwarden account has a "fingerprint phrase" associated with it. Your account's fingerprint phrase is permanent and composed of five random english words that appear in a specific order, such as: `alligator-transfer-laziness-macaroni-blue` The fingerprint phrase is an important security feature used to confirm a Bitwarden user's identity during encryption-related processes, like sharing credentials. Validating fingerprint phrases ensures that end-to-end encryption is securely initiated and that the Bitwarden server you are communicating with has not been maliciously tampered with. ## What is my fingerprint phrase used for? Some Bitwarden procedures, like adding a new user to an organization or confirming a [login with device request](https://bitwarden.com/it-it/help/log-in-with-device/), will ask you to verify that the presented fingerprint phrase matches your own or another user's. When a fingerprint phrase is presented during a process, coordinate with the Bitwarden user with a secondary form of communication, like phone or messaging. ## Where can I find my fingerprint phrase? You can find your account's fingerprint phrase from any Bitwarden client application: - **Web app**: Settings → My account - **Desktop apps**: Account → Fingerprint Phrase - **Browser extensions**: Settings → Account Security → Fingerprint Phrase - **Mobile apps**: Settings → Account security → Account fingerprint Phrase - **CLI**: Using the command `bw get fingerprint me` ## Do I need to write down my fingerprint phrase? Not knowing your fingerprint phrase will never result in you being locked out of your vault, so it's not critical to write down or store your fingerprint phrase in a secure location. Some users, however, may choose to do so. > [!NOTE] Recovery codes > [Recovery codes](https://bitwarden.com/it-it/help/two-step-recovery-code/), on the other hand, are used for two-step login and should **always** be stored outside of Bitwarden in a way that makes sense for you. This will ensure that you are not locked out of your account in the event that you [lose your two-step login secondary device](https://bitwarden.com/it-it/help/lost-two-step-device/). ## Can I change my fingerprint phrase? You cannot change your current account's fingerprint phrase. If you wish to create a new fingerprint phrase, you can [delete the account](https://bitwarden.com/it-it/help/delete-your-account/) and start a new one to generate a new phrase. > [!WARNING] Danger Zone > Deleting an account is permanent and cannot be undone or restored. To create a backup of your vault data to store in a safe location, [export your vault data](https://bitwarden.com/it-it/help/export-your-data/). Our fingerprint phrases are generated from the [Electronic Frontier Foundation's long word list](https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases), which has been "manually checked and [the EFF has] attempted to remove as many profane, insulting, sensitive, or emotionally-charged words as possible." --- URL: https://bitwarden.com/it-it/help/flight-recorder/ --- # Troubleshoot Mobile with Bitwarden Support On Bitwarden mobile apps, including Password Manager and Authenticator, you can activate **Flight Recorder** to capture additional log activity for troubleshooting unexpected behaviors. This can be particularly useful when you're working with Bitwarden Support. Flight Recorder is a lightweight, temporary event logger that captures recent app activity like user interactions and key system events. You're in control of this information, it is only ever stored on your device and can be exported to share with the Bitwarden Support team if you wish. Flight Recorder **does not** log sensitive information like your master password or vault data. ## Using Flight Recorder > [!TIP] When to use Flight Recorder > You may be asked to activate Flight Recorder when working with Bitwarden Support if you're experiencing an issue that's difficult to reproduce or if you've encountered a crash or unexpected behavior. Flight Recorder is deactivated by default. To activate Flight Recorder: 1. In the Bitwarden mobile app, tap **Settings**→ **About**. 2. Scroll down and tap **Flight Recorder**. 3. Go through the tasks or workflow that caused the issue you want to report to Support. > [!NOTE] Flight Recorder limited time > Flight Recorder only stores a short window of recent activity, so Bitwarden recommends trying to reproduce the issue you're experiencing immediately after activating Flight Recorder. Once Flight Recorder has captured the issue you're experiencing: 1. Deactivate logging by toggling **Flight Recorder** off from the same menu. 2. Tap **Settings**→ **About** → **View recorded logs** to download your log file. Each log will be available to you until you delete it or until it expires 30 days after creation. 3. Include your log file in future communications with Bitwarden Support on the topic of your unexpected app behavior, issue, or potential bug. ## Data captured by Flight Recorder Bitwarden prioritizes your security. Flight Recorder is designed such that: - Logs are only stored on your device and never transmitted automatically. - Logs can only be started, stopped, or shared by you. - Logs do not include sensitive user data like master passwords or vault data. The following data may be captured while Flight Recorder is active: | Category | Data | |------|------| | User events | Screen navigations and navigation timestamps, key button taps and user interactions, transitions into and out of modals, sheets or overlaps. | | App & build information | Bitwarden app version, built type, device platform, device model, OS version | | Crash & exception reporting | Exception messages, exception types, exception-specific metadata, stack traces | | Flight Recorder metadata | Start time of logging session, logging session duration, log file size | --- URL: https://bitwarden.com/it-it/help/folders/ --- # Folders Folders are structures used to organize your individual vault by gathering together logins, cards, identities, and secure notes. Using folders is a great way to make your vault items easy to find and are listed in alphabetical order in Bitwarden apps. Any vault item can be added to a folder, including [items shared with you from an organization](https://bitwarden.com/it-it/help/sharing/). > [!NOTE] Folders deleted items > Items added to a folder will still appear in your vault when **All vaults** is selected from the filter menu, and deleting a folder **will not** delete the items in that folder. Deleting a folder is permanent, and the folder cannot be recovered once deleted. ## Create a folder Folders can be created, renamed, and deleted from any Bitwarden client application ### Web vault To create a folder, select the **New** [angle-down] button and choose **Folder**from the dropdown: ![New folder](https://bitwarden.com/assets/3BvTWidqL4xWQvFqBSiJIR/d68bc851d44df1b571eed16366159e0c/2024-12-02_13-50-55.png) Once created, you can rename or delete a folder at any time by selecting the folder and clicking the [pencil] **Pencil** icon: ![Edit or Delete a Folder](https://bitwarden.com/assets/1aG4313JkmkBvot45gZvEr/a7dc45d314407131948216acc2b2444d/2024-12-02_16-15-07.png) ### Browser extension To create a folder, select the **New** [angle-down] button and choose **Folder**from the dropdown: ![Browser extension new folder](https://bitwarden.com/assets/1aPQBd9bT7uUf20Y1fZwSB/506e7010284c1e0d83b75204bac22eaa/2024-12-02_16-13-10.png) Once created, you can rename or delete a folder at any time from the **Settings** → **Vault** → **Folders** menu. ### Desktop To create a folder, select **New** → **Folder**: ![Add an item](https://bitwarden.com/assets/7xia34eJyx1K8Gy8IXajQ7/af2b2ef342350a68b000c405ee698ab4/2026-04-23_09-58-10.png) *Add an item* Once created, you can rename or delete a folder at any time using the [pencil] **Pencil** icon: ![Edit a folder on desktop](https://bitwarden.com/assets/6t2aoywIMdBPMuJktnhEqA/53742fbe25b11095406c40ff6178d6c4/2026-04-23_10-46-29.png) *Edit a folder on desktop* ### Mobile To create a folder, tap the ⚙️ **Settings** menu, tap the **Vault**option, and tap the **Folders** option. Tap the + **Add** icon to add a folder. Once created, you can rename a folder from the same menu by tapping the folder, or delete the folder using the ⋮ menu: ![Folders on mobile](https://bitwarden.com/assets/6IwzXSJHGmSeU7oIy4z8kZ/95620b58758e50fa0e8e22a65f2bfa15/2025-01-21_15-26-07.png) ### CLI To create a folder, use the command: ``` bw create folder ``` You can edit an existing folder using `bw edit ` and delete one using `bw delete folder `. For more information, please refer the the Bitwarden [CLI documentation](https://bitwarden.com/it-it/help/cli/). Deleting a folder will not delete any vault items included in it and will not delete other folders that are nested into it or their contents. > [!NOTE] Collections and folders difference > If you are a member of an organization, collections will be shown below your folders in the **Filters** menu. > > There are similarities between folders and collections. **Folders organize your individual vault** (but can include [shared items](https://bitwarden.com/it-it/help/sharing/)) and are unique to you, where collections are shared between members of organizations. ### Nested folders Folders can be "nested" in order to logically organize them within your vault. There is no limit to the depth with which you can nest folders, but creating too many levels may interfere with your vault's interface. > [!NOTE] Searching inside folders > Searching inside a "parent" folder will not include items in folders nested inside it as potential search results. For more information, see [search your vault](https://bitwarden.com/it-it/help/searching-vault/). ![Nested folders ](https://bitwarden.com/assets/5blNMg0hJ9XW3Ts2qPRzF5/7a2bdfb7672c04a1a1fbae1068b8b422/2024-12-02_16-18-48.png) To create a nested folder, give a new folder a name that includes the "parent" folder following by a forward slash (`/`) delimiter, for example `Socials/Forums`. You can also rename existing folders in the same way to nest them under other existing folders. If there is no folder with the corresponding "parent" name, the folder won't nest and its title will be displayed in-full. ## Move items to a folder Once you have created a folder in your vault, there are a few ways to move items to it: ### Web vault From the web vault, you can either: - Navigate to the **Add**item or **Edit**item screen, select your new folder from the **Folder** dropdown and **Save** your item: ![Move item to a Folder](https://bitwarden.com/assets/4VfciDIbEZZFAG1AXbRf3S/275100f866612da15b4714adea8f1944/2024-12-02_16-20-15.png) - Navigate to the **Vaults** view, select the items you want to move and use the top-level ⋮ options menu to select the 📁 **Add to folder** button. On the move selected dialog box, choose the folder you want to move the item(s) to: ![Move items to a folder ](https://bitwarden.com/assets/7zQPzdrcVIbPeX5E8LqTq/ce8e8bf7188626093a675eb844d5002a/2024-12-02_16-22-24.png) ### Browser extension Open the vault item you want to move, select the **Edit** button, use the **Folder** dropdown to choose a folder, and select **Save**when you're done: ![Move item to a folder ](https://bitwarden.com/assets/6b8EOCtuuHmulnNQNJmWWk/f24c97777972b15ee5000e575f2b242c/2024-10-29_11-48-18.png) ### Desktop Open the vault item you want to move, select the **Folders** dropdown, and choose the folder to move the item to: ![Add an item to a folder](https://bitwarden.com/assets/63jzyM75IRzhAbw5nNzMHx/85db2d1104337e5ebc6e4dd0e8b57f8a/2026-04-23_10-48-31.png) *Add an item to a folder* ### Mobile Open the vault item you want to move, tap the **Folders** dropdown, and choose the folder to move the item to: ![Move item to a folder on mobile](https://bitwarden.com/assets/169hAtd0PhW3BcYlSPy6vn/2618596e36941b06dabcb766327b664b/2025-01-22_09-44-03.png) ### CLI Use the `bw edit` command to manipulate the `folderId` attribute of the vault item JSON object, as in the following example: ``` bw get item 7ac9cae8-5067-4faf-b6ab-acfd00e2c328 bw edit item 7ac9cae8-5067-4faf-b6ab-acfd00e2c328 ``` > [!NOTE] Cli folders tip > Using `edit` will require you to: > > - Use the `get` command with the exact `id` of the item you want to edit. > - Know the exact `folderId` of the folder you want to move it to. > - Manipulate the JSON object (specifically, the `folderId` attribute) with a [command-line JSON processor like jq](https://stedolan.github.io/jq/). > - Use the `encode` command to encode changes to the JSON object. > > If you are unfamiliar with using any of these parts, please refer to the Bitwarden [CLI documentation](https://bitwarden.com/it-it/help/cli/). > [!NOTE] Organization sharing and folders > Items [shared with you from an organization](https://bitwarden.com/it-it/help/sharing/) can be added to your folders, and doing so will only impact how the item appears in your individual vault (for example adding an item to a folder won't give anyone access to that folder, or change whether it's in a folder in their individual vaults). --- URL: https://bitwarden.com/it-it/help/forgot-master-password/ --- # Ho dimenticato la password principale Bitwarden utilizza la crittografia zero-knowledge. Ciò significa che **Bitwarden non ha alcun modo di accedere, recuperare o reimpostare la tua password principale**. Tuttavia, esistono alcuni passaggi che puoi seguire per provare a riottenere l’accesso al tuo account: ## Controlla l'area geografica del server Verifica di aver selezionato il server[ corretto](https://bitwarden.com/it-it/help/server-geographies/#choose-your-cloud-server/) quando provi ad accedere. Le regioni dati di Bitwarden sono separate e il tuo account esiste solo nella regione in cui è stato creato inizialmente. Selezionare il server è necessario prima di provare le opzioni seguenti. ![Area geografica del server](https://bitwarden.com/assets/3H5fN6yR90aKaTg7gaCruo/020b9ca668f037ed1e6450309b4041b4/2025-11-24_15-26-15.png) *Area geografica del server* ## Usa un'app o un dispositivo Bitwarden diverso Prova ad accedere da un altro dispositivo o da un’altra app Bitwarden, come l’app mobile o l’estensione del browser. Poi, controlla se hai effettuato l'accesso in un'altra app Bitwarden. Se hai configurato un [PIN](https://bitwarden.com/it-it/help/unlock-with-pin/) o la [biometria](https://bitwarden.com/it-it/help/biometrics/) su quel dispositivo: 1. Sblocca il tuo vault con il PIN o la biometria configurati in precedenza. 2. Copia manualmente i dati dalla schermata Visualizza elemento e incollali in un file[.csv](https://bitwarden.com/it-it/help/condition-bitwarden-import/#condition-a-csv/) per reimportarli. 3. Crea un nuovo account Bitwarden e [importa lì il file .csv con i dati copiati](https://bitwarden.com/it-it/help/import-data/). ## Controlla il suggerimento della password principale Ottieni un suggerimento per la password principale visitando [https://vault.bitwarden.com/#/hint](https://vault.bitwarden.com/#/hint) oppure [https://vault.bitwarden.eu/#/hint](https://vault.bitwarden.eu/#/hint). Se ne hai configurato uno, riceverai il suggerimento via email nella tua casella di posta. Se non hai configurato alcun suggerimento, riceverai un'email che lo segnala. ## Usa l'accesso di emergenza Se hai abilitato l'[accesso di emergenza](https://bitwarden.com/it-it/help/emergency-access/), contatta il tuo contatto di emergenza fidato per riottenere l'accesso in sola lettura o il controllo del tuo account. ## Contatta l'amministratore per il recupero dell'account Se la tua organizzazione utilizza il [recupero dell'account](https://bitwarden.com/it-it/help/account-recovery/), contatta il tuo amministratore per reimpostare la password principale. ## Accedi con un dispositivo conosciuto Se il browser che stai utilizzando è stato configurato come dispositivo conosciuto (è stato registrato con [Accedi con dispositivo](https://bitwarden.com/it-it/help/log-in-with-device/)), seleziona Accedi con dispositivo dall'app web e potresti approvare la richiesta usando un'altra applicazione. ![Accedi con un dispositivo](https://bitwarden.com/assets/7owqaTEe9Bo05wfLRZPhn8/38f1d0334964bb3d98a430b80b9d6b95/2025-09-09_10-03-52.png) *Accedi con un dispositivo* ## Accedi con passkey Se una [passkey di accesso](https://bitwarden.com/it-it/help/login-with-passkeys/) abilitata alla crittografia (PRF) è stata registrata con il tuo account Bitwarden, puoi accedere con quella. > [!WARNING] Check whether client apps are logged in. > L’eliminazione del tuo account comporterà la cancellazione di tutti gli elementi di proprietà individuale in esso memorizzati, inclusi eventuali allegati salvati. > > Prima di eliminare il tuo account, verifica se hai ancora una sessione attiva nelle app mobili, nelle estensioni del browser o nelle app desktop di Bitwarden. In tal caso, ti consigliamo di salvare manualmente i tuoi dati, così da poterli aggiungere nuovamente a un nuovo account. ## Se nessuna di queste opzioni ti consente di accedere al tuo account Bitwarden consiglia di ricontrollare tutti i tuoi dispositivi e browser per verificare la presenza di eventuali sessioni Bitwarden ancora attive. Se nessuna di queste opzioni ti consente di accedere al tuo account, Bitwarden non ha alcun modo di recuperare l'account o i suoi dati. Dovrai [eliminare il tuo account](https://bitwarden.com/it-it/help/delete-your-account/#tab-without-logging-in-4KcOdFa6zVp6H7xo9Ui9vc/) e crearne uno nuovo. Se elimini un account Bitwarden con un abbonamento premium, [contattaci](https://bitwarden.com/it-it/contact/) e applicheremo il tuo abbonamento esistente al nuovo account. ## Passaggi successivi - Se apri un nuovo account, Bitwarden consiglia di usare il [kit di preparazione alla sicurezza](https://bitwarden.com/it-it/resources/bitwarden-security-readiness-kit/) per prepararti a eventi come la dimenticanza della password principale. - Se hai dovuto eliminare un account Bitwarden con un abbonamento premium, [contattaci](https://bitwarden.com/it-it/contact/) per riapplicare il tuo abbonamento esistente al nuovo account. --- URL: https://bitwarden.com/it-it/help/generator/ --- # Username & Password Generator Use the Bitwarden generator tool to easily create strong passwords and unique usernames. The password generator is available in all Bitwarden apps and the username generator is available in the web vault, browser extension, desktop app, and mobile app. If you are not a current Bitwarden user, you can also test our free password generator at [https://bitwarden.com/password-generator/](https://bitwarden.com/it-it/password-generator/). ## Generate a password To generate a strong password: ### Web app Select **Tools** → **Generator**from the navigation: ![Web app password generator](https://bitwarden.com/assets/70bx0hWvxAvkz5RJdIj04n/63febc4043e13292461c768d910cd450/2025-02-14_11-00-10.png) The [options you specify](https://bitwarden.com/it-it/help/generator/#password-types/) on this page will be saved until you log out of the web app. You can also quickly generate a strong password using those same options directly from the Add or Edit Item screens using the [generate] **Generate**button: ![In-item password generator](https://bitwarden.com/assets/5ZVBOSK13MaXJ2S8iJTOMX/1324db87fd867667cbb6e8c1c1f4539a/2024-12-02_14-44-30.png) > [!NOTE] Generator history > Select [**Generator history**](https://bitwarden.com/it-it/help/password-and-generator-history/#generator-history/) to access passwords and usernames created in either location with that specific client—even if you don't save them to an item. This history is cleared when you log out. ### Browser extension Select the [generate] **Generator** tab: ![Browser extension password generator](https://bitwarden.com/assets/6eOmI3kZOdnfw9i5JinfUD/f1a7129244f49c7d904664632e329076/2024-10-29_10-34-01.png) You can also generate a strong password from the Edit screen using the [generate] **Generate**button: ![Browser extension password generator](https://bitwarden.com/assets/2Cbja6OBxW2S6GVxLOqlYh/b71de03b37f5a4f4960e344a5b17cc01/2024-10-29_10-35-25.png) If you're creating an account that isn't stored in Bitwarden, you can also use the inline autofill menu to generate and autofill a password using the **Fill generated password** prompt: ![Fill generated password](https://bitwarden.com/assets/2JcceqWgFbk4ViLCMe6qm5/ce116e8ff337f90fbbd57b52aa15fdcd/2024-11-05_10-07-08.png) When using inline, use the [generate] generate button to generate a new password until you're satisfied with it. Inline password generation uses the settings from the browser extension's **Generator** tab. Make sure you select **New login** when prompted to save the login to Bitwarden. [Learn more](https://bitwarden.com/it-it/help/auto-fill-browser/#use-the-inline-autofill-menu/). > [!NOTE] Generator history > Select [**Generator history**](https://bitwarden.com/it-it/help/password-and-generator-history/#generator-history/) to access passwords and usernames created in either location with that specific client—even if you don't save them to an item. This history is cleared when you log out. ### Desktop Select **Generator** from the navigation menu: ![Desktop app password generator](https://bitwarden.com/assets/6cFQ3iojZXLy1ZIdIXp6Zr/bf4dfb3537ea709542432997aa4f6986/2026-04-23_10-54-46.png) *Desktop app password generator* You can also generate a strong password from the Add/Edit Item screen using the [generate] **Generate**button: ![Desktop app password generator](https://bitwarden.com/assets/6VInVRr9tZBOndfe4VrpXf/789852c09b48e1ac121347d224816d09/2026-04-23_10-48-31-4.png) *Desktop app password generator* > [!NOTE] Generator history > Select [**Generator history**](https://bitwarden.com/it-it/help/password-and-generator-history/#generator-history/) to access passwords and usernames created in either location with that specific client—even if you don't save them to an item. This history is cleared when you log out. ### Mobile Select the [generate] **Generator** tab: ![Password generator on mobile](https://bitwarden.com/assets/Cqrt6OGquQLRJvZDuqtCk/5b42dad11498bc5c62a749c4fc096fc9/2025-01-21_15-49-19.png) You can also generate a strong password from the Add/Edit Item screen, as well as from the iOS app extension accessible by tapping the Share icon, using the [generate] **Generate**button: ![Password generator on mobile](https://bitwarden.com/assets/4NeVmiRcKfedg6Fzwp0N1Y/f91ad1097dcd379925cedee724dc7592/2025-01-21_15-51-01.png) > [!NOTE] Generator history > Select [**Generator history**](https://bitwarden.com/it-it/help/password-and-generator-history/#generator-history/) to access passwords and usernames created in either location with that specific client—even if you don't save them to an item. This history is cleared when you log out. ### CLI Use the generate command to generate a password: ``` bw generate -uln --length 14 ``` Additional options flags for generated passwords include: - `--minNumber` - `--minSpecial` - `--ambiguous` For more information, please refer to the Bitwarden [CLI documentation](https://bitwarden.com/it-it/help/cli/). ### Password types #### Password Passwords are randomly generated strings of a customizable set of character types. Options for passwords include: - **Length**: Number of characters in your password. - **Minimum numbers**: Minimum number of numbers in your password if **0-9**is enabled. - **Minimum special**: Minimum number of special characters in your password if **!@#$%^&*** is enabled. - **A-Z**: Include uppercase letters in your password. - **a-z**: Include lowercase letters in your password. - **0-9**: Include numbers in your password. - **!@#$%^&***: Include special characters in your password. - **Avoid ambiguous characters**: Prevent your passwords from having both a `1` and `l` or both a `0` and `o`. > [!WARNING] PW Generator Options & Entropy > Unless you need to satisfy a site's specific password requirements, we recommend keeping **Minimum Numbers** and **Minimum Special**as low as possible (0-1) as over-constraint limits the strength of generated passwords. #### Passphrase Passphrases are randomly generated groups of words, for example `panda-lunchroom-uplifting-resisting`. Options for passphrases include: - **Number of words**: Number of words in your passphrase. - **Word separator**: Character to use to separate words in your passphrase (`-` in the above example). - **Capitalize**: Capitalize the first letter of each word in your passphrase. - **Include number**: Include a single numerical character in your passphrase. ## Generate a username To generate a username: ### Web app Select **Tools** → **Generator**from the navigation: ![Web app username generator](https://bitwarden.com/assets/2862v5xPV5qQM7XfdUvNlI/0f8fe47b6d9efb0a6d77b245a1f63cdf/2025-02-14_11-02-02.png) You can also generate a username from the Edit screen using the [generate] **Generate**button: ![Web app username generator](https://bitwarden.com/assets/1zpNFR8fu9DBo2krqln5hr/e893f1f3e8d85d58d20c8e316f247666/2024-12-02_14-44-30.png) > [!NOTE] Generator history > Select [**Generator history**](https://bitwarden.com/it-it/help/password-and-generator-history/#generator-history/) to access passwords and usernames created in either location with that specific client—even if you don't save them to an item. This history is cleared when you log out. ### Browser extension Select the [generate] **Generator** tab and choose **Username**: ![Browser extension username generator](https://bitwarden.com/assets/3WEaJYUplgEdjgoSxlQ842/40d3eed8347cb6b0a600d06f42cc1941/2024-10-29_10-39-00.png) You can also generate a username from the Edit screen using the [generate] **Generate**button: ![Browser extension username generator](https://bitwarden.com/assets/23CDvd3ErFQIZNYwgh000F/c19c373ecb6ca2d6aad2587a1b16dd12/2024-10-29_10-39-56.png) > [!NOTE] Generator history > Select [**Generator history**](https://bitwarden.com/it-it/help/password-and-generator-history/#generator-history/) to access passwords and usernames created in either location with that specific client—even if you don't save them to an item. This history is cleared when you log out. ### Desktop Select **Generator** from the navigation menu: ![Desktop app username generator](https://bitwarden.com/assets/2VGPd4WOwydbovDJdyVT51/f2f447821533afc4dad139bc0059a05f/2026-04-23_10-55-35.png) *Desktop app username generator* You can also generate a username from the Add/Edit Item screen using the [generate] **Generate**button: ![Desktop app username generator](https://bitwarden.com/assets/7xTg7VVE7CgTZhBl5LlYui/6f187f63e0cf89dcd4fa9b4fb2866ad5/2026-04-23_10-48-31-5.png) *Desktop app username generator* > [!NOTE] Generator history > Select [**Generator history**](https://bitwarden.com/it-it/help/password-and-generator-history/#generator-history/) to access passwords and usernames created in either location with that specific client—even if you don't save them to an item. This history is cleared when you log out. ### Mobile Select the [generate]**Generator** tab: ![Username generator on mobile](https://bitwarden.com/assets/6nfsTiHypQvXrfz7qI7AKI/6e41b1fedea81895497268b0fd825215/2025-01-21_15-56-24.png) You can also generate a username from the Add/Edit item screen, as well as from the iOS app extension accessible by tapping the Share icon, using the [generate]**Generate**button: ![Username generator on mobile](https://bitwarden.com/assets/2Obfpm7UdBizkwASepMS6j/998c1448556484b867160f7412aa984c/2025-01-21_15-51-01.png) ### Username types #### Plus Addressed Email Select this type to use your email provider's sub-addressing (aka "plus addressing" or "aliasing") capabilities. This will generate a plus addressed (named for the `+` and random string of characters) username based on your specified email address. On the Add/Edit Item screen of the browser extensions, mobile, and desktop apps, you can select between generating username with a **Random**(for example, `alice+gsd4aqqe@bitwarden.com`) string or one based on the item's **email address** (for example, `alice+github.com@bitwarden.com`). **Email address** is limited to browser and desktop as it requires knowledge of the login's [URI](https://bitwarden.com/it-it/help/uri-match-detection/), in other locations the username generator will default to **Random.** > [!NOTE] Why use plus addressing? > **Why use plus addressed email?** > > Plus addressed emails allow you to filter your email for all the junk mail you get when signing up for a new service. Signing up for a service with the username `alice+rnok6xsh@bitwarden.com` will still send emails to `alice@bitwarden.com`, but you can easily filter emails that include `+rnok6xsh` to prevent them from clogging up your inbox. #### Catch-all email Select this type to use your domain's configured catch-all inbox. This will generate a random email address at your specified **Domain.** On the Add/Edit Item screen of browser extensions and desktop apps, you can select between generating username with a **Random**(for example, `bqzjlero@gardenllc.com`) string or one based on the item's **Domain Name** (for example, `Instagram.com@gardenllc.com`). **Domain Name** is limited to browser and desktop as it requires knowledge of the login's [URI](https://bitwarden.com/it-it/help/uri-match-detection/), in other locations the username generator will default to **Random.** > [!NOTE] Why use catch-all email > **Why use catch-all email?** > > In some cases, catch-all inboxes are used by companies with their own domain (for example, `@bitwarden.com`) to prevent emails from going to your personal inbox and instead route them to a shared (and sometimes unchecked) company inbox in case record of them is needed in the future. > > In other cases, individuals with their own domain (for example, `@gardenllc.com`) use catch-all setups to route email from accounts with privacy-oriented usernames (for example `Instagram.com@gardenllc.com)` to their actual inbox. #### Forwarded email alias Select this type to integrate the username generator with your external aliasing service. Most Bitwarden apps support integration with SimpleLogin, AnonAddy, Firefox Relay, Fastmail, Forward Email, and DuckDuckGo. The mobile app currently supports integration with SimpleLogin, AnonAddy, Forward Email, and Firefox Relay. > [!NOTE] Why use Forwarded Email Alias? > **Why use forwarded email alias?** > > Using email aliasing services such as [SimpleLogin](https://simplelogin.io/) and [Addy.io](https://addy.io/), you can sign up for web accounts using an anonymous address (for example, `nobody-knows-its-me.d0p0r@slmail.me`) that will forward mail to your actual inbox (for example, `alice@bitwarden.com`). This will prevent the website or service from collecting personal information (in this example, the name Alice and the fact that she works at Bitwarden) when you sign up. To set up your email alias integration: ### SimpleLogin 1. Log in to your SimpleLogin account. 2. Select the profile icon and choose **API Keys**from the dropdown. SimpleLogin may require you to enter your password to create an API key. 3. In the New API Key section, enter a name that indicates the new key will be used by Bitwarden and select **Create**. ![SimpleLogin API Keys](https://bitwarden.com/assets/6ie1Qpk8LYapG6JRX3X1dD/06c1083c6e146c2822f0e4a47b507785/Screen_Shot_2022-06-30_at_3.17.59_PM.png) 4. **Copy**the API key and paste it in the **API Key**field in the Bitwarden username generator. 5. Password Manager browser extensions, mobile apps, and desktop apps can connect to a self-hosted SimpleLogin server. If you're self-hosting SimpleLogin, enter a **Server URL**. 6. Select **Regenerate Username **to generate a username and automatically create the corresponding alias in SimpleLogin. ### Addy.io 1. Log in to your Addy.io account. 2. In Addy.io, select **Settings**from the navigation menu. ![AnonAddy Settings](https://bitwarden.com/assets/18PUguJXkABllufHgtNEJi/564febbfe28d3f0cd491c3216d62db9e/addy_settings.png) 3. On the **General** tab of the settings screen, scroll down to **Update Default Alias Domain**. Select the default domain you wish to use for your alias. > [!NOTE] addy.io domain > The default domain selected here must match the Domain name used in the Bitwarden Username generator. 4. Select the **API Keys** tab and click the **Create New API Key** button. 5. In the Create New API Key dialog, enter a **Name**that indicates the new token will be used by Bitwarden, an **Expiration,** and Confirm your Addy.io account password**.**Once you have completed the required fields, select**Create API Key**. ![AnonAddy Generate Token](https://bitwarden.com/assets/6o8021KYChu6jzEGvUbXDH/b56977c26a44b431486796cb4965f23d/create_new_api_key.png) 6. Copy the Personal Access Key and paste it in the **API Access Token**field in the Bitwarden username generator. > [!NOTE] Addy.io Save Credential > We also recommend adding this Personal Access Token to your Addy.io vault item in Bitwarden, since this is the only time the token will be displayed in Addy.io. 7. In the **Domain Name** field, enter the Addy.io domain name you selected in **Step 3**. As a free user of Addy.io, your options are `anonaddy.me`, `.anonaddy.me` or `.anonaddy.com`. 8. Password Manager browser extensions, mobile apps, and desktop apps can connect to a self-hosted Addy.io server. If you're self-hosting Addy.io, enter a **Server URL**. 9. Select **Regenerate Username**to generate a username and automatically create the corresponding alias in Addy.io. ### Firefox Relay 1. Log in to your Firefox Relay account. 2. Select the profile icon and choose **Settings**from the dropdown: ![Firefox Relay Settings Menu](https://bitwarden.com/assets/3jK0OhlASgzDZo1Xu2c97O/f24ae0b64e7fe7736e757b33a89510c6/Screen_Shot_2022-06-01_at_3.38.56_PM.png) 3. Copy **API Key**into the **API Access Token**field of the Bitwarden username generator. 4. Select **Regenerate Username**to generate a username and automatically create the corresponding mask in Firefox Relay. ### Fastmail 1. Log in to your Fastmail account. 2. Select the profile icon and choose **Settings**from the dropdown. 3. From the navigation menu, select**Privacy & Security**and then **Manage API tokens**: ![Fastmail API token](https://bitwarden.com/assets/J1fPSFIIO7FgPyAyBgpbh/d4dd85f7f7201731936de872ff4a5134/2024-12-23_15-17-17.png) 4. Select **New API token** to generate an API token. ![New API token](https://bitwarden.com/assets/1FieLCzKTItKNqDIhWBrbH/2816de1ec7580e2e90cf80e38d311993/2024-12-23_15-18-50.png) Include to following settings: - **Read-only access** **disabled**. - **Masked Email enabled.** 5. Copy **API Key**into the **API Access Token**field of the Bitwarden username generator. 6. Select **Regenerate Username**to generate a username and automatically create the corresponding alias in Fastmail. ### Forward Email 1. Log in to your [Forward Email](https://forwardemail.net/) account. 2. Forward Email uses the default domain `hideaddress.net`, however if you have a registered domain you can connect it to the service. For more information, refer to the [Forward Email setup guides](https://forwardemail.net/en/guides). 3. In Forward Email, navigate to the **My Account** → **Security** page and copy the Developer Access API token: ![Copy Forward Email API token](https://bitwarden.com/assets/0bYzljpbdqH7AdFqDh7sr/f43a225e5614a00b1dd391f17fbd916d/Screen_Shot_2023-06-30_at_1.06.04_PM.png) 4. In the Bitwarden username generator, paste the copied token in the **API access token**and enter `hideaddress.net` or your registered **Domain name**. 5. Select **Regenerate Username**to generate a username and automatically create the corresponding alias in Forward Email. ### DuckDuckGo 1. Follow the [DuckDuckGo instructions](https://duckduckgo.com/email/) to setup your Duck Address. 2. Once your Duck Address has been setup, select the **Autofill** tab on the DuckDuckGo email protection page, and open your web browser's developer tools. 3. Click the **Generate Private Duck Address**button and view the **Network** tab on your developer tools window. Select the "Addresses" call for the API POST request, and locate the API authorization item. The item will look like this: `authorization: Bearer .`   ![Generate DuckDuckGo email alias](https://bitwarden.com/assets/5Rj9xrPrgp13Pl9KGuap7Z/855fa2f0defc41a68b512b92027bf540/DDG_generate_private_address.png) 4. Copy the API authorization token value and paste it into the API key field on the Bitwarden generator feature. 5. Select **Regenerate Username**to generate a username and automatically create the corresponding alias in DuckDuckGo. #### Random word Select this type to generate a random word for your username. Options for random words include: - **Capitalize**: Capitalize your username. - **Include Number**: Include a 4-digit number in your username. --- URL: https://bitwarden.com/it-it/help/getting-started-browserext/ --- # Estensioni del browser per Password Manager Le estensioni del browser di Bitwarden integrano la gestione delle password direttamente nel tuo browser preferito. Scarica un'estensione del browser Bitwarden dal marketplace o dall'app store del tuo browser, oppure dalla pagina [Download di Bitwarden](https://bitwarden.com/it-it/download/). > [!TIP] Safari Extension > L'estensione per il browser Safari è inclusa nell'app desktop, disponibile per il download dal Mac App Store. [Scopri di più](https://bitwarden.com/it-it/help/install-safari-app-extension/). ## Primi passi Iniziamo il tuo percorso con l'estensione del browser Bitwarden aggiungendo un nuovo accesso al tuo vault: ### Aggiungi un accesso Per creare un nuovo elemento di accesso: 1. Vai alla scheda 🔒 **Vault**e seleziona l'icona + **Nuovo**. 2. Scegli quale tipo di elemento creare (in questo caso, seleziona **Accesso**). 3. Inserisci le informazioni di base per questo accesso. Per ora, assegna all'elemento: - Un **Nome elemento**che ti aiuti a riconoscerlo facilmente (ad esempio, Instagram `Account`). - Il tuo **Nome utente**. - La tua **Password attuale**(la sostituiremo presto con una password più sicura). 4. Puoi selezionare una cartella dal menu a discesa [Cartelle](https://bitwarden.com/it-it/help/folders/). > [!TIP] Selecting Owner if creating an item for an org (browser extension). > If you're using Bitwarden in your workplace, you can use the **Owner**dropdown to create this item within your [organization](https://bitwarden.com/it-it/help/about-organizations/) instead of in your individual vault. 5. Nel campo **Sito web (URI)**inserisci l'URL in cui accedi all'account (ad esempio, `https://instagram.com/login`). 6. Ottimo lavoro! Seleziona **Salva**per continuare. ### Genera una password sicura Ora che hai salvato un nuovo accesso, miglioriamone la sicurezza sostituendo la tua password con una più sicura: 1. Nel browser web, accedi all'account con il nome utente e la password esistenti. Sostituiremo la password attuale con una più sicura, ma questa è anche un'ottima occasione per esercitarti con la compilazione automatica! Per compilare automaticamente, apri l'estensione del browser Bitwarden mentre sei nella pagina di accesso del sito web e, nella scheda 🔒 **Vault**seleziona il pulsante **Compila** per l'elemento suggerito: ![Compilazione automatica tramite estensione del browser](https://bitwarden.com/assets/1pamjhdWn7obh8UBxXcIPF/1841242fa5299a780d53f3ae70e546b3/screenshot_5.png) *Compilazione automatica tramite estensione del browser* 2. Una volta effettuato l'accesso, trova dove puoi cambiare la password. 3. Nel modulo di cambio password del sito web inserisci la tua **Password attuale**, che puoi copiare e incollare da Bitwarden usando l'icona [clone]**Copia**: ![Copy a password](https://bitwarden.com/assets/40l7cU1a0jzaTNUJXd5jPD/97b9ed67c0b255384ce84fa53fad2015/screenshot_2.png) *Copy a password* 4. Una volta compilata la vecchia password, apri l'elemento di accesso in Bitwarden e seleziona **Modifica**. 5. Nel campo **Password** seleziona [generate]**Genera**e modifica le impostazioni della password come preferisci. Puoi usare l'icona [generate] finché non ottieni una password che ti piace e, quando la trovi, seleziona **Usa questa password**. Passare da `Fido1234` a `X@Ln@x9J@&u@5n##B` può fermare un hacker sul nascere. 6. Seleziona **Salva**. 7. Copia la tua nuova password e incollala nel campo Nuova passworde Conferma passwordsul sito web. Complimenti! Il tuo accesso è ora salvato in Bitwarden per un utilizzo facile e sicuro! ### Aggiungi l'estensione alla barra Aggiungendo l'estensione del browser alla barra, sarà facilmente accessibile ogni volta che apri il browser. La procedura varia in base al browser che stai utilizzando: ### Chrome Seleziona l'icona [puzzle]**Estensioni**accanto alla barra degli indirizzi e seleziona l'icona **Aggiungi alla barra**accanto a Bitwarden: ![Aggiungere alla barra in Chrome](https://bitwarden.com/assets/4cwP0QDHWh01v1K8nMV0ma/88b4b36c5b3e9d1fccffe7552880c485/chrome_pin.png) *Aggiungere alla barra in Chrome* ### Firefox Seleziona l'icona [puzzle]**Estensioni**accanto alla barra degli indirizzi, fai clic con il tasto destro sull'estensione del browser Bitwarden e scegli **Aggiungi alla barra degli strumenti:** ![Aggiungere alla barra in Firefox](https://bitwarden.com/assets/2O0RQxs4fr6tTKBAMOQcGy/a54ea16b59f933a209db9458c92358e6/firefox_pin.png) *Aggiungere alla barra in Firefox* Puoi anche attivare una barra laterale persistente di Bitwarden selezionando **Visualizza** → **Barra laterale** → **Bitwarden**dal menu di Firefox. > [!NOTE] Disable Bitwarden sidebar > Se non vuoi che la barra laterale di Bitwarden si apra all'avvio del browser, seleziona **Chiudi barra laterale**dalla scheda Bitwarden nella barra laterale di Firefox. Gli utenti potrebbero dover selezionare **Chiudi barra laterale**in ogni scheda attiva di Firefox e riavviare Firefox. ### Safari Fai clic con il tasto destro in un punto qualsiasi della barra degli strumenti e seleziona **Personalizza barra strumenti**per aprire un'interfaccia drag-and-drop che ti consente di spostare o rimuovere le icone dalla barra degli strumenti: ![Aggiungere alla barra in Safari](https://bitwarden.com/assets/3mD3G3rNMEUu24XBh6a3Kt/5217730380fe6ee6cd49f7c3820574ee/safari_pin.png) *Aggiungere alla barra in Safari* ## Aggiungi un secondo account Hai più account Bitwarden, magari uno per uso personale e uno per il lavoro? L'estensione del browser può mantenere l'accesso contemporaneo a cinque account! Per accedere a un account aggiuntivo, seleziona l'account attualmente connesso nell'angolo in alto a destra dell'estensione del browser: ![Cambio account nell'estensione del browser](https://bitwarden.com/assets/7xbbMZ89zcTHz6ee0cA1MK/8d8972a6b995b3fd7367f248c9c60d69/screenshot_3.png) *Cambio account nell'estensione del browser* Dopo aver aperto il menu di cambio account, seleziona + **Aggiungi account**: ![Aggiungi account nell'estensione del browser](https://bitwarden.com/assets/343trVk3zLCF7Z12uA5wjO/ac2f56fc907372335f30d1dbf68116a1/screenshot_4.png) *Aggiungi account nell'estensione del browser* Dopo aver effettuato l'accesso al secondo account, puoi passare rapidamente da uno all'altro dallo stesso menu, che mostrerà anche lo stato attuale del vault di ciascun account (*bloccato o sbloccato*). Se esci da uno di questi account, verrà rimosso da questo elenco. > [!NOTE] Account switching not available on Safari > Al momento, il cambio account nell'estensione del browser non è disponibile su Safari. ## Passaggi successivi Ora che hai imparato le basi, vediamo un'altra azione che eseguirai regolarmente, **Compilazione automatica** e **salvataggio automatico**, e tre passaggi di configurazione consigliati: sblocco del vault più semplice, **sblocco**, **aggiunta alla barra** dell'estensione nel browser e **disattivazione del gestore password integrato del browser**: ### Disattiva un gestore password integrato La maggior parte dei browser web salva automaticamente le password per impostazione predefinita, ma gli esperti concordano generalmente sul fatto che i [gestori password integrati sono più vulnerabili](https://www.wired.com/2016/08/browser-password-manager-probably-isnt-enough/) rispetto a soluzioni dedicate come Bitwarden. Scopri di più su come [disattivare manualmente il gestore password integrato di un browser](https://bitwarden.com/it-it/help/disable-browser-autofill/#manually-disable-a-browsers-built-in-password-manager/). ### Compila automaticamente un accesso Esistono molti modi per compilare automaticamente le credenziali con le estensioni del browser Bitwarden! Il metodo di base consiste nell'aprire l'estensione del browser Bitwarden mentre sei nella pagina di accesso del sito web e, nella scheda 🔒 **Vault**selezionare il pulsante **Compila**per l'elemento suggerito: ![Compilazione automatica tramite estensione del browser](https://bitwarden.com/assets/1pamjhdWn7obh8UBxXcIPF/1841242fa5299a780d53f3ae70e546b3/screenshot_5.png) *Compilazione automatica tramite estensione del browser* Tieni presente che, quando hai accessi salvati per un sito web a cui stai tentando di accedere, le estensioni del browser Bitwarden mostreranno una notifica a fumetto con il numero di accessi che hai per quel sito. Questi elementi appariranno nella parte superiore delle tue **Suggerimenti di compilazione automatica.** Puoi filtrare ciò che apparirà nei suggerimenti e ciò che viene mostrato nell'elenco **Tutti gli elementi**utilizzando i menu a discesa dei filtri, che possono essere mostrati o nascosti tramite il pulsante 🎚️ : ![Filtri e suggerimenti dell'estensione del browser](https://bitwarden.com/assets/12UsFuA2sxbUCBMIczJsxv/6376ae661b966e4698375c2af2c27c0d/Browser_extension_filters.png) *Filtri e suggerimenti dell'estensione del browser* Esistono molti altri metodi e modi per personalizzare la compilazione automatica dalla tua estensione del browser, inclusi [menu contestuali e scorciatoie da tastiera](https://bitwarden.com/it-it/help/auto-fill-browser/). Scopri di più. ### Salvataggio automatico di un accesso Le estensioni del browser Bitwarden offrono una serie di [notifiche nel browser](https://bitwarden.com/it-it/help/autosave-from-browser-extensions/) che confrontano i tuoi dati decrittografati con quelli che inserisci nei moduli web di accesso, registrazione e simili. Quando vedi questo banner, seleziona **Salva** per aggiungere un nuovo elemento di accesso o aggiornare quello esistente con nome utente, password e URI. Puoi anche scegliere **Seleziona cartella...** per l'elemento se è nuovo, oppure **Modifica** l'elemento prima di salvarlo: ![Richiedi di aggiungere l'accesso](https://bitwarden.com/assets/4vsurEuH5deik26BWn4n1p/82757186b081890fbe92b4d73baeae53/screenshot_7.png) *Richiedi di aggiungere l'accesso* Scopri di più su [Salvataggio automatico con l'estensione del browser](https://bitwarden.com/it-it/help/autosave-from-browser-extensions/). > [!NOTE] Passkeys on browser ext > Lo sapevi che puoi salvare e compilare automaticamente le passkey con l'estensione del browser Bitwarden? Scopri di più sulle passkey [qui](https://bitwarden.com/it-it/help/storing-passkeys/). ### Sblocca con PIN o dati biometrici Per accedere rapidamente alle tue credenziali, configura un [PIN](https://bitwarden.com/it-it/help/unlock-with-pin/) o i [dati biometrici](https://bitwarden.com/it-it/help/biometrics/) per sbloccare il tuo vault. Per configurare un PIN, ad esempio: 1. Apri la scheda ⚙️ **Impostazioni**. 2. Nella sezione **Sicurezza dell'account** seleziona la casella **Sblocca con PIN**. 3. Inserisci il codice PIN desiderato nella casella di input. I codici PIN possono essere qualsiasi combinazione di caratteri (a-z, 0-9, $, #, ecc.) > [!TIP] Ask for biometrics on launch > **Facoltativo:** L'opzione preselezionata **Richiedi i dati biometrici all'avvio** richiederà di inserire la password principale invece di un PIN quando il browser si riavvia. Se vuoi poter sbloccare con un PIN quando il browser si riavvia, deseleziona questa opzione. L'estensione del browser Bitwarden dispone di una funzione di apertura in finestra separata che ti consente di riposizionare il client mentre usi il browser internet. Per aprire l'estensione del browser in una finestra separata, seleziona l'icona mostrata nello screenshot seguente: ### Browser Pop-out L'estensione del browser non rispetterà le impostazioni di [timeout del vault](https://bitwarden.com/it-it/help/vault-timeout/) scelte quando è aperta in una finestra separata. ![Finestra separata dell'estensione del browser](https://bitwarden.com/assets/1cbJy0jLBmSQmRumvYzVwp/a9e43f4c154686249056924eb3e56323/pop_out_screenshot.png) *Finestra separata dell'estensione del browser* L'estensione del browser Bitwarden ha un'impostazione integrata per disattivare il gestore[ di password ](https://bitwarden.com/it-it/help/vault-timeout/)predefinito del browser. Per usare questa impostazione: #### Make Bitwarden your default password manager The Bitwarden browser extension has a built-in setting to disable your browser's default password manager. To use this setting: 1. Vai alla scheda ⚙️ **impostazioni** nell'estensione del browser Bitwarden e poi seleziona **Compilazione automatica**. 2. Fai clic per abilitare **Imposta Bitwarden come gestore di password predefinito**. ![Make Bitwarden default password manager](https://bitwarden.com/assets/5fyBdu5X6JCLu2UsaqYUO0/abfb44cb460314112805bfd0312c1f8f/2025-10-14_12-44-35.png) *Make Bitwarden default password manager* 3. Sul schermo apparirà una finestra di dialogo; seleziona **consenti** per autorizzare Bitwarden ad apportare modifiche alle impostazioni del browser. --- URL: https://bitwarden.com/it-it/help/getting-started-desktop/ --- # Password Manager Desktop Apps The Bitwarden desktop app brings a full vault experience straight out of your browser and into your desktop. The desktop app supports up to five logged-in accounts at a time, making it easy to switch between personal and work accounts at any moment ([learn more](https://bitwarden.com/it-it/help/account-switching/)). In the 🔒 **My** **Vault** view, you can browse all your items, including items owned by an organization that you are a member of. Use the Vaults dropdown to filter for items in **All Vaults**, **My Vault,**and any organization vaults. ![Password Manager on desktop](https://bitwarden.com/assets/79qrrbQ4Oi7ZGUnSrE3VpZ/9e8a86298c65c028e9280a36d0bcb99f/2026-01-28_09-42-19.png) *Password Manager on desktop* ## First steps Let's start your desktop app journey by adding a new login item to your vault and making sure it's secure and easy to find: ### Create a folder [Folders](https://bitwarden.com/it-it/help/folders/) are a great way to make sure you can always find vault items when you need to use them. To create a folder: 1. In the first column of the desktop app, select + **Add** next to **Folders**. 2. Give your folder a name (for example `Social Media`) and select [save] **Save.** ### Add a login Now, let's add a login to your new folder. To create a new login item: 1. In the middle column, select + **Add**. An Add Item panel will be displayed in the third column. 2. Choose which type of item to create (in this case, select **Login**). 3. Enter the basic information for this login. For now, give the item: 1. A **Name** to help you easily recognize it (for example, `X.com Account`). 2. Your **Username**. 3. Your current **Password** (we'll replace this with a strong one soon). 4. Select the + **New URI**button and enter the URL where you log in to the account (for example, `https://x.com/i/flow/login`). ![X.com Login URI](https://bitwarden.com/assets/5jf74Y0xH5LXouxuBLfER0/02aca3fb33feb85d0a05ecbd06e00ba5/x.comlogin_close_up.png) 5. Select a folder from the Folder dropdown. If you are following our example, choose the Social Media folder we just created! 6. Nice work! Select [save] **Save**to finish. > [!TIP] Import from desktop app > You can also import data directly to Bitwarden from your desktop app. [Learn how](https://bitwarden.com/it-it/help/import-data/#tab-desktop-app-5ALQx9afSqWXX9jfXsY5sb/). ### Generate a strong password Now that you have saved a new login, let's improve its security by replacing your password with a strong one: 1. Open a web browser and login to the account with your existing username and password. In that account, find where you can **Change your password**. 2. On the **Change your password** form, enter your **Current password**, which you can copy and paste from Bitwarden using the [clone] **Copy** icon. 3. In Bitwarden, select [pencil] **Edit**on your item. 4. In the Password box, select [generate] **Generate** and confirm **Yes**to overwrite your old password. This will replace your password with a randomly-generated strong password. Moving from `Fido1234` to `X@Ln@x9J@&u@5n##B` can stop a would-be hacker in their tracks. 5. Select [save] **Save.** 6. Copy your new password with the [clone] **Copy** icon you used earlier, and paste your new password in the **New Password**and **Confirm New Password**fields back in your web browser. 7. Once you are done, select **Save**in the web browser. Congratulations! Your login is now saved in Bitwarden for secure and easy use! ### Add a second account Do you have multiple Bitwarden accounts, perhaps one for personal use and one for work? The desktop app can be logged in to five accounts at once! To login to an additional account, select the currently logged-in account from the top-right of the desktop app and select + **Add Account:** ![Switch accounts on desktop](https://bitwarden.com/assets/7fpUmakpNIByzoWQa1cU8L/bd9e35756805bba8bd35bc43c7630aaf/2026-04-23_09-27-28.png) *Switch accounts on desktop* Once you log in to your second account, you can quickly swap between them from the same menu, which will also show the current status of each account's vault (*locked *or *unlocked*). If you log out of one of these accounts, it will be removed from this list. ## Next steps Now that you have mastered the basics, you can customize your desktop app to work exactly the way you want it to: ### 🪟 Windows ### Set your preferences To set your preferences, select **File** → **Settings**from the menu bar. You'll notice three sections; **Security**, **Preferences**, and **App Settings**. > [!TIP] Desktop Preferences > **Security** and **Preferences** apply to the [active account](https://bitwarden.com/it-it/help/getting-started-desktop/#add-a-second-account/) and should be set separately for each account, but **App Settings** apply to all accounts. #### Unlock with biometrics One of the most popular desktop app settings is [unlock with biometrics](https://bitwarden.com/it-it/help/biometrics/), which allows for seamless access using [Windows Hello](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello) with PIN, facial recognition, or [other hardware that meets Windows Hello biometric requirements](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-biometric-requirements). To setup biometric unlock: > [!TIP] Biometrics C++ Redistributable > Windows users may need to install the [Microsoft Visual C++ Redistributable](https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170) before Windows Hello can be turned on in desktop preferences. 1. Enable Windows Hello on your computer. 2. In the Security section, an **Unlock with Windows Hello** option will appear if Windows Hello is supported and enabled on your computer: ![Windows unlock options ](https://bitwarden.com/assets/HQYTF4l5WyPbeTMHhhDnN/fe4ddb713557443e7836f3737534ca1e/windows.png) Check the **Unlock with Windows Hello** option to proceed. Your computer will prompt you to input your biometric. 3. Once enabled, use the **Unlock with Windows Hello**button on the unlock screen to unlock your vault. ![Unlock desktop with biometric](https://bitwarden.com/assets/JSmueUxWjUGxQK0bA716O/f6bcfa6ec4523b8080a77e418e1eae8e/2025-08-13_11-20-59.png) **Security**settings are set per-account, so if you want to enable biometric unlock for another account you'll need to go through these steps again! #### Start Bitwarden automatically Another helpful feature is to always start Bitwarden when you boot up your computer. To enable this, navigate to the **App Settings** section and check the **Start automatically on login** checkbox. Unlike biometrics, this setting applies globally to all logged-in accounts! ### 🍎 macOS ### Set your preferences To set your preferences, select **Bitwarden** → **Settings**from the menu bar. You'll notice three sections, **Security**, **Preferences**, and **App Settings**. > [!TIP] Desktop Preferences > **Security** and **Preferences** apply to the [active account](https://bitwarden.com/it-it/help/getting-started-desktop/#add-a-second-account/) and should be set separately for each account, but **App Settings** apply to all accounts. #### Unlock with biometrics One of the most popular desktop app settings is [unlock with biometrics](https://bitwarden.com/it-it/help/biometrics/), which allows seamless access to your desktop app using [Touch ID](https://support.apple.com/en-us/HT207054) technology. To setup biometric unlock: 1. Enable Touch ID on your computer. See Apple's [Touch ID Documentation](https://support.apple.com/en-us/HT207054) for help. 2. In the Security section, an **Unlock with Touch ID** option will appear if Touch ID is supported and enabled on your computer: ![macOS unlock options](https://bitwarden.com/assets/3O1If6IchE83Qb8ee0mYqx/9c61afb380d8479eb4e55e97c2e628c6/macos-bio1.png) Check the **Unlock with Touch ID** checkbox to proceed. Your computer will prompt you to input your fingerprint to confirm. 3. Once enabled, use the **Unlock with Touch ID**button on the Unlock screen to unlock your vault. ![Unlock with Touch ID ](https://bitwarden.com/assets/MPQwBfgcoTZJvan99sZCZ/e7a2305ffdc24af1fc08adf466463841/mac_unlock_with_touch_id.png) **Security**settings are set per-account, so if you want to enable biometric unlock for another account you'll need to go through these steps again! #### Start Bitwarden Automatically Another helpful feature is to always start Bitwarden when you boot up your computer. To enable this, navigate to the **App Settings** section and check the **Start automatically on login** checkbox. Unlike biometrics, this setting applies globally to all logged-in accounts! ### 🐧 Linux ### Snap post-installation instructions The Bitwarden Password Manager desktop app uses secure storage for persisting authentication tokens while you are logged in to the application. **If you use Snap to install the desktop app**, you will need to allow the app to access secure storage by: 1. On all distributions, run the command `sudo snap connect bitwarden:password-manager-service`. 2. If you've already logged in to the Password Manager desktop app, log out of all accounts and log back in. ### Set your preferences To set your preferences, select File → Settings from the menu bar. You'll notice three sections; **Security**, **Preferences**, and **App Settings**. > [!TIP] Desktop Preferences > **Security** and **Preferences** apply to the [active account](https://bitwarden.com/it-it/help/getting-started-desktop/#add-a-second-account/) and should be set separately for each account, but **App Settings** apply to all accounts. #### Unlock with biometrics One of the most popular desktop app settings is [unlock with biometrics](https://bitwarden.com/it-it/help/biometrics/), which allows seamless access to your desktop app. Bitwarden desktop apps from `AppImage`, `Deb`, and `.rpm` package types are supported`.` Additionally, confirm that your system has a polkit agent and secret service (such as GNOME-Keyring). To enable biometric unlock: 1. Enable System Authentication on your machine. 2. In the Security section of your Bitwarden desktop app, an enable **Unlock with system authentication** option will appear if system authentication is supported and enabled on your machine: ![Unlock with system authentication](https://bitwarden.com/assets/2AMdLd9zqVZwkDMfS1ZW00/bfe0b4bd4b93541fed04563e55722358/Aug_15_Screenshot_from_Bitwarden.png) Check the **Unlock with system authentication**checkbox to proceed. You machine will prompt you to input your verification to confirm. 3. Once enabled, use **Unlock with system authentication** button on the unlock screen to unlock your vault. ![Unlock vault system authentication](https://bitwarden.com/assets/6UIFh90LrxZzgrbacuMw3o/ef9b39a24775d098f1ad9825094206f0/Aug_15_Screenshot_from_Bitwarden__1_.png) Security settings are set per-account, so if you want to enable biometric unlock for another account you'll need to go through these steps again! ### Start Bitwarden automatically One helpful feature is to always start Bitwarden when you boot up your computer. To enable this, navigate to the **App Settings** section and check the **Start automatically on login** checkbox. Remember that this setting applies globally to all logged-in accounts! --- URL: https://bitwarden.com/it-it/help/getting-started-mobile/ --- # Password Manager Mobile Apps Bitwarden mobile apps let you take your password manager on the go. Download Bitwarden from the [iOS App ](https://bitwarden.com/it-it/download/apple-iphone-password-manager/)Store or Google Play Store, or by navigating to [get.bitwarden.com](https://get.bitwarden.com) on any device. ![Bitwarden su iOS e Android](https://bitwarden.com/assets/53OzJZ4klYWemxUepHMtq4/5ab47331f033259bd2e82817a99e992f/2025-01-21_15-22-10.png) ## First steps Let's start your Bitwarden mobile journey by adding a new login item to your vault and make sure it's secure and easy to find: ### Create a folder Folders are a great way to make sure you can always find vault items when you need to use them. To create a folder: 1. Select the ⚙️ **Settings**tab. 2. Select **Vault**and, in the settings list, tap **Folders**: ![Folders on mobile](https://bitwarden.com/assets/6IwzXSJHGmSeU7oIy4z8kZ/95620b58758e50fa0e8e22a65f2bfa15/2025-01-21_15-26-07.png) 3. Select the + **Add** icon. 4. Give your folder a name, (for example, `Social Media`), and select **Save.** ### Add a login Now, let's add a login to your new folder. To create a new login item: 1. Navigate to the 🔒 **My Vault** tab and select the + **Add** icon. 2. Choose which type of item to create (in this case, select **Login**): ![Add a login on mobile](https://bitwarden.com/assets/4QMufMJAsQn5qN9XY3syyL/decdef6cfc89e8af57c30e17ddeae864/2025-01-21_15-27-28.png) 3. Enter the basic information for this login. For now, give the item: 1. A **Name** to help you easily recognize it (for example, `Instagram Account`). 2. Your **Username**. 3. Your current **Password**(we'll replace this with a strong one soon). 4. Select the + **New URI**button and enter the URL where you log in to the account (for example, `https://www.instagram.com/accounts/login/`) 5. Select a folder from the **Folder** dropdown. If you are following our example, choose the Social Media folder you just created. 6. Nice work! Select **Save**to continue. ### Generate a strong password Now that you have saved a new login, let's improve its security by replacing your password with a stronger one: 1. Open a web browser or the mobile app for your account and login with your existing username and password. Once you are logged in, find the **Change your password** page. 2. On the **Change your password**page, enter your current password. You can copy and paste this from Bitwarden! 3. Back in Bitwarden, select the login item and tap **Edit**on iOS or the [pencil] on Android. 4. In the Password box, select [generate] **Generate**and confirm **Yes**to overwrite your old password. This will replace your password with a randomly-generated strong password. Moving from `Fido1234` to `X@Ln@x9J@&u@5n##B` can stop a hacker. 5. Select **Save**. 6. Copy your new password and paste it into the **New Password**and**Confirm** **Password** fields back in the other app. Congratulations! Your login is now saved in Bitwarden for secure and easy use! ### Add a second account Do you have multiple Bitwarden accounts, like one for personal use and one for work? The mobile app can be logged in to five accounts at once! To login to a second account, select the currently logged-in account from the top menu bar of the app and select + **Add Account:** ![Account switching on mobile](https://bitwarden.com/assets/56xAZhiS6wZqKktMlFwbVn/9af5d0ce782af44fc48ebfd8057ddc4c/2025-01-21_14-58-15.png) Once you log in to your second account, you can quickly switch between them from the same menu, which will also show the current status of each account's vault (locked or unlocked). If you log out of one of these accounts, it will be removed from this list. ## Next steps Now that you have mastered the basics, let's dig into some of the more powerful features of Bitwarden mobile apps: ### 🤖 Android ### Setup autofill Setup auto-fill to automatically enter logins from your Android device to a web browser (such as Chrome) or other app. To enable autofill: 1. Open your Bitwarden Android app and tap the ⚙️  **Settings** tab. 2. Tap the **Autofill **option: ![Android autofill options](https://bitwarden.com/assets/5Othw4YuSWmQbV1pmkvVxd/1d8fcf282bee1d729abe88570e7e650f/2025-01-21_15-29-52.png) 3. Toggle the **Autofill Services** option. You'll be automatically redirected to an Android Settings screen. 4. From the Autofill Services list, tap **Bitwarden**. You'll be prompted to confirm you trust Bitwarden. Tapping **OK** will let Bitwarden read content on the screen to know when to offer autofill. For more information, see [Autofill logins on Android](https://bitwarden.com/it-it/help/auto-fill-android/). ### Launch from mobile apps You can launch a website directly from Bitwarden by selecting the [share-square] **Launch** button in any vault item with a valid URI. If you are unfamiliar with using URIs, see [Using URIs](https://bitwarden.com/it-it/help/uri-match-detection/). ![Launch from mobile](https://bitwarden.com/assets/2PsCaLjOAe6WEfnwMkYG0P/be1fde317404835cba1e600244922d98/2025-01-21_15-32-37.png) ### Unlock with biometrics Unlocking Bitwarden with biometrics allows for seamless access to your vault. If you haven't set up [fingerprint unlock](https://support.google.com/nexus/answer/6285273?hl=en) or [face unlock](https://support.google.com/pixelphone/answer/9517039?hl=en) on your Android device, you will need to do that first from the Android ⚙️ **Settings** app. 1. In Bitwarden, tap the ⚙️ **Settings** tab located at the bottom of your screen. 2. Tap **Account security**. 3. Tap **Unlock with biometrics**: ![Biometric unlock on mobile](https://bitwarden.com/assets/7FDRtrf7LkC22dzf3ErsR4/3c176fd1ddb2a3d188817d7e1f795adf/2025-01-21_15-16-44.png) 4. You will be asked to verify with your fingerprint or face depending on your selection. Once enabled, you will be able to open Bitwarden or autofill logins using just your biometric method of choice. ### Login using autofill Once you have set up [autofill](https://bitwarden.com/it-it/help/getting-started-mobile/#setup-auto-fill/) and [biometrics](https://bitwarden.com/it-it/help/getting-started-mobile/#unlock-with-biometrics/), logging into an app or website using Bitwarden is simple. 1. Tap the email/username or password input box in the app or website. 2. Depending on which auto-fill option your device uses, tap the available overlay: ![Android Auto-fill varieties ](https://bitwarden.com/assets/3xbRUA76m4qpEyQ1b7msLo/b294ddfaae21f0e24d5e923266092df0/autofill-android-2.png) 3. You will be prompted for your face authentication or fingerprint. If you aren't using [biometrics](https://bitwarden.com/it-it/help/getting-started-mobile/#unlock-with-biometrics/), enter your master password. 4. If you have connected a login to this website or app using the [URI field](https://bitwarden.com/it-it/help/getting-started-mobile/#create-items/), that login will appear in this window. If you haven't, tap 🔍 **Search** to find it. Tap the login to automatically enter your email/username and password into the boxes, and sign in. ### 🍎 iOS ### Setup AutoFill Setup AutoFill to automatically enter logins from your iOS device to a web browser (like Safari) or other app. 1. On the iOS home screen, tap the ⚙️ **Settings** app. 2. From the Settings menu, tap **General**and then**AutoFill & Passwords**. 3. Tap the **AutoFill Passwords** **and Passkeys**toggle. Green indicates that AutoFill is active. 4. In the **AutoFill From:** list, select the **Bitwarden**toggle. Green indicates that AutoFill is active. When you create new logins, make sure you enter a website in the [URI field](https://bitwarden.com/it-it/help/getting-started-mobile/#add-a-login/) to surface them for AutoFill. For more information, see [Autofill Logins on iOS](https://bitwarden.com/it-it/help/auto-fill-ios/). ### Launch from mobile apps You can launch a website directly from Bitwarden by selecting the [share-square] **Launch** button in any vault item with a valid URI. If you're unfamiliar with using URIs, see [Using URIs](https://bitwarden.com/it-it/help/uri-match-detection/). ![Launch from mobile](https://bitwarden.com/assets/2PsCaLjOAe6WEfnwMkYG0P/be1fde317404835cba1e600244922d98/2025-01-21_15-32-37.png) ### Unlock with biometrics Unlocking Bitwarden with biometrics allows for seamless access to your vault. If you haven't set up Touch ID or Face ID on your iOS device, you'll need to do that first from the iOS ⚙️ **Settings** app. 1. In your Bitwarden iOS app, tap the ⚙️ **Settings** tab located at the bottom of your screen. 2. Tap **Account security**: ![Biometric unlock on mobile](https://bitwarden.com/assets/7FDRtrf7LkC22dzf3ErsR4/3c176fd1ddb2a3d188817d7e1f795adf/2025-01-21_15-16-44.png) 3. Depending on what your device has available, tap: - **Unlock with Touch ID** - **Unlock with Face ID** 4. You will be asked to verify with your fingerprint or face depending on your selection. The toggle will fill to indicate that an option is active. Once enabled, you will be able to open Bitwarden or AutoFill logins using just your biometric method of choice. ### Login using AutoFill Once you've set up [Auto-fill](https://bitwarden.com/it-it/help/getting-started-mobile/#setup-auto-fill/) and [biometrics](https://bitwarden.com/it-it/help/getting-started-mobile/#unlock-with-biometrics/), logging into an app or website using Bitwarden is simple. 1. Tap the email/username or password input box in the app or website. 2. Above your keyboard, tap **Passwords**. ![Tap Passwords in iOS](https://bitwarden.com/assets/4DNAawWIUOKKVUN0cMdqLI/6fd8e01e004fdefcb72b60380ff8ee64/autofill-ios.png) 3. You will be prompted for your Face ID or Touch ID. If you aren't using [biometrics](https://bitwarden.com/it-it/help/getting-started-mobile/#unlock-with-biometrics/), enter your master password. 4. If you have connected a login to this website or app using the [URI field](https://bitwarden.com/it-it/help/getting-started-mobile/#create-items/), that login will appear in this window. If you haven't, tap 🔍 **Search** to find it. Tap the login to automatically enter your email/username and password into the boxes, and sign in. --- URL: https://bitwarden.com/it-it/help/getting-started-organizations/ --- # Organizations Quick Start Password managers such as Bitwarden make it easy to store and access unique and secure passwords across all of your devices, keeping your online accounts safer than ever! Using Bitwarden, you won't need to dangerously repeat simple passwords or leave them exposed in unencrypted formats such as spreadsheets, documents, or sticky notes. Bitwarden organizations will add a layer of collaboration and sharing to password management for your family, team, or enterprise, allowing you to securely share common information such as office wifi passwords, online credentials, or shared company credit cards. Secure sharing of organization-owned credentials is **safe** and **easy**. This article will help you get started with a **free two-person organization** so you can experience secure sharing in no time. ## What are organizations? Bitwarden organizations relate users and vault items together for [secure sharing](https://bitwarden.com/it-it/help/sharing/) of logins, notes, cards, and identities owned by the organization. Organizations could be a family, team, company or any group of people that requires secure shared data. Organizations have a unique view, the Admin Console, where [administrators](https://bitwarden.com/it-it/help/user-types-access-control/) can manage the organization's items and users, run reports, and configure organization settings: ![Console di amministrazione dell'organizzazione gratuita](https://bitwarden.com/assets/hzBuypc5ISzqC3jUmYbea/edcb03ce3d3071cea4f9afb6c7f8eca9/2024-12-03_13-46-09.png) Unless an organization you're a member of uses [policies](https://bitwarden.com/it-it/help/policies/#single-organization/) to restrict you to membership in a single organization, you can be a member of as many as you'd like. #### Comparing organizations with premium The key feature to know is that organizations enables **secure sharing from organizations to users**. [Premium individual](https://bitwarden.com/it-it/help/password-manager-plans/#premium-individual/) accounts unlock premium password security and management features, including advanced two-factor authentication (2FA) options, the Bitwarden Authenticator (TOTP), encrypted file attachments, and more, but Premium **doesn't include secure data sharing**itself**.**However, every Bitwarden account comes with the option to launch a free two-person organization for secure sharing. Paid organizations (Families, Teams, or Enterprise) automatically include these premium features (advanced 2FA options, Bitwarden Authenticator (TOTP), and more) for **every** user enrolled in the organization. ## Setup Bitwarden accounts Free Bitwarden organizations allow for two users to securely share organization-owned credentials. You might use a free organization to share with friend or partner, or to test organizations before [upgrading to a different plan](https://bitwarden.com/it-it/help/password-manager-plans/). Bitwarden provides applications on a variety of devices, including browser extensions, mobile apps, desktop apps, and a CLI, but for the purposes of this guide we'll focus on the [web app](https://bitwarden.com/it-it/help/getting-started-webvault/). The web app provides the richest Bitwarden experience for administering your organization. ### Sign up for Bitwarden [Create a Bitwarden account](https://bitwarden.com/it-it/go/start-free/), and make sure that you pick a strong and memorable [master password](https://bitwarden.com/it-it/help/master-password/). We even recommend writing down your master password and storing it in a safe location. > [!NOTE] Master password reminder > **Don't forget your Master Password!** Bitwarden is a zero-knowledge encryption solution, meaning that the team at Bitwarden, as well as Bitwarden systems themselves, have no knowledge of, way to retrieve, or way to reset your master password. Once your account is created, log in to the [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and verify your account's email address to unlock access to all features: ![Send verification email](https://bitwarden.com/assets/7bJkgn3Qjoon9c1h68WmgW/035a83d213860b7c5b92a29502fc315f/2024-12-03_13-54-17.png) ### Sign up for Bitwarden again In order to use your free two-person organization for secure sharing, you'll need to have two Bitwarden accounts. Once your first Bitwarden account is setup, follow the same procedure (or help your friend or partner to do so) to setup the other account. > [!NOTE] Organization owner setup > Bitwarden organizations have a deep level of [member-level permissions customization](https://bitwarden.com/it-it/help/user-types-access-control/). Whichever member you proceed to [setup your organization](https://bitwarden.com/it-it/help/getting-started-organizations/#setup-your-organization/) with will be the **Owner**. ## Setup your organization To setup your organization: 1. In the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/), select the + **New organization** button: ![Nuova organizzazione](https://bitwarden.com/assets/3eSqWiTIuPSFxXdo5AAjT9/248b0fa7bb381add0d71682acd244a63/2024-12-03_13-57-58.png) 2. Enter an **Organization name** and a **Billing email** we can reach you at. In this guide we are setting up a free organization, so you won't be billed for anything! 3. **Choose your plan**. Bitwarden offers organizations suited to any need, but in this case select **Free**. 4. Scroll down and select **Submit** to finish creating your organization. ### Get to know your organization Once created, you'll land in the Admin Console, which is the central hub for all things sharing and organization administration. As the [organization owner](https://bitwarden.com/it-it/help/user-types-access-control/), you'll be able to see your **Vault**items and [collections](https://bitwarden.com/it-it/help/getting-started-organizations/#get-to-know-collections/), to manage **Members,** run **Reports**, change **Billing**settings, and configure other organization **Settings**: ![Console di amministrazione dell'organizzazione gratuita](https://bitwarden.com/assets/hzBuypc5ISzqC3jUmYbea/edcb03ce3d3071cea4f9afb6c7f8eca9/2024-12-03_13-46-09.png) Users with access to the Admin Console can get to it from any time in the web app using the left-hand navigation: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) ### Get to know collections Collections are an important part of a Bitwarden organization, they represent the logical grouping of organization-owned vault items that [belong to your organization](https://bitwarden.com/it-it/help/getting-started-organizations/#shared-items/). Your organization comes pre-loaded with a **Default Collection** and an **Unassigned** tag. With a free organization, you can create up to two collections from the Vaults view or from the Admin Console: ![Create new collection](https://bitwarden.com/assets/3rq5lVSQlvNT9gu2M2bCbk/8741dc155e8f2fa83d2caeb69218ce64/2024-12-02_15-35-48.png) > [!NOTE] Organizations require collections > In a lot of ways, collections are like the [folders](https://bitwarden.com/it-it/help/folders/) you might use to organize your individual vault. A key difference is that items that [belong to your organization](https://bitwarden.com/it-it/help/getting-started-organizations/#shared-items/) **must be included in at least one collection**. ## Add a user to your organization Now that you are familiar with your organization, it's a good time to add the other organization member you'll be sharing with. To ensure the security of your organization, Bitwarden applies a three-step process for onboarding a new member, [Invite](https://bitwarden.com/it-it/help/getting-started-organizations/#invite/) → [Accept](https://bitwarden.com/it-it/help/getting-started-organizations/#accept/) → [Confirm](https://bitwarden.com/it-it/help/getting-started-organizations/#confirm/). > [!NOTE] invite accept confirm workflow req > Completing the full [Invite](https://bitwarden.com/it-it/help/getting-started-organizations/#invite/) → [Accept](https://bitwarden.com/it-it/help/getting-started-organizations/#accept/) → [Confirm](https://bitwarden.com/it-it/help/getting-started-organizations/#confirm/) process is required to ensure that members receive full access to shared organization items. ### Invite As the organization owner, invite a new member: 1. In the Admin Console, select **Members** from the navigation and use the + **Invite member** button: ![Invita un membro a un'organizzazione](https://bitwarden.com/assets/7AJjR4oqEnCH3A89YYoWpH/498d594fa9703bee9c5f49e2af9f83d0/Invite_member_to_an_organization.png) 2. In the **Role**tab, enter the **Email** of your second member, which should match the email they [signed up for Bitwarden](https://bitwarden.com/it-it/help/getting-started-organizations/#sign-up-for-bitwarden-again/) with. Then, select a [Member role](https://bitwarden.com/it-it/help/user-types-access-control/#user-types/). In many cases, it's a good idea to add a second user with the **Owner** role to the organization. 3. In the **Collections**tab, select which collections to allow this user access to, as well as what the level of [permission](https://bitwarden.com/it-it/help/user-types-access-control/#access-control/) for each to give them. 4. Select **Save** to send the invitation to the designated email address. Once your invitation is sent, inform your new member and help them [accept the invitation](https://bitwarden.com/it-it/help/getting-started-organizations/#accept/). ### Accept As the newly invited member, open your email inbox and look for an email from Bitwarden inviting you to join an organization. Clicking the link in the email will open an invitation window: ![Bitwarden Invitation ](https://bitwarden.com/assets/6ZzHPswxQoqTbjkSWodwxw/9381e27fdee50d5cfe062473633ef7ed/Screen_Shot_2023-04-28_at_10.40.35_AM.png) Since you have already [signed up for Bitwarden](https://bitwarden.com/it-it/help/getting-started-organizations/#sign-up-for-bitwarden-again/), simply log in. Fully logging in to Bitwarden will accept the invitation. > [!NOTE] Invitations expiration > Invitations expire after five days. Make sure you accept the invitation within that window, otherwise the organization Owner will have to [re-invite you](https://bitwarden.com/it-it/help/getting-started-organizations/#invite/). ### Confirm Confirming accepted members to your organization is the last step to grant members access to shared items. To complete the loop: 1. In the Admin Console, select **Members** from the navigation. 2. Select any `Accepted` users and use the ⋮ Options menu to ✓ **Confirm selected**: ![Confirm member to an organization](https://bitwarden.com/assets/5eRDRAooRSGqRWJYZB5fgz/f3eac670d95664be963d2b38eddf68b5/Confirm_member_to_an_organization.png) 3. Verify that the [fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/) on your screen matches the one your new member can find in **Settings** → **My account**: ![Fingerprint phrase ](https://bitwarden.com/assets/6sWPBv5GFAyMcULNxfCCJG/b3115a77e0d8d8d48fcc1f9e24e42d70/fingerprint-phrase.png) Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select **Submit**. ## Get to know your vault Part of the magic of Bitwarden organizations is that items that belong to you and items that [belong to the organization](https://bitwarden.com/it-it/help/getting-started-organizations/#shared-items/) are accessible side-by-side from your **Vaults** view. You can filter between your individual items (**My vault**) and organization items (**My Organization**): ![Cassaforte abilitata per l'organizzazione](https://bitwarden.com/assets/4D2tlh9YKPzDY20SYGVKcG/dff56b66549d29405b1af211860f698e/2024-12-03_14-07-28.png) ### Items shared from an organization You might not have a [item shared from an organization](https://bitwarden.com/it-it/help/getting-started-organizations/#share-a-login/) yet, but when you do it will be displayed in your vault with a card indicating where the item is from: ![Shared item badge](https://bitwarden.com/assets/6tnBV4hUxUNtWvGNAp8eua/215f54e0a26f5a1b2d41e18119fdcd71/2024-12-02_15-31-38.png) Shared items are **owned** by the organization. This means that anyone with permission can alter the item or delete it, which would remove it from your vault as well. ## Move an item to the organization The last step on the road to secure sharing is to create an item and move it to the organization so it can be shared. An existing [vault item](https://bitwarden.com/it-it/help/managing-items/#add-a-vault-item/) can be moved to the organization after it's created, but for this guide, we'll focus on creating a new login from your individual vault: 1. On the **Vaults** page, select the + **New** button and select **Login**. 2. Fill in all the relevant information for your new login item (for example, username and password). The item can be anything you want both yourself and the other organization user to have access to, for example a family streaming account. 3. In the **Ownership** section at the top of the **Add item**panel, select your organization to designate the item for sharing. 4. Select one or more collections to put this item into. Generally, users of two-person organizations setup access for both users for all collections. In larger or more complex organizations, which collection you put the item into will determine who can access it. 5. Select the **Save** button to finishing creating the organization-owned item. This new item will be accessible to both yourself and the other organization user! As long as both users can access the collection it's in, it will appear for both in the organization vault and in the **All vaults** view alongside other vault items. ## Unshare an item from an organization If you have shared an item with an organization, there are two options to unshare the item with the organization. 1. Clone the item back to your individual vault by using the product switcher to open the Admin Console and selecting **Clone** from the Options menu for the item you want to clone. Only users with user type admin or higher can clone items into their individual vault by changing the **Ownership** setting. 2. Delete the item from the organization vault by selecting **Delete** from the same menu. Alternatively, you can unshare items by moving them to a different collection with higher access control restrictions. ## Congratulations! You have setup your new Bitwarden accounts, created an organization, learned a bit about your vaults, and shared an item! Nice work! If you want to upgrade to a paid organization to unlock [lots of additional features](https://bitwarden.com/it-it/help/password-manager-plans/), navigate to your organization's **Billing** → **Subscription** view and select the **Upgrade plan** button: ![Upgrade a free org](https://bitwarden.com/assets/c7MRk3qA3cxcVZHC2gBBs/4128a414a194af6e446ac39d9c250990/2024-12-03_14-09-22.png) --- URL: https://bitwarden.com/it-it/help/getting-started-providers/ --- # Provider Portal Quick Start > [!TIP] Provider Requirements > Interested in becoming a Provider? To get started, we ask that: > > - Your business has an active Enterprise organization. > - Your business has a client ready to be onboarded under your Provider. > > [Become a partner](https://bitwarden.com/it-it/partners/) ## Why Bitwarden Providers? Managed service providers (MSPs) often need a way to quickly create and easily administer Bitwarden organizations on behalf of business customers. **Providers** are administration entities that allow those businesses to create and manage [client organizations](https://bitwarden.com/it-it/help/getting-started-providers/#client-organization/) through the **Provider Portal**. With the Provider Portal: - View all clients under MSP management, onboard new and existing clients, access client organizations' collections, and administer services for teams and enterprise organizations. - Add internal staff as members, assign proper user roles, and delegate administrative duties. - View time-stamped actions made by users in the Provider Portal, including creation of new client organizations, invitation of new provider users, and when provider users access client organizations. The Provider Portal is an all-in-one management experience that enables Providers to manage customers’ Bitwarden organizations at scale. The Provider Portal streamlines administration tasks by centralizing a dedicated space to access and support each client, or to create a new one: ![Provider Portal](https://bitwarden.com/assets/7AoSHeZgJJTBXQmpZ13UBr/56ca464fe6987c8c5fc8e7099235d640/2025-02-25_15-17-46.png) ### Start a Provider [Contact us](https://bitwarden.com/it-it/contact/) to sign up for the Provider program. After you register, a member of the Bitwarden team will contact you and issue an invitation to start a Provider: ![Provider Invitation ](https://bitwarden.com/assets/3zxOwQqwIYO3hte6htfbiv/7e55c649273467fadb6d87bbd229a209/provider-invitation.png) Selecting the **Setup Provider Now** button will prompt you to log in to Bitwarden and fill out some Provider details. ### Onboard users As the creator of the Provider, you will be automatically given [Provider admin](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/) status, allowing you to fully manage all aspects of the Provider and all [client organizations](https://bitwarden.com/it-it/help/getting-started-providers/#client-organizations/). Bitwarden strongly recommends that you provision a second Provider admin for failover purposes. Now, begin adding your employees as [service users](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/), which will allow them to administer all client organizations and create new ones or manage the Provider itself: 1. **Invite Users**. From the Provider Portal 🎚️ **Manage** → **Members** tab, invite users as service users (or invite additional Provider admins): ![Aggiungi un utente provider](https://bitwarden.com/assets/6E5GA111xdiHHkA0gb5LtG/5e5b5fddb5911e1b2ed468c1d49134ad/2024-12-05_09-27-45.png) 2. **Instruct users to accept invites**. Invited users will receive an email from Bitwarden inviting them to join the provider. Inform users that they should expect an invitation and that they will need to **Log In** with an existing Bitwarden account or **Create Account** to proceed: ![Provider Invitation](https://bitwarden.com/assets/0FRQnrWufrfnbc8Q2GymX/ffcb260e1d90ff1a25d0f67ac9bc6c7a/provider-accept-invite.png) 3. **Confirm accepted invitations**. To complete the secure onboarding of your provider users, confirm accepted invitations from the Provider Portal **People** tab: ![Confirm invited provider user](https://bitwarden.com/assets/IxUeScxNYYmI4y8jceC5v/ebdf3fa89abbd69fbb028e0cff8c99aa/2024-12-05_09-29-04.png) With an assembled team of service users, you're ready to start setting up [client organizations](https://bitwarden.com/it-it/help/getting-started-providers/#client-organizations/). ## Client organizations Client organizations are any [organization](https://bitwarden.com/it-it/help/about-organizations/) that is attached to or administered by a Provider. To your customers, there's no difference between a "client" organization and a "regular" organization except for who is conducting administration. Organizations relate Bitwarden users and vault items together for [secure sharing](https://bitwarden.com/it-it/help/sharing/) of logins, cards, notes, and identities. Organizations have a view, the Admin Console, where Provider service users can manage the organization's collections, manage members and groups, run reporting, import data, and configure organization settings: ![Client organization vault ](https://bitwarden.com/assets/5fXREt9aHmnVgLLRPBs8yg/dbecd580231e8ea2f4eec2be224a1e64/2025-02-25_15-20-08.png) Members of a client organization (your customer's end-users) will find shared items in their **Vaults** view alongside individually-owned items, as well as several methods for filtering the item list to only organization items or items in particular [collections](https://bitwarden.com/it-it/help/about-collections/): ![Cassaforte abilitata per l'organizzazione](https://bitwarden.com/assets/4D2tlh9YKPzDY20SYGVKcG/dff56b66549d29405b1af211860f698e/2024-12-03_14-07-28.png) ### Create a client organization To create a new client organization, you must be a [Provider Admin](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/). Navigate to the [bank] **Clients** tab of the Provider Portal and select the + **Add** button → [business] **New Client**: ![New client organization](https://bitwarden.com/assets/5WjBETB0YFm7TS1zpIHeSC/a22563b9172036b1c90bfb61d9ab310b/new_client_org_1.png) ### Add an existing organization To add an existing organization, you must be an active provider user and the owner of the organization you wish to add. > [!NOTE] Add existing org subscription seat limit > A service user can add members to client organizations, or add client organizations to the provider, as long as the number of users added is within the provider's seat minimum. Only provider admins can increase the seat minimum. 1. Navigate to the [bank] **Clients** tab of the Provider Portal and select the + **New** button → [sitemap] **Existing organization**: ![Admin Console add Existing Organization](https://bitwarden.com/assets/mA88mJFGTc9w6MEcisaME/af9d5d7d413cb01d9d18df783fd934fc/Existing_client_org.png) 2. The Add existing organization dialogue will appear. Select the organization you wish to add: ![Select Existing Organization](https://bitwarden.com/assets/19Ugi6eUIMQgcliZvxwuf3/9992b070d0dab4defa04639bef8baf01/2025-02-25_15-45-02.png) 3. You will be prompted to confirm the subscription and billing changes to your provider subscription. Once complete, select **Add organization**. ### Setup the client organization With your newly-created client organization, start building the perfect solution for your customer. Exact setup will be different for each client organization based on your customers' needs, but will typically involve: 1. **Create collections**. A good first step is to [create a set of collections](https://bitwarden.com/it-it/help/about-collections/#create-a-collection/), which provide an organizing structure for the vault items you will add to the vault in the next step. Common collections patterns include **Collections by Department** (for example, users in the client's Marketing Team are assigned to a **Marketing** collection) or **Collections by Function** (for example, users from the client's Marketing Team are assigned to a **Social Media** collection): ![Collections](https://bitwarden.com/assets/6kJ7wMESirqmkfZ8KlfK09/9210ef5cf3cd2442b429760edb98001f/collections-graphic-1.png) 2. **Import data**. Once the structure of how you will store vault items is in place, you can begin [importing data to the organization](https://bitwarden.com/it-it/help/import-to-org/). > [!NOTE] Provider restricted access > Note that, as a provider user, you will not be able to directly view, create, or manage individual items. 3. **Configure enterprise policies**. Before beginning the user management portion of setup, [configure enterprise policies](https://bitwarden.com/it-it/help/policies/) in order to set rules-of-use for things such as [master password complexity](https://bitwarden.com/it-it/help/policies/#master-password-requirements/), [use of two-step login](https://bitwarden.com/it-it/help/policies/#require-two-step-login/), and [admin password reset](https://bitwarden.com/it-it/help/policies/#account-recovery-administration/). > [!NOTE] Enterprise policy > Enterprise policies are **only available to Enterprise organizations**. 4. **Setup login with SSO**. If your customer uses single sign-on (SSO) to authenticate with other applications, [connect Bitwarden with their IdP](https://bitwarden.com/it-it/help/about-sso/) to allow authentication with Bitwarden using end-users' SSO credentials. 5. **Create user groups**. For teams and enterprise organizations, [create a set of groups](https://bitwarden.com/it-it/help/about-groups/#create-a-group/) for scalable permissions assignment. When you start adding users, add them to groups to have each user automatically inherit the group's configured permissions (for example, access to which collections). One common group-collection pattern is to create **Groups by Department** and **Collections by Function**, for example: ![Collections](https://bitwarden.com/assets/6qodHGqBPABEFv3XJxaOUe/780cd4624a5d0a5fe315677968003e2d/collections-graphic-2.png) ### Invite client users With the infrastructure for secure and scalable sharing of credentials in place, you can begin inviting users to the organization. Onboarding users to Bitwarden can be accomplished in three ways, depending on the size of your customer: 1. **For smaller customers**, you can send email invitations to users from the Admin Console 🎚️ **Members** view: ![Invite members as a provider](https://bitwarden.com/assets/4wUO7i6w8y4sqAvwuMVZyd/070a5b36b242b1e4871cc0f58e0b8f83/2024-12-05_09-31-35.png) 2. **For larger customers**who leverage an IdP such as Azure AD, Okta, OneLogin, or JumpCloud, use [SCIM](https://bitwarden.com/it-it/help/about-scim/) to automatically provision users. 3. **For larger customers** who leverage a directory service (Active Directory, LDAP, Okta, and more), use [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) to sync organization users from the source directory and automatically issue invitations. Regardless of whether you have invited users from the organization vault, using SCIM, or using Directory Connector, the same three-step process (Invite → Accept → Confirm) that you followed when [onboarding provider users](https://bitwarden.com/it-it/help/getting-started-providers/#onboard-users/) will apply here as well. ## Managing self-hosted organizations MSPs can provide admin support for Bitwarden self-hosted instances as well. Provider Portal access to managed customers is currently available for cloud-hosted environments only. To provide administrative services for a self-hosted instance, an additional service seat will need to be purchased to manage the self-hosted instance. ### Enabling the self-hosted instances 1. Create a new Bitwarden user as a service account. This user will be granted access to manage a customer as an owner during the initial installation. > [!NOTE] New Bitwarden user service account > If your client organizations are hosted on the same server, this service account could be a single user that is granted access to all organizations. Otherwise, create a separate service account for each customer or server. 2. Save the newly created user's credentials in your internal Bitwarden vault. Next, access the **Provider Portal** located on the main navigation bar. [Create a new enterprise organization](https://bitwarden.com/it-it/help/getting-started-providers/#create-a-client-organization/) from the Provider Portal. > [!NOTE] New credential account > The purpose of this step is to save the credentials, you are not required to invite the user to your organization. 3. During the creation of the enterprise organization, add the service user account that was created in **step 1.** 4. Access the client via the Provider Portal to download the organization license. 5. Deploy the Bitwarden self-hosted instance and [apply the organization license](https://bitwarden.com/it-it/help/licensing-on-premise/#apply-organization-license/). 6. Promote a user as the new owner at your managed customer. > [!NOTE] provider portal custom user > Optionally, once the new user has been promoted to manager of the customer organization, your service account user can be downgraded to a custom admin role. --- URL: https://bitwarden.com/it-it/help/getting-started-webvault/ --- # Password Manager Web App The Bitwarden web app provides the richest Bitwarden experience for personal users and organizations. Many important functions such as setting up [two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) or administering an [organization](https://bitwarden.com/it-it/help/about-organizations/) must be done from the web app. > [!TIP] vault.bitwarden.com vs. configured domain > The web app is accessible from any modern web browser at [vault.bitwarden.com](https://vault.bitwarden.com) and [vault.bitwarden.eu](https://vault.bitwarden.eu). If you are**self-hosting**Bitwarden, access to the web app will be located at your [configured domain](https://bitwarden.com/it-it/help/install-on-premise-linux/), for example `https://my.bitwarden.server.com`. ![App web Password Manager](https://bitwarden.com/assets/2xTpSA11EOCzx8VIuVffcF/d3bc18e7fc3c3cb0bf1779fad9262cd3/2024-12-02_13-42-14.png) When you first log in to your web app, you'll land on the **All vaults** view. This space will list all vault items, including [logins, cards, identities, and secure notes](https://bitwarden.com/it-it/help/managing-items/). ## First steps In the previous screenshot, the **All vaults** view is displaying [filter] **All Items** in all vaults. Members of [organizations](https://bitwarden.com/it-it/help/about-organizations/) will have other vaults listed here. Using the **Filters** column, you can organize your vault into **Favorites** and **Folders**. Let's start by setting up a new folder and adding a new login to it: ### Create a folder To create a folder: 1. Select the + **New** button and choose **Folder**from the dropdown: ![New folder](https://bitwarden.com/assets/3BvTWidqL4xWQvFqBSiJIR/d68bc851d44df1b571eed16366159e0c/2024-12-02_13-50-55.png) 2. Enter a name (for example, `Important Logins`) for your folder and select **Save**. > [!TIP] nesting folders > For a cleaner vault, you can [nest folders inside other folders](https://bitwarden.com/it-it/help/folders/#nested-folders/). ### Add a login To add a new login item: 1. Select the + **New** button and choose **Login**from the dropdown. 2. Enter an **Item name**. Names will help you easily identify items in your vault, so give this item a recognizable one (for example, `My Gmail Account`). 3. From the **Folder** dropdown, select the name of the folder you want to add this item to (for example, the `Important Logins` folder we created earlier). 4. Enter your **Username** and **Password**. For now, enter your existing password. We will help you [replace it with a stronger password](https://bitwarden.com/it-it/help/getting-started-webvault/#generate-a-strong-password/) later. 5. In the **Website (URI)** field, enter the URL of the website (for example, `https://accounts.google.com`). If you don't know what URL to use, navigate to the website's login screen and copy it from your address bar. ![Locating URLs](https://bitwarden.com/assets/62IycEwbVrumSyPjB9n5XS/0df14e819c0881be3d813e235271acaf/2025-06-02_14-31-28.png) 6. Select the ⭐ **Favorite** icon to add this item to your favorites. The icon will fill-in (⭐ → ⭐ ) when it is a favorite. 7. Nice work! Select the **Save** button to finish adding this item. ### Generate a strong password Now that a new login is saved in your vault, improve its security by replacing the existing password with a stronger one: 1. In your vault, select the item you want to secure to open it and select the**Edit** button. 2. In a new tab or window, open the corresponding website and login to your account. > [!TIP] launch from web vault > If you entered something in the **URI 1** field, click the [share-square] **Launch** icon to open it directly from your vault. 3. On that website, navigate to the area where you can **Change your password**. Typically, you can find this in a **Your Account**, **Security**, **Sign in Settings**, or **Login Settings** section. 4. Most websites require you to enter your **Current password** first. Return to your vault and select the [clone] **Copy** icon next to the **Password** field. Then, return to the website and paste it into the **Current password** field. You might have the old password memorized, but it's a good idea to get in the habit of copying and pasting your password. This is how you will be logging in once your password is replaced with a stronger one. 5. Return to your vault and click the [generate] **Generate** icon next to the **Password** field. You will be asked whether you want to overwrite the current password, so select **Yes** to proceed. This will replace your **Password** with a randomly generated strong password. Moving from a password like `Fido1234` to `X@Ln@x9J@&u@5n##B` can stop a hacker. 6. Copy your new password with the same [clone] **Copy** icon you used earlier, and select the **Save** button. > [!TIP] password history > Don't worry about overwriting your existing password! If something goes wrong, Bitwarden stores a [**Password history**](https://bitwarden.com/it-it/help/password-and-generator-history/#password-history/) of the last five passwords for every login. 7. Return to the other website and paste your strong password in the **New Password** and **Confirm new password** fields. 8. Once you **Save** the password change, you are finished! ### Import your data Good news! You don't need to repeat this process for every login if you have usernames and passwords saved in a web browser or other password manager. Use one of our specialized import guides for help transferring your data from: - [LastPass](https://bitwarden.com/it-it/help/import-from-lastpass/) - [1Password](https://bitwarden.com/it-it/help/import-from-1password/) - [Dashlane](https://bitwarden.com/it-it/help/import-from-dashlane/) - [macOS & Safari](https://bitwarden.com/it-it/help/import-from-safari/) - [Google Chrome](https://bitwarden.com/it-it/help/import-from-chrome/) - [Firefox](https://bitwarden.com/it-it/help/import-from-firefox/) ## Secure your vault Now that your vault is full of data, let's take some steps to protect it by setting up two-step login. Two-step login requires you to verify your identity when logging in using an additional token, usually retrieved from a different device. There are many [available methods](https://bitwarden.com/it-it/help/setup-two-step-login/) for two-step login, but the recommended method for a free Bitwarden account is using a mobile device authenticator app such as [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/): 1. Download Bitwarden Authenticator on your mobile device. 2. In the Bitwarden web app, select **Settings**→ **Security**→ **Two-step login**from the navigation: ![Two-step login](https://bitwarden.com/assets/2BsKs83g4cmiCUwxf2ad83/b2a90e85355f3d937aeb46139203737e/2024-12-02_10-54-31.png) 3. Locate the **Authenticator App** option and select **Manage**: ![Two-step login providers](https://bitwarden.com/assets/5GqQynIX94PhzJQ0tVW1aE/5dcea8d04c8a543daa7f96989f220756/2024-12-02_10-55-22.png) You'll be prompted to enter your master password to continue. 4. On your mobile device, open Bitwarden Authenticator and tap the + button. 5. Scan the QR code located in your web app using Bitwarden Authenticator. Once scanned, Bitwarden Authenticator will display a six-digit verification code. 6. Enter the six-digit verification code into the dialog box in your web app, and select the **Enable** button. 7. Select the **Close** button to return to the Two-step login screen, and select the **View Recovery Code** button. Your recovery code can be used in the event that you lose your mobile device. **This is a critical step to ensure you don't ever get locked out of your vault**, so don't skip it! 8. Enter your master password and select the **Continue** button to get your recovery code. ![Example recovery code](https://bitwarden.com/assets/64piqJsX7vN25To16iRFIp/09e977fae9485c0764f832c6bb4b4b04/2024-12-02_11-24-35.png) Save your recovery code in the way that makes the most sense for you. Believe it or not, printing your recovery code and keeping it somewhere safe is one of the best ways to make sure that the code is not vulnerable to theft or inadvertent deletion. ## Next steps Congratulations on mastering the basics of Bitwarden! We want everyone to be safe online, so we are proud to offer everything you have learned about here for free. ### Signup for premium For personal users, we offer a premium subscription for $1.65 / month that unlocks advanced capabilities including: - Advanced two-step login options, like [Duo](https://bitwarden.com/it-it/help/setup-two-step-login-duo/) and [YubiKey security keys](https://bitwarden.com/it-it/help/setup-two-step-login-yubikey/) - Storage space for [encrypted file attachments](https://bitwarden.com/it-it/help/attachments/) - An integration [temporary one-time password (TOTP) authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) - [Emergency access](https://bitwarden.com/it-it/help/emergency-access/) to your vault by trusted emergency contacts - [Vault health reports](https://bitwarden.com/it-it/help/reports/) that report on password and security hygiene To start a premium subscription, select the **Upgrade your plan**button from your **Vaults**view! ### Start an organization Do you need to share passwords or other vault items with your friends, family, team, or entire business? Bitwarden organizations let you do just that. We recommend trying out the functionality of password-sharing from organizations by [starting a free two-person organization.](https://bitwarden.com/it-it/help/getting-started-organizations/) Once you have tested an organization, check out our [Bitwarden pricing](https://bitwarden.com/it-it/pricing/business/) page to learn about the different organization types you might consider. --- URL: https://bitwarden.com/it-it/help/github-actions-integration/ --- # GitHub Actions Bitwarden provides an integration with [GitHub Actions](https://docs.github.com/en/actions) to retrieve secrets from Secrets Manager and inject them into GitHub Actions workflows. The integration will inject retrieved secrets as masked environment variables inside an action. To setup the integration: ## Save an access token In this step, we're going to save an [access token](https://bitwarden.com/it-it/help/access-tokens/) as a [GitHub encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). Encrypted secrets can be created for an organization, repository, or repository environment and are made available for use in GitHub Actions workflows: 1. In GitHub, navigate to your the repository and select the **Settings**tab. 2. In the Security section of the left navigation, select **Secrets and variables**→ **Actions.** 3. Open the **Secrets**tab and select the **New repository secret**button. 4. In another tab, open the Secrets Manager web vault and [create an access token](https://bitwarden.com/it-it/help/machine-accounts/). 5. Back in GitHub, give your secret a **Name** like `BW_ACCESS_TOKEN` and paste the access token value from step 4 into the **Secret**input. 6. Select the **Add secret**button. ## Add to your workflow file Next, we're going to add a few steps to your GitHub Actions workflow file. ### Get secrets To get secrets in your workflow, add a step with the following information to your workflow YAML file: ``` - name: Get Secrets uses: bitwarden/sm-action@v2 with: access_token: ${{ secrets.BW_ACCESS_TOKEN }} base_url: https://vault.bitwarden.com secrets: | fc3a93f4-2a16-445b-b0c4-aeaf0102f0ff > SECRET_NAME_1 bdbb16bc-0b9b-472e-99fa-af4101309076 > SECRET_NAME_2 ``` Where: - `${{ secrets.BW_ACCESS_TOKEN }}` references your previously saved repository secret. Change accordingly if you didn't name the secret `BW_ACCESS_TOKEN`. - `base_url `For self-hosted instances, provide your `https://your.domain.com.` If this optional parameter is provided, the parameters `identity_url` and `api_url` are not required. The GitHub action will use `BASE_URL/identity` and `BASE_URL/api` for the identity and api endpoints. - `fc3a93f4-2a16-445b-b0c4-aeaf0102f0ff` and `bdbb16bc-0b9b-472e-99fa-af4101309076` reference identifiers for secrets stored in Secrets Manager. The [machine account](https://bitwarden.com/it-it/help/machine-accounts/) that your access token belongs to **must be able to access these specific secrets**. - `SECRET_NAME_1` and `SECRET_NAME_2` are the names you'll use to reference the injected secret values in the next step. ### Use secrets Finally, you can complete the pathway by referencing the specified secret names (`SECRET_NAME_1` and `SECRET_NAME_2`) as parameters in a subsequent action, for example: ``` - name: Use Secret run: SQLCMD -S MYSQLSERVER -U "$SECRET_NAME_1" -P "$SECRET_NAME_2" ``` ## Example workflow The following example is a Github Actions workflow file using `get secrets`: ```plain text - name: Get Secrets uses: bitwarden/sm-action@v2 with: access_token: ${{ secrets.BW_ACCESS_TOKEN }} secrets: | fc3a93f4-2a16-445b-b0c4-aeaf0102f0ff > GITHUB_GPG_PRIVATE_KEY bdbb16bc-0b9b-472e-99fa-af4101309076 > GITHUB_GPG_PRIVATE_KEY_PASSPHRASE - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ env.GITHUB_GPG_PRIVATE_KEY }} passphrase: ${{ env.GITHUB_GPG_PRIVATE_KEY_PASSPHRASE }} git_user_signingkey: true git_commit_gpgsign: true ``` --- URL: https://bitwarden.com/it-it/help/gitlab-integration/ --- # GitLab CI/CD Bitwarden provides a way to inject secrets into your [GitLab CI/CD](https://docs.gitlab.com/ee/ci/) pipelines using the Bitwarden [Secrets Manager CLI](https://bitwarden.com/it-it/help/secrets-manager-cli/). This allows your to securely store and use secrets in your CI/CD workflows. To get started: ## Save an access token In this step, we're going to save an [access token](https://bitwarden.com/it-it/help/access-tokens/) as a GitLab CI/CD variable. This token will be used to authenticate with the Bitwarden Secrets Manager API and retrieve [secrets](https://bitwarden.com/it-it/help/secrets/). 1. In GitLab, navigate to your project's **Settings** > **CI/CD** page. 2. Select **Expand** in the **Variables**section. 3. Select **Add variable**. 4. Check the **Mask variable**flag. 5. Name the key `BWS_ACCESS_TOKEN`. This is the variable that the Secrets Manager CLI looks for to [authenticate](https://bitwarden.com/it-it/help/secrets-manager-cli/#authentication/). Alternatively, if you need to name the key something else, specify `--access-token NAME_OF_VAR` on the `bws secret get` line later. 6. In another tab, open the Secrets Manager web app and [create an access token](https://bitwarden.com/it-it/help/access-tokens/). 7. Back in GitLab, paste the newly-created access token into the **Value**field. 8. Select **Add variable** to save. ![Add a variable in GitLab](https://bitwarden.com/assets/5oaev7YcHn7ndLaofLb8Uw/2c653506fca3ca2300ce93e226e163e8/gitlab_variables.png) ## Add to your workflow file Next, we're going to write a rudimentary GitLab CI/CD workflow. Create a file called `.gitlab-ci.yml` in the root of your repository with the following contents: ```bash stages: - default_runner image: ubuntu build: stage: default_runner script: - | # install bws apt-get update && apt-get install -y curl git jq unzip export BWS_VER="1.0.0" curl -LO \ "https://github.com/bitwarden/sdk/releases/download/bws-v$BWS_VER/bws-x86_64-unknown-linux-gnu-$BWS_VER.zip" unzip -o bws-x86_64-unknown-linux-gnu-$BWS_VER.zip -d /usr/local/bin # use the `bws run` command to inject secrets into your commands - bws run -- 'npm run start' ``` Where: - `BWS_VER` is the version of the Bitwarden Secrets Manager CLI to install. You can pin the version being installed by changing this to a specific version, for example `BWS_VER="0.3.1"`. > [!WARNING] Don't use command that output in logs. > Secrets are stored as environment variables. It is important to [avoid running commands that would output these secrets to the logs](https://docs.gitlab.com/ee/ci/variables/#cicd-variable-security). ## Run the CI/CD pipeline On the left, select **Build** > **Pipelines** and select **Run pipeline** at the top-right of the pace. Select **Run pipeline**on the page to run the newly-created pipeline. --- URL: https://bitwarden.com/it-it/help/hosting-faqs/ --- # Self-host FAQs This article contains Frequently Asked Questions (FAQs) regarding self-hosting. ## General ### Q: What platforms can I host on? **A:** Bitwarden is a cross-platform application that is deployed using Docker Linux containers. This means that Bitwarden can be hosted on Linux, macOS, and Windows machines. The platform you host on must be under active mainstream support by its vendor. In other words, Bitwarden does not support hosting on any platform version that has reached EoL. Windows Server, for example requires at least version 2022; versions 2019 and 2016 have both ended active mainstream support. Docker Desktop on Windows may require a license depending on whether your company meets [Docker's requirements for licenses](https://www.docker.com/pricing/), however Docker on Linux is free. You can read more about Docker and container technologies at the [Docker website](https://www.docker.com/why-docker). ### Q: Do Bitwarden client apps support non-official servers? **A**: While we expect most client functionality to work with non-official servers, such as Vaultwarden, Bitwarden cannot guarantee that official clients will work perfectly with non-official servers. If you're using a non-official server, we recommend that you keep it as up-to-date as possible to take advantage of compatibility updates written by its maintainers. Bitwarden Customer Support may be limited in their ability to assist you with client issues if you're using a non-official server. As an example, Vaultwarden introduced support for native mobile apps in version 1.31.0. If you’re using native mobile apps and a version of vaultwarden prior to 1.31.0, you will receive an error and should ugrade your server. ### Q: How should I achieve high availability? **A:** Deploying with Helm is currently the recommended option for achieving high availability. However, increasing replicas for Bitwarden containers may result in unexpected behavior. Learn more about Bitwarden self-hosting with Helm [here](https://bitwarden.com/it-it/help/self-host-with-helm/). ### Q: Do I need to allow any URLs? **A:** When installing a standard self-hosted Bitwarden server deployment, your server will make outbound connections for functionality such as updates, pushing notifications to clients, and syncing Families for Enterprise sponsorships. If you do not wish to use these features, deploy with one of the offline guides so that the server does not make any outbound connections outside your infrastructure. To allow the standard outbound functionality, you will need to allow the following URLs through your firewall: - The **Bitwarden server install/update** URLs listed [here](https://bitwarden.com/it-it/help/bitwarden-addresses/#bitwarden-applications/). - The **Application endpoints** listed [here](https://bitwarden.com/it-it/help/bitwarden-addresses/#application-endpoints/). ### Q: How do I backup and restore my self-hosted instance? **A:** Bitwarden takes automated nightly backups of the `bitwarden-mssql` database container in order to protect your stored credentials. For help with manual backups, or help restoring a backup, see [Backup your Hosted Data](https://bitwarden.com/it-it/help/backup-on-premise/). ### Q: What are my installation id and installation key used for? **A:** Installation ids keys are used when installing Bitwarden on-premises in order to: - Register your installation and contain email so that we can contact you for important security updates. - Authenticate to push relay servers for push notifications to Bitwarden client applications. - Validate licensing of paid features. Retrieve an installation id and key from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). > [!NOTE] Installation key and id specific to server region > While retrieving your installation Id and Key, be sure to select the server region that corresponds to your Bitwarden client. Learn how to apply the proper self-hosted server region [here](https://bitwarden.com/it-it/help/server-geographies/#connect-your-self-hosted-server/). **You should not share your installation id or installation key across multiple Bitwarden installations.** They should be treated as secrets. ### Q: How do I change the name of my server? **A:** Configure the `url:` in the `./bwdata/config.yml` with your new server name and the run the `./bitwarden.sh` rebuild command to rebuild `bwdata` assets. Check that your server name or FQDN has been proliferated to all `globalSettings_baseServiceUri__*` variables in `./bwdata/env/global.override.env`, and that your certificate contains a Subject Alternative Name (SAN) with the new server FQDN If you are using Let's Encrypt certificate, you will need to [manually update your certificate](https://bitwarden.com/it-it/help/certificates/#manually-update-a-lets-encrypt-certificate/). ### Q: How do I change the name of my self-hosted organization? **A:** First, change the name of the organization in the cloud using the web app. Once the cloud organization has been changed, you can re-download the license file and upload the new license file to your self-hosted organization as seen [here](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/). ### Q: Why does the System Administrator Portal show an update available when update commands show I'm on the latest version? **A:** The System Administrator Portal will show an available update as soon as we release our cloud server, however as mentioned in the [release notes](https://bitwarden.com/it-it/help/releasenotes/), self-hosted server updates typically are made available a few days following cloud. Please wait a few days and try [updating your instance](https://bitwarden.com/it-it/help/updating-on-premise/) again. ### Q: Can I run Bitwarden under a domain subfolder? A: Running Bitwarden under a domain subfolder (for example, `https://mydomain.com/bitwarden` instead of `https://mydomain.com`) is not supported. It must run under a host, as a subdomain, or with an additional port. ## SMTP configuration ### Q: How do I set up an SMTP mail server? **A:** Connect your self-hosted instance to an existing SMTP mail server by editing all `globalSettings__mail__smtp__*` values in `./bwdata/env/global.override.env`. For more information, see [Configure Environment Variables](https://bitwarden.com/it-it/help/environment-variables/). If you don't yet have an existing SMTP mail server from which you can relay emails, consider services like [Mailgun](https://www.mailgun.com/) or [SparkPost](https://www.sparkpost.com). ### Q: How do I use Gmail as an SMTP mail server? > [!WARNING] Gmail SMTP > Starting in autumn of 2024, apps like Bitwarden using Gmail for SMTP will be required to use [app passwords](https://support.google.com/mail/answer/185833?hl=en&sjid=9696547978374724481-NA#zippy=) for authentication as basic authentication (username and password) support will be deprecated. > > We recommend migrating your SMTP configuration to an app password as soon as possible. [Learn more about the change](https://support.google.com/a/answer/14114704). **A:** Configure the following variables in `./bwdata/env/global.override.env`: ``` globalSettings__mail__replyToEmail=no-reply@your.domain globalSettings__mail__smtp__host=smtp.gmail.com globalSettings__mail__smtp__port=587 globalSettings__mail__smtp__ssl=false globalSettings__mail__smtp__username= globalSettings__mail__smtp__password= ``` You will also need to enable SMTP relay from within Google. For more information, see [Google's documentation](https://support.google.com/a/answer/176600?hl=en). ## Advanced configuration ### Q: How do I use custom server ports? **A:** To use custom ports, instead of 80 and 443, edit the `http_port=` and `https_port=` values in `./bwdata/config.yml` and run `./bitwarden.sh rebuild` to rebuild your server assets. Check that the custom port values have been proliferated to `./bwdata/env/global.override.env`. ### Q: How do I enable logging to syslog? **A**: Docker's `syslog` logging [drivers](https://docs.docker.com/engine/logging/drivers/syslog/#usage) work with Bitwarden's containers. In order to log to `syslog`, users may setup the `syslog` logging driver system-wide with Docker's `daemon.json` file (located [here](https://docs.docker.com/engine/logging/drivers/syslog/#usage)). Alternatively, you may configure it just for Bitwarden containers by configuring it in our `bwdata/docker/docker-compose.override.yml` file like so: ```yaml services: admin: logging: driver: syslog options: syslog-address: tcp://192.168.0.42:123 sso: logging: driver: syslog options: syslog-address: tcp://192.168.0.42:123 identity: logging: driver: syslog options: syslog-address: tcp://192.168.0.42:123 api: logging: driver: syslog options: syslog-address: tcp://192.168.0.42:123 events: logging: driver: syslog options: syslog-address: tcp://192.168.0.42:123 ``` --- URL: https://bitwarden.com/it-it/help/huntress-siem/ --- # Huntress SIEM Huntress is a managed security platform that provides threat detection, investigation, and response capabilities. Huntress Managed SIEM centralizes log data from across your environment and can be integrated with Bitwarden, giving security teams unified visibility into password management activity alongside the rest of their security environment. ## Requirements To setup Bitwarden as a log source in Huntress, you must: - Have a Bitwarden Teams or Enterprise organization. - Have a Huntress organization that includes Managed SIEM. - Have administrative access to both Bitwarden and Huntress. > [!NOTE] Bitwarden organizations vs. Huntress organizations > Both Bitwarden and Huntress use the term "organization" to describe the entity that ties together users and data. Since you'll need to access both during setup, this document will disambiguate Bitwarden organizations and Huntress organizations where applicable. ## Add Bitwarden as a source To add Bitwarden as a log source to the Huntress Managed SIEM platform: 1. In Huntress, navigate to **SIEM** → **Source Management**. ![Source Management](https://bitwarden.com/assets/30FE7CyWJrv4aztO5zNLXV/b5f85e14faaeb34f5023afe16ba7d54a/2026-02-18_13-12-18.png) *Source Management* 2. Select **Add Source** and, from the dropdown, select **Bitwarden**. ![Add source](https://bitwarden.com/assets/33tJYy7Wg9swFU36TmSfsp/4a4d8198c5ee47f52f003c93d147623e/2026-02-18_13-13-34.png) *Add source* 3. Select **Add**. If you have other pre-existing Bitwarden log sources, they'll also be listed on this page. 4. Select a configuration method. The method you choose will depend on whether your Bitwarden organization is on a Bitwarden cloud server or a self-hosted server: ### Cloud hosted If your Bitwarden organization is on a Bitwarden cloud server (US or EU): 1. Choose **I am using Bitwarden's Cloud Hosting** and select **Next**. 2. From the **Organization** dropdown, select a Huntress organization that includes Managed SIEM. 3. Provide a **Name** that can be used to identify the integration and, optionally, a **Description**. 4. Select **Save**. 5. On the following page, take note of the **HTTP Event Collector URL**and **HTTP Event Collector Token**. You will need these values in a subsequent step. > [!NOTE] Getting back to Huntress configuration details. > If you click out of this view, you can re-retrieve these values by navigating back to the list of Bitwarden log sources, choosing the source, and selecting the [pencil] **Configure** button. 6. In Bitwarden, open the Admin Console and navigate to the **Integrations**page and **Event management** tab. 7. Scroll down to the Huntress card and select the **Connect Huntress** button: ![Integrations page](https://bitwarden.com/assets/1eVEp2giglyZSo8X4tBQ0E/59730bd09ab12bfee9d9a607a971eca0/huntress.png) *Integrations page* 8. Copy your **HTTP Event Collector URL**and **HTTP Event Collector Token** from Huntress and paste them into the **Connect Huntress** panel in Bitwarden. 9. Select **Save**. ### Self-hosted If your Bitwarden organization is on a self-hosted Bitwarden server: 1. Choose **I have a Self-Hosted Domain for Bitwarden**and select **Next**. 2. From the **Organization** dropdown, select a Huntress organization that includes Managed SIEM. 3. Provide a **Name** that can be used to identify the integration and, optionally, a **Description**. 4. Enter the **Base URL** of the API on your self-hosted server. 5. Enter your Bitwarden organization's [client ID and client secret](https://bitwarden.com/it-it/help/public-api/#authentication/), which will be used for authentication. 6. Select **Save**. --- URL: https://bitwarden.com/it-it/help/import-data-from-myki/ --- # Import from Myki Use this article for help exporting data from Myki and importing into Bitwarden. Myki data exports are available as `.csv` files. ## Export from Myki The process for exporting data from Myki is different depending on which platform you are using. Whenever possible, we recommend exporting from the Myki web app for the smoothest experience importing to Bitwarden. For help exporting from Myki, refer to [these Myki articles](https://support.myki.com/en/articles/6007957-how-to-export-my-myki-vault). ### Condition your CSVs **If you exported from a Myki mobile app**, you will be required to condition your `.csv` files for import into Bitwarden. This will primarily involve renaming column headers and, in some cases, re-ordering columns in the `.csv`. Each of the following sections will document first the format exported by Myki and second the format expected by Bitwarden. #### UserAccount.csv Exported: ``` Nickname,Url,Username,Password,Additional Info,Two Factor Secret,Status ``` Expected: ``` nickname,url,username,password,additionalInfo,twofaSecret,status,tags ``` #### CreditCard.csv Exported: ``` Nickname,Card Number,CardName,Exp Month,Exp Year,CVV,Additional Info,Status ``` Expected: ``` nickname,status,tags,cardNumber,cardName,exp_month,exp_year,cvv,additionalInfo ``` #### IdCard.csv Exported: ``` Nickname,Id Type,Id Number,Id Name,Id Issuance Date,Id Expiration Date,Id Country,Additional Info,Status ``` Expected: ``` nickname,status,tags,idType,idNumber,idName,idIssuanceDate,idExpirationDate,idCountry,additionalInfo ``` #### Address.csv Exported: ``` Nickname,First Name,Middle Name,Last Name,Email,First Address Line,Second Address Line,Title,Gender,Number,City,Country,Zip Code,Additional Info,Status ``` Expected: ``` nickname,status,tags,firstName,middleName,lastName,email,firstAddressLine,secondAddressLine,title,gender,number,city,country,zipCode,additionalInfo ``` #### Note.csv Exported: ``` Title,Content,Status ``` Expected: ``` nickname,status,content ``` #### User2FA.csv Exported: ``` Nickname,Additional Info,Two Factor Secret,Status ``` Expected: ``` nickname,status,tags,authToken,additionalInfo ``` ## Import to Bitwarden Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. If an “Import error” message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. --- URL: https://bitwarden.com/it-it/help/import-data/ --- # Import to your Vault or Collections Import logins and data from different password managers, other Bitwarden vaults, or [encrypted exports](https://bitwarden.com/it-it/help/encrypted-export/) to instantly transfer your information and skip manual entry. You can import data from any password management solution that allows exports. > [!TIP] Import to org instead of individual > This article covers importing to your own vault or [to a collection](https://bitwarden.com/it-it/help/import-data/#import-to-a-collection/) that you have access to. If you're administering an organization, you may need to [import to an organization](https://bitwarden.com/it-it/help/import-to-org/) instead. ## Common password manager & file type imports Bitwarden supports data imports from many common password management solutions, including: - [Import from LastPass](https://bitwarden.com/it-it/help/import-from-lastpass/) - [Import from 1Password](https://bitwarden.com/it-it/help/import-from-1password/) - [Import from Firefox](https://bitwarden.com/it-it/help/import-from-firefox/) - [Import from Google Chrome, Edge, or Chromium](https://bitwarden.com/it-it/help/import-from-chrome/) - [Import from Password Safe](https://bitwarden.com/it-it/help/import-from-passwordsafe/) - [Import from another Bitwarden vault](https://bitwarden.com/it-it/help/export-your-data/) [Additional file types](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) from other password managers are compatible with Bitwarden. If your solution isn’t listed but can export data, edit the file to match a [supported format](https://bitwarden.com/it-it/help/condition-bitwarden-import/). ## Import to your individual vault Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ## Import to a collection Import data to a [collection](https://bitwarden.com/it-it/help/create-collections/) to organize and share items with like your immediate teammates or family. If you're administering a Bitwarden organization, consider [importing data to an organization](https://bitwarden.com/it-it/help/import-to-org/) instead. When on the **Import** page, select your organization’s **Vault** and the **Collection**: ![Import to a collection](https://bitwarden.com/assets/5i5K8TyWXdbpJLNlsfyd3v/ff5bd0dedb26341e355c8537faafee2e/2025-12-17_11-28-45.png) *Import to a collection* ## Troubleshoot import errors If a limit is exceeded or the file contains unassigned items, you will see an “Import error” message. No data is added to your vault when an import is rejected. ### File limits Imported files can contain up to: - 40,000 items - 2,000 folders - 2,000 collections - 7,000 item-folder relationships (For example, a single item in three folders is counted as three item-folder relationships.) - 80,000 item-collection relationships (For example, a single item in three collections is counted as three item-collection relationships.) If your file is too large, split it into smaller ones and import each separately. ### Field length limits If an item in your file (typically a `.csv`) exceeds a field’s **encrypted** character limit, Bitwarden will not import any of its contents. The “Import error” message will appear with details identifying the specific issue(s). > [!TIP] Character counts when encryption > Bitwarden's encryption process expands text 30-50% during import, which may push your field(s) beyond the character limit. For example, a `Notes `field—the most common offender—can increase from 8,000 to over 10,000 characters, exceeding the limit and triggering the error. To fix this error and upload your data: 1. Open your `.csv` file in a text editor or spreadsheet program. 2. Review the error message details to find the item(s) causing the issue. For example, here’s how to interpret the following error: `[2] [Login] “My New Item”: The field Notes exceeds the maximum encrypted value length of 10000 characters.` - `[2]` is the index number where the offending item is located, adjusted to match row numbering in most spreadsheet programs. - `[Login]` is the vault item `type` of the offending item. - `"My New Item"` is the name of the offending item. - `Notes` is the specific field that exceeds the character limit. - `10000` is the character limit allowed for that field. 3. Reduce the character count or delete the offending item(s). 4. Save the file. 5. Go back to Bitwarden and [import the updated file](https://bitwarden.com/it-it/help/import-data/#import-to-your-individual-vault/). ### File contains unassigned items Organization users (not [admins or owners](https://bitwarden.com/it-it/help/user-types-access-control/#member-roles/)) must assign all imported credentials to at least one collection. There are two ways to fix this import error: - Assign an existing collection where you have the **Manage collection** permission. - Create a new collection for the unassigned items. [Customize your import file](https://bitwarden.com/it-it/help/condition-bitwarden-import/) by entering a new collection name. This will automatically create that collection and add the items to it. > [!NOTE] File contains unassigned items error > To minimize this error, turn on the [Restrict collection creation to owners and admins setting](https://bitwarden.com/it-it/help/collection-management/#collection-management-settings/) to prevent users from creating collections. ### Organization can only have a maximum of two collections Free organizations can have up to two [collections](https://bitwarden.com/it-it/help/about-collections/). If you try importing a file that specifies more than two collections, an import error will appear. There are a few options to correct this: - If you are trying to import a `.csv` or `.json`, [edit the file](https://bitwarden.com/it-it/help/condition-bitwarden-import/) to remove the additional collections. - Upgrade your plan so you can create more collections and import your file as-is. --- URL: https://bitwarden.com/it-it/help/import-faqs/ --- # Import & Export FAQs This article contains frequently asked questions (FAQs) regarding import & export. ### Q: How do I import my data if I don’t see my service on the import options list? **A:** If we don't have official support for the service you are using, manually condition a `.csv` or `.json` for import into Bitwarden. For more information about how to do this, see [Condition a Bitwarden .csv or .json](https://bitwarden.com/it-it/help/condition-bitwarden-import/). ### Q: How do I import items directly to collections? **A:** You can import items into existing collections by appropriately conditioning a `.json` before before importing, or you can define new collections within your import file in order to create new collections when you upload the file. [Learn how](https://bitwarden.com/it-it/help/condition-bitwarden-import/). ### Q: Why did importing create duplicate vault items? **A:** Every import operation creates every new record as an item in your vault, regardless of whether matching vault items already exist in your vault. Prior to import, we recommend either: - Editing your import file to only include net-new vault Items. - Purging your vault before an import operation. Individual vaults can be purged from the **Settings** → **My account** page. Organization vaults can be purged from the Organization**Settings** → **Organization info** page. ### Q: What file formats does Bitwarden support for import? **A:** The following formats are supported out-of-the-box: > [!TIP] If import format isn't listed. > If your format is not listed below, manually [create a Bitwarden .csv or .json](https://bitwarden.com/it-it/help/condition-bitwarden-import/). - [1Password (1pif)](https://bitwarden.com/it-it/help/import-from-1password/) - [1Password 6 & 7 Windows (.sv)](https://bitwarden.com/it-it/help/import-from-1password/) - [1Password 6 & 7 Mac (csv)](https://bitwarden.com/it-it/help/import-from-1password/) - 1Password (1pux) - Ascendo DataVault (csv) - Avast Passwords (csv) - Avast Passwords (json) - Avira (json) - BlackBerry Password Keeper (csv) - Blur (csv) - [Brave (csv)](https://bitwarden.com/it-it/help/import-from-chrome/)(select **Chrome**) - Buttercup (csv) - [Chrome (csv)](https://bitwarden.com/it-it/help/import-from-chrome/) - Clipperz (html) - Codebook (csv) - [Dashlane (json)](https://bitwarden.com/it-it/help/import-from-dashlane/) - [Dashlane (csv)](https://bitwarden.com/it-it/help/import-from-dashlane/) - Edge (csv) - Encryptr (csv) - Enpass (csv) - Enpass (json) - [Firefox (csv)](https://bitwarden.com/it-it/help/import-from-firefox/) - F-Secure KEY (fsk) - GNOME Passwords and Keys/Seahorse (json) - Kaspersky Password Manager (txt) - KeePass 2 (xml) - KeePassX (csv) - [Keeper (csv)](https://bitwarden.com/it-it/help/import-from-keeper/) - [Keeper (json)](https://bitwarden.com/it-it/help/import-from-keeper/) - [LastPass (csv)](https://bitwarden.com/it-it/help/import-from-lastpass/) - LogMeOnce (csv) - Meldium (csv) - mSecure (csv) - Myki (csv) - [Microsoft Edge (csv)](https://bitwarden.com/it-it/help/import-from-chrome/)(select **Chrome**) - Netwrix Password Secure (csv) - Nordpass (csv) - [Opera (csv)](https://bitwarden.com/it-it/help/import-from-chrome/)(select **Chrome**) - Padlock (csv) - Passbolt (csv) - PassKeep (csv) - Passky (json) - Passman (json) - Passpack (csv) - Password Agent (csv) - Password Boss (json) - Password Dragon (xml) - Password Depot 17 (xml) - Password Safe (xml) - PasswordWallet (txt) - PasswordXP (csv) - ProtonPass (json) - Psono (json) - RememBear (csv) - RoboForm (csv) - Safari and macOS (csv) - SafeInCloud (xml) - SaferPass (csv) - SecureSafe (csv) - SplashID (csv) - Sticky Password (xml) - True Key (csv) - Universal Password Manager (csv) - [Vivaldi (csv)](https://bitwarden.com/it-it/help/import-from-chrome/) - Yoti (csv) - Zoho Vault (csv) --- URL: https://bitwarden.com/it-it/help/import-from-1password/ --- # Import from 1Password Use this article for help exporting data from 1Password and importing into Bitwarden. 1Password data exports are available as `.1pux` (requires 1Password v8.5+), `.1pif,` and `.csv` files depending on which client version and operating system you are using. Learn [what data 1Password exports include](https://support.1password.com/export/?mac#get-help). > [!TIP] Export from 1PW with CXP. > 1Password for iOS supports export of your data, including passkeys, through Credential Exchange. [Learn how to use Credential Exchange](https://support.1password.com/export/?ios) for easy migration from from 1Password to Bitwarden. ## Export from 1Password Complete the following steps to export data from the 1Password desktop app: > [!TIP] 1Password Export Version Differences > Currently, only 1Password 8 allows you to export multiple vaults at once. If you are using 1Password 8, skip to **Step 3**. 1. Navigate to the vault you'd like to export. 2. In your vault, select the items you would like to export. Hold Ctrl/Cmd to select multiple vault items, or select everything by pressing Ctrl/Cmd + A. 3. Depending on your device: - On Windows, select **File** → **Export** or right-click and select **Export**. - On macOS, select **File** → **Export** → **All Items..**. > [!NOTE] 1password csv export > When exporting a `**.csv**` from macOS, you must also select **All Fields** and check **Include Column Labels**. 4. In the export window, specify a location and file format. ## Import to Bitwarden Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. If an “Import error” message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. --- URL: https://bitwarden.com/it-it/help/import-from-chrome/ --- # Import from Chrome, Edge, & Chromium Browsers Quickly transfer your saved passwords in Chromium-based browsers, like Google Chrome, Microsoft Edge, and Opera, to your Bitwarden vault. There are two methods: - [Export your browser data](https://bitwarden.com/it-it/help/import-from-chrome/#export-from-your-browser/) and import it into Bitwarden - [Import directly from your browser](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) (desktop app only) ## Export & import a file from your browser ### Export from your browser Export your data from a desktop or mobile browser. ### Desktop browser To export passwords from Chrome or Edge on your desktop: 1. Open your browser's settings and navigate to the password settings, for example `chrome://password-manager/settings` or `edge://wallet/passwords`. 2. Locate **Export Passwords** and click **Download file**. You may be prompted to enter your computer's password for authorization. For Microsoft Edge, this may be hidden behind a ⋯ menu in the Saved passwords section. 3. Specify a location to save your export to, and verify that the format is **comma-separated values** (**CSV**). 4. Select **Save** to finish exporting. ### Mobile browser To export passwords from Chrome or Edge on your mobile device: 1. Tap the ⋯ menu button and tap **Password Manager**. 2. Tap **Settings**. 3. Tap **Export Passwords...**. You may be prompted to enter your device PIN or a biometric for authorization. 4. Specify a location to save your export to. ### Import to Bitwarden Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. If an “Import error” message appears, no data was added to your vault. Fix the import file issue and try again. ## Import directly from browser The Bitwarden desktop app can import passwords from these browsers without a manually exported file: - Chrome - Edge (Windows and macOS only) - Opera - Brave - Vivaldi (Windows and macOS only) - Arc (macOS only) This option is available on Windows and macOS desktop apps when installed from the [downloads page](https://bitwarden.com/it-it/download/#downloads-desktop-applications/), and on Linux when installed via AppImage. The direct import method does not work with desktop apps downloaded from app stores at this time. > [!NOTE] Antivirus may pop-up. > The **Import directly from browser option**, specifically the process `bitwarden_chromium_import_helper.exe`, is known to be flagged by some EDR software, or on Windows by User Account Controls, when it attempts to pull credentials from browser storage: > > - **As an administrator**, you can proactively set the `bitwarden_chromium_import_helper.exe` to run as an administrator through UAC or your EDR software to prevent it from failing or issuing warnings when your users attempt the import. > - **As a user**, if you're prompted to allow this app to make changes to your device, select **Yes** to proceed with the import. To import your data from a browser: 1. Log into the Bitwarden desktop app. 2. Select **File.** 3. Select **Import data**. 4. From the **Vault** dropdown menu, select where to save the data: - **Individual vault**: Select **My vault** and (optional) choose a **Folder** to move the items. - **Organization vault**: Select the organization vault’s name and choose a **Collection**. (The [**Manage collection**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission is required.) 5. From the **File format** dropdown menu, select your browser. If that browser is compatible and installed on the same device, two options will appear below. 6. Select **Import directly from browser**: ![Import directly from browser](https://bitwarden.com/assets/1dZKYVPQpd1TVDcmUuwLq2/23e9b222768964108ade8c02e52134ee/Directly_import_with_Chromium.png) 7. Select the **Browser Profile** that contains your passwords. 8. Select **Import**. 9. Enter your computer password to confirm. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. --- URL: https://bitwarden.com/it-it/help/import-from-dashlane/ --- # Import from Dashlane Use this article for help exporting data from Dashlane and importing into Bitwarden. Dashlane data exports are primarily available as `.csv` files available for download from the web app that can be imported directly to Bitwarden. If you have a `.json` export from a legacy Dashlane application, that can be imported to Bitwarden as well. ## Export from Dashlane web app To export data from the Dashlane web app: 1. Select the **My account** dropdown and choose **Settings**. ![Export from Dashlane](https://bitwarden.com/assets/5JMQiiNRcMkyPjzC3lsvBp/ef2a9492c16bbeaa7f9eedecf9a11764/Screen_Shot_2022-03-10_at_2.57.56_PM.png) 2. From the settings list, select **Export Data.** ![Export from Dashlane](https://bitwarden.com/assets/wOZOD6rm3nmVJf3xy4DKY/3ed0a6daaf4a518ebe48906c644f7211/Screen_Shot_2022-03-10_at_2.58.08_PM.png) 3. Select the **Export to CSV**button and save the file. Dashlane exports data as a `.zip` that unpacks to multiple `.csv` files. Follow the import process once per `.csv` file (`credentials.csv`, `ids.csv`, and so on). ## Import to Bitwarden Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. If an “Import error” message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. --- URL: https://bitwarden.com/it-it/help/import-from-firefox/ --- # Import from Firefox Use this article for help exporting data from Firefox and importing into Bitwarden. ## Export from Firefox Exporting from Firefox can look a little different depending on which version you are using, or if you are using a Firefox-based browser like Tor Browser or Waterfox: ### Latest version To export logins from the latest version of Firefox: 1. Using the browser's address bar, navigate to `about:logins`. 2. Select the ⋯ menu button from the top right and select **Export Passwords...** from the dropdown menu. You will be prompted to specify a location to save your password export to. Firefox will export your credentials as a `.csv`. ### Older versions Some older versions of Firefox do not support native export. Complete the following steps to export using FF Password Exporter. 1. [Download](https://github.com/kspearrin/ff-password-exporter), install, and open the FF Password Exporter. 2. Select a user profile from the Detected Firefox User Profiles, or from a specified custom profile directory. If you have set a master password for the user profile, enter it: ![Firefox Exporter](https://bitwarden.com/assets/7roVmndD8pbSSBawXTrl1r/ecbf9ac6492e7c77109c76216490780a/ff-password-exporter.png) 3. Select the **Export Passwords** button. 4. Choose `.csv` for the file format, and save the file to your device. ### Firefox-based Some Firefox-based browsers offer login export in a different location than vanilla Firefox. If the steps to import from the **Latest Version** don't work, try the following: 1. Using the address bar, navigate to `about:preferences#privacy`. 2. Click the **Saved Logins** button. 3. Click the ⋯ menu button from the top right and select **Export Logins** from the dropdown. You will be prompted to specify a location to save your login export. Most Firefox-based browsers will export your logins as a `.csv`. ## Import to Bitwarden Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. If an “Import error” message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. --- URL: https://bitwarden.com/it-it/help/import-from-keeper/ --- # Import from Keeper Use this article for help exporting data from Keeper and importing into Bitwarden. Bitwarden supports import of Keeper data that is exported as a `.csv` or `.json` file. ## Export from Keeper To export data from the Keeper web app: 1. Select your account email in the top corner of the web app and select **Settings** from the dropdown: ![Export from Keeper](https://bitwarden.com/assets/37IrIjwTCvp8aeNOYgVINt/b5520f293391b24fa825eaa2e944788b/2025-01-06_09-30-34.png) *Export from Keeper* 2. Select **Export** from the pop-up window. 3. Choose the **CSV** or **JSON**export file type. 4. Select **Export**. 5. Enter your master password. 6. Select **Export Now**. ## Import to Bitwarden Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. If an “Import error” message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. --- URL: https://bitwarden.com/it-it/help/import-from-lastpass/ --- # Import from LastPass Use this article for help exporting data from LastPass and importing into Bitwarden. ## Export from LastPass You can [export your data from LastPass](https://support.lastpass.com/help/export-your-passwords-and-secure-notes-lp040004) from their web vault or from a LastPass browser extension: > [!TIP] Skip LastPass export for direct > You can skip this step and immediately start importing to Bitwarden using the [Direct import option](https://bitwarden.com/it-it/help/import-from-lastpass/#import-to-bitwarden/), available only on Bitwarden browser extensions and desktop apps. ### LastPass web vault To export your data from the LastPass web vault: 1. Select the [rocket] **Advanced Options** option on the left sidebar: ![Export from web vault ](https://bitwarden.com/assets/5uCdlKvfGTjYIEJvKtpbQw/14cd0e6bfb36a53b1f1d6f88d3808a90/lastpassadvancedoptions.png) 2. From the Manage your Vault section, select the **Export** option. At this stage, LastPass will send you an email to confirm the export. 3. In your inbox, confirm the export, return to your LastPass web vault, and select the **Export** option again to complete export. Depending on your browser, your data will either be automatically saved as a `.csv` or printed to the screen in a `.csv` format: ![LastPass export ](https://bitwarden.com/assets/6TIRhpByBC4coLrP58zG8a/fb2da8df01a2e0f56e87f45612182e86/lastpass-copy.png) 4. If your data was printed to the screen, highlight the text and copy and paste it into a new `export.csv` file. > [!WARNING] Lastpass Export Bug > Some users have reported a bug which changes special characters in your passwords (`&`, `<`, `>`, and so on) to their HTML-encoded values (for example, `&`) in the printed export. > > If you observe this bug in your exported data, use a text editor to find and replace all altered values before importing into Bitwarden. ### LastPass browser extension To export your data from a LastPass browser extension: 1. In the browser extension, navigate to **Account** → **Fix a problem yourself** → **Export vault items** → **Export data for use anywhere**. > [!NOTE] Old LP Export Proc > If you're using an old version of the LastPass browser extension, you may instead need to navigate to **Account Options** → **Advanced** → **Export** → **LastPass CSV File**. 2. Enter your master password to validate the export attempt. Depending on your browser, your data will either be automatically saved as a `.csv` or printed to the screen in a `.csv` format: ![LastPass export ](https://bitwarden.com/assets/6TIRhpByBC4coLrP58zG8a/fb2da8df01a2e0f56e87f45612182e86/lastpass-copy.png) 3. If your data was printed to the screen, highlight the text and copy and paste it into a new `export.csv` file. ## Import to Bitwarden Import directly from LastPass or use an [exported file](https://bitwarden.com/it-it/help/import-from-lastpass/#export-from-lastpass/) from LastPass. If you're a member of a team using SSO with LastPass, a LastPass administrator will need to complete a short setup procedure before you can use the [**Direct import**](https://bitwarden.com/it-it/help/import-from-lastpass/#direct-import-with-sso/) option to import your personal data. In all cases, data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Direct import > [!TIP] Setup SSO for LP Direct Import > If you're a member of a team using SSO with LastPass, a LastPass administrator will need to complete a short setup procedure before you can use the **Direct import** option ([learn more](https://bitwarden.com/it-it/help/import-from-lastpass/#direct-import-with-sso/)). Password Manager **browser extensions and desktop apps** can import individual vault data directly from your LastPass account, without requiring you to upload a file. To do a direct import: 1. Log in to the Bitwarden browser extension or desktop app. 2. In the browser extension, select the **Settings** tab and choose **Vault** and then the **Import items** option**.** Or, in the desktop app, select **Import**from the navigation menu. 3. Complete the following fields from the drop down menus: - **Vault** or **Import destination:**Select the import destination such as your individual vault or an organizational vault that you have access to. - **Folder** or **Collection:** Select if you would like the imported content moved to a specific folder or organization collection that you have access to. - [**File format**](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/)**:** Select **LastPass**. - In the LastPass Instructions box, choose the **Import directly from LastPass** option. - Enter your **LastPass email**. If you're importing on behalf of your business, we recommend using the credentials of a LastPass [admin](https://support.lastpass.com/s/document-item?language=en_US&bundleId=lastpass&topicId=LastPass/uac_admin_roles.html&_LANG=enus). Using super admin credentials may cause import to fail. 4. Select the **Import data**button to trigger the import. 5. You will be prompted for your LastPass master password or, if your LastPass account uses SSO, to log in to your IdP. In either case, follow the prompts to log in to your LastPass account. > [!TIP] Direct import w/ LastPass MFA > If your LastPass account has multi-factor authentication activated, you will be prompted to enter a one-time passcode from your authenticator app. If you use Duo for MFA, only in-app approval is supported to fulfill your MFA requirement. Additional items such as [file attachments](https://bitwarden.com/it-it/help/attachments/) and trash will need to be manually uploaded to your vault. ### File import Files can be imported to Bitwarden from most Password Manager apps (learn how to [export a file from LastPass](https://bitwarden.com/it-it/help/import-from-lastpass/#export-from-lastpass/)). In this section, we'll focus on importing using the web app: 1. Log in to the web vault at [https://vault.bitwarden.com](https://vault.bitwarden.com), [https://vault.bitwarden.eu](https://vault.bitwarden.eu), or `https://your.bitwarden.domain.com` if self-hosting. 2. Select **Tools** → **Import** from the navigation: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. Complete the following fields from the drop down menus: - **Import destination:**Select the import destination such as your individual vault or an organizational vault that you have access to. - **Folder or Collection:** Select if you would like the imported content moved to a specific folder or organization collection that you have access to. - [**File format**](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/)**:** Select the import file format. 4. Select **Choose File**and add the file to import or copy/paste the contents of your file into the input box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import** to trigger the import. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that will appear. 6. After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised. Additional items such as [file attachments](https://bitwarden.com/it-it/help/attachments/), and trash will need to be manually uploaded to your vault. ### CLI To import data to your vault from the CLI, use the following command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After successful import, delete the import source file from your computer. This will protect you in the event your computer is compromised. ## Direct import with SSO > [!NOTE] Supported IdP for LastPass direct import > The following IdPs are not supported for direct import by LastPass accounts using SSO: > > - Google Workspace > - ADFS If you're an administrator of a team using SSO with LastPass, you will need to complete the following before your team can use the **Direct import** option: - Add `bitwarden://sso-callback-lp` and `bitwarden://import-callback-lp` as permitted callback URLs (in some IdPs, "Reply URLs" or "Redirect URLs") in your IdP's LastPass application. If your users will use the Password Manager browser extension, add: - Add `https://vault.bitwarden.com/sso-connector.html?lp=1`, `https://vault.bitwarden.eu/sso-connector.html?lp=1`, or `https://your.server.com/sso-connector.html?lp=1` as a permitted callback URL (in some IdPs, "Reply URL" or "Redirect URL") in your IdP's LastPass application. - Add `chrome-extension://nngceckbapebfimnlniiiahkandclblb` and/or `chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh` as a permitted callback URL (in some IdPs, "Reply URL" or "Redirect URL") in your IdP's LastPass application. Firefox extensions do not currently support direct import if your LastPass organization uses SSO. ## Troubleshoot import errors If an "Import error" message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. ### Organization can only have a maximum of two collections Free Bitwarden organizations can have up to two [collections](https://bitwarden.com/it-it/help/about-collections/) to organize items. When importing data, Bitwarden treats LastPass `grouping` values like collections. If your LastPass export contains three or more `grouping` values and you're part of a [free Bitwarden organization](https://bitwarden.com/it-it/help/password-manager-plans/), you'll receive a "This organization can only have a maximum of two collections" import error. The following `.csv`, for example, would cause this error: ``` url,username,password,totp,extra,name,grouping,fav https://www.facebook.com/login.php,username,password,,,Facebook,Social,0 https://twitter.com/login,username,password,,,Twitter,Social,0 https://asana.com/,login,password,,,Asana,Productivity Tools,0 https://github.com/login,username,password,,,Github,Productivity Tools,0 https://www.paypal.com/login,username,password,,,Paypal,Finance,0 https://www.bankofamerica.com/,username,password,,,Bankofamerica,Finance,0 ``` To solve this issue, delete the `grouping` column and the `grouping` datum for each item, including the trailing comma, for example edit: ``` https://github.com/login,username,password,,,Github,Productivity Tools,0 ``` down to: ``` https://github.com/login,username,password,,,Github,0 ``` --- URL: https://bitwarden.com/it-it/help/import-from-passwordsafe/ --- # Import from Password Safe Use this article for help exporting data from Password Safe and importing into Bitwarden. Password Safe (V8) currently only supports exporting as `.csv` file. Older versions are also supported `.xml`. ## Export from Password Safe To export data from the Password Safe desktop app: 1. Open Password Safe 8 and open the **Extras** menu from the upper left corner. 2. Locate the **Export** option on the left-hand side and then choose **Passwords**. 3. For the type please select `CSV` and enter a path to save the exported file. Leave the encoding at UTF-8. ![Export from Desktop App ](https://bitwarden.com/assets/26qcwkrIZzv8l6n1OkaNEd/195eab889c39b8783523dbc38bfe2f93/passwordsafeV8-export.png) 4. Click on the big gray arrow on the right to proceed to the export settings screen. 5. Set the separating character to **Semicolon.** 6. Set the text qualifier to `**"**`(double quote). 7. Check the checkbox to keep the column headers. ![Export settings screen from Desktop App ](https://bitwarden.com/assets/2wnAE5NRWB76CL43QgOLz3/28cd5a175a779294a774ad9ed6cf2cbc/passwordsafeV8-exportsettings.png) 8. Click **Finish** to start the export. > [!WARNING] PWSafe Export > Please note that Password Safe will export a `.csv` for **every** category you have and not just a single `.csv`. ## Prepare exported file Currently, Bitwarden do not offer a specific importer for this type of file. To prepare the exported file for import, please follow [these instructions](https://bitwarden.com/it-it/help/condition-bitwarden-import/). ## Import to Bitwarden Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. If an “Import error” message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. --- URL: https://bitwarden.com/it-it/help/import-from-safari/ --- # Import from macOS & Safari Use this article for help exporting data from the following platforms, and importing into Bitwarden. - Safari (macOS and iOS) - Passwords app (macOS) > [!TIP] Safari/macOS Export Version > Exporting passwords requires **Safari 15.0+** or **macOS Monterey (12.0)+**. ## Export from Safari or macOS You can export your passwords directly from Safari on your mac computer or from macOS Passwords: ### Safari ## From your desktop To export your data from Safari: 1. Select **File** → **Export browsing data to file** from the macOS menu bar, choose passwords, and select **Download**: ![Export from Safari](https://bitwarden.com/assets/3j4W80s3G7wqFtVrbzKMO4/36308c2c647912bf204739f2bc5f80f2/2024-12-30_12-58-55.png) 2. Save your export to any location and use Touch ID or your macOS password to complete the export. ## From an iPhone To export data from Safari: 1. Open the **Settings** app on your iPhone and navigate to **Apps** → **Safari**. 2. Scroll down to the History and Website Data section and tap **Export**. 3. Choose the **Passwords** option and tap **Save to Downloads**. Your data will be saved without encryption into your iCloud Drive. As always, make sure you delete export files once your data is imported to Bitwarden. ### macOS Passwords app To export data from the macOS Passwords app: 1. Locate and open the macOS **Passwords** app. You'll be prompted to use Touch ID or your password to continue. 2. Once your app is unlocked, select **File** and then **Export All Passwords to File...**. ![Export macOS Passwords](https://bitwarden.com/assets/6r88eOsL7rY2f6KJj4U79x/3fbfbc41456deaf86a48e85173190405/2025-03-11_09-47-02.png) 3. You will be prompted with a dialog confirming that you want to export saved passwords. Select **Export Passwords...** to continue. 4. Save your export to any location and use Touch ID or your password to complete the export. ## Import to Bitwarden Data can be imported to Bitwarden from the web app, browser extension, desktop app, and CLI. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. ### Web app To import data to your Bitwarden vault: 1. Select **Tools**. 2. Select **Import**: ![Import items](https://bitwarden.com/assets/1NbyPb9dN545ZqKGRZYB3x/e6b8f3f31aa82bb05cef12c5a5c4c193/2025-12-17_11-25-08.png) *Import items* 3. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 4. From the **File format** dropdown menu, select the [file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) of your exported data. 5. To enter your data, do one of the following: - Select **Choose File** and pick the exported file from your computer. - Copy and paste the contents of your exported file into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import**. If you're importing a password-protected `.json `file, enter the password into the **Confirm vault import** window that appears. 7. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Browser extension To import data to your vault: 1. Select **Settings**. 2. Select **Vault options.** 3. Select **Import items**. A new window will appear**.** 4. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 5. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 6. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 7. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 8. After your data is imported, delete the exported data file from your device. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### Mobile In most cases, importing data on a mobile device requires you to do so via the web app, opened in a mobile browser. You can reach this location from Password Manager by navigating to **Settings** → **Vault** → **Import items**. On iOS 26, Bitwarden supports import using the [Fido Credential Exchange Protocol (CXP)](https://fidoalliance.org/specifications-credential-exchange-specifications) for direct and easy migration of passwords, passkeys, credit cards, and personal identity information into your vault. The app you're importing from must also support CXP and steps will vary by application. For example, on the iOS Passwords app, use the ⋯ options menu to select **Export Data to Another App** and choose Bitwarden. ### Desktop To import data to your vault: 1. Select **Import** from the navigation menu. 2. From the **Vault** dropdown menu, select where to save the data: - To save data in your personal vault, select **My vault**. (Optional) Choose an existing [**Folder**](https://bitwarden.com/it-it/help/folders/) to organize the imported items. > [!NOTE] Choosing a folder with a folder defined in the import. > If your data file contains folders from your previous password manager and you select a destination folder from the dropdown menu, the imported folders will be nested inside the folder you selected. - To save data in an organization's vault, select the organization's name. (Optional) Choose a [Collection](https://bitwarden.com/it-it/help/create-collections/) to organize the imported items and share with other members. (You can only choose a collection where you have [**can manage**](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/) permission.) 3. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). 4. Select **Choose File** and pick the file or copy and paste your file’s contents into the text box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 5. Select **Import data**. If you are importing a password protected `.json `file, enter the password into the **Confirm vault import** window that appears. 6. After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ### CLI To import data to your vault, use the following [CLI](https://bitwarden.com/it-it/help/cli/) command: ``` bw import ``` `bw import` requires a format (use `bw import --formats` to retrieve a list of formats) and a path, for example: ``` bw import /Users/myaccount/Documents/mydata.csv ``` After your data is imported, delete the exported data file from your computer. This will protect you in the event your computer is compromised. If you're importing to Bitwarden from another password manager or browser, you may also want to delete data from that tool. ## Troubleshoot import errors If an “Import error” message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. ### iCloud/Mac Keychain/Safari import issues As of Safari 15.0, you can export passwords from Safari in a `.csv` file. After downloading the file, [condition your .csv](https://bitwarden.com/it-it/help/condition-bitwarden-import/) to match Bitwarden's format and import your data. --- URL: https://bitwarden.com/it-it/help/import-secrets-data/ --- # Import Data Import data to Secrets Manager for easy migration from another organization or secrets management solution. Secrets Manager supports direct import of both [secrets](https://bitwarden.com/it-it/help/secrets/) and [projects](https://bitwarden.com/it-it/help/projects/). [Machine accounts](https://bitwarden.com/it-it/help/machine-accounts/) and [access tokens](https://bitwarden.com/it-it/help/access-tokens/) cannot be imported. [![Vimeo Video](https://vumbnail.com/854758635.jpg)](https://vimeo.com/854758635) *[Watch on Vimeo](https://vimeo.com/854758635)* **Capitoli del video:** Scopri di più sui segreti [qui](https://bitwarden.com/it-it/help/secrets/). ## Condition an import file Secrets Manager currently supports direct import of secrets and project as a `.json` file. Your import file should be conditioned according to the following schema and rules: - Even if you're only importing secrets, you must include a `"projects" :` object containing an empty array, for example: ``` { "projects": [], "secrets": [ { "key": "Secret for Import 1", "value": "this-is-my-value", "note": "These are some notes.", "id": "00000000-0000-0000-0000-000000000001", "projectIds": [] }, { "key": "Secret for Import 2", "value": "this-is-my-value", "note": "These are some notes.", "id": "00000000-0000-0000-0000-000000000002", "projectIds": [] } ] } ``` - For now, each secret can only be associated with a single project. - All objects must have a non-empty `"id": ""` attribute that matches an expected format. We recommend using `"00000000-0000-0000-0000-000000000001"` for the first object and incrementing with each subsequent object. On import, new randomly generated identifiers will be generated for each object: ``` { "projects": [ { "id": "00000000-0000-0000-0000-000000000001", "name": "New Project" }, { "id": "00000000-0000-0000-0000-000000000002", "name": "Second New Project" } ], "secrets": [ { "key": "Secret for Import", "value": "this-is-my-value", "note": "These are some notes.", "id": "00000000-0000-0000-0000-000000000003", "projectIds": [] }, { "key": "Second Secret for Import 2", "value": "this-is-my-value", "note": "These are some notes.", "id": "00000000-0000-0000-0000-000000000004", "projectIds": [] } ] } ``` - You can use the `"projectIds": ""` attributes to associate imported secrets with a newly imported project: ``` { "projects": [ { "id": "00000000-0000-0000-0000-000000000001", "name": "New Project" } ], "secrets": [ { "key": "New Secret", "value": "this-is-my-value", "note": "This secret will go in the new project.", "id": "00000000-0000-0000-0000-000000000003", "projectIds": [ "00000000-0000-0000-0000-000000000001" ] } ] } ``` ## Import to Secrets Manager To import your `.json` file to Secrets Manager: > [!NOTE] Secrets Import Role > To import to Secrets Manager, your user account must be an owner or admin within the organization. 1. Select **Settings**→ **Import data** from the left-hand navigation: ![Import data](https://bitwarden.com/assets/1YQuiYqXIuYYG1TpXoSJoU/f76b3ee08dda7b470f96da9ebbe4f9b1/2024-12-03_11-28-29.png) 2. Select **Choose File**and choose a `.json` file for import, or **Copy & paste import contents** into the input box. 3. Select the **Import data** button. When prompted, enter your master password. > [!WARNING] Secrets import duplicates > Importing does not check whether objects in the file to import already exist in Secrets Manager. If you import multiple files or import files with objects already in Secrets Manager, **this will create duplicates**. --- URL: https://bitwarden.com/it-it/help/import-to-org/ --- # Import to an Organization Import data directly to your organization for easy migration to Bitwarden from any password management solution. Bitwarden supports many [import file formats](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/) and, if your's is not supported, you can manually create a [compatible .csv or .json file](https://bitwarden.com/it-it/help/condition-bitwarden-import/). There are two methods for importing data directly to your organization: - Organization [owners, admins, and custom role users with the correct permission](https://bitwarden.com/it-it/help/user-types-access-control/) can import items with the organization Admin Console using the instructions in this article. - Organization members with the [Manage collection permission](https://bitwarden.com/it-it/help/collection-permissions/) can import data directly to any collection for which they have that permission by following [this process](https://bitwarden.com/it-it/help/import-data/). ## Import to an organization vault Data can only be imported to an organization using the web app. Data is [encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/) locally before being sent to the server for storage. > [!NOTE] Items not imported > While some item types cannot be imported, you can still add them to a vault: > > - Upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the new vault individually. > - Re-create [Sends](https://bitwarden.com/it-it/help/about-send/) in the new vault. To import data to an organization: 1. Log in to the Bitwarden web app and open the Admin Console. 2. Go to **Settings** → **Import**: ![Import organization items](https://bitwarden.com/assets/12fA17Iq9LdCXdhPsPYQyq/0adc6c4b7164022c4c3623339e41a662/2025-12-17_11-04-54.png) *Import organization items* 3. (Optional) To import to a specific collection, select it from the **Collection** dropdown menu. This can be helpful when importing data in batches for one segment of users at a time. 4. From the **File format** dropdown menu, select the [import file format](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). > [!NOTE] Encrypted imports > If you're importing an [encrypted export](https://bitwarden.com/it-it/help/encrypted-export/), there isn't a separate option. Select `.json` and a handler will determine that the file is encrypted and attempt to decrypt the file using your [account's encryption key](https://bitwarden.com/it-it/help/account-encryption-key/) or encrypted export password. 5. Select **Choose file** and add the file to import, or copy/paste the contents of your file into the input box. > [!WARNING] Duplicative Imports > Importing does not check for duplicates. If you import the same file more than once or import items already in your vault, duplicate items will be created. 6. Select **Import** to trigger the import. If you are importing a password protected `.json `file, enter the password into the **Confirm Vault Import** window that appears. ## Troubleshoot import errors If an "Import error" message appears, no data was added to your vault. [Fix the import file issue](https://bitwarden.com/it-it/help/import-data/#troubleshoot-import-errors/) and try again. Some import errors are specific to organizations: - **File contains unassigned items**: Ensure all [items are assigned to at least one collection](https://bitwarden.com/it-it/help/import-data/#file-contains-unassigned-items/) before trying to upload the file again. > [!NOTE] File contains unassigned items error > To minimize this error, turn on the [Restrict collection creation to owners and admins setting](https://bitwarden.com/it-it/help/collection-management/#collection-management-settings/) to prevent users from creating collections. - **Organization can only have a maximum of two collections**: Free organizations support up to two collections. If your import file exceeds this limit, [reduce the number of collections](https://bitwarden.com/it-it/help/import-data/#organization-can-only-have-a-maximum-of-two-collections/) in the file or upgrade to import more. --- URL: https://bitwarden.com/it-it/help/install-and-deploy-lite/ --- # Lite Deployment > [!TIP] Who is Lite for? > Bitwarden lite is intended for personal use and home-labs, not for use in business contexts. Businesses should use one of the [standard deployment options](https://bitwarden.com/it-it/help/self-host-bitwarden/). This article will walk you through installing and launching [Bitwarden lite](https://github.com/bitwarden/self-host/tree/main/bitwarden-lite). Use this deployment method to: - Simplify configuration and optimize resource usage (CPU, memory) by deploying Bitwarden with a single Docker image. - Utilize different database solutions such as MSSQL, PostgreSQL, SQLite, and MySQL/MariaDB. **Only** lite deployments can currently leverage these databases, standard deployments require MSSQL. - Run on ARM architecture for alternative systems such as Raspberry Pi and NAS servers. > [!TIP] Transitioning from Unified to Lite. > In December, 2025 Bitwarden Unified exited beta and was renamed Bitwarden lite. If you participated in the beta, make sure that you use the new image name (`ghcr.io/bitwarden/lite`) when updating to the latest version. ## System requirements Bitwarden lite requires: - RAM: At least 200 MB - Storage: At least 1GB - Docker Engine: Version 26+ ## Setup Before running a Bitwarden lite server, install Docker, setup your `settings.env` file, and decide on your database configuration: ### Install Docker Bitwarden lite will run on your machine using a [Docker container](https://docs.docker.com/get-started/). Lite can be run with any Docker edition or plan, but you must **install Docker on your machine before proceeding with installation.** Refer to the following Docker documentation for help: - [Install Docker Engine](https://docs.docker.com/engine/installation/) ### Required environment variables Environment variables can be specified by creating a `settings.env` file, which you can find an example of in our [GitHub](https://github.com/bitwarden/self-host/blob/main/bitwarden-lite/settings.env) repository, or by using the `--env` flag if you're using the `docker run` method. At a minimum, set values for the variables that fall under the `# Required Settings #` section of the example `.env` file: > [!TIP] More Lite environment variables. > More optional environment variables are available than those listed in this table. | Variable | Description | |------|------| | BW_DOMAIN | Replace `bitwarden.yourdomain.com` with the domain where Bitwarden will be accessed. | | BW_DB_PROVIDER | The database provider you will be using for your Bitwarden server. Available options are `sqlserver`, `postgresql`, `sqlite`, or `mysql`/`mariadb`. | | BW_DB_SERVER | The name of the server on which your database is running. | | BW_DB_DATABASE | The name of your Bitwarden database. | | BW_DB_USERNAME | The username for accessing the Bitwarden database. | | BW_DB_PASSWORD | The password for accessing the Bitwarden database. | | BW_DB_FILE | Only required for `sqlite` if you would like to specify the path to your database file. If not specified, `sqlite` will automatically create a `vault.db` file under the `/etc/bitwarden` volume. | | BW_INSTALLATION_ID | A valid installation ID generated from [https://bitwarden.com/host/](https://bitwarden.com/it-it/host/). | | BW_INSTALLATION_KEY | A valid installation key generated from [https://bitwarden.com/host/](https://bitwarden.com/it-it/host/). | ### Database examples Unlike standard Bitwarden deployments, lite does not come out-of-the-box with a database. You can use an existing database, or create a new one. Which `# Required Settings #` you'll be required to include in your `settings.env` file or `--env` flags will depend on which supported database provider you're using: > [!NOTE] Lite database require your management. > Because Bitwarden lite databases are not provided by or collocated with the application container, database maintenance, including updates, maintenance, and backups, must be fully managed by you. ### MySQL/MariaDB The following variables are required for a MySQL or MariaDB database: ``` # Database BW_DB_PROVIDER=mysql BW_DB_SERVER=db BW_DB_DATABASE=bitwarden_vault BW_DB_USERNAME=bitwarden BW_DB_PASSWORD=super_strong_password ``` ### MSSQL The following variables are required for an MSSQL database: ``` # Database BW_DB_PROVIDER=sqlserver BW_DB_SERVER=db BW_DB_DATABASE=bitwarden_vault BW_DB_USERNAME=bitwarden BW_DB_PASSWORD=super_strong_password ``` ### SQLite The following variables are required for an SQLite database: ``` # Database BW_DB_PROVIDER=sqlite BW_DB_FILE=/path/to/.db ``` Assigning the `sqlite `value will create a `vault.db `file in the `/etc/bitwarden` volume automatically. `BW_DB_FILE` is only required if you would like to specify the path to a different database file. ### PostgreSQL The following variables are required for an PostgreSQL database: ``` # Database BW_DB_PROVIDER=postgresql BW_DB_SERVER=db BW_DB_DATABASE=bitwarden_vault BW_DB_USERNAME=bitwarden BW_DB_PASSWORD=super_strong_password ``` ## Run the server The lite deployment can be run using the `docker run` command or using Docker Compose. In either case, make sure that you've set your environment variables and made your database available before proceeding. ### Docker run The lite deployment can be run with the `docker run` command, as in the following example: ``` docker run -d --name bitwarden -v /$(pwd)/bwdata/:/etc/bitwarden -p 80:8080 --env-file settings.env ghcr.io/bitwarden/lite ``` Running the server with the `docker run` command has several **required** options, including: | **Name, shorthand** | **Description** | |------|------| | --detach , -d | Run the container in the background and print container ID. | | --name | Provide a name for the container. `bitwarden` is used in the example. | | --volume , -v | Bind mount a volume. At a minimum, mount `/etc/bitwarden`. | | --publish , -p | Map container ports to the host. The example shows the port `80:8080` mapped. Port 8443 is required when configuring SSL. | | --env-file | Path of the [file to read environment variables from](https://bitwarden.com/it-it/help/install-and-deploy-unified-beta/#specify-environment-variables/). Alternatively, use the `--env `flag to declare environment variables inline ([learn more](https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file)). | Once you run the command, verify that the container is running and healthy with: ``` docker ps ``` Congratulations! Bitwarden lite is now up and running at `https://your.domain.com`. Visit the web vault in your browser to confirm that it's working. You may now register a new account and log in. ### Docker Compose Running the lite deployment with Docker Compose will require Docker Compose version 1.24+. To run the lite deployment with Docker compose, create a `docker-compose.yml` file, for example: ``` --- version: "3.8" services: bitwarden: depends_on: - db env_file: - settings.env image: ghcr.io/bitwarden/lite restart: always ports: - "80:8080" volumes: - bitwarden:/etc/bitwarden db: environment: MARIADB_USER: "bitwarden" MARIADB_PASSWORD: "super_strong_password" MARIADB_DATABASE: "bitwarden_vault" MARIADB_RANDOM_ROOT_PASSWORD: "true" image: mariadb:10 restart: always volumes: - data:/var/lib/mysql volumes: bitwarden: data: ``` In the `docker-compose.yml` file, make any desired configurations including: - Mapping volumes for logs and Bitwarden data. - Mapping ports. - Configuring a database image.`ª` `ª`Only setup a database in `docker-compose.yml`, as in the above example, if you want to **create a new database server** to use with Bitwarden. Sample configurations for MySQL, MSSQL, and PostgreSQL are included in our [example file](https://github.com/bitwarden/self-host/blob/main/bitwarden-lite/docker-compose.yml). Once your `docker-compose.yml` and `settings.env` file are created, start your lite server by running: ``` docker compose up -d ``` Verify that all containers are running correctly: ``` docker ps ``` Congratulations! Your lite deployment is now up and running at `https://your.domain.com`. Visit the web vault in your browser to confirm that it's working. You may now register a new account and log in. ### Update or restart the server It's important to keep your Bitwarden lite server up to date. Like running the server, you can update it using either `docker run` commands or Docker Compose: ### Docker run > [!TIP] Lite, if you're restarting instead of updating > If you're restarting instead of updating the server, for example after making environment variable changes, skip the step that requires you to pull the most recent Bitwarden lite image. To update the server: 1. Stop the running Docker container: ``` docker stop bitwarden ``` 2. Remove the Docker container: ``` docker rm bitwarden ``` 3. Pull the most recent Bitwarden lite image: ``` docker pull ghcr.io/bitwarden/lite ``` 4. Restart the server: ``` docker run -d --name bitwarden -v /$(pwd)/bwdata/:/etc/bitwarden -p 80:8080 --env-file settings.env ghcr.io/bitwarden/lite ``` ### Docker Compose > [!TIP] Lite, if you're restarting instead of updating > If you're restarting instead of updating the server, for example after making environment variable changes, skip the step that requires you to pull the most recent Bitwarden lite image. To update the server: 1. Stop the running Docker container: ``` docker compose down ``` 2. Pull the most recent Bitwarden lite image: ``` docker compose pull ``` 3. Restart the server: ``` docker compose up -d ``` ## Optional environment variables Bitwarden lite works, by default, with some available services deactivated. These services, and many other server characteristics, can optionally be activated and customized with your `settings.env` file or `--env` flags: > [!WARNING] When editing Lite environment variables > Whenever you change an environment variable, you will need to restart your server in order for changes to take effect. #### Services Additional services can be activated or deactivated using the following variables: | Variable | Description | |------|------| | BW_ENABLE_ADMIN | **Do not disable this service.** Learn more about Admin panel capabilities [here](https://bitwarden.com/it-it/help/system-administrator-portal/). Default `true`. | | BW_ENABLE_API | **Do not disable this service.** Default `true`. | | BW_ENABLE_EVENTS | Enable or disable Bitwarden events logs for teams and enterprise event monitoring. Default `false`. | | BW_ENABLE_ICONS | Enable or disable Bitwarden brand icons that are set with the login item URI's. Learn more [here](https://bitwarden.com/it-it/help/website-icons/). Default `true`. | | BW_ENABLE_IDENTITY | **Do not disable this service.** Default `true`. | | BW_ENABLE_NOTIFICATIONS | Enable or disable notification services for receiving push notifications to mobile devices, using login with device, mobile vault sync, and more. Default `true`. | | BW_ENABLE_SCIM | Enable or disable SCIM for Enterprise organizations. Default `false`. | | BW_ENABLE_SSO | Enable or disable SSO services for Enterprise organizations. Default `false`. | | BW_ICONS_PROXY_TO_CLOUD | Enabling this service will proxy icon service requests to operate through cloud services in order to lower system memory load. If choosing to use this setting, `BW_ENABLE_ICONS` should be set to `false` in order to reduce container load. Default `false`. | #### Certificates Use these variables to change certificate settings: | **Variable** | **Description** | |------|------| | BW_ENABLE_SSL | Use SSL/TLS. `true`/`false`. Default `false`. SSL is required for Bitwarden to function properly. If you are not using SSL configured in the Bitwarden container you should front Bitwarden with a SSL proxy. | | BW_SSL_CERT | The name of your SSL certificate file. The file must be located in the `/etc/bitwarden `directory within the container. Default `ssl.crt`. | | BW_SSL_KEY | The name of your SSL key file. The file must be located in the `/etc/bitwarden `directory within the container. Default `ssl.key`. | | BW_ENABLE_SSL_CA | Use SSL with certificate authority(CA) backed service. `true`/`false`. Default `false`. | | BW_SSL_CA_CERT | The name of your SSL CA certificate. The file must be located in the `/etc/bitwarden `directory within the container. Default `ca.crt`. | | BW_ENABLE_SSL_DH | Use SSL with Diffie-Hellman key exchange. `true`/`false`. Default `false`. | | BW_SSL_DH_CERT | The name of your Diffie-Hellman parameters file. The file must be located in the `/etc/bitwarden `directory within the container. Default `dh.pem`. | | BW_SSL_PROTOCOLS | SSL version used by NGINX. Leave empty for recommended default. [Learn more](https://wiki.mozilla.org/Security/Server_Side_TLS). | | BW_SSL_CIPHERS | SSL ciphersuites used by NGINX. Leave empty for recommended default. [Learn more](https://wiki.mozilla.org/Security/Server_Side_TLS). | > [!NOTE] Using existing SSL with Lite. > If you are using an existing SSL certificate, you will have to enable the appropriate SSL options in `settings.env`. SSL files must be stored in `/etc/bitwarden`, which can be referenced in the the `docker-compose.yml` file. These files must match the names configured in `settings.env`. > > The default behavior is to generate a self-signed certificate if SSL is enabled and no existing certificate files are in the expected location (`/etc/bitwarden`). #### SMTP Use these variables to setup or change an SMTP provider for your server: | **Variable** | **Description** | |------|------| | globalSettings__mail__replyToEmail | Enter the reply email for your server. | | globalSettings__mail__smtp__host | Enter host domain for your SMTP server. | | globalSettings__mail__smtp__port | Enter the port number from the SMTP host. | | globalSettings__mail__smtp__ssl | If your SMTP host uses SSL enter `true`. Set value to `false` if your host uses TLS service. | | globalSettings__mail__smtp__username | Enter the SMTP username. | | globalSettings__mail__smtp__password | Enter the SMTP password. | #### Ports Use these variables to configure the ports used for traffic: | **Variable** | **Description** | |------|------| | BW_PORT_HTTP | Change the port used for HTTP traffic. By default, `8080`. | | BW_PORT_HTTPS | Change the port used for HTTPS traffic. By default, `8443`. | #### Yubico API Use these variables to connect with Yubico Web Services: | **Variable** | **Description** | |------|------| | globalSettings__yubico__clientId | Replace value with ID received from your Yubico Key. Sign up for Yubico Key [here](https://upgrade.yubico.com/getapikey/). | | globalSettings__yubico__key | Input the key value received from Yubico. | #### Miscellaneous Use these variables to configure other characteristics of your Bitwarden lite server: | **Variable** | **Description** | |------|------| | globalSettings__disableUserRegistration | Enable or disable user account registration capabilities. | | globalSettings__hibpApiKey | Enter the API key provided by Have I Been Pwnd. Register to receive the API key [here](https://haveibeenpwned.com/API/Key). | | adminSettings__admins | Enter admin email addresses. | | BW_REAL_IPS | Define real IPs in `nginx.conf `in a comma seperated list. Useful for defining proxy servers that forward the client IP address. [Learn more](https://nginx.org/en/docs/http/ngx_http_realip_module.html). | | BW_CSP | Content-Security-Policy parameter. Reconfiguring this parameter may break features. By changing this parameter, you become responsible for maintaining this value. | | BW_DB_PORT | Specify a custom port for database traffic. If unspecified, the default will depend on your chosen database provider. | ## Troubleshooting ### Memory usage By default, the Bitwarden container will consume memory that is available to it, often being more than the minimum needed to run. For memory conscious environments, you can use docker `-m` or `--memory= `to limit the Bitwarden container's memory usage. | **Name, shorthand** | **Description** | |------|------| | --memory=, -m | The maximum amount of memory the container can use. Bitwarden requires at least 200m. See the [Docker documentation](https://docs.docker.com/config/containers/resource_constraints/#limit-a-containers-access-to-memory) to learn more. | To control memory usage with Docker Compose, use the `mem_limit` key: ``` services: bitwarden: env_file: - settings.env image: ghcr.io/bitwarden/lite restart: always mem_limit: 200m ``` --- URL: https://bitwarden.com/it-it/help/install-and-deploy-offline-windows/ --- # Windows Offline Deployment This article will walk you through the procedure to install and deploy Bitwarden to your own Windows server in an **offline or air-gapped**environment. Please review Bitwarden [software release support](https://bitwarden.com/it-it/help/bitwarden-software-release-support/#release-support-at-bitwarden/) documentation. > [!WARNING] Manual Server Setup > **Manual installations should be conducted by advanced users only.** Only proceed if you are very familiar with Docker technologies and desire more control over your Bitwarden installation. > > Manual installations lack the ability to automatically update certain dependencies of the Bitwarden installation. As you upgrade from one version of Bitwarden to the next you will be responsible for changes to required environment variables, changes to nginx `default.conf`, changes to `docker-compose.yml`, and so on. > > We will try to highlight these in the [release notes on GitHub](https://github.com/bitwarden/server/releases). You can also monitor changes to the [dependency templates](https://github.com/bitwarden/server/tree/master/util/Setup/Templates) used by the Bitwarden installation script on GitHub. ## Requirements | | **Minimum** | **Recommended** | |------|------|------| | Processor | x64, 1.4GHz | x64, 2GHz Dual Core | | Memory | 6GB RAM | 8+ GB RAM | | Storage | 76GB | 90GB | | Docker Version | Engine 26+ and Compose`ª` | Engine 26+ and Compose`ª` | `ª` - Docker Compose can be installed via Docker Desktop, which includes Engine and Compose. [Install Docker Desktop for Engine and Compose](https://docs.docker.com/desktop/install/windows-install/). During this setup, you must **uncheck** the **Use WSL2 instead of Hyper-V (recommended)** option. Additionally, ensure the following requirements are met: - Using a machine with internet access, you have downloaded the latest `docker-stub-US.zip` or `docker-stub-EU.zip` file from the Bitwarden Server repository's releases page and transferred this file to your server. - An offline SMTP server is setup and active in your environment. - (**Optional**) [OpenSSL Windows binaries](https://wiki.openssl.org/index.php/Binaries) are installed and ready to use on your server. You may use a self-signed certificate instead of OpenSSL if you wish. ### Nested virtualization Running Bitwarden on a Windows Server requires use of nested virtualization. Please check your Hypervisor's documentation to find out if nested virtualization is supported and how to enable it. > [!NOTE] microsoft azure vm > If you are running Windows Server as an Azure VM, we recommend a **Standard D2s v3 Virtual Machine running Windows Server 2022**, which meets all [system requirements](https://bitwarden.com/it-it/help/install-on-premise-windows/#system-specifications/) including support for nested virtualization. You will also need to select **Security Type**: **Standard** rather than the default **Trusted launch virtual machines**. ## Installation procedure ### Configure your domain By default, Bitwarden will be served through ports 80 (`http`) and 443 (`https`) on the host machine. Open these ports so that Bitwarden can be accessed from within and/or outside the network. You may opt to choose different ports during installation. > [!NOTE] windows fire wall docker > **If you are using Windows Firewall**, Docker Desktop for Windows will not automatically add an exception for itself in Windows Firewall. Add exceptions for TCP ports 80 and 443 (or chosen alternative ports) to prevent related errors. We recommend configuring a domain name with DNS records that point to your host machine (for example, `server.example.com`), especially if you are serving Bitwarden over the internet. We recommend not including Bitwarden in your hostname to keep the server identity or type concealed. ### Create Bitwarden local user & directory Open PowerShell and create a Bitwarden local user by running the following command: ``` PS C:\> $Password = Read-Host -AsSecureString ``` After running the above command, enter the desired password in the text input dialog. After specifying a password, run the following command: ``` New-LocalUser "Bitwarden" -Password $Password -Description "Bitwarden Local Admin" ``` As the newly created user, create a Bitwarden folder under `C:\`: ``` PS C:\> mkdir Bitwarden ``` Once you install Docker Desktop, navigate to **Settings** → **Resources** → **File Sharing** and add the created directory (`C:\Bitwarden`) to the Resources list. Select **Apply & Restart** to apply your changes. Log in as the newly created user before completing all subsequent procedures in this document. ### Configure your machine To configure your machine with the assets required for your Bitwarden server: > [!NOTE] already created bitwarden user and directory > Once you have [created a Bitwarden user & directory](https://bitwarden.com/it-it/help/install-on-premise-windows/#create-bitwarden-local-user--directory/), complete the following as the `Bitwarden` user. 1. Create a new directory in `C:\Bitwarden` named `bwdata` and extract `docker-stub-US.zip` (or `docker-stub-EU.zip`) to it. Once unzipped, the `bwdata` directory will match what the `docker-compose.yml` file's volume mapping expects. You may, if you wish, change the location of these mappings on the host machine. 2. In `bwdata\env\global.override.env`, edit the following environment variables: - `globalSettings__baseServiceUri__vault=`: Enter the domain of your Bitwarden instance. - `globalSettings__sqlServer__ConnectionString=`: Replace the `RANDOM_DATABASE_PASSWORD` with a secure password for use in a later step. - `globalSettings__identityServer__certificatePassword=`: Set a secure certificate password for use in a later step. - `globalSettings__internalIdentityKey=`: Replace `RANDOM_IDENTITY_KEY` with a random alphanumeric string. - `globalSettings__oidcIdentityClientKey=`: Replace `RANDOM_IDENTITY_KEY` with a random alphanumeric string. - `globalSettings__duo__aKey=`: Replace `RANDOM_DUO_AKEY` with a random alphanumeric string. - `globalSettings__installation__id=`: Enter an installation id retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). - `globalSettings__installation__key=`: Enter an installation key retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). - `globalSettings__pushRelayBaseUri=`: This variable should be blank. See[ Configure Push Relay](https://bitwarden.com/it-it/help/configure-push-relay/) for more information. > [!TIP] Manual Install Environment Variables > At this time, consider also setting values for all `globalSettings__mail__smtp__` variables and for `adminSettings__admins`. Doing so will configure the SMTP mail server used to send invitations to new organization members and provision access to the [System Administrator Portal](https://bitwarden.com/it-it/help/system-administrator-portal/). > > [Learn more about environment variables](https://bitwarden.com/it-it/help/environment-variables/). 3. Generate a `identity.pfx` certificate for the identity container. You can do using OpenSSL or using any tool to generate a self-signed certificate. If you're using OpenSSL, run the following commands: ``` openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key -out identity.crt -subj "/CN=Bitwarden IdentityServer" -days 10950 ``` and ``` openssl pkcs12 -export -out ./identity/identity.pfx -inkey identity.key -in identity.crt -passout pass:IDENTITY_CERT_PASSWORD ``` In the above command, replace `IDENTITY_CERT_PASSWORD` with the certificate password created and used in **Step 2**. 4. Move `identity.pfx` to the mapped volume directory (by default, `.\bwdata\identity`). 5. Copy `identity.pfx` to the `.\bwdata\ssl` directory. 6. Create a subdirectory in `.\bwdata\ssl` named for your domain. 7. Provider a trusted SSL certificate and private key in the newly created `.\bwdata\ssl\bitwarden.example.com` subdirectory. > [!NOTE] Windows Certs > This directory is mapped to the NGINX container at `\etc\ssl`. If you can't provide a trusted SSL certificate, front the installation with a proxy that provides an HTTPS endpoint to Bitwarden client applications. 8. In `.\bwdata\nginx\default.conf`: 1. Replace all instances of `bitwarden.example.com` with your domain, including in the `Content-Security-Policy` header. 2. Set the `ssl_certificate` and `ssl_certificate_key` variables to the paths of the certificate and private key provided in **Step 6**. 3. Take one of the following actions, depending on your certificate setup: - If using a trusted SSL certificate, set the `ssl_trusted_certificate` variable to the path to your certificate. - If using a self-signed certificate, comment out the `ssl_trusted_certificate` variables. 9. In `.\bwdata\env\mssql.override.env`, replace `RANDOM_DATABASE_PASSWORD` with the password created in **Step 2**. 10. In `.\bwdata\web\app-id.json`, replace `bitwarden.example.com` with your domain. ### Download & transfer images To get docker images for use on your offline machine: 1. From an internet-connected machine, download all `ghcr.io/bitwarden/image_name:latest` docker images, as listed in the `docker-compose.yml` file in `docker-stub.zip`. ```bash docker image pull ghcr.io/bitwarden/mssql:latest ``` 2. Save each image to a `.img` file, for example: ``` docker image save -o mssql.img ghcr.io/bitwarden/mssql:latest ``` 3. Transfer all `.img` files to your offline machine. 4. On your offline machine, load each `.img` file to create your local docker images, for example: ``` docker image load -i mssql.img ``` ### Start your server Start your Bitwarden server with the following command: ``` docker compose -f ./docker/docker-compose.yml up -d ``` Verify that all containers are running correctly: ``` docker ps ``` ![List showing Healthy Containers ](https://bitwarden.com/assets/3kcV9CFkWJrw5qCmKZsyBg/5cd5030d96352e6b1f5f20d1ffb79654/docker-ps-win.png) Congratulations! Bitwarden is now up and running at `https://your.domain.com`. Visit the web vault in your browser to confirm that it's working. You may now register a new account and log in. You will need to have configured SMTP environment variables (see [Environment Variables](https://bitwarden.com/it-it/help/environment-variables/)) in order to verify the email for your new account. ## Next Steps: - If you are planning to self-host a Bitwarden organization, see [self-host an organization](https://bitwarden.com/it-it/help/self-host-an-organization/) to get started. - For additional information see [self hosting FAQs](https://bitwarden.com/it-it/help/hosting-faqs/). ## Start Docker on boot Docker Desktop will only automatically start on boot if you have a logged-in RDP session. To start Docker Desktop on boot regardless of whether there is a user logged in: > [!NOTE] > Docker Desktop may take up to 15 minutes after boot to fully start and for containers to be accessible from the network. 1. Open Task Scheduler and select **Create Task...** from the Actions menu. 2. Configure the task with the following security options: - Set the task to use the [created](https://bitwarden.com/it-it/help/install-on-premise-windows/#create-bitwarden-local-user--directory/) `Bitwarden` user account. - Set the task to **Run whether user is logged on or not**. 3. Select the **Triggers** tab and create the following trigger: - From the **Begin the task** dropdown, select **At startup**. - In the Advanced settings section, check the **Delay task for:** checkbox and select **1 minute** from the dropdown. 4. Select the **Actions** tab and create the following action: - In the Program/script input, specify `"C:\Program Files\Docker\Docker\frontend\Docker Desktop.exe"`. 5. Select **OK** to finish creating the scheduled task. ## Update your server Updating a self-hosted server that has been installed and deployed manually is different from the [standard update procedure](https://bitwarden.com/it-it/help/updating-on-premise/). To update your manually-installed server: 1. Download the latest `docker-stub.zip` archive from the [releases pages on GitHub](https://github.com/bitwarden/server/releases). 2. Unzip the new `docker-stub.zip` archive and compare its contents with what's currently in your `bwdata` directory, copying anything new to the pre-existing files in `bwdata`. **Do not** overwrite your pre-existing `bwdata` directory with the contents of the newer `docker-stub.zip` archive, as this would overwrite any custom configuration work you've done. 3. Download the latest container images and transfer them to your offline machine [as documented above](https://bitwarden.com/it-it/help/install-and-deploy-offline-windows/#download-&-transfer-images/). 4. Run the following command to restart your server with your updated configuration and the latest containers: ``` docker compose -f ./docker/docker-compose.yml down && docker compose -f ./docker/docker-compose.yml up -d ``` --- URL: https://bitwarden.com/it-it/help/install-and-deploy-offline/ --- # Linux Offline Deployment This article will walk you through the procedure to install and deploy Bitwarden to your own server in an **offline or air-gapped environment**. Please review Bitwarden [software release support](https://bitwarden.com/it-it/help/bitwarden-software-release-support/#release-support-at-bitwarden/) documentation. > [!WARNING] Manual Server Setup > **Manual installations should be conducted by advanced users only.** Only proceed if you are very familiar with Docker technologies and desire more control over your Bitwarden installation. > > Manual installations lack the ability to automatically update certain dependencies of the Bitwarden installation. As you upgrade from one version of Bitwarden to the next you will be responsible for changes to required environment variables, changes to nginx `default.conf`, changes to `docker-compose.yml`, and so on. > > We will try to highlight these in the [release notes on GitHub](https://github.com/bitwarden/server/releases). You can also monitor changes to the [dependency templates](https://github.com/bitwarden/server/tree/master/util/Setup/Templates) used by the Bitwarden installation script on GitHub. ## Requirements | | **Minimum** | **Recommended** | |------|------|------| | Processor | x64, 1.4GHz | x64, 2GHz dual core | | Memory | 2GB RAM | 4GB RAM | | Storage | 12GB | 25GB | | Docker Version | Engine 26+ and Compose`ª` | Engine 26+ and Compose`ª` | `ª` - Docker Compose is automatically installed as a plugin when you download Docker Engine. [Download Docker Engine for Linux](https://docs.docker.com/engine/install/#supported-platforms). Additionally, ensure the following requirements are met: - Using a machine with internet access, you have downloaded the latest `docker-stub-US.zip` or `docker-stub-EU.zip` file from the Bitwarden Server repository's [releases page](https://github.com/bitwarden/server/releases) and transferred this file to your server. - An offline SMTP Server is setup and active in your environment. The server your Bitwarden deployment runs on will not be required to allow outbound traffic to any addresses outside of your network, however client applications must be configured to access the server's fully qualified domain name (FQDN) on, by default, ports `80` and `443`. You may opt to choose different ports during installation, but whichever ports you choose these must be opened for client access. ## Installation procedure ### Configure your domain By default, Bitwarden will be served through ports 80 (`http`) and 443 (`https`) on the host machine. Open these ports so that Bitwarden can be accessed from within and/or outside of the network. You may opt to choose different ports during installation. We recommend configuring a domain name with DNS records that point to your host machine (for example, `server.example.com`), especially if you are serving Bitwarden over the internet. We recommend not including Bitwarden in your hostname to keep the server identity or type concealed. ### Create Bitwarden local user and directory Configure your Linux server with a dedicated `bitwarden` service account, from which to install and run Bitwarden. Doing so will isolate your Bitwarden instance from other applications running on your server. For more information, see Docker's [Post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/) documentation. 1. Create a bitwarden user: ``` sudo adduser bitwarden ``` 2. Set a password for the bitwarden user: ``` sudo passwd bitwarden ``` 3. Create a docker group (if it doesn't already exist): ``` sudo groupadd docker ``` 4. Add the bitwarden user to the docker group: ``` sudo usermod -aG docker bitwarden ``` 5. Create a bitwarden directory: ``` sudo mkdir /opt/bitwarden ``` 6. Set permissions for the `/opt/bitwarden` directory: ``` sudo chmod -R 700 /opt/bitwarden ``` 7. Set the bitwarden user ownership of the `/opt/bitwarden` directory: ``` sudo chown -R bitwarden:bitwarden /opt/bitwarden ``` ### Configure your machine > [!TIP] If you've setup self-host local user and directory. > Once you have [created a Bitwarden user & directory](https://bitwarden.com/it-it/help/install-on-premise-manual/#create-bitwarden-local-user--directory/), complete the following as the `bitwarden` user from the `/opt/bitwarden` directory. **Do not install Bitwarden as root**, as you will encounter issues during installation. To configure your machine with the assets required for your Bitwarden server: 1. Create a new directory named `bwdata` and extract `docker-stub-US.zip` (or `docker-stub-EU.zip`) to it, for example: ``` unzip docker-stub-US.zip -d bwdata ``` Once unzipped, the `bwdata` directory will match what the `docker-compose.yml` file's volume mapping expects. You may, if you wish, change the location of these mappings on the host machine. 2. In `./bwdata/env/global.override.env`, edit the following environment variables: - `globalSettings__baseServiceUri__vault=`: Enter the domain of your Bitwarden instance. - `globalSettings__sqlServer__ConnectionString=`: Replace the `RANDOM_DATABASE_PASSWORD` with a secure password for use in a later step. - `globalSettings__identityServer__certificatePassword`: Set a secure certificate password for use in a later step. - `globalSettings__internalIdentityKey=`: Replace `RANDOM_IDENTITY_KEY` with a random alphanumeric string. - `globalSettings__oidcIdentityClientKey=`: Replace `RANDOM_IDENTITY_KEY` with a random alphanumeric string. - `globalSettings__duo__aKey=`: Replace `RANDOM_DUO_AKEY` with a random alphanumeric string. - `globalSettings__installation__id=`: Enter an installation id retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). - `globalSettings__installation__key=`: Enter an installation key retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). - `globalSettings__pushRelayBaseUri=`: This variable should be blank. See[ Configure Push Relay](https://bitwarden.com/it-it/help/configure-push-relay/) for more information. > [!TIP] Manual Install Environment Variables > At this time, consider also setting values for all `globalSettings__mail__smtp__` variables and for `adminSettings__admins`. Doing so will configure the SMTP mail server used to send invitations to new organization members and provision access to the [System Administrator Portal](https://bitwarden.com/it-it/help/system-administrator-portal/). > > [Learn more about environment variables](https://bitwarden.com/it-it/help/environment-variables/). 3. From `./bwdata`, generate a `.pfx` certificate file for the identity container and move it to the mapped volume directory (by default, `./bwdata/identity/`). For example, run the following commands: ``` openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key -out identity.crt -subj "/CN=Bitwarden IdentityServer" -days 10950 ``` and ``` openssl pkcs12 -export -out ./identity/identity.pfx -inkey identity.key -in identity.crt -passout pass:IDENTITY_CERT_PASSWORD ``` In the above command, replace `IDENTITY_CERT_PASSWORD` with the certificate password created and used in **Step 2**. 4. Create a subdirectory in `./bwdata/ssl` named for your domain, for example: ``` mkdir ./ssl/bitwarden.example.com ``` 5. Provide a trusted SSL certificate and private key in the newly created `./bwdata/ssl/bitwarden.example.com` subdirectory. > [!NOTE] SSL Directory to Volume Mapping > This directory is mapped to the NGINX container at `/etc/ssl`. If you can't provide a trusted SSL certificate, front the installation with a proxy that provides an HTTPS endpoint to Bitwarden client applications. 6. In `./bwdata/nginx/default.conf:` 1. Replace all instances of `bitwarden.example.com` with your domain, including in the `Content-Security-Policy` header. 2. Set the `ssl_certificate` and `ssl_certificate_key` variables to the paths of the certificate and private key provided in **Step 6**. 3. Take one of the following actions, depending on your certificate setup: - If using a trusted SSL certificate, set the `ssl_trusted_certificate` variable to the path to your certificate. - If using a self-signed certificate, comment out the `ssl_trusted_certificate` variable. 7. In `./bwdata/env/mssql.override.env`, replace `RANDOM_DATABASE_PASSWORD` with the password created in **Step 2**. 8. In `./bwdata/web/app-id.json`, replace `bitwarden.example.com` with your domain. 9. In `./bwdata/env/uid.env`, set the UID and GID of the `bitwarden` users and group you [created earlier](https://bitwarden.com/it-it/help/install-on-premise-manual/#create-bitwarden-local-user-and-directory/) so the containers run under them, for example: ``` LOCAL_UID=1001 LOCAL_GID=1001 ``` ### Download and transfer images To get docker images for use on your offline machine: 1. From an internet-connected machine, download all `ghcr.io/bitwarden/image_name:latest` docker images, as listed in the `docker-compose.yml` file in `docker-stub.zip`. For example: ```plain text docker image pull ghcr.io/bitwarden/mssql:latest ``` 2. Save each image to a `.img` file, for example: ``` docker image save -o mssql.img ghcr.io/bitwarden/mssql:latest ``` 3. Transfer all `.img` files to your offline machine. 4. On your offline machine, load each `.img` file to create your local docker images, for example: ``` docker image load -i mssql.img ``` ### Start your server Start your Bitwarden server with the following command: ``` docker compose -f ./docker/docker-compose.yml up -d ``` Verify that all containers are running correctly: ``` docker ps ``` ![Docker healthy](https://bitwarden.com/assets/3Sq7MaJZ1jaEJUCW44wmwj/008be5ee5e43c20c8c840e71617e57eb/2025-05-05_15-34-44.png) Congratulations! Bitwarden is now up and running at `https://your.domain.com`. Visit the web vault in your browser to confirm that it's working. You may now register a new account and log in. Your will need to have configured SMTP environment variables (see [environment variables](https://bitwarden.com/it-it/help/environment-variables/)) in order to verify the email for your new account. ## Next Steps: - If you are planning to self-host a Bitwarden organization, see [self-host an organization](https://bitwarden.com/it-it/help/self-host-an-organization/) to get started. - For additional information see [self hosting FAQs](https://bitwarden.com/it-it/help/hosting-faqs/). ## Update your server Updating a self-hosted server that has been installed and deployed manually is different from the [standard update procedure](https://bitwarden.com/it-it/help/updating-on-premise/). To update your manually-installed server: 1. Download the latest `docker-stub.zip` archive from the [releases pages on GitHub](https://github.com/bitwarden/server/releases). 2. Unzip the new `docker-stub.zip` archive and compare its contents with what's currently in your `bwdata` directory, copying anything new to the pre-existing files in `bwdata`. **Do not** overwrite your pre-existing `bwdata` directory with the contents of the newer `docker-stub.zip` archive, as this would overwrite any custom configuration work you've done. 3. Download the latest container images and transfer them to your offline machine [as documented above](https://bitwarden.com/it-it/help/install-and-deploy-offline/#download-transfer-images/). 4. Run the following command to restart your server with your updated configuration and the latest containers: ``` docker compose -f ./docker/docker-compose.yml down && docker compose -f ./docker/docker-compose.yml up -d ``` --- URL: https://bitwarden.com/it-it/help/install-on-premise-linux/ --- # Linux Standard Deployment This article will walk you through the procedure to install and deploy Bitwarden to your own Linux server. Bitwarden can also be installed and deployed on [Windows](https://bitwarden.com/it-it/help/install-on-premise-windows/) machines. Please review Bitwarden [software release support](https://bitwarden.com/it-it/help/bitwarden-software-release-support/#release-support-at-bitwarden/) documentation. ## System specifications | | **Minimum** | **Recommended** | |------|------|------| | Processor | x64, 1.4GHz | x64, 2GHz dual core | | Memory | 2GB RAM | 4GB RAM | | Storage | 12GB | 25GB | | Docker Version | Engine 26+ and Compose`ª` | Engine 26+ and Compose`ª` | `ª` - Docker Compose is automatically installed as a plugin when you download Docker Engine. Standard self-hosted server deployments ship with an **MSSQL Express** image by default, however you have the option to use an [external database](https://bitwarden.com/it-it/help/external-db/). The default database has a 10GB [maximum relational database size](https://learn.microsoft.com/en-us/sql/sql-server/editions-and-components-of-sql-server-2022?view=sql-server-ver17#scale-limits) but does not require additional licensing. > [!NOTE] Digital Ocean Link > If you are looking for a quality provider with affordable prices, we recommend DigitalOcean. [Get started today](https://marketplace.digitalocean.com/apps/bitwarden) or read our [blog post about Bitwarden on DigitalOcean](https://bitwarden.com/it-it/blog/digitalocean-marketplace/). ## Overview The following is a summary of the installation procedure in this article. Links in this section will jump to detailed **Installation procedure** sections: 1. [**Configure your domain**](https://bitwarden.com/it-it/help/install-on-premise-linux/#configure-your-domain/). Set DNS records for a domain name pointing to your machine, and open ports 80 and 443 on the machine. 2. [**Install Docker and Docker Compose**](https://bitwarden.com/it-it/help/install-on-premise-linux/#install-docker-and-docker-compose/) on your machine. 3. [**Create a Bitwarden user & directory**](https://bitwarden.com/it-it/help/install-on-premise-linux/#create-bitwarden-local-user-directory/) from which to complete installation. 4. Retrieve an installation id and key from [**https://bitwarden.com/host**](https://bitwarden.com/it-it/host/) for use in installation. For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#q-what-are-my-installation-id-and-installation-key-used-for/) 5. [**Install Bitwarden**](https://bitwarden.com/it-it/help/install-on-premise-linux/#install-bitwarden/) on your machine. 6. [**Configure your environment**](https://bitwarden.com/it-it/help/install-on-premise-linux/#post-install-configuration/) by adjusting settings in `./bwdata/env/global.override.env`. > [!NOTE] > At a minimum, configure the `globalSettings__mail__smtp...` variables to setup an email server for inviting and verifying users. 7. [**Start your instance**](https://bitwarden.com/it-it/help/install-on-premise-linux/#start-bitwarden/). 8. Test your installation by opening your configured domain in a web browser. 9. Once deployed, we recommend regularly [backing up your server](https://bitwarden.com/it-it/help/backup-on-premise/) and [checking for system updates](https://bitwarden.com/it-it/help/updating-on-premise/). ## Installation procedure > [!NOTE] Protocol consistency required > Bitwarden requires consistent HTTP or HTTPS usage throughout your deployment. Mixing protocols (for example, HTTPS at proxy, HTTP internally) causes connection, authentication, and syncing errors. We recommend using HTTPS for production; HTTP for testing only. ### Configure your domain By default, Bitwarden will be served through ports 80 (`http`) and 443 (`https`) on the host machine. Open these ports so that Bitwarden can be accessed from within and/or outside of the network. You may opt to choose different ports during installation. We recommend configuring a domain name with DNS records that point to your host machine (for example, `server.example.com`), especially if you are serving Bitwarden over the internet. We recommend not including Bitwarden in your hostname to keep the server identity or type concealed. ### Install Docker and Docker Compose Bitwarden will be deployed and run on your machine using an array of [Docker containers](https://docs.docker.com/get-started/). Bitwarden can be run with any Docker edition or plan. Evaluate which edition is best for your installation. Deployment of containers is orchestrated using [Docker Compose](https://docs.docker.com/compose/). Docker Compose is automatically installed as a plugin when you download Docker Engine. [Download Docker Engine for Linux](https://docs.docker.com/engine/install/#supported-platforms). ### Create Bitwarden local user & directory Configure your Linux server with a dedicated `bitwarden` service account, from which to install and run Bitwarden. Doing so will isolate your Bitwarden instance from other applications running on your server. For more information, see Docker's [Post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/) documentation. 1. Create a bitwarden user: ``` sudo adduser bitwarden ``` 2. Set password for bitwarden user (strong password): ``` sudo passwd bitwarden ``` 3. Create a docker group (if it doesn’t already exist): ``` sudo groupadd docker ``` 4. Add the bitwarden user to the docker group: ``` sudo usermod -aG docker bitwarden ``` 5. Create a bitwarden directory: ``` sudo mkdir /opt/bitwarden ``` 6. Set permissions for the `/opt/bitwarden` directory: ``` sudo chmod -R 700 /opt/bitwarden ``` 7. Set the bitwarden user as owner of the `/opt/bitwarden` directory: ``` sudo chown -R bitwarden:bitwarden /opt/bitwarden ``` ### Install Bitwarden > [!TIP] If you've setup self-host local user and directory. > Once you have [created a Bitwarden user & directory](https://bitwarden.com/it-it/help/install-on-premise-manual/#create-bitwarden-local-user--directory/), complete the following as the `bitwarden` user from the `/opt/bitwarden` directory. **Do not install Bitwarden as root**, as you will encounter issues during installation. Bitwarden provides a shell script for easy installation on Linux and Windows (PowerShell). Complete the following steps to install Bitwarden using the shell script: 1. Download the Bitwarden installation script (`bitwarden.sh`) to your machine: ``` curl -Lso bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 bitwarden.sh ``` 2. Run the installer script. A `./bwdata` directory will be created relative to the location of `bitwarden.sh`. ``` ./bitwarden.sh install ``` 3. Complete the prompts in the installer: - **Enter the domain name for your Bitwarden instance:** Typically, this value should be the configured DNS record. - **Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):** Specify `y` to generate a trusted SSL certificate using Let's Encrypt. You will be prompted to enter an email address for expiration reminders from Let's Encrypt. For more information, see [Certificate Options](https://bitwarden.com/it-it/help/certificates/). Alternatively, specify `n` and use the **Do you have a SSL certificate to use?** option. - **Enter your installation id:** Retrieve an installation id using a valid email at [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). For more information, see [what are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#q-what-are-my-installation-id-and-installation-key-used-for/) - **Enter your installation key:** Retrieve an installation key using a valid email at [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#q-what-are-my-installation-id-and-installation-key-used-for/) - **Enter your region (US/EU):**Enter US or EU depending on the [cloud server](https://bitwarden.com/it-it/help/server-geographies/) you will use to [license paid features](https://bitwarden.com/it-it/help/licensing-on-premise/), only applicable if you're connecting a self-hosted account or organization to a paid subscription. - **Do you have a SSL certificate to use? (y/n):** (Only if `n` selected for **Do you want to use Let's Encrypt to generate a free SSL certificate?**) If you already have your own SSL certificate, specify `y` and place the necessary files in the `./bwdata/ssl/your.domain` directory. You will be asked whether it is a trusted SSL certificate (y/n). For more information, see [Certificate Options](https://bitwarden.com/it-it/help/certificates/). Alternatively, specify `n` and use the **self-signed SSL certificate?** option, which is only recommended for testing purposes. - **Do you want to generate a self-signed SSL certificate? (y/n):** (Only if `n` selected for **Do you have a SSL certificate to use?**) Specify `y` to have Bitwarden generate a self-signed certificate for you. This option is only recommended for testing. For more information, see [Certificate Options](https://bitwarden.com/it-it/help/certificates/). If you specify `n`, your instance will not use an SSL certificate and you will be required to front your installation with a HTTPS proxy, or else Bitwarden applications will not function properly. ### Post-install configuration Configuring your environment can involve making changes to two files; an environment variables file and an installation file: #### Environment variables (*required*) Some features of Bitwarden are not configured by the `bitwarden.sh` script. Configure these settings by editing the environment file, located at `./bwdata/env/global.override.env`. **At a minimum, you should replace the values for:** ``` ... globalSettings__mail__smtp__host= globalSettings__mail__smtp__port= globalSettings__mail__smtp__ssl= globalSettings__mail__smtp__username= globalSettings__mail__smtp__password= ... adminSettings__admins= ... ``` Replace `globalSettings__mail__smtp...=` placeholders to connect to the SMTP mail server that will be used to send verification emails to new users and invitations to organizations. Adding an email address to `adminSettings__admins=` will provision access to the System Administrator Portal. After editing `global.override.env`, run the following command to apply your changes: ``` ./bitwarden.sh restart ``` #### Installation file The Bitwarden installation script uses settings in `./bwdata/config.yml` to generate the necessary assets for installation. Some installation scenarios (such as installations behind a proxy with alternate ports) may require adjustments to `config.yml` that were not provided during standard installation. Edit `config.yml` as necessary and apply your changes by running: ``` ./bitwarden.sh rebuild ``` ### Start Bitwarden Once you have completed all previous steps, start your Bitwarden instance: ``` ./bitwarden.sh start ``` > [!NOTE] > The first time you start Bitwarden it may take some time as it downloads all of the images from GitHub Container Registry. Verify that all containers are running correctly: ``` docker ps ``` ![Docker healthy](https://bitwarden.com/assets/3Sq7MaJZ1jaEJUCW44wmwj/008be5ee5e43c20c8c840e71617e57eb/2025-05-05_15-34-44.png) Congratulations! Bitwarden is now up and running at your specified domain (in the above example, `https://bitwarden.example.com)`. Visit the web vault in your web browser to confirm that it's working. You may now register a new account and log in. You will need to have configured `smtp` environment variables (see [Environment Variables](https://bitwarden.com/it-it/help/environment-variables/)) in order to verify the email for your new account. > [!TIP] Backup and Update your Server > Once deployed, we recommend regularly [backing up your server](https://bitwarden.com/it-it/help/backup-on-premise/) and [checking for system updates](https://bitwarden.com/it-it/help/updating-on-premise/). ## Script commands reference The Bitwarden installation script (`bitwarden.sh` or `bitwarden.ps1`) has the following commands available: > [!NOTE] > PowerShell users will run the commands with a prefixed `-` (switch). For example `.\bitwarden.ps1 -start`. | **Command** | **Description** | |------|------| | install | Start the installer. | | start | Start all containers. | | restart | Restart all containers (same as start). | | stop | Stop all containers. | | update | Update all containers and the database. | | updatedb | Update/initialize the database. | | updaterun | Update the `run.sh `file. | | updateself | Update this main script. | | updateconf | Update all containers without restarting the running instance. | | uninstall | Before this command executes, you will be prompted to save database files. `y `will create a tarfile of your database including the most recent backup. Stops containers, deletes the `bwdata `directory and all its contents, and removes ephemeral volumes. After executing, you will be asked whether you also want to purge all Bitwarden images. | | compresslogs | Download a tarball of all server logs, or of server logs in a specified date range, to the current directory. For example, use `./bitwarden.sh compresslogs 20240304 20240305` to download logs from March 4th, 2024 to March 5th, 2024. | | renewcert | Renew certificates. | | rebuild | Rebuild generated installation assets from `config.yml`. | | help | List all commands. | ## Next steps - If you are planning to self-host a Bitwarden organization, see [self-host an organization](https://bitwarden.com/it-it/help/self-host-an-organization/) to get started. - For additional information see [self hosting FAQs](https://bitwarden.com/it-it/help/hosting-faqs/). --- URL: https://bitwarden.com/it-it/help/install-on-premise-manual/ --- # Linux Manual Deployment This article will walk you through the procedure to manually install and deploy Bitwarden to your own server. Please review Bitwarden [software release support](https://bitwarden.com/it-it/help/bitwarden-software-release-support/#release-support-at-bitwarden/) documentation. > [!WARNING] Manual Server Setup > **Manual installations should be conducted by advanced users only.** Only proceed if you are very familiar with Docker technologies and desire more control over your Bitwarden installation. > > Manual installations lack the ability to automatically update certain dependencies of the Bitwarden installation. As you upgrade from one version of Bitwarden to the next you will be responsible for changes to required environment variables, changes to nginx `default.conf`, changes to `docker-compose.yml`, and so on. > > We will try to highlight these in the [release notes on GitHub](https://github.com/bitwarden/server/releases). You can also monitor changes to the [dependency templates](https://github.com/bitwarden/server/tree/master/util/Setup/Templates) used by the Bitwarden installation script on GitHub. ## Requirements | | Minimum | Recommended | |------|------|------| | Processor | x64, 1.4GHz | x64, 2GHz dual core | | Memory | 2GB RAM | 4GB RAM | | Storage | 12GB | 25GB | | Docker Version | Engine 26+ and Compose`ª` | Engine 26+ and Compose`ª` | `ª` - Docker Compose is automatically installed as a plugin when you download Docker Engine. [Download Docker Engine for Linux](https://docs.docker.com/engine/install/#supported-platforms). ## Installation procedure ### Create Bitwarden local user & directory Configure your Linux server with a dedicated `bitwarden` service account, from which to install and run Bitwarden. Doing so will isolate your Bitwarden instance from other applications running on your server. For more information, see Docker's [Post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/) documentation. 1. Create a bitwarden user: ``` sudo adduser bitwarden ``` 2. Set a password for the bitwarden user: ``` sudo passwd bitwarden ``` 3. Create a docker group (if it doesn't already exist): ``` sudo groupadd docker ``` 4. Add the bitwarden user to the docker group: ``` sudo usermod -aG docker bitwarden ``` 5. Create a bitwarden directory: ``` sudo mkdir /opt/bitwarden ``` 6. Set permissions for the `/opt/bitwarden` directory: ``` sudo chmod -R 700 /opt/bitwarden ``` 7. Set the bitwarden user ownership of the `/opt/bitwarden` directory: ``` sudo chown -R bitwarden:bitwarden /opt/bitwarden ``` ### Download & configure > [!TIP] If you've setup self-host local user and directory. > Once you have [created a Bitwarden user & directory](https://bitwarden.com/it-it/help/install-on-premise-manual/#create-bitwarden-local-user--directory/), complete the following as the `bitwarden` user from the `/opt/bitwarden` directory. **Do not install Bitwarden as root**, as you will encounter issues during installation. To download Bitwarden and configure Bitwarden server assets: 1. Download a stubbed version of Bitwarden's dependencies (`docker-stub-US.zip` or `docker-stub-EU.zip`) from the [releases pages on GitHub](https://github.com/bitwarden/server/releases). For example: ``` curl -L https://github.com/bitwarden/server/releases/download/v/docker-stub-US.zip \ -o docker-stub-US.zip ``` 2. Create a new directory named `bwdata` and extract `docker-stub.zip` to it, for example: ``` unzip docker-stub-US.zip -d bwdata ``` Once unzipped, the `bwdata` directory will match what the `docker-compose.yml` file's volume mapping expects. You may, if you wish, change the location of these mappings on the host machine. 3. In `./bwdata/env/global.override.env`, edit the following environment variables: - `globalSettings__baseServiceUri__vault=`: Enter the domain of your Bitwarden instance. - `globalSettings__sqlServer__ConnectionString=`: Replace the `RANDOM_DATABASE_PASSWORD` with a secure password for use in a later step. - `globalSettings__identityServer__certificatePassword`: Set a secure certificate password for use in a later step. - `globalSettings__internalIdentityKey=`: Replace `RANDOM_IDENTITY_KEY` with a random alphanumeric string. - `globalSettings__oidcIdentityClientKey=`: Replace `RANDOM_IDENTITY_KEY` with a random alphanumeric string. - `globalSettings__duo__aKey=`: Replace `RANDOM_DUO_AKEY` with a random alphanumeric string. - `globalSettings__installation__id=`: Enter an installation id retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). - `globalSettings__installation__key=`: Enter an installation key retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). > [!TIP] Manual Install Environment Variables > At this time, consider also setting values for all `globalSettings__mail__smtp__` variables and for `adminSettings__admins`. Doing so will configure the SMTP mail server used to send invitations to new organization members and provision access to the [System Administrator Portal](https://bitwarden.com/it-it/help/system-administrator-portal/). > > [Learn more about environment variables](https://bitwarden.com/it-it/help/environment-variables/). 4. From `./bwdata`, generate a `.pfx` certificate file for the identity container and move it to the mapped volume directory (by default, `./bwdata/identity/`). For example, run the following commands: ``` openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key -out identity.crt -subj "/CN=Bitwarden IdentityServer" -days 10950 ``` and ``` openssl pkcs12 -export -out ./identity/identity.pfx -inkey identity.key -in identity.crt -passout pass:IDENTITY_CERT_PASSWORD ``` In the above command, replace `IDENTITY_CERT_PASSWORD` with the certificate password created and used in **Step 3**. 5. Create a subdirectory in `./bwdata/ssl` named for your domain, for example: ``` mkdir ./ssl/bitwarden.example.com ``` 6. Provide a trusted SSL certificate and private key in the newly created `./bwdata/ssl/bitwarden.example.com` subdirectory. > [!NOTE] SSL Directory to Volume Mapping > This directory is mapped to the NGINX container at `/etc/ssl`. If you can't provide a trusted SSL certificate, front the installation with a proxy that provides an HTTPS endpoint to Bitwarden client applications. 7. In `./bwdata/nginx/default.conf`: 1. Replace all instances of `bitwarden.example.com` with your domain, including in the `Content-Security-Policy` header. 2. Set the `ssl_certificate` and `ssl_certificate_key` variables to the paths of the certificate and private key provided in **Step 7**. 3. Take one of the following actions, depending on your certificate setup: - If using a trusted SSL certificate, set the `ssl_trusted_certificate` variable to the path to your certificate. - If using a self-signed certificate, comment out the `ssl_trusted_certificate` variable. 8. In `./bwdata/env/mssql.override.env`, replace `RANDOM_DATABASE_PASSWORD` with the password created in **Step 3**. 9. In `./bwdata/web/app-id.json`, replace `bitwarden.example.com` with your domain. 10. In `./bwdata/env/uid.env`, set the UID and GID of the `bitwarden` users and group you [created earlier](https://bitwarden.com/it-it/help/install-on-premise-manual/#create-bitwarden-local-user-and-directory/) so the containers run under them, for example: ``` LOCAL_UID=1001 LOCAL_GID=1001 ``` ### Start your server Start your Bitwarden server with the following command: ``` docker compose -f ./docker/docker-compose.yml up -d ``` Verify that all containers are running correctly: ``` docker ps ``` ![Docker healthy](https://bitwarden.com/assets/3Sq7MaJZ1jaEJUCW44wmwj/008be5ee5e43c20c8c840e71617e57eb/2025-05-05_15-34-44.png) Congratulations! Bitwarden is now up and running at `https://your.domain.com`. Visit the web vault in your browser to confirm that it's working. You may now register a new account and log in. You will need to have configured SMTP environment variables (see [Environment Variables](https://bitwarden.com/it-it/help/environment-variables/)) in order to verify the email for your new account. ## Next Steps: - If you are planning to self-host a Bitwarden organization, see [self-host an organization](https://bitwarden.com/it-it/help/self-host-an-organization/) to get started. - For additional information see [self hosting FAQs](https://bitwarden.com/it-it/help/hosting-faqs/). ## Update your server Updating a self-hosted server that has been installed and deployed manually is different from the [standard update procedure](https://bitwarden.com/it-it/help/updating-on-premise/). To update your manually-installed server: 1. Download the latest `docker-stub.zip` archive from the [releases pages on GitHub](https://github.com/bitwarden/server/releases). 2. Unzip the new `docker-stub.zip` archive and compare its contents with what's currently in your `bwdata` directory, copying anything new to the pre-existing files in `bwdata`. **Do not** overwrite your pre-existing `bwdata` directory with the contents of the newer `docker-stub.zip` archive, as this would overwrite any custom configuration work you've done. 3. Run the following command to restart your server with your updated configuration and the latest containers: ``` docker compose -f ./docker/docker-compose.yml down && docker compose -f ./docker/docker-compose.yml up -d ``` --- URL: https://bitwarden.com/it-it/help/install-on-premise-windows/ --- # Windows Standard Deployment This article will walk you through the procedure to install and deploy Bitwarden to your own Windows server. Bitwarden can also be installed and deployed on [Linux and macOS](https://bitwarden.com/it-it/help/install-on-premise-linux/) machines. Please review Bitwarden [software release support](https://bitwarden.com/it-it/help/bitwarden-software-release-support/#release-support-at-bitwarden/) documentation. ## System specifications | | **Minimum** | **Recommended** | |------|------|------| | Processor | x64, 1.4GHz | x64, 2GHz Dual Core | | Memory | 6GB RAM | 8+ GB RAM | | Storage | 76GB | 90GB | | Docker Version | Engine 26+ and Compose`ª` | Engine 26+ and Compose`ª` | `ª` - Docker Compose can be installed via Docker Desktop, which includes Engine and Compose. ### Nested virtualization Running Bitwarden on Windows Server **requires use of nested virtualization**. Please check your Hypervisor's documentation to find out if nested virtualization is supported and how to enable it. > [!NOTE] microsoft azure vm > If you are running Windows Server as an Azure VM, we recommend a **Standard D2s v3 Virtual Machine running Windows Server 2022**, which meets all [system requirements](https://bitwarden.com/it-it/help/install-on-premise-windows/#system-specifications/) including support for nested virtualization. You will also need to select **Security Type**: **Standard** rather than the default **Trusted launch virtual machines**. ## TL;DR The following is a summary of the [installation procedure](https://bitwarden.com/it-it/help/install-on-premise-windows/#installation-procedure/) in this article. Links in this section will jump to detailed **Installation procedure** sections: 1. [**Configure your domain**](https://bitwarden.com/it-it/help/install-on-premise-windows/#configure-your-domain/). Set DNS records for a domain name pointing to your machine, and open ports 80 and 443 on the machine. 2. [**Install and setup Docker Desktop**](https://bitwarden.com/it-it/help/install-on-premise-windows/#setup-docker-desktop/) on your machine. 3. [**Create a Bitwarden user & directory**](https://bitwarden.com/it-it/help/install-on-premise-windows/#create-bitwarden-local-user-directory/) from which to complete the installation. 4. Retrieve an installation id and key from [**https://bitwarden.com/host**](https://bitwarden.com/it-it/host/) for use in installation. For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#general/) 5. [**Install Bitwarden**](https://bitwarden.com/it-it/help/install-on-premise-windows/#install-bitwarden/) on your machine. 6. [**Configure your environment**](https://bitwarden.com/it-it/help/install-on-premise-windows/#post-install-configuration/) by adjusting settings in `\bwdata\env\global.override.env`. > [!NOTE] > At a minimum, configure the `globalSettings__mail__smtp...` variables to setup an email server for inviting and verifying users. 7. [**Start your instance**](https://bitwarden.com/it-it/help/install-on-premise-windows/#start-bitwarden/). 8. Test your installation by opening your configured domain in a web browser. 9. Once deployed, we recommend regularly [backing up your server](https://bitwarden.com/it-it/help/backup-on-premise/) and [checking for system updates](https://bitwarden.com/it-it/help/updating-on-premise/). ## Installation procedure > [!NOTE] Will not execute in powershell ISE > Using the PowerShell ISE to run PowerShell commands will cause the Bitwarden installation to fail. Completing a successful install will require PowerShell. ### Configure your domain By default, Bitwarden will be served through ports 80 (`http`) and 443 (`https`) on the host machine. Open these ports so that Bitwarden can be accessed from within and/or outside of the network. You may opt to choose different ports during installation. > [!NOTE] windows fire wall docker > **If you are using Windows Firewall**, Docker Desktop for Windows will not automatically add an exception for itself in Windows Firewall. Add exceptions for TCP ports 80 and 443 (or chosen alternative ports) to prevent related errors. We recommend configuring a domain name with DNS records that point to your host machine (for example, `server.example.com`), especially if you are serving Bitwarden over the internet. We recommend not including Bitwarden in your hostname to keep the server identity or type concealed. ### Setup Docker Desktop Bitwarden will be deployed and run on your machine using an array of [Docker containers](https://docs.docker.com/get-started/). Bitwarden can be run with any Docker edition or plan. Evaluate which edition is best for your installation. Deployment of containers is orchestrated using [Docker Compose](https://docs.docker.com/compose/). Docker Compose can be installed via Docker Desktop, which includes Engine and Compose. [Install Docker Desktop for Engine and Compose](https://docs.docker.com/desktop/install/windows-install/). During this setup, you must **uncheck** the **Use WSL2 instead of Hyper-V (recommended)** option. After installing, open Docker Desktop and select ⚙️ **Settings**and then **Resources**. Bitwarden requires at least 4GB of RAM allocated to Docker Desktop. This setting will dedicate the RAM from Windows exclusively to Docker. As a result, setting this value too high may cause instability within Windows. ### Create Bitwarden local user & directory Open PowerShell and create a Bitwarden local user by running the following commands: ``` PS C:\> $Password = Read-Host -AsSecureString ``` After running the above command, enter the desired password in the text input dialog. After specifying a password, run the following: ``` New-LocalUser "Bitwarden" -Password $Password -Description "Bitwarden Local Admin" ``` As the newly created user, create a Bitwarden folder under `C:\`: ``` PS C:\> mkdir Bitwarden ``` Next, add the user to a local group of aministrators: ```plain text net localgroup Administrators Bitwarden /add ``` In Docker Desktop, navigate to **Settings** → **Resources** → **File Sharing** and add the created directory (`C:\Bitwarden`) to the Resources list. Select **Apply & Restart** to apply your changes. > [!NOTE] Docker user group > The Bitwarden user must be added to the docker-users group. See Docker's [documentation](https://docs.docker.com/desktop/install/windows-install/#install-docker-desktop-on-windows) to learn how. Log in as the newly created user before completing all subsequent procedures in this document. ### Install Bitwarden Bitwarden provides a PowerShell Cmdlet file (`.ps1`) for easy installation on Windows machines. Complete the following steps to install Bitwarden using the Cmdlet: > [!NOTE] already created bitwarden user and directory > Once you have [created a Bitwarden user & directory](https://bitwarden.com/it-it/help/install-on-premise-windows/#create-bitwarden-local-user--directory/), complete the following as the `Bitwarden` user. 1. Navigate to the [created](https://bitwarden.com/it-it/help/install-on-premise-windows/#create-bitwarden-local-user--directory/) directory: ``` cd C:\Bitwarden ``` 2. Run the following command to download the Bitwarden installation script (`bitwarden.ps1`): ``` Invoke-RestMethod -OutFile bitwarden.ps1 -Uri "https://func.bitwarden.com/api/dl/?app=self-host&platform=windows" ``` 3. Run the installer script using the following command: ``` .\bitwarden.ps1 -install ``` 4. Complete the prompts in the installer: - **Enter the domain name for your Bitwarden instance:** Typically, this value should be the configured DNS record. - **Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):** Specify `y` to generate a trusted SSL certificate using Let's Encrypt. You will be prompted to enter an email address for expiration reminders from Let's Encrypt. For more information, see [Certificate Options](https://bitwarden.com/it-it/help/certificates/). Alternatively, specify `n` and use the **do you have a SSL certificate to use?** option. - **Enter your installation id:** Retrieve an installation id using a valid email at [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#q-what-are-my-installation-id-and-installation-key-used-for/) - **Enter your installation key:** Retrieve an installation key using a valid email at [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#q-what-are-my-installation-id-and-installation-key-used-for/) - **Enter your region (US/EU):**Enter US or EU depending on the [cloud server](https://bitwarden.com/it-it/help/server-geographies/) you will use to [license paid features](https://bitwarden.com/it-it/help/licensing-on-premise/), only applicable if you're connecting a self-hosted account or organization to a paid subscription. - **Do you have a SSL certificate to use? (y/n)** If you already have your own SSL certificate, specify `y` and place the necessary files in the `C:\Bitwarden\bwdata\ssl\` directory. You will be asked whether it is a trusted SSL certificate (`y/n`). For more information, see [Certificate Options](https://bitwarden.com/it-it/help/certificates/). Alternatively, specify `n` and use the **self-signed SSL certificate?** option, which is only recommended for testing purposes. - **Do you want to generate a self-signed SSL certificate? (y/n)**: Specify `y` to have Bitwarden generate a self-signed certificate for you. This option is only recommended for testing. For more information, see [Certificate Options](https://bitwarden.com/it-it/help/certificates/). If you specify `n`, your instance will not use an SSL certificate and you will be required to front your installation with an HTTPS proxy, or else Bitwarden applications will not function properly. ### Post-install configuration Configuring your environment can involve making changes to two files; an [environment variables file](https://bitwarden.com/it-it/help/install-on-premise-windows/#environment-variables/) and an [installation file](https://bitwarden.com/it-it/help/install-on-premise-windows/#installation-configuration/): #### Environment variables (*required*) Some features of Bitwarden are not configured by the `bitwarden.ps1` Cmdlet. Configure these settings by editing the environment file, located at `\bwdata\env\global.override.env`. **At a minimum, you should replace the values for:** ``` ... globalSettings__mail__smtp__host= globalSettings__mail__smtp__port= globalSettings__mail__smtp__ssl= globalSettings__mail__smtp__username= globalSettings__mail__smtp__password= ... adminSettings__admins= ... ``` Replace `globalSettings__mail__smtp...=` placeholders to connect to the SMTP mail server that will be used to send verification emails to new users and invitations to organizations. Adding an email address to `adminSettings__admins=` will provision access to the System Administrator Portal. After editing `global.override.env`, run the following command to apply your changes: ``` .\bitwarden.ps1 -restart ``` #### Installation file The Bitwarden installation script uses settings in `.\bwdata\config.yml` to generate the necessary assets for installation. Some installation scenarios (such as installations behind a proxy with alternate ports) may require adjustments to `config.yml` that were not provided during standard installation. Edit `config.yml` as necessary and apply your changes by running: ``` .\bitwarden.ps1 -rebuild ``` ### Start Bitwarden Once you have completed all previous steps, start your Bitwarden instance by running the following command: ``` .\bitwarden.ps1 -start ``` > [!NOTE] > The first time you start Bitwarden it may take some time as it downloads images from Docker Hub. Verify that all containers are running correctly: ``` docker ps ``` ![List showing Healthy Containers ](https://bitwarden.com/assets/3kcV9CFkWJrw5qCmKZsyBg/5cd5030d96352e6b1f5f20d1ffb79654/docker-ps-win.png) Congratulations! Bitwarden is now up and running at `https://your.domain.com`. Visit the web vault in your web browser to confirm that it’s working. You may now register a new account and log in. You will need to have configured `smtp` environment variables (see [Environment Variables](https://bitwarden.com/it-it/help/environment-variables/)) in order to verify the email for your new account. > [!TIP] Backup and Update your Server > Once deployed, we recommend regularly [backing up your server](https://bitwarden.com/it-it/help/backup-on-premise/) and [checking for system updates](https://bitwarden.com/it-it/help/updating-on-premise/). ## Next Steps: - If you are planning to self-host a Bitwarden organization, see [self-host an organization](https://bitwarden.com/it-it/help/self-host-an-organization/) to get started. - For additional information see [self hosting FAQs](https://bitwarden.com/it-it/help/hosting-faqs/). ## Start Docker on boot Docker Desktop will only automatically start on boot if you have a logged-in RDP session. To start Docker Desktop on boot regardless of whether there is a user logged in: > [!NOTE] > Docker Desktop may take up to 15 minutes after boot to fully start and for containers to be accessible from the network. 1. Open Task Scheduler and select **Create Task...** from the Actions menu. 2. Configure the task with the following security options: - Set the task to use the [created](https://bitwarden.com/it-it/help/install-on-premise-windows/#create-bitwarden-local-user--directory/) `Bitwarden` user account. - Set the task to **Run whether user is logged on or not**. 3. Select the **Triggers** tab and create the following trigger: - From the **Begin the task** dropdown, select **At startup**. - In the Advanced settings section, check the **Delay task for:** checkbox and select **5 minute**s from the dropdown. 4. Select the **Actions** tab and create the following action: - In the Program/script input, specify `"C:\Program Files\Docker\Docker\frontend\Docker Desktop.exe"`. 5. Select **OK** to finish creating the scheduled task. ## Script commands reference The Bitwarden installation script (`bitwarden.ps1`) has the following commands available. All command must be prefixed with a switch (`-`), for example `.\bitwarden.ps1 -start`: | **Command** | **Description** | |------|------| | -install | Start the installer. | | -start | Start all containers. | | -restart | Restart all containers. | | -stop | Stop all containers. | | -update | Update all containers and the database. | | -updatedb | Update/initialize the database. | | -updaterun | Update the run.ps1 file. | | -updateself | Update the installation script. | | -updateconf | Update all containers without restarting the running instance. | | -uninstall | Before this command executes, you will be prompted to save database files. `y `will create a tarfile of your database including the most recent backup. Stops containers, deletes the `bwdata `directory and all its contents, and removes ephemeral volumes. After executing, you will be asked whether you want to purge all Bitwarden images. | | -renewcert | Renew certificates. | | -rebuild | Rebuild generated installation assets from `config.yml`. | | -help | List all commands. | --- URL: https://bitwarden.com/it-it/help/install-safari-app-extension/ --- # Safari Web Extension Bitwarden's Safari web extension is a port of the prior app extension designed for use with [Safari 14](https://developer.apple.com/documentation/safariservices/safari_web_extensions/converting_a_safari_app_extension_to_a_safari_web_extension?language=objc) and newer. The Safari web extension is packaged with the Bitwarden desktop app available on the app store, so you don't need to download it separately. > [!NOTE] Mac OS Safari app > Due to changes by Apple, Safari limits web extension use to **only those obtained through Mac App Store downloads**. As of the [2021-03-11 Release](https://bitwarden.com/it-it/help/releasenotes/), users will not be able to use a Bitwarden Safari extension obtained through a `.dmg` installation from [bitwarden.com/download](https://bitwarden.com/it-it/download/) or any other non-App Store source. > > **If you are using a Safari version prior to 14**, you can continue using a `.dmg` installation, which can be downloaded from [bitwarden.com/download](https://bitwarden.com/it-it/download/) by clicking **more desktop installation options >**. Keeping the `.dmg` outside of the Applications folder should allow you to simultaneously use both an older Safari extension and the latest desktop app. The Safari web extension has full feature parity to the prior app extension. For developer detail on the difference between Safari web extensions and app extensions, click [here](https://developer.apple.com/documentation/safariservices/safari_web_extensions/converting_a_safari_app_extension_to_a_safari_web_extension?language=objc). ## Enable the extension Before enabling the Safari web extension, run the desktop app at least once. In Safari: 1. Open the **Safari** menu and select **Settings**. 2. Navigate to the **Extensions** page. 3. Check the **Bitwarden** checkbox, and select **Turn on** in the confirmation dialog. > [!NOTE] Extension for mobile browsers instead of desktop browsers > These instructions apply to the browser extensions for desktop web browsers, learn how to setup an extension for mobile web browsers on iOS [here](https://bitwarden.com/it-it/help/auto-fill-ios/#browser-app-extension-autofill/). --- URL: https://bitwarden.com/it-it/help/integrated-authenticator/ --- # Integrated Authenticator Password Manager includes an integrated authenticator that generates verification codes for [two-step login](https://bitwarden.com/it-it/help/bitwarden-field-guide-two-step-login/#securing-important-websites/) directly in your vault. Instead of opening a separate app and manually typing codes, it automatically produces the [time-based one-time passwords](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) (TOTPs), six-digit codes using SHA-1 that rotate every 30 seconds. > [!NOTE] TOTP account requirements > Storing keys in Password Manager integrated authenticator is available to all accounts. Generating TOTP codes is available with Premium or membership to a paid organization (Families, Teams, or Enterprise). Bitwarden offers two authenticators: Password Manager integrated authenticator and the [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/) app. Learn more about [when to use the different authenticators](https://bitwarden.com/it-it/help/bitwarden-authenticator/#whats-the-difference-between-bitwarden-authenticator-and-password-managers/). ## Generate TOTP codes There are three ways to set up TOTP generation in Password Manager for your vault's login items: - [Scan a QR code](https://bitwarden.com/it-it/help/authenticator-keys/#scan-a-qr-code/) from the Bitwarden mobile app or browser extension. - [Manually enter a secret](https://bitwarden.com/it-it/help/authenticator-keys/#manually-enter-a-secret/) from any Bitwarden app. - [Sync codes](https://bitwarden.com/it-it/help/totp-sync/) with the Bitwarden Authenticator app so the TOTPs also appear in Password Manager. Once set up, integrated authentication will continuously generate six-digit TOTPs rotated every 30 seconds, which you can use as a secondary step for two-step login to connected websites or apps. You can update the TOTP seed at any time using the [camera]**Camera icon** on the **Edit item** screen. ### Scan a QR code To set up integrated authentication for a login item using a QR code: ### Mobile 1. **Edit** the vault item for which you want to generate TOTPs. 2. Tap [camera] **Set up TOTP**: ![Set up TOTP on mobile](https://bitwarden.com/assets/1cjF7IObqGhZL2ETA6XhTU/10641831c6fb690b85c3c99f39f1b1b1/2025-01-21_16-46-53.png) *Set up TOTP on mobile* 3. Scan the QR code. 4. Tap **Save** to begin generating TOTPs. ### Browser extension 1. **Edit** the vault item for which you want to generate TOTPs. 2. Select [camera]**TOTP**, which will scan the authenticator QR code from the current webpage. The full QR code must be visible on-screen. ![Browser extension TOTP scan](https://bitwarden.com/assets/7vTPBRNX8Q1xxOZsqFxWBQ/3a91391f5c233743b8f6be509086f895/2024-10-29_11-04-36.png) *Browser extension TOTP scan* 3. Tap **Save** once the code has been entered to begin generating TOTPs. ### Manually add a secret To manually add a secret key to a login item: 1. **Edit** the vault item for which you want to generate TOTPs. 2. Select the **Authenticator key**field. (On mobile apps, you can alternatively select the [camera] **Set up authenticator key** → **Enter key manually** from the **Edit** view.) 3. Paste the secret key into the **Authenticator Key**field. 4. Save the item. ## Use generated codes After you add a secret key to a login item, there are two ways to retrieve the TOTP: autofilling or copying the code. > [!NOTE] TOTP & Time > TOTPs rely on time-based code generation. If your device has an incorrect time compared to the server, it will generate codes that don't work. If you're having trouble with your TOTP codes, set your device's time zone to and [**time to Automatic**](https://bitwarden.com/it-it/help/integrated-authenticator/#troubleshooting/). ### Autofill TOTP codes Bitwarden browser extensions and iOS (version 18.0+) will autofill your TOTP code, unless the [**autofill on page load**](https://bitwarden.com/it-it/help/auto-fill-browser/#on-page-load/) setting is active. In that case, the browser extension also copies the TOTP code to your clipboard for easy pasting into the form. On browser extensions, you can also copy the TOTP code from the context menu: ![Browser Extension context menu ](https://bitwarden.com/assets/5YmvBLK63g2xMnUewNVjOg/a63aec8b36ac65d6d91acf666fc8406f/2024-10-29_11-11-51.png) *Browser Extension context menu * > [!TIP] Extension TOTP copying > Automatic TOTP copying is on by default when you use autofill in the browser extension. To turn it off, go to **Settings** → **Autofill** and uncheck **Copy TOTP automatically**. You can also use the nearby **Clear clipboard** dropdown menu to specify when copied values are cleared. ### View and copy TOTP codes All Bitwarden apps display your rotating TOTP code inside the vault item, which can be copied and pasted like a username or password: ![Copy a TOTP code ](https://bitwarden.com/assets/41IqtUVMLh7MLxwwNU2ZpD/b9fc56ddc82ab78130305c0751aac0ca/2024-12-02_14-55-24.png) *Copy a TOTP code * When you first open the Bitwarden mobile app, select **Verification codes** to display all active TOTPs in your vault: ![Verification codes on mobile](https://bitwarden.com/assets/3MRb58qhCFvVHVjPaxMk6R/227fae64af8e1a13e6c86a74412929eb/2025-01-21_17-13-12.png) *Verification codes on mobile* > [!TIP] Viewing codes when offline > As long as you're logged in to your Bitwarden vault, your generated codes are available—even when your device is offline. ### Troubleshooting TOTP codes are generated based on your device's system clock. If your generated codes are not working or invalid, the most likely reason is that your device clock has become out-of-step from the Bitwarden server. To re-sync the clock on your device: ### Windows Navigate to **Start** → **Settings** → **Time & language** → **Date & time**, and turn the **Set time automatically** option off and back on. If this doesn't work, use the following PowerShell commands to set your timezone, being sure to replace the timezone name with the right one from [this list](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/default-time-zones?view=windows-11#time-zones), and restart your computer: ```plain text Set-TimeZone -Id "Central Standard Time" ``` ```plain text Restart-Computer ``` ### macOS Navigate to **System Settings** → **General** → **Date & Time**, and turn the **Set time and date automatically** and **Set time zone automatically using your currently location** options off and back on. ### Android Navigate to **Settings** → **System** → **Date & time**, and turn the **Set time automatically** option off and back on. ### iOS Navigate to **Settings** → **General** → **Date & Time**, and turn the **Set Automatically** option off and back on. ## Support for more parameters By default, Bitwarden will generate six-digit TOTPs using SHA-1 and rotate them every 30 seconds, however some websites or services will expect different parameters. Parameters can be customized in Bitwarden by manually editing the `otpauth://totp/` URI for your vault item. | **Parameter** | **Description** | **Values** | **Sample** **Query** | |------|------|------|------| | Algorithm | Cryptographic algorithm used to generate TOTPs. | -sha1 -sha256 -sha512 -otpauth | `algorithm=sha256` | | Digits | Number of digits in the generated TOTP. | 1-10 | `digits=8` | | Period | Number of seconds with which to rotate the TOTP. | Must be > 0 | `period=60` | For example: ``` otpauth://totp/Test:me?secret=JBSWY3DPEHPK3PXP&algorithm=sha256&digits=8&period=60 ``` Learn more about using [otpauth:// URIs](https://github.com/google/google-authenticator/wiki/Key-Uri-Format). ## Set as default on iOS iOS users running iOS 16+ can set any application as the default for storing verification codes when scanning codes directly from the camera app, including [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/) and Password Manager [integrated authentication](https://bitwarden.com/it-it/help/integrated-authenticator/). To set this up: 1. Open the iOS **Settings**app on your device. 2. Tap **General**. 3. Tap **AutoFill & Passwords**. 4. In the **Verification Codes** section, choose an app from the **Set Up Codes In** dropdown. ## Azure and Office 365 By default, Microsoft Azure and Office 365 accounts expect the use of Microsoft Authenticator for TOTPs. To instead use the integrated authenticator in Bitwarden for your Microsoft Azure or Office 365 account(s): 1. In Microsoft, navigate to your account settings page. Depending on whether yours is a personal or business account, this may be `account.microsoft.com` or `myaccount.microsoft.com`. 2. Depending on whether yours is a personal or business account, open your **Security dashboard** or select **Security info**. If you're going through the **Security dashboard**, you'll need to also select **Two-step verification** from that screen. ![Turn on 2FA](https://bitwarden.com/assets/4x8LX6bcktyPDnQhPvSLOz/7903ba57aeb75b15e83562841136a16b/Screen_Shot_2023-02-23_at_10.24.27_AM.png) *Turn on 2FA* 3. Select either the Two-step verification**Turn on** button or **Add sign-in method** button and choose Authenticator app from the dropdown. 4. During the setup procedure, you'll see a dropdown menu for the verification method. Select **Authenticator App**or **An app**. 5. Proceed until you see a blue "different authenticator app" hyperlink. Select the hyperlink when you see it. 6. Continue until you see a QR code, at which point you can follow the standard [QR code steps](https://bitwarden.com/it-it/help/integrated-authenticator/#scan-a-qr-code/). ## Steam Guard TOTPs You can use the Bitwarden integrated authenticator for your Steam account's 2FA. Once you locate the secret key, enter it in the **Authenticator key** field with this format: `steam://your_secret_key_here`. > [!NOTE] Steam app auth > To use this functionality, you will need to manually extract your Steam account's secret using a third-party tool. There are tools such as [SteamTimeIdler](https://github.com/SteamTimeIdler/stidler/wiki/Getting-your-%27shared_secret%27-code-for-use-with-Auto-Restarter-on-Mobile-Authentication#getting-shared-secret-from-ios-windows) that can help you accomplish this, however such **extraction tools are not officially supported by Bitwarden or Steam**. Use these tools at your own risk. Generated codes for Steam are five digits and alphanumeric, unlike traditional six-digit numeric TOTPs. --- URL: https://bitwarden.com/it-it/help/invoices-and-receipts/ --- # Invoices & Receipts Bitwarden automatically generates invoices and receipts for paid subscriptions. Only subscription holders, those on the Premium plan or an organization [owner](https://bitwarden.com/it-it/help/user-types-access-control/#default-roles/), can view or download invoices as a PDF. > [!TIP] Invoices if you're self-hosting. > If you're self-hosting, invoices and receipts are available through the [cloud account that's connected to your self-hosted deployment](https://bitwarden.com/it-it/help/licensing-on-premise/). Two types of invoices are available: - **Unpaid Invoices**: If we are unable to process the payment or you [pay by invoice](https://bitwarden.com/it-it/help/payment-methods/#invoiced-billing/) for a business plan, like Enterprise, the invoice will be listed in this section. - **Paid Invoices**: This section contains receipts, which are generated as soon as payment is processed. ## Review invoices To access your account or organization's invoices: ### Individual As the account holder of a Premium individual subscription: 1. Using the web app, go to **Settings** → **Subscription**: ![Subscription page](https://bitwarden.com/assets/3Ru9TSLguhRNYtLe2TLwXk/bec6794eb58efa8780504720d4acb250/2026-03-03_10-24-17.png) *Subscription page* 2. Select **Billing history**. 3. Select a line item from **Unpaid Invoices** or **Paid Invoices** to view or download a specific invoice or paid receipt: ![Individual subscription invoice](https://bitwarden.com/assets/4vSHZX44OMs8dPa1c9GNMk/b7b7a7a6c7564a802650afd762212907/2026-03-03_10-24-26.png) *Individual subscription invoice* ### Organization As the [owner](https://bitwarden.com/it-it/help/user-types-access-control/) of a Families, Teams, or Enterprise organization: 1. Using the web app, go to the **Admin Console**. 2. Go to **Billing** → **Billing history**. 3. Select a line item from **Unpaid Invoices** or **Paid Invoices** to view or download a specific invoice or paid receipt: ![Organization invoices](https://bitwarden.com/assets/2GcEwWFCc1KsGOKjazcmeP/88846e28fa4e77c0b5b5cce32cd9caac/2026-03-03_10-38-21.png) *Organization invoices* ### Provider As a [Provider admin](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/): 1. Using the web app, go to the **Provider Portal**. 2. Go to **Billing** → **Billing history**. 3. Select a line item from **Unpaid Invoices** or **Paid Invoices** to view or download a specific invoice or paid receipt: ![Provider invoices](https://bitwarden.com/assets/6uYalZ51JW56lFgio37MBv/7df0f55f9b09aa827c1aa8897ebacba4/2026-03-03_14-51-10.png) *Provider invoices* From this view, you can also download a `.csv` file containing a client-by-client breakdown of assigned seats. Invoices include: - The [billing email](https://bitwarden.com/it-it/help/update-billing-info/#update-billing-email/) associated with Bitwarden and your subscription. - The amount due for that subscription period, including any applicable [tax](https://bitwarden.com/it-it/help/tax-calculation/) as a line item. - For organization subscriptions, the number of [paid seats](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/). - The payment method used to process payment, if applicable. ## Pay an invoice Follow the directions on your invoice with one of the listed [payment methods](https://bitwarden.com/it-it/help/payment-methods/). --- URL: https://bitwarden.com/it-it/help/invoked-crypto-libraries/ --- # Invoked Crypto Libraries Bitwarden does not implement any cryptographic primitives. Bitwarden only uses cryptographic primitives from popular and reputable crypto libraries that are written and maintained by cryptography experts. The following crypto libraries are used: - JavaScript: - [Web crypto](https://www.w3.org/TR/WebCryptoAPI/) - [Node.js crypto](https://nodejs.org/api/crypto.html) - [Forge](https://github.com/digitalbazaar/forge) - [Argon2](https://github.com/antelle/argon2-browser) - Rust Crates: - [RustCrypto](https://github.com/rustcrypto) - [curve25519-dalek](https://github.com/dalek-cryptography/curve25519-dalek) - [rust-random](https://github.com/rust-random/) - [rustls](https://github.com/rustls/rustls) --- URL: https://bitwarden.com/it-it/help/is-bitwarden-audited/ --- # Compliance, Audits, and Certifications Bitwarden is a global company with customers located all over the world. Our business is to help customers protect, store, and share their sensitive data. We prioritize protecting the personal data of our customers and their end-users as paramount to our company mission. Bitwarden complies with industry standards, and conducts comprehensive annual audits that are shared transparently with our customers and users. Our open source approach puts us in a unique position, where our software is viewed and scrutinized by a globally engaged community. ## Privacy For our privacy policy, visit [bitwarden.com/privacy](https://bitwarden.com/it-it/privacy/). ### GDPR Bitwarden is GDPR compliant. We use applicable, approved information transfer mechanisms where required, such as EU Standard Contractual Clauses (SCCs), or the EU - U.S. Data Privacy Framework. Bitwarden uses Standard Contractual Clauses pursuant to Regulation (EU) 2016/679 of the European Parliament and the Council approved by European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as currently set out at [https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj](https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj). ### CCPA Bitwarden is compliant with the California Consumer Privacy Act (CCPA). ### Data Privacy Framework (DPF) Bitwarden complies with the Data Privacy Framework (DPF), previously called Privacy Shield, which defines the safe transfer of personal data ### HIPAA Bitwarden is HIPAA compliant and annually undergoes a third-party audit for HIPAA Security Rule compliance. ### ISO 27001 Bitwarden is ISO 27001 certified and in compliance with ISO 27001 control sets surrounding data security. For more information, please contact your Account Executive. ## Third party security audits Bitwarden regularly conducts comprehensive third-party security audits with notable security firms. These annual audits include source code assessments and penetration testing across Bitwarden IPs, servers, and web applications. ### 2025 Bitwarden Cryptography Report Bitwarden completed an audit of Bitwarden core cryptography operations by the Applied Cryptography Group at ETH Zurich under the assumption of a fully malicious server. [Read the report. ](https://bitwarden.com/assets/Kki4W785JIPOdFj6EeWB5/dbf51066c1041aa90dc503ca0c911194/2025_Bitwarden_Cryptography_Report.pdf) ### 2025 Mobile App Security Assessment Bitwarden completed a dedicated audit of the Bitwarden mobile and mobile authenticator applications by cybersecurity firm Unit 42 by Palo Alto Networks [Read the report.](https://bitwarden.com/assets/718YF2IWeVNARWs6nBgYzS/796a7e97eedc6d569773a1892284d034/2025_Mobile_App_Security_Assessment.pdf) ### 2025 Bitwarden Web App and Network Security Assessment Bitwarden completed a dedicated audit of the Bitwarden web application and its related network components by cybersecurity firm Fracture Labs. [Read the report.](https://bitwarden.com/assets/5dtxzUUYxM1DGUXS9lcTHb/f2fb3a45cc5dd26666cb57e8011b0f2b/2025_Bitwarden_Web_App_and_Network_Security_Assessment.pdf) ### 2024 Bitwarden Client Applications Security Assessment Bitwarden completed a dedicated audit of the Bitwarden client applications and SDKs by security firm IOActive. [Read the report.](https://bitwarden.com/assets/3EW7bMcth1sZEDpKseMk7l/d676d703b5a181d0590d69ed2b480ce0/Bitwarden_-_Security_Assessment_2024_-_Technical_Report_v1.0-combined.pdf) ### 2024 Bitwarden Marketing Website Security Assessment Bitwarden completed a dedicated audit of the Bitwarden marketing website by security firm Paragon Initiative Enterprises (PIE).  [Read the report.](https://bitwarden.com/assets/3alBclinYuMVZ9erf1tuhM/59d4a7a3e5f3268fa59747bd86f8cba7/2024_Bitwarden_Marketing_Website_Security_Report.pdf) ### 2024 Bitwarden Mobile App Security Assessment Bitwarden completed a dedicated audit of the Bitwarden mobile and mobile authenticator applications by security firm Mandiant.  [Read the report.](https://bitwarden.com/assets/5xEFYurTu7zhrlKg8dM9Wr/943d125e789b1c4eebc7b29ad6fb9b1a/2024_Bitwarden_Mobile_App_Security_Report.pdf) ### 2024 Web App and Network Security Assessment Bitwarden completed a dedicated source code audit and penetration test of the web app and related network components by security firm Fracture Labs. [Read the report.](https://bitwarden.com/assets/7MlQ3dJr20zEwA2FIDlPET/6d7cf890c21a75d5e8246df1b79b8d2f/2024_Bitwarden_Web_App_and_Network_Security_Report.pdf) ### 2024 Mobile Apps and SDK Security Assessment Bitwarden completed a dedicated source code audit and penetration test of the mobile apps and SDK by security firm Cure53. [Read the report.](https://bitwarden.com/assets/bEfNZ6r3BJ9ehwNfAqw6C/4020b6eb762e0b6051a40638f45269d9/2024_Bitwarden_Mobile_Apps_and_SDK_Report.pdf) ### 2023 Bitwarden Web App Security Assessment Report Bitwarden completed a dedicated source code audit and penetration test of the web app by security firm Cure53. [Read the report](https://bitwarden.com/assets/5AyZwIfhKkwuQjXGvJ2e3l/488c8a8466deead9c306d4df9db08cdc/2023_Bitwarden_Web_App_Security_Assessment_Report.pdf). ### 2023 Bitwarden Desktop App Security Assessment Report Bitwarden completed a dedicated source code audit and penetration test of the desktop app by security firm Cure53. [Read the report](https://bitwarden.com/assets/6m0rD5aBvmE7LtOGJrpYdP/199f548d2dd29fd120099cf0c64d5bd1/2023_Bitwarden_Electron_Desktop_App_Security_Assessment_Report.pdf). ### 2023 Bitwarden Core App & Library Security Assessment Report Bitwarden completed a dedicated source code audit and penetration test of the core application and library by security firm Cure53. [Read the report](https://bitwarden.com/assets/3OA3ul8mM744GI2Ap0OhgW/564008ab586c81f76d1e5560be942bd9/2023_Bitwarden_Core_App___Library_Security_Assessment_Report.pdf). ### 2023 Bitwarden Browser Extension Security Assessment Report Bitwarden completed a dedicated source code audit and penetration test of the browser extension by security firm Cure53. [Read the report](https://bitwarden.com/assets/4X0rKCkFkWcPg86PUV3cRn/7277e4651464e0a8efd21d9fcf83d296/2023_Bitwarden_Browser_Extension_Security_Assessment_Report.pdf). ### 2023 Network Security Assessment Bitwarden completed a network security assessment and penetration test by security firm Cure53. [Read the report](https://bitwarden.com/assets/6E4JwsHCseBSHlTsXc8ecR/b39a63ebcd7f51683463c4e4d9838d37/bitwarden-2023-network-security-assessment-report.pdf). ### 2022 Security Assessment Bitwarden completed a dedicated source code audit and penetration test by security firm Cure53. [Read the report](https://bitwarden.com/assets/4eMmA16Zz9MACTHOexlxx0/05f3ed75c04f7d6e086479279d82c733/2022_Bitwarden_Security_Assessment_Report.pdf). ### SOC 2 Type 2 and SOC 3 Bitwarden has completed [SOC Type 2 and SOC 3 compliance](https://bitwarden.com/it-it/compliance/#third-party-security-audits/). For more information, see the blog post [Bitwarden achieves SOC 2 certification](https://bitwarden.com/it-it/blog/bitwarden-achieves-soc-2-certification/). ### 2022 Network Security Assessment Bitwarden completed a network security assessment and penetration test by security firm Cure53. [Read the report](https://bitwarden.com/assets/2otFuNRCjJzAoZRsueaN89/cca35829e6dcc09edc246c5de99f6abd/2022_Bitwarden_Network_Security_Assessment_Report.pdf). ### 2021 Network Security Assessment Bitwarden completed a thorough network security assessment and penetration test by auditing firm [Insight Risk Consulting](https://www.insightriskconsulting.com/). [Read the report.](https://bitwarden.com/assets/5UaSjdbvTgTTtzkBpXLLV/e39fc66998b82c4e512855aa291d9dd0/bitwarden-2021-network-security-assessment-report.pdf) ### 2021 Security Assessment Bitwarden completed a dedicated source code audit and penetration test by the security firm Cure53. [Read the report](https://bitwarden.com/assets/4G0yonTshy2ezRo1R7s6Yl/7ba5bdac721b2ad8d14117c1c6a36b37/2021-bitwarden-security-assessment-report.pdf). ### 2020 Network Security Assessment Bitwarden completed a thorough security assessment and penetration test by auditing firm [Insight Risk Consulting](https://www.insightriskconsulting.com/). For more information, please see the blog post [Bitwarden 2020 Security Audit is Complete](https://bitwarden.com/it-it/blog/bitwarden-network-security-assessment-2020/). [Read the report](https://cdn.bitwarden.com/misc/Bitwarden%20Network%20Security%20Assessment%20Report%20-%202020.pdf). ### 2018 Security Assessment Bitwarden completed a thorough security audit and cryptographic analysis by security firm [Cure53](https://cure53.de/). For more information, please see the blog post [Bitwarden Completes Third-party Security Audit](https://bitwarden.com/it-it/blog/third-party-security-audit/). [Read the report](https://cdn.bitwarden.net/misc/Bitwarden%20Security%20Assessment%20Report.pdf). ## Open source codebase ### Codebase on GitHub Bitwarden is focused on open source software with the entirety of the codebase available on github.com. See our codebase at [github.com/bitwarden](https://github.com/bitwarden), or learn more on [our open source page](https://bitwarden.com/it-it/open-source/). ### Licensing Source code in Bitwarden repositories are covered by one of two licenses, the [GNU Affero General Public License (AGPL) v3.0](https://github.com/bitwarden/server/blob/master/LICENSE_AGPL.txt) and the [Bitwarden License v1.0](https://github.com/bitwarden/server/blob/master/LICENSE_BITWARDEN.txt). Refer to these links to learn more about what is included in and permitted by each license. ## Cloud hosting The Bitwarden cloud service is hosted on Microsoft Azure. Please visit [Microsoft Azure Compliance Offerings](https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/) for more detail. ## Security information ### Zero knowledge encryption Bitwarden takes a zero knowledge encryption approach to password management, meaning every piece of information in your vault is encrypted. For more information on this approach, please see the blog post [How End-to-End Encryption Paves the Way for Zero Knowledge](https://bitwarden.com/it-it/blog/end-to-end-encryption-and-zero-knowledge/). ### Vault security in Bitwarden For more information on how Bitwarden vaults are protected, including options for Bitwarden client applications, please see the blog post [Vault Security in the Bitwarden Password Manager](https://bitwarden.com/it-it/blog/vault-security-bitwarden-password-manager/). ### Bug bounty program Bitwarden also interacts with independent security researchers through our private bug bounty program on [HackerOne](https://hackerone.com/bitwarden/). --- URL: https://bitwarden.com/it-it/help/jenkins-integration/ --- # Jenkins Integration Jenkins is an open source automation server that automates building, testing, and deploying software. Use the Bitwarden Secrets Manager CLI to inject secrets into Jenkins CI/CD Pipelines. ## Save an access token To get started, create a token that will be used to authenticate with the Bitwarden Secrets Manager and retrieve [secrets](https://bitwarden.com/it-it/help/secrets/). To save an [access token](https://bitwarden.com/it-it/help/access-tokens/) as a Jenkins credential: 1. In Jenkins, navigate to the **Settings  → Credentials** page. ![Setting credentials](https://bitwarden.com/assets/7BNSdUFjmu3LaVcywyKaOd/be6b83e5d2648bc3a26cabe7febbd90c/Setting_credentials.png) *Setting credentials* 2. Select the desired credential store. 3. Select **Add Credentials**. 4. Click the **Kind** drop down menu and select **Secret text**. 5. Give the credential an appropriate name. Next, we will prepare the `bitwarden-access-token`. 6. In a new tab, open the Secrets Manager web app and [create an access token](https://bitwarden.com/it-it/help/access-tokens/). ![Create access token](https://bitwarden.com/assets/0X3dgYBEQpW9EOGWIHiUV/22aef7ea682198c0f42630cf7637bf63/new_access_token.png) *Create access token* 7. Return to Jenkins and paste the newly-created access token into the **Secret** field. 8. Once complete, select **Create**. ![Jenkins credential](https://bitwarden.com/assets/4HjU45wJZMlhuyhTLWEwpB/0bfb7ee75ed53c427927b5c99e45a6e4/2026-02-06_18-10-34.png) *Jenkins credential* ## Add to your Jenkins Pipeline Next, a Jenkins Pipeline needs to be created. The following section features an example Pipeline. 1. Create a new Jenkins Pipeline by selecting **New Item** on the left-hand navigation. 2. Enter a name for the new item. Next, select the **Pipeline** item type and then **OK** when complete. ![New Pipeline](https://bitwarden.com/assets/6FP4AFLnuLT7pamWPhhF56/034dc91dfb4632155f74f0daf7575074/2026-02-09_17-16-10.png) *New Pipeline* 3. On the following screen, configure your desired settings and triggers. In the Pipeline section, include the following contents: ```java pipeline { agent any stages { stage('Build Rust Project with Secrets from Bitwarden') { steps { withCredentials([string(credentialsId: 'bitwarden-access-token', variable: 'BWS_ACCESS_TOKEN')]) { sh ''' export PATH=$PATH:/usr/local/bin # ensure bws is in PATH bws run -- ''' } } } } } ``` > [!NOTE] Replace command in Jenkins Pipeline > Replace `` with the command that requires access to secrets manager. ## Run the CI/CD Pipeline On the left, select **Build Now → Pipelines** and select **Run Pipeline** located on the top-right of the page. Select **Run Pipeline**on the page to run the newly-created Pipeline. --- URL: https://bitwarden.com/it-it/help/jit-provisioning/ --- # Add Members with JIT Enterprise organizations using [SSO](https://bitwarden.com/it-it/help/about-sso/) support just-in-time (JIT) provisioning of members. No extra configuration, beyond the SAML or OIDC setup processes documented in the **SSO Guides**, is required to support JIT. > [!NOTE] Different user provisioning methods > This article discusses only one of the available methods to invite users and manage your subscription’s seat count: > > - All organizations can [manually invite users](https://bitwarden.com/it-it/help/managing-users/) and update the [seat count](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/). > - Teams and Enterprise organizations can use [SCIM](https://bitwarden.com/it-it/help/about-scim/). > - Teams and Enterprise organizations can use [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/). > - Enterprise organizations can use [just-in-time (JIT)](https://bitwarden.com/it-it/help/jit-provisioning/). ## Recommended JIT strategy An optimized JIT provisioning strategy can make for one of the simplest signup processes available for your members. As an administrator, help your members join quickly and easily by noting the following: - **Do** issue email invitations to members with [SCIM](https://bitwarden.com/it-it/help/about-scim/), with [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/), or [manually](https://bitwarden.com/it-it/help/managing-users/#confirm/). - An added benefit of using SCIM or Directory Connector is that [groups and group membership](https://bitwarden.com/it-it/help/about-groups/) can be synced to your organization, which JIT on its own does not support, automatically assigning members to groups for streamlined [collection assignment](https://bitwarden.com/it-it/help/assign-users-to-collections/). - **Do not** allow members to preemptively create Bitwarden accounts before being invited to the organization. > [!TIP] Why is this the best JIT strategy? > Invitation-initiated JIT provisioning of new accounts bypasses a few steps that admins or members might otherwise need to take (see **Non-standard signup**). This strategy also ensures that members who should not have master passwords, as a result of a [trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/) implementation, will not have one set on their accounts. ### Member signup process Members provisioned with the **Recommended JIT strategy** will only need to: 1. Select the **Finish account setup**button contained in the organization invitation email. 2. When prompted, log in to their IdP with their SSO credentials. If they have an active session with the IdP, this step is skipped. 3. Depending on your organization's chosen [decryption method](https://bitwarden.com/it-it/help/sso-decryption-options/): - If **master password decryption**, create a master password. - If **trusted device decryption**, choose whether to remember the device. Once complete, members will be moved to the `Accepted` state. At that time, they will need to be [confirmed](https://bitwarden.com/it-it/help/managing-users/#confirm/) by an administrator. ### Non-standard signup In cases that deviate from the **Recommended JIT strategy**, the signup process for members will be somewhat different: ### No invitations sent In cases where invitations were not sent to members, the organization can still be joined with relative ease. Instruct members to follow [these instructions](https://bitwarden.com/it-it/help/using-sso/), unless they need to join with a pre-existing Bitwarden account, in which case refer to the **Pre-existing account** tab. > [!TIP] Unless Claimed Domains, admin must provide SSO Identifier. > Unless your organization has already [claimed a domain](https://bitwarden.com/it-it/help/claimed-domains/), an administrator will need to provide the [SSO identifier](https://bitwarden.com/it-it/help/sso-faqs/#configuration/) to members. They'll need to enter it during the signup process. ### Pre-existing account > [!WARNING] This user will have a master password. > A member who needs to follow this process, unlike a member who follows the standard **Member signup process** for an organization that uses [trusted device decryption](https://bitwarden.com/it-it/help/about-trusted-devices/), will have a master password set on their account. If it is required that organization members do not have master passwords, instruct the user to: > > 1. Export data from the pre-existing account. > 2. Delete the pre-existing account. > 3. JIT provision a new Bitwarden account following the standard **Member signup process**. > 4. Import data from the pre-existing account to the new one. In cases where the member needs to join the organization with a pre-existing Bitwarden account: 1. As an administrator, issue an email invitation to the email address associated with the member's Bitwarden account. This member won't be able to join your organization unless through an email invitation. 2. Instruct the user **Accept Invitation** and, on the log in screen the invitation leads to, to log in with their master password. This member won't be able to use SSO until they're confirmed to the organization, even if the [Require single sign-on authentication](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/) policy is activated. 3. Once confirmed, the member can use SSO to log in and, if the [Require single sign-on authentication](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/) policy is activated, will be required to do so. --- URL: https://bitwarden.com/it-it/help/jumpcloud-scim-integration/ --- # JumpCloud SCIM Integration System for cross-domain identity management (SCIM) can be used to automatically provision and de-provision members and groups in your Bitwarden organization. > [!NOTE] SCIM vs. BWDC > SCIM integrations are available for **Teams and Enterprise organizations**. Customers not using a SCIM-compatible identity provider may consider using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) as an alternative means of provisioning. This article will help you configure a SCIM integration with JumpCloud. Configuration involves working simultaneously with the Bitwarden web vault and JumpCloud Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Enable SCIM > [!NOTE] Self-hosting SCIM > **Are you self-hosting Bitwarden?** If so, complete these steps to [set up SCIM for your server](https://bitwarden.com/it-it/help/self-hosting-scim/) before proceeding. To start your SCIM integration, open the Admin Console and navigate to **Settings**→ **SCIM provisioning**: ![SCIM provisioning](https://bitwarden.com/assets/6sw1kuK7GuZ3dfQkkbs6rV/e665df6992fb880114fcef82e4e4c07c/SCIM_provisioning_URL_and_API_key.png) Select the **Enable SCIM**checkbox and take note of your **SCIM URL**and **SCIM API Key**. You will need to use both values in a later step. ## Create a JumpCloud app > [!TIP] SCIM if SSO already exists (JumpCloud). > If you are already using this IdP for login with SSO, open that existing application and [skip to this step](https://bitwarden.com/it-it/help/jumpcloud-scim-integration/#identity-management/). Otherwise, proceed with this section to create a new application. In the JumpCloud Portal, select **Applications** from the menu and select the **Get Started** button: ![Create Bitwarden app Jumpcloud](https://bitwarden.com/assets/63S5F953fjQN6V4xYKZR3h/515abac11c991e20cf8d5286e1b80a1d/Screen_Shot_2023-02-07_at_10.49.15_AM__2_.png) Enter `Bitwarden` in the search box and select the **configure**button: ![Configure Bitwarden ](https://bitwarden.com/assets/2pFRcBTjlIjBhMbqlKMhxb/b80b23ecfd660d5c314028297c606879/jc-bw.png) ### General info In the **General Info**tab, give the application a Bitwarden-specific name. ### SSO If you plan on using JumpCloud for single sign-on, select the **SSO** tab and setup SSO with [these instructions](https://bitwarden.com/it-it/help/saml-jumpcloud/). When you are done, or if you are skipping SSO for now, select the **activate**button and complete the confirmation modal. ### Identity management Re-open the application and navigate to the **Identity Management**tab. Expand the **Configuration Settings**box and enter the following information: | **Field** | **Description** | |------|------| | Base URL | Enter the SCIM URL ([learn more](https://bitwarden.com/it-it/help/jumpcloud-scim-integration/#enable-scim/)). | | Token Key | Enter the SCIM API Key ([learn more](https://bitwarden.com/it-it/help/jumpcloud-scim-integration/#enable-scim/)). | Once you have configured these fields, select the **Activate** button. Once the test comes back successfully, select **Save**. ### User groups In the **User Groups**tab, select the Groups you would like to provision in Bitwarden. Once you select the **Save**button, provisioning according to this specification will begin immediately. ![Select User Groups](https://bitwarden.com/assets/55RivcAbqDxw0CZ18jpg4J/3f894e05b1448cd0ad5e6383a4ce0422/Screen_Shot_2022-07-19_at_12.01.57_PM.png) ## Finish User Onboarding Now that your users have been provisioned, they will receive invitations to join the organization. Instruct your users to [accept the invitation](https://bitwarden.com/it-it/help/managing-users/#accept/) and, once they have, [confirm them to the organization](https://bitwarden.com/it-it/help/managing-users/#confirm/). > [!NOTE] Invite/Accept/Confirm > The Invite → Accept → Confirm workflow facilitates the decryption key handshake that allows users to securely access organization vault data. ## Appendix ### User attribute mapping Bitwarden uses standard SCIM v2 property names, however these may differ from JumpCloud property names. Bitwarden will use the following properties for each user: | **Bitwarden Attribute** | **JumpCloud Default Property** | |------|------| | `active` | `!suspended && !passwordExpired` | | `emails`ª | `email` | | `displayName` | `displayName` | ª - Because SCIM allows users to have multiple email addresses expressed as an array of objects, Bitwarden will use the `value` of the object which contains `"primary": true`. ### Group attribute mapping Bitwarden will use the following properties for each group: | **Bitwarden Attribute** | **JumpCloud Default Property** | |------|------| | `displayName` | `displayName` | | `members`ª | `members` | ª - Memberships are sent to Bitwarden as an array of objects, each of which represent a user who is a member of that group. --- URL: https://bitwarden.com/it-it/help/kdf-algorithms/ --- # Encryption Key Derivation Bitwarden first uses Key Derivation Functions (KDFs) on account creation to derive a master key for the account from the input master password, which acts as input for a master password hash for the account ([learn more](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#overview-of-the-master-password-hashing,-key-derivation,-and-encryption-process/)). Whenever a user is authenticated, for example when unlocking a vault or satisfying master password re-prompt, the process is repeated so that the newly-derived hash can be compared to the originally-derived hash. If they match, the user is authenticated. KDFs are used in this capacity to frustrate brute-force or dictionary attacks against a master password. KDFs force an attacker's machines to compute a non-trivial number of hashes for each password guess, at increasing cost to the attacker. Two KDF algorithms are currently available for use in Bitwarden for password derivation; [PBKDF2](https://bitwarden.com/it-it/help/kdf-algorithms/#pbkdf2/) and [Argon2](https://bitwarden.com/it-it/help/kdf-algorithms/#argon2id/). Each algorithm has a selection of options available which can be used to increase the time and expense, or "work factor", imposed on the attacker. ## PBKDF2 Password-Based Key Derivation Function 2 (PBKDF2) is [recommended by NIST](https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver) and, as implemented by Bitwarden, satisfies FIPS-140 requirements so long as default values are not changed. PBKDF2, as implemented by Bitwarden, works by salting your master password with your username and running the resultant value through a one-way hash algorithm (HMAC-SHA-256) to create a fixed-length hash. This value is again salted with your username and hashed a configurable number of times (**KDF iterations**). The resultant value after all iterations is your master key, which acts as input for the master password hash used to authenticate that user whenever they log in ([learn more](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#hashing-key-derivation-and-encryption/)). > [!NOTE] Additional interations beyond configuration > Bitwarden performs additional iterations beyond what is configured between the client and the server. The master password hash has a total default of 700,000 iterations. See the [Bitwarden Security Whitepaper](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/) for more details. By default, Bitwarden is set to iterate 600,000 times, as [recommended by OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2) for HMAC-SHA-256 implementations. As long as the user does not set this value lower, the implementation is FIPS-140 compliant. ## Argon2id Argon2 is the winner of the 2015 [Password Hashing Competition](https://www.password-hashing.net/), is available as an alternative to [PBKDF2.](https://bitwarden.com/it-it/help/kdf-algorithms/#pbkdf2/) There are three versions of the algorithm, and Bitwarden has implemented Argon2id [as recommended by OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html). Argon2id is a hybrid of other versions, using a combination of data-depending and data-independent memory accesses, which gives it some of Argon2i's resistance to side-channel cache timing attacks and much of Argon2d's resistance to GPU cracking attacks ([source](https://github.com/p-h-c/phc-winner-argon2)). Argon2, as implemented by Bitwarden, works by salting your master password with your username and running the resultant value through a one-way hash algorithm (BLAKE2b) to create a fixed-length hash. Argon2 then allocates a portion of memory (**KDF memory**) and fills it with the computed hash until full. This is repeated, starting in the subsequent portion of memory where it left off in the first, a number of times iteratively (**KDF iterations**) across a number of threads (**KDF parallelism**). The resultant value after all iterations, is your master key, which acts as input for the master password hash used to authenticate that user whenever they log in ([learn more](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#hashing-key-derivation-and-encryption/)). By default, Bitwarden is set to allocate 64 MiB of memory, iterate over it 3 times, and do so across 4 threads. These defaults are above [current OWASP recommendations](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#introduction), but here are some tips should you choose to change your settings: - Increasing **KDF iterations** will increase running time linearly. - The amount of **KDF parallelism** you can use depends on your machine's CPU. Generally, Max. Parallelism = Num. of Cores x 2. > [!NOTE] Argon2id iOS autofill message > Argon2id users with a KDF memory value higher than 64 MiB will receive a warning dialogue every time iOS autofill is initiated or a new Send is created through the Share sheet. To avoid this message, adjust Argon2id settings or enable [unlock with biometrics](https://bitwarden.com/it-it/help/biometrics/#set-up-biometrics-for-mobile/). ## Changing KDF algorithms Changing the iteration count can help protect your master password from being brute forced by an attacker, however should not be viewed as a substitute to using a strong master password in the first place. A strong master password is always the first and best line of defense for your Bitwarden account. Changing the KDF algorithm re-encrypts the protected symmetric key and updates the authentication hash, much like a normal master password change. The [symmetric encryption key](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#rotating-the-account-encryption-key/) is not rotated, however, so vault data is not re-encrypted. Learn more about [re-encrypting your data](https://bitwarden.com/it-it/help/account-encryption-key/#rotate-your-encryption-key/). > [!WARNING] Backup before changing KDF. > Backing up your vault data is not required before changing your encryption settings, however taking regular backups is highly recommended. To update your KDF algorithm: 1. In the web app, go to **Settings** → **Security**. 2. Select **Keys**: ![Encryption key settings](https://bitwarden.com/assets/wdv28A2B5yaUswQcFvT9j/ef47b457ed64f67ee84b4289ad3477a4/2026-03-06_08-57-10.png) *Encryption key settings* 3. From the **Algorithm** dropdown menu, select **PBKDF2 SHA-256**or**Argon2id**. 4. (Optional) Update the additional settings that appear. 5. Select **Update encryption settings**. More KDF iterations will increase both the time it will take an attacker to crack a password **and** the time it will take a legitimate user to log in. Setting your KDF iterations too high could result in slower performance when logging into and unlocking Bitwarden on devices with slower CPUs. We recommend increasing the value in increments of 100,000 and then testing on all of your devices. For **PBKDF2 SHA-256**, the default KDF iteration setting is 600,000. For **Argon2id**, the default settings are: - KDF memory: 32 - KDF iterations: 6 - KDF parallelism: 4 ### Low PBKDF2 KDF iterations In the [2026.2.1 release](https://bitwarden.com/it-it/help/releasenotes/#2026-2-1/), Bitwarden increased the minimum number of PBKDF2 KDF iterations to the default level, 600,000, in accordance with OWASP guidelines. This strengthens vault encryption against hackers armed with increasingly powerful devices. If you use the PBKDF2 algorithm and the KDF iterations are set below 600,000, you may see a message to **Update your encryption settings**. If you see this message, enter your master password and select **Update settings** to increase your KDF iterations to 600,000. You will not need to re-log into any clients for the change to occur. If you instead click **Later**, this message will appear again after 24 hours to encourage you to protect your account. Alternatively for your convenience, you will not see the prompt and the increase will happen automatically if you unlock or log in with your master password. ### HKDF HKDF is a HMAC-based KDF specified in [RFC 5869](https://datatracker.ietf.org/doc/html/rfc5869) that is widely used in the industry and recommended by NIST in [SP 800-56](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf). Bitwarden uses HKDF in order to derive encryption keys from non-password material, such as other keys or cryptographically randomly generated material. --- URL: https://bitwarden.com/it-it/help/kerberos-integration/ --- # Kerberos Integration Kerberos integrated authentication allows Bitwarden users to use integrated AD authentication with external MSSQL databases. > [!NOTE] Prereq Keytab file > This guide assumes that you have already exported the required keytab file that will be used on the Bitwarden server to authenticate to the domain. ## Keytab File An exported `keytab` file is used by the Bitwarden server to authenticate the domain. 1. From the Windows Domain controller, enter the following code example (this may vary depending on your requirements): ```plain text ktpass /princ bitwarden@ /mapuser "bitwarden" /pass super_secure_password_here /out bitwarden.keytab /crypto all /ptype KRB5_NT_PRINCIPAL /mapop set ``` 2. Once the file has been generated, copy the file to the Bitwarden server location in the next section. ## Bitwarden Configuration Next, create the Bitwarden configuration: 1. Create the Kerberos directory: ```plain text mkdir /opt/bitwarden/bwdata/kerberos ``` 2. Place the two files in this directory 1. The `keytab` file generated in the previous section 2. the `krb5.conf` file (example below) 3. Create the` krb5.conf` file: ```plain text nano /opt/bitwarden/bwdata/kerberos/krb5.conf ``` [Here](https://bitwarden.com/assets/dfAMaYL2JmdC3j0i4ZTPO/fb2d9ea30a617fb6384f9810edfad1b0/krb5_example.conf) is an example file. [Here](https://bitwarden.com/assets/6TdaNaNKfcxcmIc0PfBipR/e069e9fae42f3b2582508d2af3c80a43/krb5_test_example.conf) is example TEST file. Check that these values match your own and that the `kdc` and `admin_server` are accessible from the Bitwarden server. > [!NOTE] Keytab file renewal > The ticket lifetime and renewal values are set in the `krb5.config` file using the `ticket_lifetime` and `renew_lifetime` variables. If both the ticket lifetime and ticket renewal expire, you will be unable to re-authenticate the ticket. For additional information, see the [Kerberos documentation](https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html). ## Update Bitwarden #### global.override.env In order to update Bitwarden, an additional environment variable will have to be added to the `global.override.env` file. 1. Access `global.override.env`: ```plain text nano ~/global.override.env/ ``` 2. Add the following variable to `global.override.env`: ```plain text globalSettings__kerberosUser=bitwarden ``` > [!NOTE] Kerberos user global env > This variable should be the AD user used to authenticate with the domain, and should match your domain user. #### SQL connection string Replace the SQL connection string to point to the external DB and use the integrated authentication. Change your SQL server `hostname` and `database` name: ```plain text globalSettings__sqlServer__connectionString="Data Source=tcp:example-sql-server.example.domain,1433;Initial Catalog=vault;Persist Security Info=False;Integrated Security=true;Multiple Active Result Sets=False;Connect Timeout=30;Encrypt=True;Trust Server Certificate=True" ``` #### Docker updates Once the previous setup steps have been completed, the configuration file should exist on your host OS. Next, modify Bitwarden's Docker Compose configuration to add an additional volume mount to the relevant containers. This will ensure that the configuration is retained, following updates and changes to the main docker-compose file. Compose provides an `override` file that will merge your local changes to the standard Bitwarden configuration. 1. Create the override file: ```plain text nano /opt/bitwarden/bwdata/docker/docker-compose.override.yml ``` 2. Include the following contents for a standard configuration: ```plain text services: admin: volumes: - ../kerberos:/etc/bitwarden/kerberos sso: volumes: - ../kerberos:/etc/bitwarden/kerberos identity: volumes: - ../kerberos:/etc/bitwarden/kerberos api: volumes: - ../kerberos:/etc/bitwarden/kerberos events: volumes: - ../kerberos:/etc/bitwarden/kerberos ``` 3. If using SCIM, you will also have to include: ```plain text scim: volumes: - ../kerberos:/etc/bitwarden/kerberos ``` 4. Once completed, save the file. ## Starting Bitwarden Once setup has been completed, you may start Bitwarden. Restart the Bitwarden containers following the setup if you have not yet: ```plain text ./bitwarden restart ``` The `admin` container will populate your new external MSSQL database. If you stored any information in the built-in `mssql` container, you will be required to migrate it to the new external database, with either databse backup and restore, or export/import. --- URL: https://bitwarden.com/it-it/help/keyboard-shortcuts/ --- # Keyboard Shortcuts Keyboard shortcuts can speed up common tasks in Bitwarden, like [autofilling logins](https://bitwarden.com/it-it/help/auto-fill-browser/) and saving new items. They help you navigate more efficiently and provide a vital alternative to using a mouse. ## Browser extension shortcuts These shortcuts allow you to use the Bitwarden browser extension with your keyboard. If they don't work, you may need to [update your browser's shortcut settings](https://bitwarden.com/it-it/help/keyboard-shortcuts/#customize-browser-extension-shortcuts/). ### General | To do this | Press | |------|------| | Activate the extension. | `Ctrl/Cmd` + `Shift` + `Y` | | Generate a password and copy it to the clipboard. | `Ctrl/Cmd` + `Shift` + `9` | | Lock the vault. | `Ctrl/Cmd` + `Shift` + `N` | ### Autofill You can use a [keyboard shortcut to autofill credentials](https://bitwarden.com/it-it/help/auto-fill-browser/#keyboard-shortcuts/) into websites. The autofill shortcut works when username and password fields appear together on one page and separately in split login workflows. | To do this | Press | |------|------| | Autofill the last used login for the current website. | `Ctrl/Cmd` + `Shift` + `L` Press again to cycle through multiple matches. | | Autofill the last used card. | [Create a keyboard shortcut.](https://bitwarden.com/it-it/help/auto-fill-card-id/#using-keyboard-shortcuts/) | | Autofill the last used identity. | [Create a keyboard shortcut.](https://bitwarden.com/it-it/help/auto-fill-card-id/#using-keyboard-shortcuts/) | > [!TIP] Authenticator keyboard shortcut > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso usa l'[autenticatore Bitwarden](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. > > Se l'accesso utilizza [Bitwarden Authenticator](https://bitwarden.com/it-it/help/integrated-authenticator/) per i TOTP e usi la scorciatoia di compilazione automatica, il TOTP viene copiato automaticamente negli appunti dopo la compilazione automatica. Premi `Cmd/Ctrl` + `V` per incollare il TOTP. ### Customize browser extension shortcuts Some browsers, including Microsoft Edge and Safari, use default shortcuts that overlap with the Bitwarden shortcuts. To fix this, adjust your browser's default shortcuts to allow the Bitwarden ones to function as intended. The steps vary by browser: - **Chromium-based browsers, including Chrome, Edge, Vivaldi, and Brave**: Go to the browser settings page, like `chrome://extensions/shortcuts` or `edge://extensions/shortcuts` to change the shortcuts that conflict or apply a new one. - **Safari**: Update the [Mac keyboard shortcuts](https://support.apple.com/en-ca/guide/mac-help/mchlp2271/mac). You may need to reassign the shortcut for Show/Hide Sidebar so the [autofill shortcut](https://bitwarden.com/it-it/help/keyboard-shortcuts/#autofill/) works. - **Firefox**: Update the [shortcut settings for extensions](https://support.mozilla.org/en-US/kb/manage-extension-shortcuts-firefox). ## Desktop app shortcuts Use the following keyboard shortcuts to navigate the Bitwarden desktop app with your keyboard. ### General | To do this | Press | |------|------| | Lock the vault. | `Ctrl/Cmd` + `L` | | Open Bitwarden preferences. | `Ctrl/Cmd` + `,` | | Reload the Bitwarden desktop app. | `Ctrl/Cmd` + `Shift` + `R` | | Quit the Bitwarden desktop app. | `Ctrl/Cmd` + `Q` | | Place the cursor in the vault's search box. | `Ctrl/Cmd` + `F` | | Open the [Bitwarden generator](https://bitwarden.com/it-it/help/generator/). | `Ctrl/Cmd` + `G` | ### Edit items | To do this | Press | |------|------| | Add a new login. | `Ctrl/Cmd` + `N` | | Undo the last action when editing an item. | `Ctrl/Cmd` + `Z` | | Redo the last action from editing an item. | `Ctrl/Cmd` + `Y` | | Select all text in the active field or item. | `Ctrl/Cmd` + `A` | | Cut the selected text and copy it. | `Ctrl/Cmd` + `X` | | Copy the selected text. | `Ctrl/Cmd` + `C` | | Paste the last copied text. | `Ctrl/Cmd` + `V` | | Copy the open item's username. | `Ctrl/Cmd` + `U` | | Copy the open item's password. | `Ctrl/Cmd` + `P` | | Copy the open item's TOTP. | `Ctrl/Cmd` + `T` | ### Adjust display | To do this | Press | |------|------| | Zoom in. | `Ctrl/Cmd` + `=` | | Zoom out. | `Ctrl/Cmd` + `-` | | Reset the zoom level. | `Ctrl/Cmd` + `0` | | Enter full-screen mode. | Windows and Linux: `F11` Mac: `Fn` + `F` | | Open developer mode. | Windows and Linux: `F12` | ### Control window | To do this | Press | |------|------| | Minimize the Bitwarden desktop app. | `Ctrl/Cmd` + `M` | | Hide Bitwarden desktop app in the tray. | `Ctrl/Cmd` + `Shift` + `M` | | Always keep the Bitwarden desktop app on top. | `Ctrl/Cmd` + `Shift` + `T` Press again to undo the action. | | Close the Bitwarden desktop app window. | `Ctrl/Cmd` + `W` | --- URL: https://bitwarden.com/it-it/help/kubernetes-service-accounts/ --- # Kubernetes Service Accounts Kubernetes service accounts can be used to apply specific security contexts to specific pods. This can be useful, for example, in scenarios where you need to run your Bitwarden server in rootless mode, as the included SQL container requires elevated permissions. Once you've created and configured your service account with the desired permissions, change any of the pod service account designations (for example, `database.podServiceAccount`) in your `my-values.yaml` file. For example, a `my-values.yaml` with `component.admin.podServiceAccount` assigned a service account named `bitwarden-sa` should look like the following: ```bash component: # The Admin component admin: # Additional deployment labels labels: {} # Image name, tag, and pull policy image: name: ghcr.io/bitwarden/admin resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "100m" securityContext: podServiceAccount: bitwarden-sa ``` Pods that are eligible for service account designation include: - `component.admin.podServiceAccount` - `component.api.podServiceAccount` - `component.attachments.podServiceAccount` - `component.events.podServiceAccount` - `component.icons.podServiceAccount` - `component.identity.podServiceAccount` - `component.notifications.podServiceAccount` - `component.scim.podServiceAccount` - `component.sso.podServiceAccount` - `component.web.podServiceAccount` - `database.podServiceAccount` --- URL: https://bitwarden.com/it-it/help/lastpass-enterprise-migration-guide/ --- # LastPass Enterprise Migration Guide Secure migration of your organization with Bitwarden is straightforward and secure. Follow the steps in this guide to migrate data and users from LastPass: 1. [Create and configure your Bitwarden organization](https://bitwarden.com/it-it/help/lastpass-enterprise-migration-guide/#step-2-setup-your-organization/). 2. [Import your data into Bitwarden](https://bitwarden.com/it-it/help/lastpass-enterprise-migration-guide/#step-3-import-to-your-organization/). 3. [Onboard your users](https://bitwarden.com/it-it/help/lastpass-enterprise-migration-guide/#step-4-onboard-users/). 4. [Configure access to collections and vault items](https://bitwarden.com/it-it/help/lastpass-enterprise-migration-guide/#step-5-configure-access-to-collections-and-items/). > [!NOTE] Assistance during migration? > If you need assistance during your migration, our [Customer Success team is here to help](https://bitwarden.com/it-it/contact/)! ## Scope This document describes the best practices for migrating data securely from Lastpass to a Bitwarden [Teams or Enterprise organization](https://bitwarden.com/it-it/help/about-organizations/), building an infrastructure for security based on simple and scalable methods. [Password management](https://bitwarden.com/it-it/products/business/) is crucial for organizational security and operational efficiency. Providing insight into the best methods to perform migration and configuration is intended to minimize the trial-and-error approach that is often needed when exchanging enterprise tools. Steps in this document **are listed in the recommended order**for ease-of-use and smooth onboarding for users ## Step 1: Setup your organization Bitwarden organizations relate users and vault items together for [secure sharing](https://bitwarden.com/it-it/help/sharing/) of logins, notes, cards, and identities. > [!TIP] Import to org instead of to personal. > It's important that you create your organization first and [import data to it directly](https://bitwarden.com/it-it/help/import-to-org/), rather than importing the data to an individual account and then [moving items](https://bitwarden.com/it-it/help/sharing/) to the organization secondarily. 1. **Create your organization**. Start by creating your organization. To learn how, check out [this article](https://bitwarden.com/it-it/help/about-organizations/#create-an-organization/). > [!NOTE] Creating a self-hosted org. > To self-host Bitwarden, create an organization on the Bitwarden cloud, generate a [license key](https://bitwarden.com/it-it/host/), and use the key to [unlock organizations](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/) on your server. 2. **Onboard administrative users**. With your organization created, further setup procedures can be made easier by onboarding some [administrative users](https://bitwarden.com/it-it/help/user-types-access-control/). It's important that you **do not begin end-user onboarding** at this point, as there are a few steps left to prepare your organization. Learn how to invite admins [here](https://bitwarden.com/it-it/help/managing-users/#add-new-members/). 3. **Configure identity services**. Enterprise organizations support [logging in with single sign-on](https://bitwarden.com/it-it/help/about-sso/) (SSO) using either SAML 2.0 or OpenID Connect (OIDC). To configure SSO, open the organization's **Settings** → **Single Sign-On** screen in the Admin Console, accessible by [organization owners and administrators](https://bitwarden.com/it-it/help/user-types-access-control/). 4. **Enable enterprise policies**. [Enterprise policies](https://bitwarden.com/it-it/help/policies/) enable organizations to implement rules for users, for example requiring use of two-step login. It is highly recommended that you configure policies before onboarding users. ## Step 2: Import data Data can be imported directly from LastPass or using an [exported file](https://bitwarden.com/it-it/help/import-from-lastpass/#export-from-lastpass/) from LastPass. If you're a member of a team using SSO with LastPass, a LastPass administrator will need to complete a short setup procedure before you can use the **Direct import** option ([learn more](https://bitwarden.com/it-it/help/import-from-lastpass/#direct-import-with-sso/)). To import data to your organization using the **Direct import** method: 1. Log in to the Password Manager browser extension or desktop app. 2. In the browser extension, select the **Settings** tab and choose the **Import items** option**.** Or, in the desktop app, select **File**> **Import data**. 3. Complete the following fields from the drop down menus: - **Import destination:**Select the import destination, such as the organizational vault that you have access to. - **Folder or Collection:**Select if you would like the imported content moved to a specific collection that you have access to. - [**File format**](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/)**:** Select **LastPass**. - In the LastPass Instructions box, choose the **Import directly from LastPass** option. - Enter your **LastPass email**. > [!TIP] LP MFA during import > If your LastPass account has multi-factor authentication activated, you will be prompted to enter a one-time passcode from your authenticator app. If you use Duo for MFA, only in-app approval is supported to fulfill your MFA requirement. 4. Select the **Import data**button to trigger the import. 5. You will be prompted for your LastPass master password or, if your LastPass account uses SSO, to log in to your IdP. In either case, follow the prompts to log in to your LastPass account. > [!TIP] Recommend org users import individual data. > You should also recommend to employees that they export their individually-owned data from your existing password manager and prepare it for import into Bitwarden. Learn more [here](https://bitwarden.com/it-it/help/import-from-lastpass/#tab-direct-import-7dsxR2Yah8mdGJAmQdYZea/). ## Step 3: Onboard users Bitwarden supports manual onboarding via the web vault and automated onboarding through SCIM integrations or syncing from your existing directory service: ### Manual onboarding To ensure the security of your organization, Bitwarden applies a 3-step process for onboarding a new member, [invite](https://bitwarden.com/it-it/help/managing-users/) → [accept](https://bitwarden.com/it-it/help/managing-users/) → [confirm](https://bitwarden.com/it-it/help/managing-users/). Learn how to invite new users [here](https://bitwarden.com/it-it/help/managing-users/#add-new-members/). > [!TIP] Instruct users to import from LP > Once users are onboarded, instruct them to import their personal data to Bitwarden using an exported file or, if their LastPass accounts are still active, using the **Direct import**method described [here](https://bitwarden.com/it-it/help/import-from-lastpass/#import-to-bitwarden/). ### Automated onboarding Automated user onboarding is available through SCIM integrations with [Azure AD](https://bitwarden.com/it-it/help/microsoft-entra-id-scim-integration/), [Okta](https://bitwarden.com/it-it/help/okta-scim-integration/), [OneLogin](https://bitwarden.com/it-it/help/onelogin-scim-integration/), and [JumpCloud](https://bitwarden.com/it-it/help/jumpcloud-scim-integration/), or using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/), a standalone application available in a [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/) and [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/) tool that will synchronize users and groups from your existing directory service. Whichever you use, users are automatically invited to join the organization and can be confirmed manually or automatically using the [Bitwarden CLI tool](https://bitwarden.com/it-it/help/cli/#confirm/). > [!TIP] Instruct users to import from LP > Once users are onboarded, instruct them to import their personal data to Bitwarden using an exported file or, if their LastPass accounts are still active, using the **Direct import**method described [here](https://bitwarden.com/it-it/help/import-from-lastpass/#import-to-bitwarden/). ## Step 4: Configure access to collections and items Share vault items with your end-users by configuring access through collections, groups, and group-level or user-level permissions: ### Collections Bitwarden empowers organizations to share sensitive data easily, securely, and in a scalable manner. This is accomplished by segmenting shared secrets, items, logins, etc. into **collections**. Collections can organize secure items in many ways, including by business function, group assignment, application access levels, or even security protocols. Collections function like shared folders, allowing for consistent access control and sharing amongst groups of users. Shared folders from LastPass can be imported as collections into Bitwarden by using the organization import template found [here](https://bitwarden.com/assets/4DdJLATeuhMYlE581pPErF/ef60b56917b58f59141ae9aa58b5a46d/bitwarden_export_org.csv) and placing the name of the shared folder in the `collections` column. Collections can be shared with both groups and individual users. Limiting the number of individual users that can access a collection will make management more efficient for admins. Learn more [here](https://bitwarden.com/it-it/help/about-collections/). > [!NOTE] Nested collection permissions > Nested collections do not inherit the permissions of the top level collection. See [using groups](https://bitwarden.com/it-it/help/about-groups/#using-groups/) to designate permissions. ### Groups Using groups for sharing is the most effective way to provide credential and secret access. Groups, like users, can be synced to your organization using SCIM or Directory Connector. ### Permissions Permissions for Bitwarden collections can be assigned on the group or user-level. This means that each group or user can be configured with different permissions for the same collection. Collection permissions options include options: - Can view - Can view, except passwords - Can edit - Can edit, except passwords - Manage collections Learn more about permissions [here](https://bitwarden.com/it-it/help/collection-permissions/). Bitwarden uses a union of permissions to determine final access permissions for a user and a collection. For example: - User A is part of the Tier 1 Support group, which has access to the Support collection, with can view permission. - User A is also a member of the Support Management group, which has access to the Support collection, with can edit access. - In this scenario, User A will be able to edit to the Collection. ## Migration support The Bitwarden Customer Success team is available 24/7 with priority support for your organizations. If you need assistance or have questions, please do not hesitate to [contact us](https://bitwarden.com/it-it/contact/). --- URL: https://bitwarden.com/it-it/help/ldap-directory/ --- # LDAP or Active Directory This article will help you get started using Directory Connector to sync users and groups from your LDAP or Active Directory service to your Bitwarden organization. Bitwarden provides built-in connectors for the most popular LDAP directory servers, including: - Microsoft Active Directory - Apache Directory Server (ApacheDS) - Apple Open Directory - Fedora Directory Server - Novell eDirectory - OpenDS - OpenLDAP - Sun Directory Server Enterprise Edition (DSEE) - Any generic LDAP directory server ## Connect to your server Complete the following steps to configure Directory Connector to use your LDAP or Active Directory: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Settings** tab. 3. From the **Type** dropdown, select **Active Directory / LDAP**. The available fields in this section will change according to your selected type. 4. Configure the following options: | **Option** | **Description** | **Examples** | |------|------|------| | Server Hostname | Hostname of your directory server. | `ad.example.com`, `ldap.company.org` | | Server Port | Port on which your directory server is listening. | `389 `or `10389` | | Root Path | Root path at which Directory Connector should start all queries. | `cn=users`, `dc=ad`, `dc=example`, `dc=com `or `dc=ldap`, `dc=company`, `dc=org` | | This server uses active directory | Check this box if the server is an Active Directory server. | | | This server pages search results | Check this box if the server paginates search results (LDAP only). | | | This server uses an encrypted connection | Checking this box will prompt you to select one of the following options: **Use SSL**(LDAPS) If your LDAPS server uses an untrusted certificate, you can configure certificate options on this screen. **Use TLL**(STARTTLS) If your LDAP server uses a self-signed certificate for STARTTLS, you can configure certification options on this screen. | | | Username | The distinguished name of an administrative user that the application will use when connecting to the directory server. For **Active Directory**, if synchronizing the status of users removed from the directory is desired, the user should be a member of the built-in administrator group. | | | Password | The password of the user specified above. The password is safely stored in the operating system's native credential manager. | | ## Configure sync options > [!NOTE] Clear sync cache > When you are finished configuring, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations. For more information, see [Clear Sync Cache](https://bitwarden.com/it-it/help/clear-sync-cache/). Complete the following steps to configure the settings used when syncing using Directory Connector: > [!NOTE] > If you are using Active Directory, many of these settings are predetermined for you and are therefore are not shown. 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Settings** tab. 3. In the **Sync** section, configure the following options as desired: | **Option** | **Description** | |------|------| | Interval | Time between automatic sync check (in minutes). | | Remove disabled users during sync (**Not available for LDAP**) | Check this box to remove users from the Bitwarden organization that have been disabled in your organization. | | More than 2000 users or groups are expected to sync | Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups. | | Member Attribute | Name of the attribute used by the directory to define a group's membership (for example, `uniqueMember`). | | Creation Data Attribute | Name of the attribute used by the directory to specify when an entry was created (for example, `whenCreated`). | | Revision Date Attribute | Name of the attribute used by the directory to specify when an entry was last changed (for example, `whenChanged`). | | If a user has no email address, combine a username prefix with a suffix value to form an email | Check this box to form valid email options for users that do not have an email address. This option is available after selecting **This server uses Active Directory**. **Users without real or formed email addresses will be skipped by Directory Connector.** Formed Email = **Email Prefix Attribute**+ **Email Suffix** | | Email Prefix Attribute | Attribute used to create a prefix for formed email addresses. | | Email Suffix | A string (`@example.com`) used to create a suffix for formed email addresses. | | Sync users | Check this box to sync users to your organization. Checking this box will allow you to specify a **User Filter**, **User Path**, **User Object Class**, and **User Email Attribute**. | | User Filter | See [Specify sync filters](https://bitwarden.com/it-it/help/ldap-directory/#specify-sync-filters/). | | User Path | Attribute used with the specified **Root Path**to search for users (for example, `ou=users`). If no value is supplied, the subtree search will start from the root path. | | User Object Class | Name of the class used for the LDAP user object (for example, `user`). | | User Email Attribute | Attribute to be used to load a user's stored email address. | | Sync groups | Check this box to sync groups to your organization. Checking this box will allow you to specify a **Group Filter**, **Group Path**, **Group Object Class**, **Group Name Attribute**. | | Group Filter | See [Specify sync filters](https://bitwarden.com/it-it/help/ldap-directory/#specify-sync-filters/). | | Group Path | Attribute used with the specified **Root Path**to search for groups (for example, `ou=groups`). If no value is supplied, the subtree search will start from the root path. | | Group Object Class | Name of the class used for the LDAP group object (for example, `groupOfUniqueNames`). | | Group Name Attribute | Name of the attribute used by the directory to define the name of a group (for example, `name`). | ### Specify sync filters User and group filters can be in the form of any LDAP-compatible search filter. Active Directory provides some advanced options and limitations for writing search filters, when compared to standard LDAP directions. Learn more about writing Active Directory search filters [here](https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax?redirectedfrom=MSDN). > [!NOTE] LDAP nested groups bwdc > Nested groups can sync multiple group objects with a single referent in the Directory Connector. Do this by creating a group whose members are other groups. #### Samples To filter a sync for all entries that have `objectClass=user` and `cn` (common name) that contains `Marketing`: ``` (&(objectClass=user)(cn=*Marketing*)) ``` (**LDAP-only**) To filter a sync for all entries with an `ou` (organization unit) component of their `dn` (distinguished name) that is either `Miami` or `Orlando`: ``` (|(ou:dn:=Miami)(ou:dn:=Orlando)) ``` (**LDAP-only**) To exclude entities that match an expression, for example all `ou=Chicago` entries *except* those that also match a `ou=Wrigleyville` attribute: ``` (&(ou:dn:=Chicago)(!(ou:dn:=Wrigleyville))) ``` (**AD Only**) To filter a sync for users in the `Heroes` group: ``` (&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=Heroes,ou=users,dc=company,dc=com)) ``` (**AD Only**) To filter a sync for users that are members of the `Heroes` group, either directly or via nesting: ``` (&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=cn=Heroes,ou=users,dc=company,dc=com)) ``` ## Test a sync > [!TIP] BWDC connect to EU server. > Before testing or executing a sync, check that Directory Connector is connected to the right cloud server (e.g. US or EU) or self-hosted server. Learn how to do so with the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/#getting-started/) or [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/#config/). To test whether Directory Connector will successfully connect to your directory and return the desired users and groups, navigate to the **Dashboard** tab and select the **Test Now** button. If successful, users and groups will be printed to the Directory Connector window according the specified [sync options](https://bitwarden.com/it-it/help/ldap-directory/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/ldap-directory/#specify-sync-filters/): ![Test sync results ](https://bitwarden.com/assets/5QYMxvtCPhjbluuoLcCapD/96e9c630ead9ceba5124b55f9d2764a3/dc-okta-test.png) ## Start automatic sync Once [sync options](https://bitwarden.com/it-it/help/ldap-directory/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/ldap-directory/#specify-sync-filters/) are configured and tested, you can begin syncing. Complete the following steps to start automatic syncing with Directory Connector: 1. Open the Directory Connector [desktop application](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Dashboard** tab. 3. In the **Sync** section, select the **Start Sync** button. You may alternatively select the **Sync Now** button to execute a one-time manual sync. Directory Connector will begin polling your directory based on the configured [sync options](https://bitwarden.com/it-it/help/ldap-directory/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/ldap-directory/#specify-sync-filters/). If you exit or close the application, automatic sync will stop. To keep Directory Connector running in the background, minimize the application or hide it to the system tray. > [!NOTE] Teams Starter + BWDC > If you're on the Teams Starter plan, you are limited to 10 members. Directory Connector will display an error and stop syncing if you try to sync more than 10 members. > > **This plan is no longer available for purchase**. This error does not apply to Teams plans. ## Sync with Active Directory troubleshooting **Value limit reached when synchronizing from an Active Directory instance:** The Active Directory `MaxValRange` has a default setting of 1500. If an attribute, such as `members` on a Group has more than 1500 values, Active Directory will return both a blank `members` attribute, as well as a truncated list of` members `on separate attributes, up to the value of `MaxValRange`. - You can adjust the `MaxValRange` policy to a value higher than the number of members of your largest group in Active Directory. See the Microsoft documentation for setting Active Directory LDAP policies by using the [ntdsutll.exe](https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/view-set-ldap-policy-using-ntdsutil) utility. --- URL: https://bitwarden.com/it-it/help/legacy-user-support/ --- # Legacy User Support > [!NOTE] update encryption scheme if you haven't > As of the 2025.6.2 server release deployed on June 24, 2025 Bitwarden has officially removed support for legacy users. > > - **If your account was created after 2017**, you are not impacted by this change. > - **If your account was created before 2017**, as long as you have logged in to the web app since 2023, you are not impacted by this change. **Accounts created prior to 2017** leveraged an encryption scheme that used a key derived from your master password directly to encrypt account data. This encryption method was inflexible and created an environment with potential vulnerabilities. In 2017, Bitwarden's [encryption scheme](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#hashing-key-derivation-and-encryption/) was updated to address these vulnerabilities. Following this update: - (2017) Workflows for automatically migrating accounts to the new encryption scheme were added to the web app. - (2023) Bitwarden clients, not including the web app, underwent changes that prevented legacy users from logging in. Error messages directed users to log in on the web app to execute migration. - (2025) Bitwarden servers underwent changes that logged remaining legacy users out of active sessions, requiring them to log in on the web app to execute migration. Impacted users were emailed following these changes. As a result of these actions, as of version 2025.6.1, it is unlikely that any actively-used Bitwarden accounts still utilize the legacy encryption scheme. --- URL: https://bitwarden.com/it-it/help/licensing-on-premise/ --- # License Organizations or Premium Self-hosting Bitwarden is free, however some features must be unlocked in your self-hosted instance with a registered license file. A license file can be obtained from the Bitwarden-hosted web app by either an account with a premium individual subscription or by the owner of an organization. The steps are different when working with an [individual license](https://bitwarden.com/it-it/help/licensing-on-premise/#individual-license/) versus an [organization license](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/). > [!NOTE] licensing paid features > The procedures in this article assume that you have already started a paid subscription to Bitwarden. If you haven't, refer to [About Bitwarden Plans](https://bitwarden.com/it-it/help/password-manager-plans/) and [What Plan is Right for Me?](https://bitwarden.com/it-it/help/what-plan-is-right-for-me/) ## Individual license Follow these procedures when working with an individual license for a premium subscription. You'll be working in both the cloud web vault and your self-hosted web vault, and your account email addresses should match. ### Retrieve individual license After you create an account on your self-hosted server, retrieve your license from the cloud web app: 1. Log in and select **Settings** → **Subscription** from the navigation. 2. Select the **Download license**button: ![Download personal license](https://bitwarden.com/assets/bXoVGOMEI1d8iCVoy5fmI/af545e3c083aeebaf12c751fc38a59ea/2024-12-04_10-02-56.png) ### Apply individual license Next, log in to your self-hosted Bitwarden server to apply the downloaded license: 1. If you haven't already, verify your email address. You will need to have [configured SMTP-related environment variables](https://bitwarden.com/it-it/help/environment-variables/) to do so. 2. Select **Settings** → **Subscription** from the navigation. 3. In the License file section, select the **Browse...** or **Choose file** button button and add the downloaded license file. 4. Select the **Submit** button to apply your premium license. ### Update individual license If for any reason you need to update your individual license file, for example when it expires: 1. Follow the steps to **Retrieve your license**again. 2. Follow the steps to **Apply your license**again, only this time you will see an **Update license**button rather than a button to browse for a new license. ## Organization license Follow these procedures when working with an organization license for a Families or Enterprise organization. You must be an [organization owner](https://bitwarden.com/it-it/help/user-types-access-control/) to retrieve, apply, and update a license. ### Retrieve organization license Before starting an organization on your self-hosted server, retrieve your organization license from the cloud web app. 1. In the Bitwarden web app, open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Navigate to **Billing** → **Subscription**. 3. Scroll down and select the **Download license** button. 4. When prompted, enter the installation ID that was used to install your self-hosted server and select **Submit**. If you don't know the installation ID off-hand, you can retrieve it from `./bwdata/env/global.override.env`. > [!NOTE] Installation ID & Region > Make sure that the installation ID you retrieved from [bitwarden.com/host](https://bitwarden.com/it-it/host/) uses the same [data region](https://bitwarden.com/it-it/help/server-geographies/) as where your organization exists. ### Apply organization license Applying your license in a self-hosted server is the means by which you'll create a self-hosted organization. From your self-hosted web vault: 1. Start a new organization by selecting the + **Add organization** button. 2. Select the **Browse...** or **Choose file** button, add the downloaded license file, and select **Submit**. > [!NOTE] organization license error > If you receive a `version not supported` error message, update your server and try uploading your license file again. To update your server, make a backup of the `bwdata` directory and follow [these instructions](https://bitwarden.com/it-it/help/updating-on-premise/). ### Update organization license Organizations will need to update the license file used by their self-hosted server in several different scenarios, for example: - To **add user seats** to a self-hosted organization. Self-hosted organizations' seat count is dictated by the license, so to add seats they must first be added to the associated cloud organization and then the license used by your self-hosted organization must be updated. - To continue operation of the self-hosted organization **w****hen the license renews**. You have 60 days, from the date of renewal, to update the license file to you self-hosted server before your self-hosted [organization is disabled](https://bitwarden.com/it-it/help/organization-renewal/). There are two methods for updating a self-hosted organization's license, however **Families organizations may only update manually**: ### Automatic sync Automatic sync: - Eliminates the need for organization admins to manually re-upload licenses. Once setup, admins will only need to trigger a sync from the **Organization** → **Billing** when an update to the license used by the self-hosted organization is required. - Makes [Families sponsorships](https://bitwarden.com/it-it/help/families-for-enterprise/) possible for members of self-hosted organizations. Sync for these sponsorships will automatically occur per day. - Cannot be setup by organizations still in a free trial period. To set up automatic sync: #### Step 1: Enable cloud communication > [!TIP] Who can Enable Cloud Comms > This step must be completed by someone with access to your self-hosted instance's configuration files. Configure your server to allow communication with Bitwarden cloud systems by setting the following lines in `bwdata/env/global.override.env`: ``` globalSettings__enableCloudCommunication=true globalSettings__baseServiceUri__cloudRegion=US ``` If your cloud organization was created on EU servers, you'll need make the following changes to configure for communication with EU cloud servers: - Change the second of these lines to `globalSettings__baseServiceUri__cloudRegion=EU`. - Set the following 3 additional values: ``` globalSettings__installation__identityUri=https://identity.bitwarden.eu globalSettings__installation__apiUri=https://api.bitwarden.eu globalSettings__pushRelayBaseUri=https://push.bitwarden.eu ``` > [!NOTE] Installation id region > Make sure before proceeding that your configuration correctly correlates to the data region selected when retrieving your [installation ID & key](https://bitwarden.com/it-it/host/) as described above. Once you have set these value, apply your change by running the `./bitwarden.sh rebuild `command. Start your server again with the `./bitwarden.sh start` command. > [!NOTE] Self-hosting communication fire walls > Enabling automatic sync requires communication with Bitwarden's cloud systems. If your environment uses a firewall to block outbound traffic, you will need to allow `https://api.bitwarden.com` or `.eu` and `https://identity.bitwarden.com` or `.eu`. #### Step 2: Retrieve billing sync token Once cloud communication is enabled at the server-level, a sync token needs to be passed from the cloud organization that is associated with your self-hosted organization. To retrieve your sync token from the cloud web app: 1. Open the **cloud** Admin Console and navigate to **Billing** → **Subscription**. 2. In the self-hosting section, select **Set up billing sync**. 3. Enter your master password and select **Generate token**. 4. Copy the generated token. #### Step 3: Apply billing sync token To apply the billing sync token to your self-hosted organization: 1. Open the **self-hosted** Admin Console and navigate to **Billing** → **Subscription**. 2. In the License and billing management section, choose the **Automatic sync** option. 3. Select the **Manage billing sync** button. 4. Paste your generated **Billing Sync Token** and select **Save**. > [!NOTE] Sync Status `Never` > Sync for [Families for Enterprise](https://bitwarden.com/it-it/help/families-for-enterprise-self-hosted/) will occur once daily once you've triggered your first sync. The **Last sync** field in this section will report **Never** until you trigger your first sync. > > Sync for license updates must always be done manually by selecting the **Sync license** button (see the next section for details). #### Step 4: Trigger sync Trigger a sync once you've completed setup and **each time you need to update your license**. Sync for Familes for Enterprise will occur **once daily**. To trigger a sync: 1. Open the **self-hosted** Admin Console and navigate to **Organization** → **Billing**. 2. Select the **Sync license**button. > [!NOTE] organization license error > If you receive a `version not supported` error message, update your server and try uploading your license file again. To update your server, make a backup of the `bwdata` directory and follow [these instructions](https://bitwarden.com/it-it/help/updating-on-premise/). ### Manual update To manually re-upload a license file: 1. Follow the steps to **Retrieve your license**again. 2. Open the self-hosted Admin Console and navigate to **Billing** → **Subscription**. 3. In the License and billing management section, choose the **Manual upload** option. 4. Select the **Browse...** or **Choose file** button to add your license file. 5. Select **Submit**. > [!NOTE] organization license error > If you receive a `version not supported` error message, update your server and try uploading your license file again. To update your server, make a backup of the `bwdata` directory and follow [these instructions](https://bitwarden.com/it-it/help/updating-on-premise/). --- URL: https://bitwarden.com/it-it/help/link-sso/ --- # Link SSO You typically only need to link to SSO if you're joining an organization with a **pre-existing Bitwarden account** or if your organization does not [require you to use SSO](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/). To link to SSO: 1. Open the web app, and select the ⋮ **Options**menu next to your organization. 2. From the dropdown menu, select 🔗 **Link SSO**. ![Link SSO](https://bitwarden.com/assets/cv0DGhcgyEbQEn4MvdJp5/fefb4158c09be8cf9804ed5579c2d7dc/Screenshot_2024-02-26_at_2.07.03_PM.png) Once linked, you'll be able to [log in to the account with SSO](https://bitwarden.com/it-it/help/using-sso/). > [!NOTE] Unlinking SSO > Once you're linked, you can **Unlink SSO**from the same menu. This is generally most useful when your email address changes in your IdP (e.g. Google, Azure) or in Bitwarden and SSO stops working as a result, or in situations when an IdP identity is linked to the wrong Bitwarden account and the existing link must be broken before a correct one can be made. ## --- URL: https://bitwarden.com/it-it/help/link-to-an-item/ --- # Hyperlink Organization Items When you need to direct members of your organization to a specific* *vault item, for example in documentation, you can copy the URL of an item to be used as a direct link for users that **have access to the item**. > [!TIP] Linkable Items for Personal Use > Item linking is not exclusive to organizations! You can save links to items in your individual vault if you find it useful, but only you will be able to access them. When you are viewing an item in the web vault, the URL in your address bar will include a query parameter like `?itemnrId=fced56b3-d83c-4b01-8751-ae9301551da7`, where the `itemId` value represents the unique item identifier: ![Item link](https://bitwarden.com/assets/6v3WH6FljmTFOlSqOjjAqZ/a9c1ae50155e6692d52987fe4f0cc888/2024-12-04_09-55-51.png) Copy the full value in the address bar and use that link to direct organization members directly to this item. Users **must already have access to the item**in order to successfully use a link. > [!NOTE] You'll need to log in > Unless the user opens that link in a browser tab that is already logged in to Bitwarden, **they'll need to log in**. Most browsers, for example, default to opening a clicked-link in a new tab and therefore would require the user to log in. Once they log in, the vault item will be automatically opened. --- URL: https://bitwarden.com/it-it/help/list-of-emails/ --- # Emails from Bitwarden Servers This article describes the automated emails that will be sent from `no-reply@bitwarden.com` or `.eu` to organization members, including owners, admins, and end-users, as well as individual users. Emails in this article are organized by who will receive them as well as by criticality. **Whether an email is considered critical in an organization context may depend on your organization's particular deployment or requirements.** ## Organization emails ### Critical administrative emails The following emails alert owners and admins of Bitwarden organizations to critical changes or action items related to their organization: | Subject line | Variable | Description | |------|------|------| | Your Subscription Will Renew Soon | n/a | The billing email for an organization receives this email when their organization subscription is [approaching a renewal date](https://bitwarden.com/it-it/help/organization-renewal/). | | {Organization} Seat Count Has Increased | {Organization} = Your organization's display name. | All owners receive this email when their [organization seat count autoscales](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/). | | {Organization} Seat Limit Reached | {Organization} = Your organization's display name. | All owners receive this email when the number of their organization's members matches their [seat limit](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/#set-a-seat-limit/). | | Domain not claimed | n/a | All owners and admins receive this email when an [attempt to claim a domain for their organization was not successful](https://bitwarden.com/it-it/help/claimed-domains/). | | Action Required: {User} Needs to be Confirmed | {User} = A user's email address. | All owners and admins receive this email when a user is waiting to be [confirmed to join the organization.](https://bitwarden.com/it-it/help/managing-users/#confirm/) | | Review SSO login request for new device | n/a | All owners and admins receive this email when a user is waiting for a [trusted device to be approved](https://bitwarden.com/it-it/help/approve-a-trusted-device/). | | Request to Delete Your Organization | n/a | An owner receives this email if they have requested deletion of their organization from Bitwarden support. This email will only be sent to a valid owner who has confirmed with Bitwarden support that organization deletion can be initiated. | ### Critical member emails The following emails alert members of Bitwarden organizations, in all roles, to critical changes or action items related to their account: | Subject line | Variable | Description | |------|------|------| | {Organization} invited you to their Bitwarden organization. | {Organization} = Your organization's display name. | A user receives this email when they are invited to join an organization, **if** they have an existing Bitwarden account. | | {Organization} set up a Bitwarden account for you. | {Organization} = Your organization's display name. | A user receives this email when they are invited to join an organization, **if** they do not have an existing Bitwarden account. | | You have been revoked from {Organization} | {Organization} = Your organization's display name. | A user receives this email when their access is revoked due to violation of the [Require two-step login](https://bitwarden.com/it-it/help/policies/#require-two-step-login/) or [Single organization](https://bitwarden.com/it-it/help/policies/#single-organization/) policies. | | Your admin has initiated account recovery | n/a | A user receives this email when an administrator has [initiated account recovery on their account](https://bitwarden.com/it-it/help/account-recovery/#recover-an-account/). | | Login request approved | n/a | A user receives this email when a trusted device [login request is approved by an administrator](https://bitwarden.com/it-it/help/add-a-trusted-device/). | | Important update to your Bitwarden account | n/a | A user receives this email when their account is [claimed by an organization they are a member of](https://bitwarden.com/it-it/help/claimed-accounts/). | | {Organization} has identified 1 at-risk password {Organization} has identified {#) at-risk passwords | {Organization} = Your organization's display name. {#} = The number of at-risk passwords. | A user receives this email when an administrator initiates a [change password request](https://bitwarden.com/it-it/help/access-intelligence/#requesting-password-changes/). | ### Critical Secrets Manager emails The following emails alert owners of Bitwarden organizations to critical changes or action items related to their use of Secrets Manager: | Subject | Variable | Description | |------|------|------| | {Organization} Secrets Manager Seat Limit Reached | {Organization} = Your organization's display name. | All owners receive this email when the number of users in an organization [assigned to Secrets Manager matches its seat limit](https://bitwarden.com/it-it/help/secrets-manager-quick-start/#user-seats-and-machine-account-scaling/). | | {Organization} Secrets Manager Machine Accounts Limit Reached | {Organization} = Your organization's display name. | All owners receive this email when the number of [machine accounts created in an organization matches its machine account limit](https://bitwarden.com/it-it/help/secrets-manager-quick-start/#user-seats-and-machine-account-scaling/). | ### Non-critical organization emails The following emails alert members of Bitwarden organizations, in all roles, to non-critical changes or actions items related to their account or organization: | Subject line | Variable | Description | |------|------|------| | You can now access items from {Organization} | {Organization} = Your organization's display name. | A user receives this email when their access to the organization is confirmed. | | Access Requested for Secrets Manager | n/a | An admin or owner receives this email when a user has requested access to [Secrets Manager](https://bitwarden.com/it-it/help/secrets-manager-overview/). | | Automatic user confirmation is available for {Organization} | {Organization} = Your organization's display name. | Admins and owners receive this email when [automatic confirmation](https://bitwarden.com/it-it/help/automatic-confirmation/) has been made available to your organization by Bitwarden. | | Accept Your Free Families Subscription | n/a | A user receives this email when a member of an organization invited them to [create a sponsored Families organization](https://bitwarden.com/it-it/help/families-for-enterprise/). | | Success! Families Subscription Accepted | n/a | A user receives this email when they've redeemed an invitation to [create a sponsored Families organization](https://bitwarden.com/it-it/help/families-for-enterprise/). | | Your Families Sponsorship was Removed | n/a | A user receives this email when they've manually removed [sponsorship for a Families organization](https://bitwarden.com/it-it/help/families-for-enterprise/). | | Removal of Free Bitwarden Families plan | n/a | A user receives this email when sponsorship for a Families organization has been [removed by an administrator, typically by activating a policy](https://bitwarden.com/it-it/help/policies/#remove-free-bitwarden-families-sponsorship/). | ### Free or Families organization emails The following emails alert members of specifically **Free** or **Families** Bitwarden organizations, in all roles, to critical changes or action items related to their account: | Subject line | Variable | Description | |------|------|------| | {Organization} invited you to their Bitwarden organization. | {Organization} = Your organization's display name. | A user receives this email when they are invited to join an organization, **if** they have an existing Bitwarden account. (FAM) | | {Organization} set up a Bitwarden account for you. | {Organization} = Your organization's display name. | A user receives this email when they are invited to join an organization, **if** they do not have an existing Bitwarden account. (FAM) | | You have been invited to a Bitwarden Organization. | n/a | A user receives this email when they are invited to join a **free** organization, **if** they have an existing Bitwarden account. | | You have been invited to Bitwarden Password Manager. | n/a | A user receives this email when they are invited to join a **free** organization, **if** they do not have an existing Bitwarden account. | ## Provider & business unit emails The following emails alert provider and business unit admins to any changes or action items relevant to their provider or business unit: | Subject line | Variable | Description | |------|------|------| | Create a Provider | n/a | A provider admin receives this email when they are [registered to create a provider](https://bitwarden.com/it-it/help/getting-started-providers/#start-a-provider/). | | Set Up Business Unit | n/a | A business unit admin receives this email when they are registered to create a [business unit](https://bitwarden.com/it-it/help/business-unit-portal/). | | Join {Provider/Business Unit} | {Provider/Business Unit} = Your provider's display name. | A user receives this email when they are [invited to join a provider](https://bitwarden.com/it-it/help/provider-users/#invite/) or business unit. | | You Have Been Confirmed To {Provider/Business Unit} | {Provider/Business Unit} = Your provider's display name. | A user receives this email when their [access to a provider or business unit is confirmed](https://bitwarden.com/it-it/help/provider-users/#confirm/). | | You Have Been Removed from {Provider/Business Unit} | {Provider/Business Unit} = Your provider's display name. | A user receives this email when their [access to a provider or business unit is removed](https://bitwarden.com/it-it/help/provider-users/#deprovision-users/). | | Update your billing information | n/a | A client organization owner receives this email if their organization is removed from provider management and must add a billing method. | | Request to Delete Your Provider | n/a | An owner receives this email if they have requested deletion of their organization from Bitwarden support. | ## Self-hosting emails The following emails alert administrators of self-hosted Bitwarden deployments of changes or action items related to their server: | Subject line | Variable | Description | |------|------|------| | License Expired | n/a | An owner receives this email when the [license file for their self-hosted server](https://bitwarden.com/it-it/help/licensing-on-premise/) has exceeded its 60-day [grace period after expiration](https://bitwarden.com/it-it/help/organization-renewal/). | | [Admin] Continue Logging In | n/a | An administrator receives this email while logging in to the [System Administrator Portal](https://bitwarden.com/it-it/help/system-administrator-portal/). | ## Widely-applicable emails The following emails alert Bitwarden users, including members of organizations in any role and individual users, of changes or action items related to their account: | Subject line | Variable | Description | |------|------|------| | Verify Your Email | n/a | A user receives this email during independent account creation. | | Your Email Change | n/a | A user receives this email when a request to change their account email address is initiated. | | Your Master Password Hint | n/a | A user receives this email when they've requested a [master password hint](https://bitwarden.com/it-it/help/master-password/) during login. | | Master Password Has Been Changed | n/a | A user receives this email when their master password is changed. | | Your Bitwarden Verification Code | n/a | A user receives this email when logging in if they need to input [email-based two-step login](https://bitwarden.com/it-it/help/setup-two-step-login-email/#use-email-verification/) or [verify a new device](https://bitwarden.com/it-it/help/new-device-verification/). | | New Device Logged In From {Device} | {Device} = Device type, for example "Chrome Extension", "Windows", or "iOS". | A user receives this email when their account is logged into from a new device. | | Failed login attempts detected | n/a | A user receives this email when several attempts to log in to their Bitwarden account fail. | | Recover 2FA From {IP} | {IP} = An IP address. | A user receives this email when a two-step login [recovery code is used to deactivate 2FA](https://bitwarden.com/it-it/help/two-step-recovery-code/#use-your-recovery-code/). | | Delete Your Account | n/a | A user receives this email when [deletion of their account has been requested](https://bitwarden.com/it-it/help/delete-your-account/#delete-an-individual-account/). | | Payment Failed | n/a | A user receives this email when the payment method attached to their subscription has failed on renewal. | | Account Credit Payment Processed | n/a | A user receives this email when account credit is processed toward a subscription renewal. | | Welcome to Bitwarden! | n/a | A user receives this email when they create a new Bitwarden account. | | Emergency Access Contact Invite | n/a | A user receives this email when they are [invited to be an emergency contact for another user](https://bitwarden.com/it-it/help/emergency-access/#add-trusted-emergency-contacts/). | | Accepted Emergency Access | n/a | A user receives this email when another user has [accepted an invitation to become an emergency contact](https://bitwarden.com/it-it/help/emergency-access/#add-trusted-emergency-contacts/). | | You Have Been Confirmed as Emergency Access Contact | n/a | A user receives this email when they are [confirmed as an emergency contact for another user](https://bitwarden.com/it-it/help/emergency-access/#add-trusted-emergency-contacts/). | | Emergency Access Initiated | n/a | A user receives this email when a emergency contact [requests access to their account](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/). | | Emergency Access Approved | n/a | A user receives this email when their [request for emergency access to another's account is approved](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/). | | Emergency Access Rejected | n/a | A user receives this email when their [request for emergency access to another's account is rejected](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/). | | Pending Emergency Access Request | n/a | A user receives this email when an [initiated emergency access request is still pending](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/) after a certain amount of time. | | Emergency Access Granted | n/a | A user receives this email when access to their account [has been granted to an emergency contact](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/). | --- URL: https://bitwarden.com/it-it/help/localization/ --- # Localization ## Change language To change the language of a Bitwarden app: ### Web app The Bitwarden web app will default to the chosen language of your web browser, which is often in turn determined by your device's system language. To manually override this default and set a different language for the Bitwarden web app: 1. Select**Settings** → **Appearance** from the navigation: ![Web app appearance](https://bitwarden.com/assets/7vKmhsOfJqieQbYRxALV75/0ed7782f100100ab3d86567e6b1b0a9d/2025-12-31_10-27-36.png) *Web app appearance* 2. Select a language from the **Language**dropdown**.** ### Desktop The Bitwarden desktop app will default to the your device's system language, however to override this default and set a different language for Bitwarden: 1. Open the desktop app's **Preferences** panel (on Windows, **File** → **Settings**) (on macOS, **Bitwarden** → **Preferences**). 2. Scroll to bottom of the **App Settings** section and use the **Language** dropdown to select your language: ![Desktop app language setting](https://bitwarden.com/assets/6NSZV46oKRi7Roeu7g2ATZ/8a7cacb71d48d47bb11c7ef46ec88903/2026-04-23_11-12-59.png) *Desktop app language setting* ### Mobile The Bitwarden mobile app will default to the your device's system language, however to override this default and set a different language for Bitwarden: 1. Open the mobile app and tap the **Settings** tab. 2. Tap **Appearance**. 3. Locate the **Language** field and select your preferred language: ![Mobile app language setting](https://bitwarden.com/assets/5pqOwt6W99sLHRCpN1DX1w/bc3581ebc015c0343c116c5eb609e2f5/2025-01-21_15-19-31.png) *Mobile app language setting* 4. Restart the application in order to apply changes. ### Browser extensions The Bitwarden browser extension will default to the chosen language of your web browser, which is often in turn determined by your device's system language. There is not a setting in the browser extension to change language, however changing the language of your web browser will change the language of the extension: - [Learn how to change Chrome's language](https://support.google.com/chrome/answer/173424?co=GENIE.Platform%3DDesktop&hl=en) - [Learn how to change Firefox's language](https://support.mozilla.org/en-US/kb/use-firefox-another-language) ## Currently supported languages The following languages are currently supported. Please note, **not all languages are available for all client applications**: | Symbol | Language | |------|------| | af | Afrikaans | | ar | الفصحى العربية | | az | Azərbaycanca | | be | Беларуская | | bg | български | | ca | català | | cs | čeština | | cy | Welsh | | da | dansk | | de | Deutsch | | el | Ελληνικά | | en | English | | en-GB | English (British) | | eo | Esperanto | | es | español | | et | eesti | | fa | فارسی | | fi | suomi | | fr | français | | gl | Galician | | he | עברית | | hi | हिन्दी | | hr | hrvatski | | hu | magyar | | id | Bahasa Indonesia | | it | italiano | | ja | 日本語 | | ko | 한국어 | | lv | Latvietis | | ml | മലയാളം | | mr | मराठी | | my | မြန်မာဘာသာ | | nb | norsk (bokmål) | | ne | नेपाली | | nl | Nederlands | | or | ଓଡ଼ିଆ | | pl | polski | | pt-BR | português do Brasil | | pt-PT | português | | ro | română | | ru | русский | | sk | slovenčina | | sr | Српски | | sv | svenska | | te | తెలుగు | | th | ไทย | | tr | Türkçe | | uk | українська | | vi | Tiếng Việt | | zh-CN | 中文(中国大陆) | | zh-TW | 中文(台灣) | ### Don't see your language? If your language isn't listed in the web vault or desktop app, or if your browser extension or mobile app isn't dynamically using your language, **we want your help!** Bitwarden uses a translation tool called [Crowdin](https://crowdin.com) to manage our localization effort across many different languages (**no programming knowledge required**). - To contribute to or make corrections to an existing translation, [join our project](https://crowdin.com/profile/mpowerbw). - To start translating Bitwarden to a new language, join our project and contact the [project owner](https://crowdin.com/profile/mpowerbw). --- URL: https://bitwarden.com/it-it/help/log-in-to-secrets-manager/ --- # Log in to Secrets Manager The end-to-end zero-knowledge encrypted Bitwarden account you use to log into Password Manager will be the same as what you use to log into Secrets Manager. > [!TIP] Not SM CLI > This article pertains to logging in to the Secrets Manager web vault. The [Secrets Manager CLI](https://bitwarden.com/it-it/help/secrets-manager-cli/), which is primarily used to script secrets injection into your applications and infrastructure, requires logging in with an [access token](https://bitwarden.com/it-it/help/access-tokens/). ## Master password Your master password is the primary method for accessing your Bitwarden account. It's important that your master password is: - **Memorable**: Bitwarden employees and systems have no knowledge of, way to retrieve, or way to reset your master password. **Do not forget your master password!** - **Strong**: A longer, more complex, and less common master password is the best way to protect your account. Bitwarden provides a free password strength testing tool to test the strength of some memorable pass words you are considering. > [!TIP] Tips to mitigate forgetting master password. > Worried about forgetting your master password? Here's what to do: > > - **Set up a hint**. In case you need a reminder, a master password hint email can be requested on the login screen. Make sure you use a hint that only you will understand. > - **Designate a**[**trusted emergency contact**](https://bitwarden.com/it-it/help/emergency-access/). Users with premium access can grant account access to a friend or family member in the case of emergency. Learn how to [change your master password](https://bitwarden.com/it-it/help/master-password/#change-master-password/), or what to do if you've [forgotten your master password](https://bitwarden.com/it-it/help/forgot-master-password/). ## Two-step login Using [two-step login](https://bitwarden.com/it-it/help/bitwarden-field-guide-two-step-login/) (also called two-factor authentication or 2FA) to protect your Bitwarden account prevents a malicious actor from accessing your data even if they discover your master password by requiring authentication from a secondary device when you log in. There are lots of different methods for two-step login, ranging from dedicated authenticator apps to hardware security keys. Whatever you choose, Bitwarden highly recommends that you secure your vault using two-step login. ### Free methods Bitwarden offers several two-step login methods for free, including: | **Method** | **Setup instructions** | |------|------| | via an authenticator app (for example, [Authy](https://authy.com/) or [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en)) | Click [**here**](https://bitwarden.com/it-it/help/setup-two-step-login-authenticator/). | | via email | Click [**here**](https://bitwarden.com/it-it/help/setup-two-step-login-email/). | | via a FIDO WebAuthn Authenticator | Click [**here**](https://bitwarden.com/it-it/help/setup-two-step-login-fido/). | ### Premium methods For premium users (including members of paid organizations), Bitwarden offers several advanced two-step login methods: | **Method** | **Setup instructions** | |------|------| | via Duo Security with Duo Push, SMS, phone call, and security keys | Click [**here**](https://bitwarden.com/it-it/help/setup-two-step-login-duo/). | | via YubiKey (any 4/5 series device or YubiKey NEO/NFC) | Click [**here**](https://bitwarden.com/it-it/help/setup-two-step-login-yubikey/). | ## Log in with device Did you know you can log in to the Bitwarden web app using a secondary device instead of your master password? Logging in with a device is a passwordless approach to authentication, removing the need to enter your master password by sending authentication requests to any certain devices you're currently logged in to for approval. [Learn more](https://bitwarden.com/it-it/help/log-in-with-device/). ## Single sign-on If your organization uses [login with SSO](https://bitwarden.com/it-it/help/about-sso/), you can access your Bitwarden web app [using your federated SSO credentials](https://bitwarden.com/it-it/help/using-sso/). --- URL: https://bitwarden.com/it-it/help/log-in-with-device/ --- # Log In with Device Set up log in with a device for faster, more convenient Bitwarden access. This login method, called passwordless authentication, eliminates the need to enter your master password every time you log in. Using **Log in with device**, any time you log into Bitwarden on one device, you can opt to use a different Bitwarden app you're logged in to to approve the authentication request instead of typing your master password. [Learn about our zero-knowledge encryption implementation](https://bitwarden.com/it-it/help/log-in-with-device/#how-it-works/). ## Prepare to log in with a device To set up logging in with a device: - Log in normally to the initiating app (web app, browser extension, desktop, or mobile app) at least once so that Bitwarden can recognize your device. > [!NOTE] Passwordless + Private Browsing > Using Incognito mode or Private Browsing prevents Bitwarden from registering your browser, so you won't be able to log in with a device in a private browser window. - Have a recognized account on an approving app (web app, browser extension, mobile or desktop app). Recognizing an account requires you to have successfully logged on to that device at any time. > [!NOTE] Passwordless + Require SSO > If, as a member of an Enterprise organization, you are subject to the [require SSO policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/), you won't be able to use the **Log in with device** option. You'll need to [use SSO to log in](https://bitwarden.com/it-it/help/using-sso/#login-using-sso/) instead. ## Log in with a device On the login screen of the initiating app, enter your email address and select **Continue**. Then, select the **Log in with device**option: ![Accedi con un dispositivo](https://bitwarden.com/assets/7owqaTEe9Bo05wfLRZPhn8/38f1d0334964bb3d98a430b80b9d6b95/2025-09-09_10-03-52.png) ### Approve a log in request Using **Log in with device**will send authentication requests to any Bitwarden app that you're currently logged in to for approval: ### Mobile app To approve a request with the mobile app: 1. In the mobile app, navigate to **Settings** → **Account** **security**→ **Pending login requests**: ![Pending login requests on mobile](https://bitwarden.com/assets/1ZB3Pc8T0mlP96W3IZefrR/a22c8efe63a88941bad11a278b1d113d/2025-09-09_09-39-13.png) *Pending login requests on mobile* 2. Locate and tap the pending device request. 3. Verify that fingerprint phrase matches and select **Confirm access**: ![Approve a login on mobile](https://bitwarden.com/assets/6xeP36n7g2dbwLI9YWjNg4/2aa9fdc96e765e963ee07f38ad0b6c06/2025-09-09_09-39-44.png) *Approve a login on mobile* ### Browser extension To approve a request with the browser extension: 1. In the browser extension, wait for a device approval request to be received or navigate to **Settings**→ **Account** **security**→ **Devices**: ![Devices view on browser extensions](https://bitwarden.com/assets/6OZfQt2jDDqa9F0MaUdBUq/1460f0ec04c63ab55da1f5eaf37ca469/2025-09-09_09-49-23.png) *Devices view on browser extensions* 2. In the **Devices**view, locate and select the pending device request: ![Devices list on browser extensions](https://bitwarden.com/assets/64f1jZ30In2BbWDEUZVtxO/9de965d59fedca2bad4e325f4181f69a/2025-09-09_09-49-42.png) *Devices list on browser extensions* 3. Verify that fingerprint phrase matches and select **Confirm access**: ![Approve a device on browser extensions](https://bitwarden.com/assets/2LFY10MMpI9G0ZcojcXveg/0a891ec5fa8f6052e5804841e7ec7724/2025-09-09_09-48-55.png) *Approve a device on browser extensions* ### Web app To approve a request with the web app: > [!NOTE] Browser extensions & web app approval > When requesting approval for a login of the browser extension, the extension will wait for up to two minutes for approval even if you click out of or minimize the extension window in order to approve the request using the web app. 1. In the web app, select the **Review login request**link in the banner notification or navigate to **Settings** → **Security**→ **Devices**: ![Approval request on web](https://bitwarden.com/assets/1K9FeC1OVOwyu0T8DMiwOp/cc88b5f47f0f243f5a655e77086871c9/2025-12-31_11-10-23.png) *Approval request on web* 2. On the **Devices** tab, locate and select the pending device request: ![Device list on web app](https://bitwarden.com/assets/7GLmOwtReFuUD3uxPQ0LB8/ed5dbce83b2c428b9c2369270be1d959/2025-12-31_11-08-26.png) *Device list on web app* 3. Verify that fingerprint phrase matches and select **Confirm access**: ![Confirm access with web app](https://bitwarden.com/assets/6s6Hdn9L1EyeRfBsmOcfgX/f6a13a34fdc59f815f7e4d51e981af47/2025-12-31_11-08-37.png) *Confirm access with web app* ### Desktop app To approve a request with the desktop app: 1. In the desktop app, wait for a device approval request to be received: ![Approve on desktop](https://bitwarden.com/assets/5cpkevhyuiSg82yfopvmc1/916f1988e815f23d871bc56effbc1247/2026-05-28_14-05-19.png) *Approve on desktop* 2. Verify that fingerprint phrase matches and select **Confirm access**. Note that this is a unique fingerprint that isn't the same as your [account fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/). Requests expire after 15 minutes if they aren't approved or denied. If you are not receiving login requests, try refreshing the web app, or [manually syncing your vault](https://bitwarden.com/it-it/help/vault-sync/) from the mobile app. > [!NOTE] Passwordless & 2FA > If you use the **Login with device**option, you'll still need to use any currently active [two-step login method](https://bitwarden.com/it-it/help/setup-two-step-login/). ## How it works When logging in with a device is initiated: 1. The initiating client sends a request which includes the account email address, a unique **Auth-request Public Key**ª, and an access code, to an Authentication Request table in the Bitwarden database. Registered devices, meaning clients that are logged in and have a [device-specific GUID](https://bitwarden.com/it-it/help/administrative-data/) stored in the Bitwarden database, are provided the request. 2. When the request is approved, the approving client encrypts the account's **User Encryption key** using the **Auth-request public key** enclosed in the request. 3. The approving client then sends the **User Encryption key** to the Authentication Request record and marks the request fulfilled. 4. The initiating client requests the encrypted **User Encryption key**. 5. The initiating client then **locally**decrypts the **User Encryption key** using the **Auth-request private key.** 6. The initiating client then uses the access code to authenticate the user with the Bitwarden Identity service. 7. The initiating client can then retrieve the user's vault data and use the **User Encryption key** to decrypt it. ª - **Auth-request Public and Private Keys** are uniquely generated for each passwordless login request and only exist for as long as the request does. Requests expire and are purged periodically if they aren't approved or denied. --- URL: https://bitwarden.com/it-it/help/login-with-passkeys/ --- # Log In & Unlock with Passkeys > [!NOTE] Autofill vs. Log in with Passkeys > Bitwarden offers three passkey features: > > - [Save and autofill passkeys](https://bitwarden.com/it-it/help/storing-passkeys/) for other services from your Bitwarden vault. > - Use [passkeys to log in and unlock](https://bitwarden.com/it-it/help/login-with-passkeys/) your Bitwarden account.* > - Use [passkeys for 2FA](https://bitwarden.com/it-it/help/setup-two-step-login-fido/) to protect your Bitwarden account.* > > * Some authenticators, notably Windows Hello, will not allow you to use a passkey for both login and 2FA. Passkeys offer secure authentication for your Bitwarden account. Use them to log in and, with a [PRF-capable setup](https://bitwarden.com/it-it/help/login-with-passkeys/#unlock-vault-requirements/), automatically [unlock your vault](https://bitwarden.com/it-it/help/understand-log-in-vs-unlock/) without entering your master password. Passkeys bypass two-step login, offering a streamlined alternative to traditional password-based authentication. ## Requirements Using passkeys to log in and unlock your Bitwarden account is currently supported in these Bitwarden apps: - Browser extension in Chromium-based browsers - Web app > [!NOTE] macOS passkey bug > On macOS, creating and using PRF-capable passkeys to unlock your vault requires a Chromium-based browser. Passkeys used to log in to Bitwarden require user verification, such as biometrics or a security key to authenticate and use your passkey. ### Unlock vault requirements To decrypt and unlock your vault with a passkey, you need to [set up encryption](https://bitwarden.com/it-it/help/login-with-passkeys/#set-up-encryption-for-unlock/) for that specific passkey. Your browser (like Google Chrome) and authenticator (like YubiKey 5) must both be [PRF-capable](https://bitwarden.com/it-it/blog/prf-webauthn-and-its-role-in-passkeys/) to use this unlock method. If either is not PRF-capable, you'll need to use a different unlock method, such as your master password or [PIN](https://bitwarden.com/it-it/help/unlock-with-pin/). **PRF capability varies by equipment and environment.** For example, Google Chrome is PRF-capable, but Chrome profiles are not. YubiKey 5 is a PRF-capable authenticator. Additionally, Windows 10 is known to have issues with PRF-capable passkeys. ### Passkey restrictions You cannot use passkeys with Bitwarden if you’re in an organization that uses the [Require SSO policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/), SSO with [trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/), or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). Bitwarden will not prompt or allow you to save a passkey for logging in to any Bitwarden account. This prevents the circular problem of needing access to your vault to log in to the very same vault. ## Manage passkeys Use the web app to create, update, and remove passkeys that are used to access your Bitwarden account. ### Create a passkey You can add up to five passkeys to your Bitwarden account. To create a passkey for logging in to Bitwarden: 1. In the web app, go to **Settings** → **Security**. 2. Select **Master password**. 3. Within the **Log in with passkey**section, select **Turn on** or, if you've already setup a passkey, **New passkey**. You'll be prompted to enter your master password. 4. Follow prompts from your browser to create a FIDO2 passkey. You can complete user verification using a factor like a biometric or by creating a PIN. > [!TIP] Browser might have default passkey prompt. > You may need to cancel out of a default authenticator your browser will want you to use, for example if you want to use a hardware security key on a macOS device that will prioritize Touch ID. 5. Enter a **Name** for your passkey. 6. (Optional) If your [browser and authenticator are PRF-capable](https://bitwarden.com/it-it/help/login-with-passkeys/#unlock-vault-requirements/), the **Use for vault encryption** setting will be checked by default. This allows your passkey to decrypt and unlock your vault. Uncheck this option if you do not want the passkey to unlock your vault: ![Use passkey for vault encryption](https://bitwarden.com/assets/2gsO1o5tDU7s7LXvcpaL7w/56a8a797155760fe6fbd1d2e2d92b59b/2025-12-31_11-19-58.png) *Use passkey for vault encryption* 7. Select **Turn on**. ### Set up encryption for unlock If your [browser and authenticator are PRF-capable](https://bitwarden.com/it-it/help/login-with-passkeys/#unlock-vault-requirements/), you can decrypt and unlock your vault with a passkey. There are two ways to do this: - When creating a passkey, keep the **Use for vault encryption** setting checked ([step 6](https://bitwarden.com/it-it/help/login-with-passkeys/#create-a-passkey/)). - For an existing passkey, go to **Settings** → **Security** → **Master Password** and select **Set up encryption** next to the passkey: ![Passkeys list](https://bitwarden.com/assets/TpXTFNlF2hzRaUaLmxAXr/6710e5ab7c98efcb11547dc6038fdf7d/Passkeys_list.png) *Passkeys list* Your passkeys list shows the encryption status for each passkey: **Used for encryption**, supported but not active (**Set up encryption**), or **Encryption not supported**. ### Remove a passkey To delete a passkey from your Bitwarden account, go to **Settings** → **Security** → **Master Password** and select **Remove** next to the passkey. This disconnects the passkey from Bitwarden, but the private key will remain in your FIDO2 authenticator. ### Lost or deleted passkey If you lose or delete a passkey, such as from a security key, Windows Hello, or Apple Passwords, it can no longer be used to access your vault. Should that happen, your master password is required to unlock your vault, so it must be strong and memorable. Consider creating and securely storing a [security readiness kit](https://bitwarden.com/it-it/resources/bitwarden-security-readiness-kit/) so your critical account details are always within reach, even when a passkey is lost. ## Log in and unlock with your passkey After you create a passkey, you can use it with the Bitwarden web app and Chromium-based browser extensions. For PRF-capable passkeys on macOS, you'll need a Chromium-based browser for the web app. > [!NOTE] Known Linux defect for login with passkey. > If you're logging in to the browser extension on **Linux**, you need to pop out the extension before attempting to log in or unlock with a passkey: > > > ![Finestra separata dell'estensione del browser](https://bitwarden.com/assets/1cbJy0jLBmSQmRumvYzVwp/a9e43f4c154686249056924eb3e56323/pop_out_screenshot.png) > *Finestra separata dell'estensione del browser* To log in with a passkey and unlock your vault: 1. On the Bitwarden login screen, select **Log in with passkey** where you'd usually enter your email address. 2. Follow prompts from your browser to read the passkey. This will authenticate you with Bitwarden. 3. What happens next depends on if your passkey is [set up for vault encryption](https://bitwarden.com/it-it/help/login-with-passkeys/#set-up-encryption-for-unlock/): - If your passkey is set up for vault encryption, you're done! The passkey is used to decrypt and unlock your vault. - If your passkey is not set up for vault encryption, enter your master password and select **Unlock**, or use another unlock method you previously configured. To unlock your vault when you're already logged in, select **Unlock with Passkey** on the locked vault screen. Follow prompts from your browser to read the passkey. This will unlock your account, opening your vault. ## How it works The mechanics of logging in with passkeys differ based on whether your passkey is [set up with encryption](https://bitwarden.com/it-it/help/login-with-passkeys/#set-up-encryption-for-unlock/). ### Passkeys with encryption #### Create a passkey When a PRF-compatible passkey is registered for log in to Bitwarden and encryption is turned on: 1. A **passkey public and private key pair** is generated by the authenticator via the WebAuthn API. This key pair, by definition, is what constitutes your passkey. 2. A **PRF symmetric key** is generated by the authenticator via the WebAuthn API's PRF extension. This key is derived from an **internal secret** unique to your passkey and a **salt** provided by Bitwarden. 3. A **PRF public and private key pair** is generated by the Bitwarden client. The PRF public key encrypts your **account encryption key**, which your client will have access to by virtue of being logged in and unlocked, and the resulting **PRF-encrypted account encryption key** is sent to the server. 4. The **PRF private key** is encrypted with the **PRF symmetric key** (see Step 2) and the resulting **PRF-encrypted private key** is sent to the server. 5. Your client sends data to Bitwarden servers to create a new passkey credential record for your account. If your passkey is registered with support for vault encryption and decryption, this record includes: - The passkey name - The passkey public key - The PRF public key - The PRF-encrypted account encryption key - The PRF-encrypted private key Your passkey private key, which is required to accomplish authentication, only ever leaves the client in an encrypted format. #### Log in with your passkey When a passkey is used to log in and, specifically, to decrypt your vault data: 1. Using WebAuthn API public key cryptography, your authentication request is asserted and affirmed. 2. Your **PRF-encrypted account encryption key** and **PRF-encrypted private key** are sent from the server to your client. 3. Using the same **salt** provided by Bitwarden and the **internal secret** unique to your passkey, the **PRF symmetric key** is re-created locally. 4. The **PRF symmetric key** is used to decrypt your **PRF-encrypted private key**, resulting in your **PRF private key**. 5. The **PRF private key** is used to decrypt your **PRF-encrypted account encryption key**, resulting in your **account encryption key**. Your account encryption key is used to decrypt your vault data. If you're already logged in and then use a passkey to unlock your vault, your encrypted keys are already on your device from login, so the authentication and key retrieval steps are skipped. ### Passkeys without encryption #### Create a passkey When a passkey is registered for log in to Bitwarden and encryption remains turned off: 1. A **passkey public and private key pair** is created. This key pair, by definition, is what constitutes your passkey. 2. Your client sends data to Bitwarden servers to create a new passkey credential record for your account. If your passkey is not registered with support for vault encryption and decryption, this record includes: - The passkey's name - The passkey's public key Your passkey's private key, which is required to accomplish authentication, only ever leaves the client in an encrypted format. #### Log in with your passkey When a passkey is used to log in, your authentication request is asserted and affirmed using WebAuthn API public key cryptography. You will then be required to decrypt your vault using your master password. --- URL: https://bitwarden.com/it-it/help/lost-two-step-device/ --- # Can't Access Two-Step Login [Two-step login methods](https://bitwarden.com/it-it/help/setup-two-step-login/) protect your account, but losing your authentication device, like a phone with an authenticator app or linked email inbox, can lock you out of your Bitwarden vault. If you lose your two-step authentication method, recovery options are limited. Regaining access largely depends on if you or your company administrator previously prepared for this potential situation. ## Possible recovery methods Try the following options to see if you can reset your two-step login method or [export your vault](https://bitwarden.com/it-it/help/export-your-data/) before creating a new account. > [!NOTE] Account recovery doesn't remove 2FA > [Account recovery](https://bitwarden.com/it-it/help/account-recovery/) does not bypass or turn off two-step authentication. ### Alternate two-step login method If you set up more than one two-step login method, try another one. When on the login screen, select **Use another two-step login method**. ### Recovery code You can [use your recovery code](https://bitwarden.com/it-it/help/two-step-recovery-code/#use-your-recovery-code/) to access your account if you saved it before being locked out. Recovery codes are generated when you set up any two-step login method, and you must proactively save the code somewhere that you can find it outside of your vault. Bitwarden is unable to retrieve the recovery code on your behalf. A recovery code looks like this when you retrieve it from your account’s security settings: ![Example recovery code](https://bitwarden.com/assets/64piqJsX7vN25To16iRFIp/09e977fae9485c0764f832c6bb4b4b04/2024-12-02_11-24-35.png) *Example recovery code* > [!NOTE] Recovery Codes + Duo for Orgs > Recovery codes will not deactivate Duo for organizations. If you are locked out of your vault by an organizational Duo prompt, reach out to the Duo administrator at your company for help bypassing the prompt. > > If you're not sure whether the Duo prompt is setup personally or by your organization, try selecting **Use another two-step login method**. ### Trusted emergency contact If you designated a [trusted emergency contact](https://bitwarden.com/it-it/help/emergency-access/) with takeover access, ask them to [initiate emergency access](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/). After the **Wait time** set for that emergency contact passes, all two-step login methods are turned off and the emergency contact can change the master password. ### Duo bypass code If your Bitwarden account is connected to Duo, ask your company's Duo administrator to generate a [bypass code](https://duo.com/docs/administration-users#generating-a-bypass-code). This temporary code will authenticate your Duo credentials, allowing you to log in to Bitwarden. ### Other device or Bitwarden app Check all your devices to see if you're already logged in to any Bitwarden client, like the mobile app, browser extension, or desktop app. - If you’re logged in to the web app, retrieve and then [use your recovery code](https://bitwarden.com/it-it/help/two-step-recovery-code/#use-your-recovery-code/) to disconnect all two-step login methods. - If you’re logged in to any other Bitwarden app, [export your vault](https://bitwarden.com/it-it/help/export-your-data/), create a new account, and [import your data](https://bitwarden.com/it-it/help/import-data/) there. After confirming that your data was imported correctly, log out of the old account and consider [deleting](https://bitwarden.com/it-it/help/delete-your-account/) it. ## When recovery methods don’t work We recommend double-checking all your devices and browsers for any logged in Bitwarden sessions. If you find one, that’s your last opportunity to [export vault data](https://bitwarden.com/it-it/help/export-your-data/). If none of these options grant you access to your account, there is no way for Bitwarden to recover the account or its data. You will need to [delete your account](https://bitwarden.com/it-it/help/delete-your-account/#tab-without-logging-in-4KcOdFa6zVp6H7xo9Ui9vc/) and create a new one. If you delete a Bitwarden account that has a premium subscription, [contact us](https://bitwarden.com/it-it/contact/) and we'll apply your existing subscription to the new account. --- URL: https://bitwarden.com/it-it/help/machine-accounts/ --- # Machine Accounts > [!NOTE] Service accounts now Machine account > As of the 2024.4.1 release, service accounts are now referred to as machine accounts in Bitwarden Secrets Manager. All of the feature functionality will remain the same. Machine accounts represent non-human machine users, like applications or deployment pipelines, that require programmatic access to a discrete set of [secrets](https://bitwarden.com/it-it/help/secrets/). Machine accounts are used to: - Appropriately scope the selection of secrets a machine user has access to. - Issue [access tokens](https://bitwarden.com/it-it/help/access-tokens/) to facilitate programmatic access to, and the ability to decrypt, edit, and create secrets. Machine accounts that your user account has access to can be viewed by selecting **Machine accounts** from the navigation: ![Machine accounts](https://bitwarden.com/assets/3IQzFGc9f4OAoqvJSgrEBn/601542ce696652aac733e63b18cdffb0/2024-12-03_13-25-13.png) Opening a machine account will list the **Secrets** and **People** the service account has access to, as well as any generated **Access tokens** and **Event logs**: ![Inside a machine account](https://bitwarden.com/assets/3L9EGMDn7gGAMi3uwD1MIP/74dd29c2c80c1d67ee3b27bd5160e8b7/2024-12-03_13-26-04.png) ## Create a machine account On the Admin Console **Billing** → **Subscription** page you are able to assign the number of machine accounts available for use in your organization. For additional information regarding your available machine accounts and machine account scaling, see [here](https://bitwarden.com/it-it/help/secrets-manager-quick-start/#user-seats-and-service-account-scaling/). To create a new machine account: [![Vimeo Video](https://vumbnail.com/845933062.jpg)](https://vimeo.com/845933062) *[Watch on Vimeo](https://vimeo.com/845933062)* **Capitoli del video:** Scopri di più sugli account macchina [qui](https://bitwarden.com/it-it/help/machine-accounts/). 1. Use the **New**dropdown to select **Machine account**: ![New machine account](https://bitwarden.com/assets/LaVwicbqhvbliXPm6loOU/5559a5caf8ad70a95be3ea89f1b760ad/2024-12-03_11-29-17.png) 2. Enter a **Machine account name** and select **Save**. 3. Open the machine account and, in the **Projects** tab, type or select the name of the project(s) that this machine account should be able to access. For each added project, select a level of **Permissions:** - **Can read**: Machine account can retrieve secrets from assigned projects. - **Can read, write**: Machine account can retrieve and edit secrets from assigned projects, create new secrets in assigned projects, or create new projects altogether. > [!TIP] SM 07/25 dependency > Fully utilizing write access for machine accounts is dependent on a forthcoming [CLI](https://bitwarden.com/it-it/help/secrets-manager-cli/) release. For now, this simply makes the option available in the UI. Stay tuned to the [Release Notes](https://bitwarden.com/it-it/help/releasenotes/) for more information. ## Add people to a machine account Adding organization members to a machine account will allow those people to generate access tokens for the machine account and interact with all secrets the machine account has access to. To add people to your machine account: 1. In the machine account, select the **People**tab. 2. From the people dropdown, type or select the members or groups to add to the machine account. Once you've selected the right people, select the **Add**button: ![Add people to a machine account](https://bitwarden.com/assets/3TrklnCquoynDHFX6nJ8w/2482453bf759525ccb6d23f8e9731a7d/2024-12-03_13-27-11.png) ## Add projects to a machine account Adding projects to a machine account will allow programmatic access to included secrets using access tokens. To add projects to a machine account: 1. Open the machine account and select the **Projects**tab. 2. From the Projects dropdown, type or select the project(s) to add to the machine account. Once you've chosen the right projects, select the **Add** button: ![Add a project](https://bitwarden.com/assets/3XGkQt3MdNHmAoKLXXXMGh/2c68b9ea5a47885f35360a94d26f0442/2024-12-03_13-28-00.png) 3. For each added project, select a level of **Permissions:** - **Can read**: Machine account can retrieve secrets from assigned projects. - **Can read, write**: Machine account can retrieve and edit secrets from assigned projects, as well as create new secrets in assigned projects or create new projects. ## Delete a machine account To delete a machine account, use the (⋮ ) options menu for the machine account to delete to select **Delete machine account**. Deleting a machine account **will not**delete the secrets associated with it. Machine accounts are fully removed once deleted and **do not** get [sent to the trash like secrets do](https://bitwarden.com/it-it/help/secrets/#delete-a-secret/). ## Machine account events Timestamped records of actions taken with each service account are available from the machine account's **Event logs** tab. Any user that has access to a given machine account will be able to view events for that machine account. Events that are captured include: - Accessed secret *secret-identifier*. (`2100`) - Added user: *user-identifier* to machine account with identifier: *machine-account-identifier* (`2300`) - Removed user: *user-identifier* from machine account with identifier: *machine-account-identifier* (`2301`) - Added group: *group-identifier* to machine account with identifier: *machine-account-identifier* (`2302`) - Removed group: *group-identifier* from machine account with identifier: *machine-account-identifier *(`2303`) - Created machine account with identifier: *machine-account-identifier* (`2304`) - Deleted machine account with identifier: *machine-account-identifier* (`2305`) > [!NOTE] Event capture > Each **Event** is associated with a type code (`1000`, `1001`, etc.) that identifies the action captured by the event. Type codes are used by the [Bitwarden Public API](https://bitwarden.com/it-it/help/public-api/) to identify the action documented by an event. Event logs are exportable and are retained indefinitely. Exporting events will create a `.csv` of all events within the specified date range, which should not exceed 367 days. ## Configuration information The **Config**tab provides a quick view of information that might be required when configuring an application to use a machine account. **Identity server URL**, **API server URL**, **Organization ID**, and **Project IDs** are displayed and can be copied by selecting each field's respective [clone] icon. For more information on Secrets Manager environments, see the Secrets Manager [SDK documentation](https://bitwarden.com/it-it/help/secrets-manager-sdk/) and [CLI documentation](https://bitwarden.com/it-it/help/secrets-manager-cli/). ![Machine account config view](https://bitwarden.com/assets/4XRItVAnKy1iVtOM2DbDLg/97e60d73e9bf18823c98fa46c588f99e/2024-12-03_13-38-10.png) --- URL: https://bitwarden.com/it-it/help/manage-client-orgs/ --- # Ongoing Administration To access a [client organization](https://bitwarden.com/it-it/help/providers/#client-organizations/) as a [service user](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/): 1. Open the **Provider Portal** using the product switcher: ![Product switcher - Provider Portal](https://bitwarden.com/assets/4xn04Sj9u8n73TPxZUWi5f/dac0d56f47a05e2d8b28754e997a1391/2025-02-25_15-16-00.png) 2. Select the client organization to administer from the **Clients** tab: ![Provider Portal](https://bitwarden.com/assets/7AoSHeZgJJTBXQmpZ13UBr/56ca464fe6987c8c5fc8e7099235d640/2025-02-25_15-17-46.png) Once in the client's Admin Console you can fully administer the client organization, including the following important tasks: > [!TIP] No more provider-managing items > Provider users may no longer directly view, manage, create, or export items in client organizations' vaults. Provider users may, however, import vault data directly to client organizations. | **Task** | **Description** | **Resources** | |------|------|------| | Add and remove users | Onboard and offboard users from Bitwarden as they join and leave the customers' organization. | [User onboarding](https://bitwarden.com/it-it/help/managing-users/#add-new-members/) [User offboarding](https://bitwarden.com/it-it/help/managing-users/#remove-users/) | | Change user permissions | When end-users change roles, change their permissions as appropriate. | [User types and access control](https://bitwarden.com/it-it/help/user-types-access-control/) | | Add and remove user seats | As the customers' business grows, manage the number of user seats for the client organization. | [Manage user seats](https://bitwarden.com/it-it/help/provider-billing/) | | Reset users' master passwords | If enabled, use Account Recovery reset to recover end-user accounts if they forget their master password. | [Account Recovery](https://bitwarden.com/it-it/help/account-recovery/) | | Secure one-time sharing | Use Bitwarden for secure one-time sharing of credentials, documents, and more. | [Create a Send](https://bitwarden.com/it-it/help/create-send/) | | Monitor vault health | Use organization vault health reports and event logs to keep an eye on the overall health of the client organization. | [Vault health reports](https://bitwarden.com/it-it/help/reports/) [Event logs](https://bitwarden.com/it-it/help/event-logs/) | Additionally, **if your service users help to train customers' end-users to use Bitwarden**, the following resources may be helpful: | **Task** | **Description** | **Resources** | |------|------|------| | User registration | Help end-users register for Bitwarden accounts. | [Register](https://bitwarden.com/it-it/go/start-free/) | | Watch training videos | Pass along some of the trainings we have conducted in the past. | [Getting started with Bitwarden](https://bitwarden.com/it-it/getting-started/) | | Help users import their data | If permitted by your customer, give users instructions for importing their individual vault data to Bitwarden. | [Import data to your vault](https://bitwarden.com/it-it/help/import-data/) | | Help setup two-step login | Give users instructions to help facilitate setup of two-step login. | [Two-step login methods](https://bitwarden.com/it-it/help/setup-two-step-login/) | | Demonstrate Bitwarden apps | Help users understand the benefits of Bitwarden mobile apps, browser extensions, and other apps. | [Getting started guides](https://bitwarden.com/it-it/help/password-manager-overview/#clients/) | | Register for demos | Encourage power users to learn independently by attending a weekly demo. | [Bitwarden events](https://www.crowdcast.io/bitwarden) | --- URL: https://bitwarden.com/it-it/help/manage-devices/ --- # Manage Devices The **Devices** list shows every Bitwarden client app that has logged in to your account. For each device you can see the client type, when it was last active, and when it first logged in to your account. You can also use this list to approve or deny [login requests from another device](https://bitwarden.com/it-it/help/log-in-with-device/#approve-a-log-in-request/) or [device trust requests](https://bitwarden.com/it-it/help/add-a-trusted-device/). > [!NOTE] What is a device? > A **device** is a unique installation of the Bitwarden app where you have logged in. Reinstalling, clearing app data, or clearing your cookies could result in a device appearing multiple times. To get to the **Devices**list: - In the web app, navigate to **Settings** → **Security** → **Devices**. - In browser extensions, navigate to **Settings** → **Account security** → **Devices**. - In desktop apps, use the menu bar to navigate to **Account** → **Devices**. In the **Devices**list, you'll see one row per device that contains the following: | Column | Description | |------|------| | Device | The type of device, for example **Mobile** or **Extension**, and its OS or platform, for example **iOS** or **Firefox**. | | Recently active | The timeframe, for example **Past 14 days**, in which the device was last active, or: - **Current session**: Indicates the device you're currently using. - **Request pending**: Indicates a [login request](https://bitwarden.com/it-it/help/log-in-with-device/#approve-a-log-in-request/) or [device trust request](https://bitwarden.com/it-it/help/add-a-trusted-device/) from the device. Select the device to approve or deny the request. | | First login | The date and time at which the device first logged in to your Bitwarden account. | --- URL: https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/ --- # Manage Subscription Seats in Your Organization A user seat is the billed license for one user within a Bitwarden organization. When a user is invited to your organization, they occupy one user seat and are granted access to Bitwarden features under your specific plan. The total number of user seats represents how many users can join your organization. As such, user seats are not permanently attached to a specific member. > [!NOTE] Different user provisioning methods > This article discusses only one of the available methods to invite users and manage your subscription’s seat count: > > - All organizations can [manually invite users](https://bitwarden.com/it-it/help/managing-users/) and update the [seat count](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/). > - Teams and Enterprise organizations can use [SCIM](https://bitwarden.com/it-it/help/about-scim/). > - Teams and Enterprise organizations can use [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/). > - Enterprise organizations can use [just-in-time (JIT)](https://bitwarden.com/it-it/help/jit-provisioning/). ## User seat billing Only an [organization owner](https://bitwarden.com/it-it/help/user-types-access-control/#default-roles/) or [provider service user](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/) can add or remove seats because it directly affects the organization’s billing subscription. To check how many user seats your team already includes, open the Admin Console and go to **Billing** → **Subscription**. Your organization’s seat total is listed within **Subscription seats**: ![Set Subscription seats](https://bitwarden.com/assets/6IiAvwCX2KbCTUAbAnY4yV/81614bb5a44c64cdc387ba9cee5663eb/Set_Subscription_seats.png) *Set Subscription seats* If the number of user seats is higher than your organization’s total [active users](https://bitwarden.com/it-it/help/managing-users/#manage-existing-members/), then that means there are unassigned user seats. Unassigned user seats are still billed, so you may want to invite more people or [remove the extra user seats](https://bitwarden.com/it-it/help/managing-users/#manually-add-or-remove-seats/) from your subscription. > [!NOTE] Removing a user different from reducing seat count > [Removing a user](https://bitwarden.com/it-it/help/remove-users/) from your organization does not automatically reduce your organization’s billed subscription seats. You still need to reduce the seat count. ### Billing for new user seats When new users are [invited](https://bitwarden.com/it-it/help/managing-users/#invite/), Bitwarden cloud [Teams and Enterprise organizations](https://bitwarden.com/it-it/help/about-organizations/#types-of-organizations/) will **automatically increase** the number of billed user seats. You can set a [seat limit](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/#set-a-seat-limit/) to prevent your seat count from exceeding a specified number or [manually add seats](https://bitwarden.com/it-it/help/managing-users/#manually-add-or-remove-seats/) as desired. When you add seats in the middle of your billing cycle, you are only charged for the remaining time. If you're on a **monthly plan**, that prorated amount is added to your next scheduled renewal. For **annual subscriptions**, new seats added mid-cycle are billed on a prorated basis. The prorated amount is charged to the payment method on file on the same day of the month as your renewal date. On your next annual renewal date, all of your seats are billed together for the full year. For example, if your plan renews on July 15th and you add a seat on May 1st, you'll be charged on May 15th for the prorated remainder of the current period (May 1–July 14). When your annual renewal occurs on July 15th, all seats are consolidated into a single yearly charge. ### Credit for removed user seats Regardless of how you add seats, you must [manually remove](https://bitwarden.com/it-it/help/managing-users/#manually-add-or-remove-seats/) user seats you no longer want from your subscription. Removing seats will cause your next charge to be adjusted so that you are **credited for time not used** by the already-paid-for seat. ### Self-hosted billing The number of seats a self-hosted organization has will always mirror its [counterpart cloud-organization](https://bitwarden.com/it-it/help/self-host-an-organization/#step-3-start-your-organization/). This means self-hosted organizations **do not** automatically scale users. Instead, you must use the cloud Admin Console to manage your seat count. To quickly reflect changes to your seat count made in the cloud Admin Console, you can set up [billing sync](https://bitwarden.com/it-it/help/licensing-on-premise/#tab-automatic-sync-4cDnzGHwlfBQEFs6eqrkut/). This will remove the need to [re-upload your license](https://bitwarden.com/it-it/help/licensing-on-premise/#tab-manual-update-4cDnzGHwlfBQEFs6eqrkut/). ## Manually add or remove seats To manually add or remove seats to your organization: 1. Log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) *Product switcher* 2. Go to **Billing** → **Subscription**. 3. Enter the total number of user seats that you want in **Subscription seats**: ![Set Subscription seats](https://bitwarden.com/assets/6IiAvwCX2KbCTUAbAnY4yV/81614bb5a44c64cdc387ba9cee5663eb/Set_Subscription_seats.png) *Set Subscription seats* 4. Select **Save**. > [!NOTE] Can't invite more when limit reached > If **Limit subscription** is checked, then the number in **Subscription seats** must be equal to or lower than your seat limit. If you need to add more user seats, increase the **Seat Limit**. ## Set a seat limit You have the option to control subscription costs by setting a cap on the number of user seats that can be added to your organization. Once the specified limit is reached, you will not be able to invite new users unless you increase that limit. To set a limit on the number of seats your organization can automatically scale up to: 1. Log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) *Product switcher* 2. Go to **Billing** → **Subscription**. 3. Check **Limit subscription (optional)**. 4. Enter the maximum number of user seats you want to allow in **Seat limit (optional)**: ![Set Seat limit ](https://bitwarden.com/assets/5DBnJW1y9welOF6hrDKrrh/06cade0656921a06d5bc43d3b9d26a62/Set_Seat_limit.png) *Set Seat limit * 5. Select **Save**. --- URL: https://bitwarden.com/it-it/help/manage-your-secrets-org/ --- # Manage your Organization > [!NOTE] more info for onboarding and succession > For a complete Bitwarden onboarding overview, please review [this guide](https://bitwarden.com/it-it/help/onboarding-and-succession/) for more information. As an organization using Secrets Manager, you'll share many of the tools originally used by Password Manager. This article covers these common areas and links to share documentation where appropriate. > [!TIP] Check out Getting Started guide. > If you're brand new to Bitwarden organizations, we recommend checking out our article on [getting started as an organization administrator](https://bitwarden.com/it-it/help/courses/password-manager-admin/). ## Enterprise policies Policies allow Enterprise organizations to enforce security rules for their members, for example mandating use of two-step login. While some policies apply primarily to Password Manager, there are a handful of policies that are broadly applicable to users of Secrets Manager: - [Require two-step login](https://bitwarden.com/it-it/help/policies/#require-two-step-login/) - [Master password requirements](https://bitwarden.com/it-it/help/policies/#master-password-requirements/) - [Master password reset](https://bitwarden.com/it-it/help/policies/#master-password-reset/) - [Single organization](https://bitwarden.com/it-it/help/policies/#single-organization/) - [Require single sign-on authentication](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/) - [Vault timeout](https://bitwarden.com/it-it/help/policies/#session-timeout/) > [!TIP] Set policies first. > If you're new to Bitwarden, we recommend setting policies before onboarding your users. ## User management User management for Secrets Manager organizations is similar to organizations using Password Manager, however some Secrets Manager-specific elements include [granting organization members access](https://bitwarden.com/it-it/help/manage-your-secrets-org/#access-to-secrets-manager/) to Secrets Manager, [member role differences](https://bitwarden.com/it-it/help/manage-your-secrets-org/#member-roles/), and specifying [user seats and machine accounts](https://bitwarden.com/it-it/help/secrets-manager-quick-start/#user-seats-and-service-account-scaling/). ### Onboarding There are a few different methods of onboarding users to your Bitwarden organization. Some of the commonly used methods are highlighted here: #### Manual The Bitwarden web vault provides a simple and intuitive interface for inviting new users to join your organization. This method is best for small organizations or those that aren't using directory services like Azure AD or Okta. [Learn how to get started](https://bitwarden.com/it-it/help/managing-users/#invite/). #### SCIM Bitwarden servers provide a SCIM endpoint that, with a valid SCIM API Key, will accept requests from your identity provider for user and group provisioning and de-provisioning. This method is best for larger organizations using a SCIM-enabled directory service or IdP. [Learn how to get started](https://bitwarden.com/it-it/help/about-scim/). #### Directory Connector Directory Connector automatically provisions users and groups in your Bitwarden organization by pulling from a selection of source directory services. This method is best for larger organizations using directory services that don't support SCIM. [Learn how to get started](https://bitwarden.com/it-it/help/directory-sync/). ### Access to Secrets Manager Once onboarded, give individual members of your organization access to Secrets Manager: 1. Open your organization's **Members** view and select the members your want to give access to Secrets Manager. 2. Using the ⋮ menu, select **Activate Secrets Manager**to grant access to selected members: - For organizations self-hosting, this step must be repeated in the self-hosted instance as well. ![Add Secrets Manager users](https://bitwarden.com/assets/3IBNL6FdndgPeuXa7m3rlP/fd04ec9951123e5a0ccd5fe4f04fa4de/2024-12-03_11-18-52.png) > [!TIP] SM access vs. assignments > Giving members access to Secrets Manager won't automatically give them access to stored projects or secrets. You'll need to [assign people or groups access to the projects](https://bitwarden.com/it-it/help/manage-your-secrets-org/#access-to-secrets-manager/) next. ### Member roles The following table outlines what each member role can do within Secrets Manager: | Member role | Description | |------|------| | User | Users can create their own secrets, projects, machine accounts, and access tokens. They can edit these objects once created. Users must be assigned to projects or machine accounts in order to interact with existing objects, and can be given **Can read** or **Can read, write**access. | | Admin | Admins automatically have **Can read, write** access to all secrets, projects, machine accounts, and access tokens. Admins can assign themselves access to Secrets Manager and assign other members access to Secrets Manager. | | Owner | Owners automatically have **Can read, write** access to all secrets, projects, machine accounts, and access tokens. Owners can assign themselves access to Secrets Manager and assign other members access to Secrets Manager. | > [!NOTE] Custom role in SM > Custom roles are not currently scoped with options for Secrets Manager, however can still be used to assign specific Password Manager or broader organization capabilities. ### Groups Groups relate together individual members and provide a scaleable way to access access to and permissions for specific projects. When adding new members, add them to a group to have them automatically inherit that group's configured permissions. [Learn more](https://bitwarden.com/it-it/help/about-groups/). Once groups are created in the admin console, assign them to projects from the Secrets Manager web app. ## Single sign-on Login with SSO is the Bitwarden solution for single sign-on. Using login with SSO, Enterprise organizations can leverage their existing Identity Provider to authenticate users with Bitwarden using the SAML 2.0 or Open ID Connect (OIDC) protocols. [Learn how to get started](https://bitwarden.com/it-it/help/about-sso/). ## Account recovery administration Account recovery allows designated administrators to recover enterprise organization user accounts and restore access in the event that an employee forgets their master password. Account recovery can be activated for an organization by enabling the Account recovery administration policy. [Learn how to get started](https://bitwarden.com/it-it/help/account-recovery/). ## Event logs [Event logs](https://bitwarden.com/it-it/help/event-logs/) are timestamped records of events that occur within your Teams or Enterprise organization. Secrets Manager events are available both from the **Reporting** → **Event logs** of your organization vault and from the [machine account Event logs page](https://bitwarden.com/it-it/help/service-accounts/#service-account-events/). Event logs are exportable and are retained indefinitely. While many events are applicable to all Bitwarden products and some are specific to Password Manager, Secrets Manager will specifically log the following: - Secret accessed by a machine account ## Self-hosting Enterprise organizations can self-host Bitwarden Secrets Manager using Docker on Linux and Windows machines. If you haven't self-hosted Bitwarden before, use [this guide](https://bitwarden.com/it-it/help/self-host-an-organization/) to set yourself on the right track. If you are already self-hosting an Enterprise Bitwarden organization and want to get access to Secrets Manager on that server: 1. Sign up for a Secrets Manager subscription in your cloud-hosted Bitwarden organization. 2. Update your self-hosted server to, at a minimum, 2023.10.0 3. [Retrieve a new license file](https://bitwarden.com/it-it/help/licensing-on-premise/#retrieve-organization-license/) from your cloud-hosted organization and [upload it to your self-hosted server](https://bitwarden.com/it-it/help/licensing-on-premise/#update-organization-license/). 4. Give individual users [access to Secrets Manager](https://bitwarden.com/it-it/help/manage-your-secrets-org/#access-to-secrets-manager/) in the self-hosted instance. > [!NOTE] Self-host SM on Unified, no > Self-hosting Secrets Manager is not supported for the Bitwarden [unified self-hosted deployment option](https://bitwarden.com/it-it/help/install-and-deploy-lite/). Enterprise organizations should use a standard [Linux](https://bitwarden.com/it-it/help/install-on-premise-linux/) or [Windows](https://bitwarden.com/it-it/help/install-on-premise-windows/) installation. --- URL: https://bitwarden.com/it-it/help/managing-access-when-the-organization-owner-leaves/ --- # Ownerless Organizations This article addresses frequently asked questions after an organization owner has left a company. If organization ownership was not transferred prior to the owner leaving, one of the following scenarios may apply to your organization. > [!NOTE] Cannot disclose organization owner > Bitwarden support is unable to disclose the identity of an organization's current owner. This information can only be verified with the organization's owner directly. To facilitate a seamless process, we recommend reaching out to support using the owner's registered email address. ## The organization owner has left, and I have access to their account credentials If you have access to the owner's account credentials: 1. **Access the Admin console to invite a new owner or transfer ownership**: If you have the credentials of the owner account, you may directly access the organization's [admin console](https://bitwarden.com/it-it/help/getting-started-organizations/). This will allow you to perform several tasks including inviting a new owner, transferring ownership, and making necessary changes. 2. **Backup the organization data**: Ensure that all important organizational data is backed up to prevent data loss in the future. Learn more [here](https://bitwarden.com/it-it/help/export-organization-items/). 3. **Set up admins or backup owners for access redundancy**: Ensure that multiple admins or backup owners are in place for future access continuity and management of the account. ## The organization owner has left and I do not have access to their account credentials Are there any current admins in the organization? ### Yes - **Contact support using the previous owner's email**: Contact support using the owner's email. If there are admins set up, you may request that support promote one of them to the owner role. If the owner email no longer exists, please recreate the inbox. > [!NOTE] Support will not perform admin promotion > Support will only perform admin promotion if the request comes from the owner's email address. There are no exceptions to this policy. ### No - **Attempt to recover the account**: If no admins exist, you will need to manually back up your organization data and start over as soon as possible. To backup the organization information: - Export organizational vault data using the Bitwarden [export](https://bitwarden.com/it-it/help/export-your-data/#export-an-organization-vault/). This requires a user to have a [custom role](https://bitwarden.com/it-it/help/user-types-access-control/#custom-role/) with access to import/export. - If no users have custom role with access to Bitwarden export, users may manually copy & paste data for an export of organization vault data. > [!NOTE] Subscription lapse before backup > If the organization's subscription lapses before you can perform a backup, please contact support to request a temporary service activation in order to export organizational data. ## I have to cancel an active subscription Do you have access to the owner or billing contact email? ### Yes If you do have access to the owner or billing contact email address: - **Contact support using the owner or billing contact email address**: If the subscription is still active, you may cancel it by contacting Bitwarden support using the email associated with the billing account. - You may cancel future renewals of an active subscription by contacting Bitwarden support using the email associated as an organization owner, or the billing contact. The authorized billing contact is the email address that receives invoices, payment reminders, and receipts. ### No If you do not have access to the owner or billing contact email address: - **Contact support and provide default payment method details**: You may authorize the removal of a payment method by contacting support and providing the following payment method details: - Expiration date of the card used in the last payment. - Last 4 digits of the card used for the last payment. - Date of the last payment. - Amount of the last payment. > [!NOTE] Cancel subscription without owner > This information will help Bitwarden support confirm your identity and process the cancellation request, see [here](https://bitwarden.com/it-it/help/update-billing-info/#update-billing-email/) for additional information. --- URL: https://bitwarden.com/it-it/help/managing-items/ --- # Vault Items ## Item types Bitwarden can securely store more than just usernames and passwords. There are five types of items you can store in your vault: - **Login**: Store username and password combinations for easy autofill [on browser extensions](https://bitwarden.com/it-it/help/auto-fill-browser/), [on iOS apps](https://bitwarden.com/it-it/help/auto-fill-ios/) and [on Android apps](https://bitwarden.com/it-it/help/auto-fill-android/). Login items can also store [passkeys](https://bitwarden.com/it-it/help/storing-passkeys/) and, for Premium users, [verification codes](https://bitwarden.com/it-it/help/integrated-authenticator/). - **Card**: Store credit or debit card information for easy [autofill on browser extensions and Android](https://bitwarden.com/it-it/help/auto-fill-card-id/) apps during online checkouts. - **Identity**: Store identity information, like mailing addresses, for easy [autofill on browser extensions and Android](https://bitwarden.com/it-it/help/auto-fill-card-id/) apps during a variety of online form submissions. - **Secure note**: Store freeform text for any kind of information you want protected. - **SSH key**: Use Bitwarden [as an SSH agent](https://bitwarden.com/it-it/help/ssh-agent/). ## Add items > [!TIP] This's manual, but you can also import. > This section will cover manually adding a vault item, but for many users Bitwarden recommends [importing items](https://bitwarden.com/it-it/help/import-data/) directly into your vault from most password managers or web browsers. You can add vault items from any Bitwarden app: ### Web app Select the + **New** button and choose the item type to create: ![Add an item](https://bitwarden.com/assets/5kGYpHHu4197INxX5kOetu/c1aa36b3847c9824b81466837229ec7d/webappnewtest.png) *Add an item* ### Browser extension Select the + **New** button and choose the item type to create: ![Add an item](https://bitwarden.com/assets/3CGG1jYRfgQqi5UlWuwliO/c95b2da5c9e64564c1aa7842207a3a6f/extnew1.png) *Add an item* ### Mobile Select the + **New** button and choose the item type to create: ![Add an item](https://bitwarden.com/assets/cMVnILAl9uoih1iTqIHx9/19168711ae327ea490fa51c8d9c27ff3/mobilenew1.png) *Add an item* ### Desktop ![Add an item](https://bitwarden.com/assets/7xia34eJyx1K8Gy8IXajQ7/af2b2ef342350a68b000c405ee698ab4/2026-04-23_09-58-10.png) *Add an item* ### CLI Use the `create` command to add a new item. Refer to the [CLI documentation](https://bitwarden.com/it-it/help/cli/) for more information. ## Manage items You can manage your vault items from any Bitwarden app: ### Edit To edit an item: ### Web app Select the ⋮ options menu for the item you want to edit: > [!TIP] You can right-click on the web app. > You can also right-click the item to call up the same menu. ![Edit or delete an item](https://bitwarden.com/assets/5FmC9ha8GQ4IKU8UM1ra4x/d470974c62468ba565e58ca1917db0b1/webnew1.png) *Edit or delete an item* ### Browser extension Select an item to open it and select **Edit**: ![Edit or delete an item](https://bitwarden.com/assets/2q1EZnISzEG3i8iU4vTKj6/b13c46c27a7fb896f31f81485859459f/extnew4.png) *Edit or delete an item* ### Mobile Select the ⋮ options menu for the item you want to edit and select **Edit**: ![Edit an item](https://bitwarden.com/assets/357lJe8JKMXNKEhYKUDn4u/31d5f1f811eb35b8b142f9a6f751dae2/2025-11-10_12-05-53.png) *Edit an item* ### Desktop Select an item to open it and select the [pencil] edit icon: ![Edit an item](https://bitwarden.com/assets/6Y4kK7J9aLmo9SDY7Ne8VE/63bbce3c7f3e0f99d6c0783c0b367a16/2026-04-23_10-02-08.png) *Edit an item* ### CLI Use the `edit` command to add a new item. Refer to the [CLI documentation](https://bitwarden.com/it-it/help/cli/) for more information. ### Archive Archiving is a useful tool for decluttering your vault. Archived items are excluded from search results and autofill suggestions, but included in exports. Archiving: - Is available for all paid plans, including premium users and members of paid organizations. If that subscription ever lapses, users **will not** lose access to archived items. - Is available for organization items and individually-owned items. Like [favorites](https://bitwarden.com/it-it/help/favorites/), one user's choice to archive an item will not archive that items for any other users that have access to it. - **Does not** remove items from reporting or exports. To archive an item: ### Web app 1. Select the item(s) you want to archive and use the ⋮ options menu to choose **Archive**: ![Archive with the web app](https://bitwarden.com/assets/1aRyGxLdpcvGF3fM2Bbd17/24408086dd8835286d079cb48cd6069a/2026-01-27_10-28-36.png) *Archive with the web app* 2. Confirm your choice by selecting **Archive** in the dialogue. ##### Unarchive On the web app, select **Archive** from your vault filters in order to view your archived items and use the ⋮ options menu to choose **Unarchive**to restore an item to normal vault behavior. ### Browser extension 1. Use the ⋮ options menu for the item you want to archive and choose **Archive**. ![Archive with the browser extension](https://bitwarden.com/assets/40gA9zgbeBjx2gw77H61kM/08e93903af859aa75bbdd277b4098a90/2026-01-27_10-40-25.png) *Archive with the browser extension* 2. Confirm your choice by selecting **Archive** in the dialogue. ##### Unarchive On browser extensions, navigate to **Settings** → **Vault options** → **Archive** to view your archived items and use the ⋮ options menu to choose **Unarchive**to restore an item to normal vault behavior. ### Mobile Use the ⋯ options menu for the item you want to archive and choose **Archive**: ![Archive with the mobile app](https://bitwarden.com/assets/rrxmgUU3pLqQrYa5wDDb9/fd90c478bacd1c366e59b4be3d07b185/2026-02-23_11-48-54.png) *Archive with the mobile app* ##### Unarchive On mobile apps, select **Archive** from your vault filters in order to view your archived items and use the ⋯ options menu to choose **Unarchive**to restore an item to normal vault behavior. ### Desktop 1. Open the item you want to archive and select the **Archive** button. ![Archive with the desktop app](https://bitwarden.com/assets/kOYhUPQwYRL9Rm0SKwxsf/9bef4129b95edcb3189cb114863a117f/2026-04-23_10-02-08-1.png) *Archive with the desktop app* 2. Confirm your choice by selecting **Archive** in the dialogue. ##### Unarchive On desktop apps, select **Archive** from your vault filters in order to view your archived items use the ⋮ options menu to choose **Unarchive**to restore an item to normal vault behavior. ### CLI To archive an item, use the command `bw archive item ` where `` represents the unique identifier of the item you want to archive. To view items in your archive, use the command `bw list --archive`. ### Delete To delete an item: ### Web app Select the ⋮ options menu for the item and select 🗑️ **Delete**: ![Item options](https://bitwarden.com/assets/3OYHvfRCDy3OphkbEHIJEA/fa47beb671d6efc34a18d05daf630aff/webappnewtest3.png) *Item options* ### Browser extension Select an item to open it and select the 🗑️ Delete icon: ![Edit or delete an item](https://bitwarden.com/assets/2q1EZnISzEG3i8iU4vTKj6/b13c46c27a7fb896f31f81485859459f/extnew4.png) *Edit or delete an item* ### Mobile Tap an item to open it and select the ⋮ options menu for the item: ![Item options](https://bitwarden.com/assets/6XFamLqIYX26cUY5LWQbPE/1a6000050526e7f4f9e8bfcad93619fe/2025-11-10_12-06-19.png) *Item options* ### Desktop Select an item to open it and select the 🗑️ Delete icon: ![Delete an item](https://bitwarden.com/assets/1E8ieEw6639tLYAxe2HYir/2ec594025ea37103c9cf0de93c41e9aa/2026-04-23_10-02-08-2.png) *Delete an item* ### CLI Use the `delete` command to add a new item. Refer to the [CLI documentation](https://bitwarden.com/it-it/help/cli/) for more information. #### Vault trash Deleted items are sent to the trash, where they remain for 30 days after deletion. Once 30 days have elapsed, the item will be permanently deleted and not recoverable. In the trash, you can **Restore** an item to your vault or **Permanently delete** it prior to the 30-day waiting period using the ⋮ menu: ### Web app Select **Trash**from the Filters menu: ![Trash in the web app](https://bitwarden.com/assets/36mo5LyroRq1BhOcjSsBb7/a05100ab172376caf15b4c454beee321/2024-12-02_14-39-40.png) ### Browser extension Navigate to **Settings** → **Vault** → **Trash**: ![Trash in browser extensions](https://bitwarden.com/assets/5Q0mgKjaDiIKy5ymlVaUnS/fa72b454697bedd7319da17ba671a9e5/2025-04-15_09-33-59.png) ### Mobile On the **Vaults** tab, scroll down to **Trash** and select the item: ![Trash in mobile apps](https://bitwarden.com/assets/7HwDVQp0ma6RxU95ILNVtI/52275cc54ff5d789f8825d225edb0ecf/2025-04-15_10-22-16.png) ### Desktop Select **Trash**from the navigation: ![Trash in the desktop app](https://bitwarden.com/assets/viaKopya1CJ9N6mWKyLV6/b6a8a6e6fc9449ac1630f89deee9da79/2026-04-23_10-08-16.png) *Trash in the desktop app* ### Clone You can clone any item that you have ownership of to create a duplicate item. If an item is owned by an organization, it can only be cloned by a members with [**Can manage**](https://bitwarden.com/it-it/help/collection-management/#collection-management-settings/) access to the item's collection and can only be done from the web app: ### Web app Select the ⋮ options menu for the item you want to duplicate and select [clone] **Clone**: ![Item options](https://bitwarden.com/assets/3OYHvfRCDy3OphkbEHIJEA/fa47beb671d6efc34a18d05daf630aff/webappnewtest3.png) *Item options* ### Browser extension Select the ⋮ options menu for the item you want to duplicate and select [clone] **Clone**: ![Item options](https://bitwarden.com/assets/10bowrbDmxxf8SxrMhplmJ/01597fd4926492def941caf556cd9d12/extnew5.png) *Item options* ### Mobile Tap an item to open it and select the ⋮ options menu for the item: ![Item options](https://bitwarden.com/assets/6XFamLqIYX26cUY5LWQbPE/1a6000050526e7f4f9e8bfcad93619fe/2025-11-10_12-06-19.png) *Item options* ### Desktop Select the ⋮ options menu for the item you want to duplicate and select [clone] **Clone**: ![Clone an item](https://bitwarden.com/assets/5KRdegIaIbOHxGkMj64Fs9/fce91fc0bc5cabfa299d1fd522c0da7d/2026-04-23_10-12-38.png) *Clone an item* > [!NOTE] Passkeys not cloned > [Passkeys](https://bitwarden.com/it-it/help/storing-passkeys/) are not copied when an item is cloned. The new item will include the same details as the original one, except the passkey field will be empty. ## Share items If you're a member of an [organization](https://bitwarden.com/it-it/help/about-organizations/), you can [assign vault items to your organization's collections](https://bitwarden.com/it-it/help/sharing/), transferring ownership of the vault item to the organization. To share with other organization members, use the ⋮ menu: ![Assign to collections](https://bitwarden.com/assets/stm9byteqzZn9dvqonHrc/0da481b0cf1f54457d08ae02fd917377/2024-12-02_14-33-34.png) ## Next steps Now that you understand the basics of working with vault items, we recommend: - Learning how to navigate your vault using [search](https://bitwarden.com/it-it/help/searching-vault/), [filtering](https://bitwarden.com/it-it/help/filter-your-vault/), and organizing them in [favorites](https://bitwarden.com/it-it/help/favorites/) and [folders](https://bitwarden.com/it-it/help/folders/). - Learning about what else you can add to items, including [custom fields](https://bitwarden.com/it-it/help/custom-fields/), [TOTP seeds](https://bitwarden.com/it-it/help/integrated-authenticator/), and [file attachments](https://bitwarden.com/it-it/help/attachments/). --- URL: https://bitwarden.com/it-it/help/managing-users/ --- # Invite & Manage Members Add and manage your organization members to ensure the right people have access to Bitwarden. > [!NOTE] Different user provisioning methods > This article discusses only one of the available methods to invite users and manage your subscription’s seat count: > > - All organizations can [manually invite users](https://bitwarden.com/it-it/help/managing-users/) and update the [seat count](https://bitwarden.com/it-it/help/manage-subscription-seats-in-your-organization/). > - Teams and Enterprise organizations can use [SCIM](https://bitwarden.com/it-it/help/about-scim/). > - Teams and Enterprise organizations can use [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/). > - Enterprise organizations can use [just-in-time (JIT)](https://bitwarden.com/it-it/help/jit-provisioning/). ## Add new members To ensure the security of your organization, Bitwarden applies a three-step process for adding and onboarding a new member: [invite](https://bitwarden.com/it-it/help/managing-users/#invite/) → [accept](https://bitwarden.com/it-it/help/managing-users/#accept/) → [confirm](https://bitwarden.com/it-it/help/managing-users/#confirm/). This is designed to facilitate secure sharing between organizations and users by maintaining end-to-end encryption. ### Invite > [!TIP] Enterprise policy before inviting users > For Enterprise organizations, Bitwarden recommends configuring [Enterprise policies](https://bitwarden.com/it-it/help/policies/) prior to inviting members to ensure compliance on entrance to your organization. To invite someone to your organization: 1. Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) *Product switcher* 2. Navigate to **Members** and select + **Invite User**: ![Invita un membro a un'organizzazione](https://bitwarden.com/assets/7AJjR4oqEnCH3A89YYoWpH/498d594fa9703bee9c5f49e2af9f83d0/Invite_member_to_an_organization.png) *Invita un membro a un'organizzazione* 3. On the Invite user panel: - Enter the **Email** address where new users should receive invites. You can add multiple users at a time by comma-separating email addresses. - Select the **Member role** to be applied to new users. [Member role](https://bitwarden.com/it-it/help/user-types-access-control/) will determine what permissions these users will have at an organizational level. - In the **Groups**tab, select which [groups](https://bitwarden.com/it-it/help/about-groups/) to add this user to. - In the **Collections**tab, select collects to give this user access to and what [permissions](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/) they should have to each collection. 4. Click **Save** to invite the designated users to your organization. > [!NOTE] Invitations expire > **Invitations expire after five days**, at which point the member will need to be re-invited. Re-invite members in bulk by selecting each member and using the ⋮ **Options icons**to select **Resend invitations**: > > > ![Resend invitations in bulk](https://bitwarden.com/assets/1yj3MLJDTr7zOn5TwP0FGJ/67a16c6ee6ee14a92aa350986244e164/Resend_invitations.png) > *Resend invitations in bulk* > > If you're self-hosting Bitwarden, you can configure the invitation expiration period [using an environment variable](https://bitwarden.com/it-it/help/environment-variables/). ### Accept Invited users will receive an email from Bitwarden inviting them to join the organization. Clicking the link in the email will open the Bitwarden web app, where the user can log in or create an account to accept the invitation: ![Invito all'organizzazione](https://bitwarden.com/assets/4Fe96NuWb7yRe6muKf7UbZ/bcb1a8df0bc2ffdecbcd86b82d16c9a3/2025-09-03_10-41-25.png) *Invito all'organizzazione* You must **fully log in to the Bitwarden web app** to accept the invitation. When you accept an invitation, an administrator will need to [confirm](https://bitwarden.com/it-it/help/managing-users/#confirm/) access. Once confirmed, you'll be notified that you can access the organization. Additionally, organization members will have their [email automatically verified](https://bitwarden.com/it-it/help/product-faqs/#q-what-features-are-unlocked-when-i-verify-my-email/) when they accept an invitation. ### Confirm To confirm accepted invitations into your organization: 1. Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) *Product switcher* 2. Navigate to **Members**. 3. Select any `Accepted` users and use the ⋮ options menu to ✓ **Confirm selected**: ![Confirm member to an organization](https://bitwarden.com/assets/5eRDRAooRSGqRWJYZB5fgz/f3eac670d95664be963d2b38eddf68b5/Confirm_member_to_an_organization.png) *Confirm member to an organization* 4. Verify that the [fingerprint phrase](https://bitwarden.com/it-it/help/fingerprint-phrase/) on your screen matches the one your new member can find in **Settings** → **My account**: ![Fingerprint phrase ](https://bitwarden.com/assets/6sWPBv5GFAyMcULNxfCCJG/b3115a77e0d8d8d48fcc1f9e24e42d70/fingerprint-phrase.png) *Fingerprint phrase * Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select **Submit**. > [!NOTE] Clear cache and cookie to restore fingerprint phrase prompt > If **Never prompt to verify fingerprint phrases** has been toggled on, fingerprint phrase verification be reactivated by clearing the browser cache and cookies. ## Manage existing members From the **Members** page, you can also review and update individual members' accounts, like adding them to groups, collections, or the Secrets Manager. Select the ⋮ **Menu icon** for available options per user: ![Update member](https://bitwarden.com/assets/5tspjHKPHunTlRhylIJo5O/c707a3e1780364f8820832c216b5ca64/Update_member.png) *Update member* ### Review 2FA and account recovery status The **Members** page also notes which users have set up certain features in the **Policies** column. The 🔑 **Key icon** means the member is enrolled in [account recovery](https://bitwarden.com/it-it/help/account-recovery/). The 🔒 **Lock icon** is present when [two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) is used: ![2FA status](https://bitwarden.com/assets/HNlJNX9VJVURxGqrrBdRb/1592f5c29694cf36e973ddac553e95e1/2FA_status.png) *2FA status* ### Download list of members If you want to view or share a list of all organization members outside of the Admin Console, owners, admins, and [custom role](https://bitwarden.com/it-it/help/user-types-access-control/#custom-roles/) users with **Manage users** permission can export a `.csv`. This is available to all organizations. To export your member list, go to **Members** and select the ⬇️ **Download icon**: ![Export member list](https://bitwarden.com/assets/6FCI1z0EtjbNAgeK5DZVx6/0e9b448678e95f10249a009d5d7f5aba/Export_member_list.png) *Export member list* > [!NOTE] Custom role, account recovery, member export > Custom role users with **Manage account recovery** permission but not **Manage users** permission can download a `.csv` that only shows members who are enrolled in [account recovery](https://bitwarden.com/it-it/help/account-recovery/). All other members are excluded from the file. #### Included data The member list export includes the following information about each account: | Column | Description | |------|------| | Email | The email address of the account | | Name | The name of the user, from **Settings** → **My account** | | Status | Shows where the account is in [onboarding](https://bitwarden.com/it-it/help/managing-users/#add-new-members/) (**Invited**, **Accepted**, or **Confirmed**) or if the account is [**Revoked**](https://bitwarden.com/it-it/help/revoke-users/) from the organization | | Role | The user's [member role](https://bitwarden.com/it-it/help/user-types-access-control/) in the organization | | Two-step login | Shows if the user logs in with any [two-step login method](https://bitwarden.com/it-it/help/setup-two-step-login/) | | Account recovery | Shows if the user is enrolled in [account recovery](https://bitwarden.com/it-it/help/account-recovery/) | | Secrets Manager | Shows if the [Secrets Manager](https://bitwarden.com/it-it/help/secrets-manager-overview/) is activated for the member | | Groups | Lists all groups that include the member | > [!TIP] Check collection access via Member access report > Enterprise organizations can review the [Member access report](https://bitwarden.com/it-it/help/reports/#member-access/) to learn which collection(s) members have access to, their level of permission within each assigned collection, and more. ### Remove users The **Members** page is also where you can withdraw someone from an organization. There are three methods: - [Temporarily revoke access](https://bitwarden.com/it-it/help/revoke-users/) - [Permanently remove access](https://bitwarden.com/it-it/help/remove-users/) - [Delete organization member accounts](https://bitwarden.com/it-it/help/delete-member-accounts/) > [!WARNING] Danger Zone > Deleting an account is permanent and cannot be undone or restored. To create a backup of your vault data to store in a safe location, [export your vault data](https://bitwarden.com/it-it/help/export-your-data/). --- URL: https://bitwarden.com/it-it/help/marketplace-deployments/ --- # Marketplace Deployments This article will walk you through deploying a self-hosted Bitwarden server using a pre-built virtual machine image from the AWS or Azure marketplace. These deployment options are a good fit for organizations that already operate in AWS or Azure and want to keep their Bitwarden server inside the same environment as the rest of their stack: - [Self-host Bitwarden via the AWS marketplace](https://aws.amazon.com/marketplace/pp/prodview-tuo4cqgcd3f5w) - [Self-host Bitwarden via the Azure marketplace](https://marketplace.microsoft.com/en-us/product/saas/bitwardeninc.bitwarden-self-host) These marketplace deployments launch a virtual machine (VM) with the core software requirements for self-hosting Bitwarden and the installation script pre-loaded. Once launched, you can SSH into the VM and start the installation script to complete the setup procedure. ## Before you begin ### Included in the image Both the AWS AMI and and Azure VM image are pre-loaded with: - Ubuntu 24.04 LTS - Docker Engine - Docker Compose - Bitwarden installation script > [!WARNING] OS support for marketplace deployments > The Bitwarden marketplace images are pre-loaded Ubuntu 24.04 LTS, however **operating system maintenance, patching, and OS-level troubleshooting are not in-scope for Bitwarden customer support**. You are responsible for maintaining the underlying OS, including applying security updates, monitoring, and backups as you would be for any other VM in your environment. ### Prerequisites Have the following ready: - An AWS or Azure account with permission to launch a VM from the marketplace. - An installation ID and key, retrieved from [bitwarden.com/host](https://bitwarden.com/it-it/host/). - A registered domain name with a DNS record pointing to the public IP your VM instance will use. - An SMTP server or cloud SMTP provider that the VM can reach. - An SSH key pair that can be used to access the VM. - (**Optional**) An SSL certificate to apply to the VM. Let's Encrypt can be used once you SSH into the VM to generate and issue a certificate for free. ## Deployment ### AWS 1. Subscribe to the product from the [Bitwarden self-hosted server listing on the AWS marketplace](https://aws.amazon.com/marketplace/pp/prodview-tuo4cqgcd3f5w). 2. Open the launch wizard for the AMI through the AWS console. 3. Configure the AMI. The launch wizard will allow you to specify VPC, subnet, security group and a few other attributes, but make sure to take note of the following: - The designated **security group** must open ports 80 and 443. - There are many **instance types** to choose from, but a recommendation is provided. - A **key pair** can be generated for accessing the VM once it's launched. 4. Launch the instance. Once it reaches a running state, SSH into the VM. The `./bitwarden.sh install` command will automatically be launched to [begin the installation wizard](https://bitwarden.com/it-it/help/install-on-premise-linux/#install-bitwarden/). > [!TIP] Skip some steps for marketplace deployments. > Because marketplace deployments are pre-packaged with the installation script, you can skip directly to **Step 3** ("Complete the prompts in the installer") in the linked instructions. ### Azure 1. Select **Get it now** from the [Bitwarden self-hosted server listing on the Azure marketplace](https://marketplace.microsoft.com/en-us/product/saas/bitwardeninc.bitwarden-self-host). Azure will require you to enter information about your Azure account, like first and last name, before proceeding. 2. Choose which subscription to associate the VM with and select **Create** to launch the VM creation wizard. 3. Configure the AMI. The creation wizard will allow you to specify a wide variety of attributes, but make sure to take note of the following: - The designated **Network** **Security Group** must open ports 80 and 443. - There are many VM**sizes** to choose from, but a recommendation is provided. - A **key pair** can be generated for accessing the VM once it's launched. 4. Review and create the VM. Once it reaches a running state, SSH into the VM.he `./bitwarden.sh install` command will automatically be launched to [begin the installation wizard](https://bitwarden.com/it-it/help/install-on-premise-linux/#install-bitwarden/). > [!TIP] Skip some steps for marketplace deployments. > Because marketplace deployments are pre-packaged with the installation script, you can skip directly to **Step 3** ("Complete the prompts in the installer") in the linked instructions. ## Additional information ### Support Bitwarden customer support covers the Bitwarden server and its configuration. For operating system support, including system maintenance, patching, and OS-level troubleshooting refer to your OS vendor's support infrastructure. For cloud account and platform support, refer to AWS or Azure's support infrastructure. ### Costs The Bitwarden marketplace images are available at no extra charge through Bitwarden or the AWS and Azure marketplaces. You will be billed: - By Bitwarden, as normal, for your subscription based on plan and seat count. - By AWS or Azure, as for any other application, for compute and storage costs. ### Automatic updates Marketplace deployments are setup by default with a cronjob that automatically applies updates to keep your Bitwarden server current. Updates to the Bitwarden server are applied in place using the [installation script's pre-packaged update commands](https://bitwarden.com/it-it/help/updating-on-premise/). To prevent downtime in the case of an unexpected update failure, Bitwarden **strongly recommends** that you put in place systems for regularly [backing up server data](https://bitwarden.com/it-it/help/backup-on-premise/) and for monitoring server availability. --- URL: https://bitwarden.com/it-it/help/master-password-re-prompt/ --- # Master Password Re-Prompt For any [item](https://bitwarden.com/it-it/help/managing-items/), you can activate the **Master password re-prompt** option from the Add or Edit screen to require verification of your [master password](https://bitwarden.com/it-it/help/master-password/) to access or autofill sensitive vault items: ![Master password re-prompt ](https://bitwarden.com/assets/sgKb0RX5hGdrdKLmXcR0R/f78654839e18b3f474dd3e95ed0d203c/2024-12-02_14-38-06.png) Master password re-prompt will behave slightly differently depending on which app you're using, for example: - In the web app, browser extension, and desktop app viewing the item or editing anything about it with this enabled will require you to re-enter your master password. - On mobile apps, only viewing hidden fields (e.g. passwords, hidden custom fields, credit card numbers) will require you to re-enter your master password. Editing anything about the item will also require you to re-enter your master password. Users who do not have master passwords, for example those in organizations using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/), will not have the master password re-prompt option available to them. Additionally, trusted contacts using [emergency access](https://bitwarden.com/it-it/help/emergency-access/#use-emergency-access/) will not be required to re-enter a master password in order to view a protected vault item. > [!WARNING] MPW Reprompt isn't encryption. > Master password re-prompt **is not** an encryption mechanism. This feature is an interface-only guardrail that a sophisticated user may find ways to work around. We recommend **never** leaving your vault unlocked when unattended or on a shared workstation. ## --- URL: https://bitwarden.com/it-it/help/master-password/ --- # My Master Password Your master password is the primary method for accessing Bitwarden. It's important that your master password is: - **Memorable**: Bitwarden employees and systems have **no** knowledge of, way to retrieve, or way to reset your master password. **Do not forget your master password.** - **Strong**: A longer, more complex, and less common password is the best way to protect your account. Bitwarden provides a free [**password strength testing tool**](https://bitwarden.com/it-it/password-strength/) to test the strength of some memorable passwords you are considering. Master passwords made after the [2023.3.0 release](https://bitwarden.com/it-it/help/releasenotes/) must be at least 12 characters. > [!TIP] Tips to mitigate forgetting master password. > Worried about forgetting your master password? Here's what to do: > > - **Set up a hint**. In case you need a reminder, a master password hint email can be requested on the login screen. Make sure you use a hint that only you will understand. > - **Designate a**[**trusted emergency contact**](https://bitwarden.com/it-it/help/emergency-access/). Users with premium access can grant account access to a friend or family member in the case of emergency. ## Change master password You can change your master password from the web app, browser extension, or desktop app. You'll need to know your current master password in order to do so: ### Web app In the web app: 1. Select **Settings** → **Security** from the navigation. 2. Select the **Master password** tab: ![Master password settings](https://bitwarden.com/assets/2Svv0PwlH9i7SSK73dlv9A/e451afb190346e492110a7bf1bd3a518/Master_password_settings.png) *Master password settings* 3. Enter your **Current master password**. 4. Enter and confirm your **New master password**. 5. (Optional) **Enter a Master password hint** that will help you recall your password. When requested, the hint is sent to the account holder's email. 6. (Optional) If you want to check your master password through [HIBP](https://haveibeenpwned.com/) before submitting it, check **Check known data breaches for the password** to run the [Data Breach report](https://bitwarden.com/it-it/help/reports/#data-breach-individual-vaults-only/). This will send a hash of your master password to HIBP and compare it to stored exposed hashes. Your master password itself is never exposed by Bitwarden. > [!WARNING] Rotate account encryption key. > Don't check the **rotate account's encryption key** box unless you fully understand the ramifications and required follow-up actions. [Learn more](https://bitwarden.com/it-it/help/account-encryption-key/). 7. Select the **Change master password** button. Changing your master password will automatically log you out of the web vault session. Other logged-in apps may remain active for up to an hour, but will eventually also require you to log back in with your new master password. ### Browser extension In the browser extension: 1. Open the **Settings** tab and select **Account security**. 2. Scroll to the **Other options** section and select **Change master password**: ![Change master password on browser extension](https://bitwarden.com/assets/13NQDBUne0d99ssQlhxnTy/5320be0c494c351f808db48db48105ba/2026-04-21_09-58-31.png) *Change master password on browser extension* 3. Enter your **Current master password**. 4. Enter and confirm your **New master password**. 5. (Optional) **Enter a Master password hint** that will help you recall your password. When requested, the hint is sent to the account holder's email. 6. (Optional) If you want to check your master password through [HIBP](https://haveibeenpwned.com/) before submitting it, check **Check known data breaches for the password** to run the [Data Breach report](https://bitwarden.com/it-it/help/reports/#data-breach-individual-vaults-only/). This will send a hash of your master password to HIBP and compare it to stored exposed hashes. Your master password itself is never exposed by Bitwarden. 7. Select the **Change master password** button. Changing your master password will automatically log you out of the web vault session. Other logged-in apps may remain active for up to an hour, but will eventually also require you to log back in with your new master password. ### Desktop app In the desktop app: 1. From the menu bar, select **Account** → **Change master password**: ![Change master password on desktop](https://bitwarden.com/assets/5X1HjOgjvRg0ewMD30zYaY/4d9dfb5f92429b3b42d5111e0b759ca5/2026-04-21_09-00-24.png) *Change master password on desktop* 2. Enter your **Current master password**. 3. Enter and confirm your **New master password**. 4. (Optional) **Enter a Master password hint** that will help you recall your password. When requested, the hint is sent to the account holder's email. 5. (Optional) If you want to check your master password through [HIBP](https://haveibeenpwned.com/) before submitting it, check **Check known data breaches for the password** to run the [Data Breach report](https://bitwarden.com/it-it/help/reports/#data-breach-individual-vaults-only/). This will send a hash of your master password to HIBP and compare it to stored exposed hashes. Your master password itself is never exposed by Bitwarden. 6. Select the **Change master password** button. Changing your master password will automatically log you out of the web vault session. Other logged-in apps may remain active for up to an hour, but will eventually also require you to log back in with your new master password. ## I forgot my master password Learn what to do if you [forget your master password](https://bitwarden.com/it-it/help/forgot-master-password/). ## Additional login options Your master password is a requirement for setting up your Bitwarden account. Depending on how you or your organization interact with Bitwarden, additional options are available for accessing your Bitwarden account. | Method | Description | |------|------| | [Log in with device](https://bitwarden.com/it-it/help/log-in-with-device/) | Login with device is an option to utilize a trusted secondary device that can send authentication requests to Bitwarden. | | [Log in with SSO](https://bitwarden.com/it-it/help/about-sso/) | Bitwarden users who are part of an organization that utilizes login with single sign-on(SSO) can login leveraging an existing identity provider, that will authenticate the user. | | [Log in with passkeys](https://bitwarden.com/it-it/help/login-with-passkeys/) | Passkeys can be used to log in to Bitwarden as an alternative to using your master password and email, and some passkeys can be used for vault encryption and decryption. | | [Unlock with biometrics](https://bitwarden.com/it-it/help/biometrics/) and [unlock with PIN](https://bitwarden.com/it-it/help/unlock-with-pin/) | While using unlock with biometrics or PIN is not an alternative login method, it allows you to access a locked account with system biometrics or a PIN instead of a master password. | ## Next steps Now that you have created a **memorable** and **strong** master password, we recommend: - [Further securing your account with two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) - [Enabling emergency access](https://bitwarden.com/it-it/help/emergency-access/) (requires premium) --- URL: https://bitwarden.com/it-it/help/microsoft-entra-id-scim-integration/ --- # Microsoft Entra ID SCIM System for cross-domain identity management (SCIM) can be used to automatically provision and de-provision members and groups in your Bitwarden organization. > [!NOTE] SCIM vs. BWDC > SCIM integrations are available for **Teams and Enterprise organizations**. Customers not using a SCIM-compatible identity provider may consider using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) as an alternative means of provisioning. This article will help you configure a SCIM integration with Azure. Configuration involves working simultaneously with the Bitwarden web vault and Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented. > [!TIP] Entra ID Soft Guide > **Already an expert?** Skip the instructions in this article and download the quick configuration guide to setup SSO and SCIM with Entra ID. > > ⬇️ [Quick reference guide](https://bitwarden.com/assets/1Qe8NasMRjmKyO575a9i5w/7b8fb2eb28b1939149868eca0ca38797/entra-id-guide.pdf) ## Enable SCIM > [!NOTE] Self-hosting SCIM > **Are you self-hosting Bitwarden?** If so, complete these steps to [set up SCIM for your server](https://bitwarden.com/it-it/help/self-hosting-scim/) before proceeding. To start your SCIM integration, open the Admin Console and navigate to **Settings**→ **SCIM provisioning**: ![SCIM provisioning](https://bitwarden.com/assets/6sw1kuK7GuZ3dfQkkbs6rV/e665df6992fb880114fcef82e4e4c07c/SCIM_provisioning_URL_and_API_key.png) Select the **Enable SCIM**checkbox and take note of your **SCIM URL**and **SCIM API Key**. You will need to use both values in a later step. ## Create an enterprise application > [!TIP] SCIM if SSO already exists (Azure). > If you are already using this IdP for SAML SSO, open that existing enterprise application and [skip to this step](https://bitwarden.com/it-it/help/microsoft-entra-id-scim-integration/#enable-provisioning/). Otherwise, proceed with this section to create a new application In the Azure Portal, navigate to **Microsoft Entra ID**and select **Enterprise applications**from the navigation menu: ![Enterprise applications ](https://bitwarden.com/assets/69h0vJlyvkF5J6tsKfQ7jd/4994ed3200bdce4b5faea87e1ac2de83/Enterprise_application.png) Select the + **New application** button: ![Create new application ](https://bitwarden.com/assets/7f6vbFmJRpfwDXbjHNKp1i/c314ef0bcbb68306858fa0f76da1e369/new_application.png) On the Browse **Microsoft Entra ID** Gallery screen, select the + **Create your own application** button: ![Create your own application ](https://bitwarden.com/assets/6oF8nrPsl7riqg3jWFDk7N/5cf08062f5656e0aee44ea627a2071c5/Create_your_own_application.png) On the Create your own application screen, give the application a unique, Bitwarden-specific name. Choose the **Non-gallery**option and then select the **Create** button. ![Create Entra ID app](https://bitwarden.com/assets/2fCSl3wr0PPuTYBk9zisXd/0e8754a3163b6560d832306b4b88bb1b/create_entra_app.png) ### Enable provisioning Select **Provisioning**from the navigation and complete the following steps: ![Select Provisioning](https://bitwarden.com/assets/3FNghuESyQaW6EB4WfANSy/f0a1ef6cae75ccc9412e5f0e1396b5f1/Select_Provisioning.png) 1. Select the + **New configuration** button. 2. In the **Select authentication method** dropdown, select **Bearer authentication**. 3. Enter your SCIM URL ([learn more](https://bitwarden.com/it-it/help/microsoft-entra-id-scim-integration/#enable-scim/)) in the **Tenant URL**field. 4. Enter your SCIM API Key ([learn more](https://bitwarden.com/it-it/help/microsoft-entra-id-scim-integration/#enable-scim/)) in the **Secret Token**field. 5. Select the **Test Connection**button. 6. If your connection test successfully, select the **Save**button. ### Mappings This screen is available while performing initial setup for the Enterprise Application, or by navigating to the Enterprise Application, and selecting **Provisioning** under the **Manage**section of the left-hand menu, and then selecting **Edit Provisioning** at the top. Bitwarden uses standard SCIM v2 attribute names, though these may differ from Microsoft Entra ID attribute names. The default mappings will work, but you can use this section to make changes if you wish. #### User mapping If you would like User objects in your directory to synchronize with Bitwarden, you may enable or disable **Provision Microsoft Entra ID Users**. This is enabled by default. Select the **Provision Microsoft Entra ID Users** link to customize the attributes sent to Bitwarden with user objects. The following table describes the default mappings for attributes used by Bitwarden: | **Bitwarden attribute** | **Default AAD attribute** | |------|------| | `active` | `Switch([IsSoftDeleted], , "False", "True", "True", "False")` | | `emails`ª or `userName` | `mail `or `userPrincipalName` | | `displayName` | `displayName` | | `externalId` | `mailNickname` | ª - Because SCIM allows users to have multiple email addresses expressed as an array of objects, Bitwarden will use the `value` of the object which contains `"primary": true`. #### User mapping with object identifiers User mappings may be more performant if they prioritize mapping on an Entra `objectId` over other attributes. Mapping in this way will preserve the connection to a Bitwarden account if the corresponding Entra ID account's email address changes, for example in the case of a name change. To implement this, make the following changes to your user mapping scheme: - Map the `externalId` to `objectId` instead of `mailNickname`. - For the `externalId` to `objectId` mapping, set **Match objects using this attribute** to Yes. - For the `externalId` to `objectId` mapping, set **Matching precedence** to 1. - For the `userName` (**customerappsso Attribute**) to `userPrincipalName` or `mail` (**Microsoft Entra ID Attribute**) mapping, set **Matching precedence** to 2. > [!WARNING] Changing Entra SCIM Mapping ex-post-facto > If you're implementing this mapping strategy **after users have already been synced to Bitwarden**using SCIM, note that those already-synced users will not have had external IDs set by an Entra ID object ID. For these users, use the [Public API's](https://bitwarden.com/it-it/help/api/) `/public/members/{id}` endpoint to set their external IDs. #### Group mapping If you would like Group objects in your directory to synchronize with Bitwarden, you may enable or disable **Provision Microsoft Entra ID Groups**. This option is enabled by default. Select the **Provision Microsoft Entra ID Groups** link to customize the attributes sent to Bitwarden with the groups objects if you wish to make changes according to the following table: | **Bitwarden attribute** | **Default AAD attribute** | |------|------| | `displayName` | `displayName` | | `members` | `members` | | `externalId` | `objectId` | ### Settings Under the **Settings**dropdown, choose: - Whether to send an email notification when failure occurs, and if so, what address to send it to (recommended). - Whether to **sync only assigned users and groups** or **sync all users and groups**. This setting is modified based your Mapping configuration. For example, if Group mapping is disabled, Groups added to the Enterprise Application will synchronize only the User objects who are members of the Group, and not create the Group in Bitwarden itself. If you choose to sync all users and groups, skip the next step, as your entire directory will be synchronized, depending on your Mapping settings. ## Assign users and groups Complete this step if you have selected to **sync only assigned users and groups**from the provisioning settings. Select **Users and groups**from the navigation: ![Enterprise application users and groups](https://bitwarden.com/assets/5xXgCDxrB4wVlZmfsKmi2L/cad020d84786fa009a6636b01ce5d918/remove-name-2.png) Select the + **Add user/group**button to assign access to the SCIM application on a user or group level. The following sections describe how modifying users and groups in Azure will impact their counterparts in Bitwarden: #### Users If **Provision Microsoft Entra ID Users** has been enabled in your Mappings, the following actions are taken: - When a new user is assigned in Azure, the user is invited to your Bitwarden organization. - When a user who is already a member of your organization is assigned in Azure, the Bitwarden user is linked to the Azure user through their first available matching precedence attribute. - Users linked in this way are still subject to the other workflows in this list, however values like `displayName` and `externalId/mailNickname` are not automatically changed in Bitwarden. - When an assigned user is disabled via the `accountEnabled` property in Azure, the user has their access to the organization [revoked](https://bitwarden.com/it-it/help/about-scim/#member-status/). - When an assigned user is "soft" deleted in Azure, the user has their access to the organization [revoked](https://bitwarden.com/it-it/help/about-scim/#member-status/). - When the user is permanently deleted in Azure, the user is removed from the organization. - When an assigned user is removed from the Enterprise application in Azure, the user has their access to the organization [revoked](https://bitwarden.com/it-it/help/about-scim/#member-status/). - When an assigned user is removed from a group in Azure, the user is removed from that group in Bitwarden but remains a member of the organization. #### Groups If you have **Provision Microsoft Entra ID Groups** enabled in your Mappings, the following actions are taken: - When a new group is assigned in Azure, the group is created in Bitwarden. - Group members who are already members of your Bitwarden organization are added to the group. - Group members who are not already members of your Bitwarden organization are invited to join. - When a group that already exists in your Bitwarden organization is assigned in Azure, the Bitwarden group is linked to Azure through the first available matching precedence attribute. - Groups linked in this way will have their members synced from Azure. - When a group is renamed in Azure, it will be updated in Bitwarden as long as the initial sync has been made. - When a group is renamed in Bitwarden, it will be changed back to what it's named in Azure. Always change group names Azure-side. ## Start provisioning Once the application is fully configured, start provisioning by selecting the [play] **Start provisioning**button on the enterprise application's **Provisioning**page: ![Start provisioning](https://bitwarden.com/assets/1oJcKq2shIBPxySuKjaZLV/61bbe111c6e1a140698103ae00874d14/Start_provisioning_.png) ## Finish user onboarding Now that your users have been provisioned, they will receive invitations to join the organization. Instruct your users to [accept the invitation](https://bitwarden.com/it-it/help/managing-users/#accept/) and, once they have, [confirm them to the organization](https://bitwarden.com/it-it/help/managing-users/#confirm/). > [!NOTE] Invite/Accept/Confirm > The Invite → Accept → Confirm workflow facilitates the decryption key handshake that allows users to securely access organization vault data. --- URL: https://bitwarden.com/it-it/help/microsoft-entra-id/ --- # Sync with Microsoft Entra ID This article will help you get started using Directory Connector to sync users and groups from your Microsoft Entra ID Directory to your Bitwarden organization. ## Microsoft Entra ID Directory setup Complete the following processes from the Microsoft Azure Portal before configuring Directory Connector. Directory Connector will require information obtained from these processes to function properly. ### Create app registration Complete the following steps to create an app registration for Directory Connector: 1. From your Microsoft Azure portal, navigate to the **Microsoft Entra ID** directory. 2. From the left-hand navigation, select **App registrations**or enter **App registrations** into the search bar. 3. Select the **New registration** button and give your registration a Bitwarden-specific name (such as, `bitwarden-dc`). 4. Select **Register**. ### Grant app permissions Complete the following steps to grant the created app registration the required permissions: 1. On the created Bitwarden app, select **API Permissions** from the left-hand navigation. 2. Select the **Add a permission** button. 3. When prompted to select an API, select **Microsoft Graph**. 4. Set the following **Delegated permissions**: - User > User.ReadBasic.All (Read all users' basic profiles) - User > User.Read.All (Read all users' full profiles) - Group > Group.Read.All (Read all groups) - AdministrativeUnit > AdministrativeUnit.Read.All (Only required if you'll be syncing [Administrative Units](https://bitwarden.com/it-it/help/microsoft-entra-id/#specify-sync-filters/)) 5. Set the following **Application Permissions**: - User > User.Read.All (Read all users' full profiles) - Group > Group.Read.All (Read all groups) - AdministrativeUnit > AdministrativeUnit.Read.All (Only required if you'll be syncing [Administrative Units](https://bitwarden.com/it-it/help/microsoft-entra-id/#specify-sync-filters/)) 6. Back on the API Permissions page, select the **Grant admin consent for...** button. ### Create app secret key Complete the following steps to create a secret key to be used by Directory Connector: 1. On the created Bitwarden app, select **Certificates & secrets** from the left-hand navigation. 2. Select the **New client secret** button and add a Bitwarden-specific description (such as, `bitwarden-dc-secret`) and an expiration date. We recommend the longest expiration date period possible, and setting a reminder to update it when required. 3. Select **Save** once you have finished. 4. Copy the secret's **value** to a safe place for later use. ### Get app ID Complete the following steps to obtain the app ID to be used by Directory Connector: 1. On the created Bitwarden app, select **Overview** from the left-hand navigation. 2. Copy the **Application (client) ID** to a safe place for later use. ### Get tenant hostname Complete the following steps to obtain the tenant hostname to be used by Directory Connector: 1. From anywhere in the Azure portal, select the ⚙️ icon on the top right navigation bar. 2. Select the**Directory + subscription** filter button from the menu located on the left. 3. Copy the **Current directory:** value to a safe place for later use. ## Connect to your directory Complete the following steps to configure Directory Connector to use Microsoft Entra ID. If you haven't already, take the proper [Microsoft Entra ID setup](https://bitwarden.com/it-it/help/microsoft-entra-id/#microsoft-entra-id-directory-setup/) steps before proceeding: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Settings** tab. 3. From the **Type** dropdown, select **Azure Active Directory**. The available fields in this section will change according to your selected type. 4. Enter the collected [**tenant** **hostname**](https://bitwarden.com/it-it/help/microsoft-entra-id/#get-tenant-hostname/), [**application Id**](https://bitwarden.com/it-it/help/microsoft-entra-id/#get-app-id/), and [**secret key**](https://bitwarden.com/it-it/help/microsoft-entra-id/#create-app-secret-key/). ## Configure sync options > [!NOTE] Clear sync > When you are finished configuring, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations. For more information, see [Clear Sync Cache](https://bitwarden.com/it-it/help/clear-sync-cache/). Complete the following steps to configure the settings used when syncing using Directory Connector: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Settings** tab. 3. In the **Sync** section, configure the following options as desired: | **Option** | **Description** | |------|------| | Interval | Time between automatic sync checks (in minutes). | | Remove disabled users during sync | Check this box to remove users from the Bitwarden organization that have been disabled in your directory. | | Overwrite existing organization users based on current sync settings | Check this box to always perform a full sync and remove any users from the Bitwarden organization if they are not in the synced user set. | | More than 2000 users or groups are expected to sync. | Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups. | | Sync users | Check this box to sync users to your organization. Checking this box will allow you to specify **User Filters**. | | User filter | See [Specify sync filters](https://bitwarden.com/it-it/help/azure-active-directory/#specify-sync-filters/). | | Sync groups | Check this box to sync groups to your organization. Checking this box will allow you to specify **Group Filters**. | | Group filter | See [Specify sync filters](https://bitwarden.com/it-it/help/azure-active-directory/#specify-sync-filters/). | ### Specify sync filters Use comma-separated lists to include or exclude from a sync based on user email, group name, or group membership. #### User filters The following filtering syntaxes should be used in the **User Filter** field: ##### Include/Exclude users by email To include or exclude specific users from a sync based on email address: ``` include:joe@example.com,bill@example.com,tom@example.com ``` ``` exclude:jow@example.com,bill@example.com,tom@example.com ``` ##### User by group membership You can include or exclude users from a sync based on their Microsoft Entra ID group membership using the `includeGroup` and `excludeGroup` keywords. `includeGroup` and `excludeGroup` use Group Object ID, available from the **Overview** page of the group in the [Azure Portal](https://portal.azure.com) or through the [Azure AD PowerShell](https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadgroup?view=azureadps-2.0): ``` includeGroup:963b5acd-9540-446c-8e99-29d68fcba8eb,9d05a51c-f173-4087-9741-a7543b0fd3bc ``` ``` excludeGroup:963b5acd-9540-446c-8e99-29d68fcba8eb,9d05a51c-f173-4087-9741-a7543b0fd3bc ``` #### Group filters > [!NOTE] Azure AD nested group > Nested groups can sync multiple group objects with a single referent in the Directory Connector. Do this by creating an administrative unit with all of your groups listed. The following filtering syntaxes should be used in the **Group Filter** field: ##### Include/Exclude groups To include or exclude groups from a sync based on group name: ``` include:Group A,Group B ``` ``` exclude:Group A,Group B ``` ##### Group by administrative unit (AU) You can include or exclude groups from a sync based on their tagged [Microsoft Entra ID Administrative Units](https://learn.microsoft.com/en-us/azure/active-directory/roles/administrative-units) by using the `includeadministrativeunit` and `excludeadministrativeunit` keywords. `includeadministrativeunit` and `excludeadministrativeunit` use the **Object ID** of the Administrative Unit: ``` includeadministrativeunit:7ckcq6e5-d733-4b96-be17-5bad81fe679d ``` ``` excludeadministrativeunit:7ckcq6e5-d733-4b96-be17-5bad81fe679d ``` ## Test a sync > [!TIP] BWDC connect to EU server. > Before testing or executing a sync, check that Directory Connector is connected to the right cloud server (e.g. US or EU) or self-hosted server. Learn how to do so with the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/#getting-started/) or [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/#config/). To test whether Directory Connector will successfully connect to your directory and return the desired users and groups, navigate to the **Dashboard** tab and select the **Test Now** button. If successful, users and groups will be printed to the Directory Connector window according to specified [sync options](https://bitwarden.com/it-it/help/microsoft-entra-id/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/microsoft-entra-id/#specify-sync-filters/). It may take up to 15 minutes for permissions for your application to properly propagate. In the meantime, you may receive `Insufficient privileges to complete the operation` errors. > [!NOTE] > If you get the error message `Resource does not exist or one of its queried reference-property objects are not present`, you'll need to permanently delete or restore the user(s) with ``. **Please note**, this was fixed in a recent version of Directory Connector. Update your application if you're still experiencing this error. ![Test sync results ](https://bitwarden.com/assets/5QYMxvtCPhjbluuoLcCapD/96e9c630ead9ceba5124b55f9d2764a3/dc-okta-test.png) ## Start automatic sync Once [sync options](https://bitwarden.com/it-it/help/microsoft-entra-id/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/microsoft-entra-id/#specify-sync-filters/) are configured and tested, you can begin syncing. Complete the following steps to start automatic syncing with Directory Connector: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Dashboard** tab. 3. In the **Sync** section, select the **Start Sync** button. You may alternatively select the **Sync Now** button to execute a one-time manual sync. Directory Connector will begin polling your directory based on the configured [sync options](https://bitwarden.com/it-it/help/microsoft-entra-id/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/microsoft-entra-id/#specify-sync-filters/). If you exit or close the application, automatic sync will stop. To keep Directory Connector running in the background, minimize the application or hide it to the system tray. > [!NOTE] Teams Starter + BWDC > If you're on the Teams Starter plan, you are limited to 10 members. Directory Connector will display an error and stop syncing if you try to sync more than 10 members. > > **This plan is no longer available for purchase**. This error does not apply to Teams plans. --- URL: https://bitwarden.com/it-it/help/microsoft-sentinel-siem/ --- # Microsoft Sentinel SIEM Microsoft Sentinel is a security information and event management (SIEM) platform that can be used to monitor Bitwarden organizations. Organizations can monitor [event](https://bitwarden.com/it-it/help/event-logs/) activity with the Bitwarden Event Logs app on Microsoft Sentinel. ## Setup To setup the Bitwarden integration, an active Azure account with access to a Microsoft Sentinel Workspace is required. Additionally, a Bitwarden [API key](https://bitwarden.com/it-it/help/public-api/#authentication/), which can only be retrieved by [organization owners](https://bitwarden.com/it-it/help/user-types-access-control/). ## Install the Bitwarden app to your Microsoft Sentinel dashboard The Bitwarden Event Logs application can be located in the [Microsoft Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/8bit-solutions-llc.bitwarden-sentinel-integration?tab=Overview). To add the new application to your Workspace: 1. Choose the Bitwarden Event Logs plan from the dropdown menu and select **Create**. ![Bitwarden Event Logs marketplace app](https://bitwarden.com/assets/7mrbZU5XylvwS9muqfXOM7/5f1216a644693655e970e66deb7dfbc2/2024-10-08_16-20-06.png) 2. Complete the required fields and select the Workspace that will be monitoring Bitwarden organization data. 3. Once complete, select **Review + create**. ## Connect your Bitwarden Organization Once the Bitwarden Event Logs app has been added to your Microsoft Sentinel Workspace, you can connect your Bitwarden organization using your Bitwarden [API key](https://bitwarden.com/it-it/help/public-api/#authentication/). 1. Return to the **Data connectors** screen and select the Bitwarden Event Logs app. Select **Open connector page**. If the Bitwarden Event Logs app is not visible, you may be required to select [refresh] **Refresh.** ![Microsoft Sentinel Bitwarden Event Logs app](https://bitwarden.com/assets/7CoeRtrpz1i7JbbF6Tm91e/a6e46ad19099681aa4b93cfc6fb9ed69/2024-10-08_12-45-04.png) 2. Keep this screen open, on another tab, log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 3. Navigate to your organization's **Settings** → **Organization info** screen and select the **View API key**button. You will be asked to re-enter your master password in order to access your API key information. ![Organization api info](https://bitwarden.com/assets/6gHjAyqgeqDj6UPT6agsBK/3a614e043cb3836a41bd68f226835e53/2024-12-04_09-51-07.png) 4. Return to the Microsoft Sentinel tab. On the **Configuration** page, complete the following fields: | Field | Value | |------|------| | Bitwarden Identity URL | For Bitwarden cloud users, the default URL will be `https://identity.bitwarden.com `or `https://identity.bitwarden.eu`. For self-hosted Bitwarden users, input your self-hosted URL. For example, `https:///identity`. Be sure that the URL does not include any trailing forward slashes at the end of the URL "`/`". | | Bitwarden API URL | For Bitwarden cloud users, the default URL will be `https://api.bitwarden.com `or `https://api.bitwarden.eu`. For self-hosted Bitwarden users, input your self-hosted URL. For example, `https:///api`. Be sure that the URL does not include any trailing forward slashes at the end of the URL "`/`". | | Client ID | Input the value for `client_id` from the Bitwarden organization API key window. | | Client Secret | Input the value for `client_secret` from the Bitwarden organization API key window. | Select **Connect** once the required fields have been completed. > [!NOTE] Org API information sensitive > Your organization API key information is sensitive data. Do not share these values in nonsecure locations. ## Start monitoring event logs > [!NOTE] Historic event data > Historic event data is not available for the Bitwarden Event Logs app on Microsoft Sentinel at this time. Additionally, it may take up to 1 hour for the first events to appear in Microsoft Sentinel. Bitwarden organization event logs can be viewed in Microsoft Sentinel using the `BitwardenEventLogs` query function. 1. From Microsoft Sentinel, select **Logs**. A New Query tab will be created. On the left hand navigation, select **Functions** → **Workspace functions**→**BitwardenEventLogs**. 2. Before running the query, you may select time frame and add specific parameters to the query. To being the query, select **Run**. ![Microsoft Sentinel query](https://bitwarden.com/assets/38MLy3Ieg9nf3YH4s50R1K/d4b9f6df7e1e5e42bbe84a2bbaf5afa5/image_480-1.png) Queries can be saved for future use. ![Microsoft Sentinel query result](https://bitwarden.com/assets/B1P94UrwYOysKWh28oHJp/f6ab59d7f240b0519922fba9d0723598/image__1_.png) ### Monitor using Workbooks Workbooks can be used to review event logs and visualize data. Additionally, templates are included in the Bitwarden Event Logs Workbook for a pre-configured overview of available data. To access Workbooks, select **Workbooks** from the navigation and then **Templates**. ![Workbook templates](https://bitwarden.com/assets/4eh5nlRZ1TCptqg8Q8Yz3T/55e09959de52e396a69f17f5509fdccd/workbooks.png) The Bitwarden Event Logs app will have three templates included by default. Select one of the templates and choose **View Template** to begin monitoring data. ![Included templates](https://bitwarden.com/assets/2UfrEiMzlyVJcJ7P9Exaub/9e0664475aa6b357b5a3710e6ac268b8/included_templates.png) The dashboards include visualized data: ![Microsoft Sentinel dashboard view](https://bitwarden.com/assets/3Wf1N2jRun1kROxJnjGrMy/ebe3cb8fddff817e8a00b1f2666a3f0e/BitwardenEventLogsAuthenticationWhite1.png) Continue scrolling the overview page for additional event log data: ![Bitwarden even log view](https://bitwarden.com/assets/6wGNTITmTwvrzJXIJSZxJA/500b34ddb453cb63036a995e3c3db5d0/BitwardenEventLogsAuthenticationWhite2.png) ## --- URL: https://bitwarden.com/it-it/help/migrate-from-default-to-external-mssql/ --- # Migrate from Default to External MSSQL This guide will walk you through migrating your self-hosted Bitwarden instance from the default MSSQL Express database to an [external MSSQL database](https://bitwarden.com/it-it/help/external-db/). This process: - Requires downtime for your Bitwarden server. - Requires administrative access to the Bitwarden server and both databases. - Requires that the external database you're migrating to is MSSQL Server 2022. - Requires that the external database you're migrating to is accessible from the Bitwarden host. ## Migrate in Docker deployments Complete the following processes to migrate from the default MSSQL Express database to an external one in Docker deployment scenarios: 1. Create a [manual backup](https://bitwarden.com/it-it/help/backup-on-premise/) of your database: ```bash docker exec -i bitwarden-mssql /backup-db.sh ``` The backup directory in the container is volume-mapped to the host, so your backup will be available as a `.BAK` file in `./bwdata/mssql/backups`. 2. Stop all Bitwarden containers in order to ensure data consistency during migration: ```bash # Bash ./bitwarden.sh stop # PowerShell .\bitwarden.ps1 -stop ``` 3. Upload the `.BAK` file to a place where it can be ingested into the new external MSSQL database. Methods will vary depending on your environment, but common methods include SCP or copying the file to a network share mounted on the new database server. 4. Restore the `.BAK` file to the new external MSSQL database. Methods will vary depending on your environment, but common methods include SMSS, T-SQL, or sqlcmd. 5. Verify that the `sa` account is active and on your new external MSSQL database at that you can access its password, as this will be used in your connection string for application access to the restored database and to avoid any user mapping issues. 6. In your [environment variables](https://bitwarden.com/it-it/help/environment-variables/) file (`global.override.env`), update at a minimum the database connection string used by the Bitwarden server: ```bash globalSettings__sqlServer__connectionString="Data Source=your-sql-server.example.com,1433;Initial Catalog=database_name;User ID=sa;Password=sa_user_password;Encrypt=True;TrustServerCertificate=False;" ``` Check the other SQL [environment variables](https://bitwarden.com/it-it/help/environment-variables/) and adjust them as needed. 7. Restart your Bitwarden containers: ```bash # Bash ./bitwarden.sh start # PowerShell .\bitwarden.ps1 -start ``` Once started: - Verify that the server is functioning by logging in and creating a test item. - Verify that the expected vault items and users accounts were successfully migrated. --- URL: https://bitwarden.com/it-it/help/migration-script/ --- # Migration Script The [Bitwarden public API](https://bitwarden.com/it-it/help/public-api/) allows administrators to automate administrative tasks using scripts. The script documented in this article is written to help Bitwarden customers migrate their existing setup from a previous Bitwarden Password Manager environment into a new organization, providing a way to migrate organization vault data, groups, and associated groups' and members' permissions to a new installation. The script is written in Python and can be run on any operating system with Python v3 installed. Download the script and an example configuration file [here](https://github.com/bitwarden-labs/admin-scripts/tree/main/Python/admin-tools). ## Installation and setup ### System requirements Other than the default libraries shipped with most Python distributions included by default on Linux and macOS, and [available](https://www.python.org/downloads/windows/) for Windows), this script requires an additional module called `requests` be installed before the script can run successfully. A common tool to install Python modules is called pip. To install the module using pip: ``` pip3 install requests ``` > [!NOTE] pip vs pip3 > `pip3` - Some machines will have multiple versions of Python installed. Using `pip3`, instead of just `pip`, specifies that you install `requests` with Python v3. If your machine only has one Python version installed, use `pip` instead. ### Required files The above download contains two files: - `bwAdminTools.py`: This is the script you will need to execute migration. It requires a fully-configured configuration file. - `config-example.cfg`: This is the configuration file required for migration, which you will need to create and setup before running the script. Unpack the `.zip` and save these files to the same directory. Once you do, add the following files to the same directory: - Bitwarden Password Manager [CLI native executable](https://bitwarden.com/it-it/help/cli/#download-and-install/). ### Create destination organization Before you can continue, you must create the destination organization that you'll be migrating to. [Learn how to create an organization](https://bitwarden.com/it-it/help/about-organizations/#create-an-organization/). > [!NOTE] Invite users prior to migration > We recommend inviting users prior to running the migration script. Users must be in at least an invited state in order to migrate group and permissions settings. ### Migrate with Self-hosted Instance If your organization license originated from the US cloud server, and self-hosted instance was enabled using US cloud credentials, the follow steps will be required in order to migrate the self hosted instance and organization credentials to the EU: 1. Instruct all organization members to [export their individual vaults](https://bitwarden.com/it-it/help/export-your-data/#export-an-individual-vault/). > [!TIP] For C2C migration, download attachments > Individually download any file attachments for vault items and note which items they belong to. 2. [Request a new installation Id and Key](https://bitwarden.com/it-it/host/). Be sure to set the **Data Region** to the destination you wish to migrate the Bitwarden instance to. 3. Access the `./bwdata/env/global.override.env` file on your self hosted instance. Update the environment variables following the example [here](https://bitwarden.com/it-it/help/server-geographies/#connect-your-self-hosted-server/). 4. Login and access the cloud organization and download a new subscription license file using the new EU or US Installation Id. 5. Create a new organization on the self-hosted instance. Manually apply the new subscription license file to the newly created organization. The subscription license **can** **not be applied an existing organization** on the self-hosted instance. 6. Set up your new organization, configuring things like enterprise policies, login with SSO, constructing group-collection relationships, and inviting users with Directory Connector or SCIM. For help, refer to the [Proof-of-Concept Checklist](https://bitwarden.com/it-it/help/proof-of-concept/). 7. Instruct organization members to import their individual vaults. ### Environment configuration Before running any `bwAdminTools.py` [script functions](https://bitwarden.com/it-it/help/migration-script/#script-functions/), you will need to create a configuration file. Copy the contents of `config-example.cfg` into a new `config.cfg` file in the same directory, and fill in the following variables. Note that, as this is a migration script, variables are broken into **Source** and **Destination** groupings in this documentation: | Source organization variable | Variable description | |------|------| | bw_vault_uri= | FQDN of your source web vault, e.g. https://company.bitwarden.com if you're self-hosting or https://vault.bitwarden.com if you're using US-based Bitwarden cloud services. | | bw_org_client_id= | Source organization API key client ID. [Learn where to find it](https://bitwarden.com/it-it/help/public-api/#authentication/). | | bw_org_client_secret= | Source organization API key client secret. [Learn where to find it](https://bitwarden.com/it-it/help/public-api/#authentication/). | | bw_org_id= | Source organization's GUID. Copy the `_client_id=` value and remove the `organization.` piece. | | bw_acc_client_id | Source organization admin's or owner's personal API key client ID. [Learn where to find it](https://bitwarden.com/it-it/help/personal-api-key/#get-your-personal-api-key/). | | bw_acc_client_secret= | Source organization admin's or owner's personal API key client secret. [Learn where to find it](https://bitwarden.com/it-it/help/personal-api-key/#get-your-personal-api-key/). | | Destination organization variable | Variable description | |------|------| | dest_bw_vault_uri= | FQDN of your source web vault, e.g. https://company.bitwarden.com if you want to self-host or https://vault.bitwarden.eu if you want to use EU-based Bitwarden cloud services. | | dest_bw_org_client_id= | Destination organization API key client ID. [Learn where to find it](https://bitwarden.com/it-it/help/public-api/#authentication/). | | dest_bw_org_client_secret= | Destination organization API key client secret. [Learn where to find it](https://bitwarden.com/it-it/help/public-api/#authentication/). | | dest_bw_org_id= | Destination organization's GUID. Copy the `_client_id=` value and remove the `organization.` piece. | | dest_bw_acc_client_id= | Destination organization admin's or owner's personal API key client ID. [Learn where to find it](https://bitwarden.com/it-it/help/personal-api-key/#get-your-personal-api-key/). | | dest_bw_ac_client_secret= | Destination organization admin's or owner's personal API key client secret. [Learn where to find it](https://bitwarden.com/it-it/help/personal-api-key/#get-your-personal-api-key/). | Once you've setup these variables, you're ready to start migration using the `bwAdminTools.py` [script functions](https://bitwarden.com/it-it/help/migration-script/#script-functions/). ## Script Functions From the directory where you've stored your `bwAdminTools.py` file, `config.cfg` file, and Password Manager CLI executable, you can run the following commands: > [!NOTE] Python3 vs python > `python3` - Some machines will have multiple versions of Python installed. Using `python3`, instead of just `python`, specifies that commands run with Python v3. If your machine only has one Python version installed, use `python` instead. Some distributions will also have a `python` instead of `python3` binary for v3. - To print script helper text: ``` python3 bwAdminTools.py -h ``` - To compare source and destination organizations: ``` python3 bwAdminTools.py -c diffbw ``` - To migrate organization vault data, groups, and groups' permissions from a source organization to a destination organization: ``` python3 bwAdminTools.py -c migratebw ``` Users must be in at least an invited state in the destination organization for `migratebw` to be successful. - To migrate members' permissions (outside of groups) from a source organization to a destination organization: ``` python3 bwAdminTools.py -c migratebwusers ``` Users must be in at least an invited state in the destination organization for `migratebwusers` to be successful. - To delete all collections from the source organization: ``` python3 bwAdminTools.py -c purgecol ``` - To delete all collections from the destination organization: ``` python3 bwAdminTools.py -c purgecoldest ``` - To delete all groups from the source organization: ``` python3 bwAdminTools.py -c purgegroup ``` - To delete all groups from the destination organization: ``` python3 bwAdminTools.py -c purgegroupdest ``` --- URL: https://bitwarden.com/it-it/help/migration/ --- # Migrate to a New Server This article will walk you through procedures for transitioning from cloud to self-hosted, from self-hosted to cloud, and from one self-hosted server to another: ### Cloud to self-hosted To migrate from the cloud to a self-hosted server: 1. [Install and deploy](https://bitwarden.com/it-it/help/install-on-premise-linux/) Bitwarden to your server. At a high-level, this procedure involves: 1. [Configuring a domain](https://bitwarden.com/it-it/help/install-on-premise-linux/#configure-your-domain/) for Bitwarden. 2. Installing [Docker and Docker Compose](https://bitwarden.com/it-it/help/install-on-premise-linux/#install-docker-and-docker-compose/). 3. Running the [installation shell script](https://bitwarden.com/it-it/help/install-on-premise-linux/#install-bitwarden/). 4. [Configuring your environment](https://bitwarden.com/it-it/help/install-on-premise-linux/#configure-your-environment/) to setup the admin portal, an SMTP server connection, and more. 2. Start your server by running `./bitwarden.sh start`. 3. Open the cloud web vault and [download your license](https://bitwarden.com/it-it/help/licensing-on-premise/). > [!NOTE] license files > There are separate files for an [organization license](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/) and an [individual license](https://bitwarden.com/it-it/help/licensing-on-premise/#individual-license/). **You don't need both license files.** If you are migrating an organization, you only need to retrieve the organization license and must be an [organization owner](https://bitwarden.com/it-it/help/user-types-access-control/) to do so. 4. Still in the cloud web vault, [export your individual vault data](https://bitwarden.com/it-it/help/export-your-data/#export-an-individual-vault/), [ export your organization vault data](https://bitwarden.com/it-it/help/export-your-data/#export-an-organization-vault/), or [secrets data](https://bitwarden.com/it-it/help/export-secrets-data/). If you are migrating an organization, encourage your end-users to export their individual vaults as well. 5. Open your self-hosted web vault and create an account. This account **must use the same email address** as the cloud account you downloaded the license with. 6. Still in your self-hosted web vault, upload your [license](https://bitwarden.com/it-it/help/licensing-on-premise/). > [!NOTE] Organization and individual license locations > There are separate locations in which to upload an [organization license](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/) or an [individual license](https://bitwarden.com/it-it/help/licensing-on-premise/#individual-license/). As before, only upload the one that's relevant for you. 7. Still in the self-hosted web vault, import your [individual vault data](https://bitwarden.com/it-it/help/import-data/), [organization vault data ](https://bitwarden.com/it-it/help/import-to-org/), or [secrets data](https://bitwarden.com/it-it/help/import-secrets-data/). > [!NOTE] Organization collections > Importing data to an organization will automatically re-create your [collections](https://bitwarden.com/it-it/help/about-collections/) and add the relevant vault items to them. #### Organizations-only next steps If you are migrating an organization to a self-hosted server, continue with the following steps: 1. (**Enterprise organizations only**) Re-implement your [enterprise policy](https://bitwarden.com/it-it/help/policies/) specifications and/or configure [login with SSO](https://bitwarden.com/it-it/help/about-sso/). 2. Manually [re-create user groups](https://bitwarden.com/it-it/help/about-groups/#create-a-group/) in your self-hosted web vault and assign them to the proper collections. 3. Start [inviting users to your organization](https://bitwarden.com/it-it/help/managing-users/#invite/) manually or using [directory connector](https://bitwarden.com/it-it/help/directory-sync/). ### Self-hosted to cloud To migrate from a self-hosted server to the cloud: 1. Create a full backup of the `./bwdata` directory of your self-hosted Bitwarden server. In particular, you will need access to `./bwdata/core/attachments` to manually upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to the cloud (**Step 5**). > [!NOTE] Self-hosted to cloud personal vaults > If users are exporting their individual vaults over a period of time, you may need to re-sync the items from your `./bwdata/core/attachments` directory to your backup location and upload any new items in the event that they change during the cut-over period. 2. In your self-hosted web vault, [export your individual vault data](https://bitwarden.com/it-it/help/export-your-data/#export-an-individual-vault/) or [export your organization vault data](https://bitwarden.com/it-it/help/export-your-data/#export-an-organization-vault/). If you are migrating an organization, encourage your end-users to export their individual vaults as well. 3. Open the cloud web vault. Most users will have previously created cloud accounts for billing purposes, so log in to that account. If you were previously a free user without a cloud account for billing, create an account now. > [!NOTE] migrating existing organization. > If you are migrating an organization, you will already have a cloud organization established for billing and licensing purposes. For smoothest transition, we recommend using this already-established organization rather than [creating a new one](https://bitwarden.com/it-it/help/about-organizations/#create-an-organization/). 4. Still in the cloud web vault, import data to your [individual vault](https://bitwarden.com/it-it/help/import-data/) or [organization vault](https://bitwarden.com/it-it/help/import-to-org/). > [!NOTE] Importing data collection functionality > Importing data to an organization will automatically re-create your [collections](https://bitwarden.com/it-it/help/about-collections/) and add the relevant vault items to them. 5. Manually upload [file attachments](https://bitwarden.com/it-it/help/attachments/) to your individual or organization vault. #### Organizations-only next steps If you are migrating an organization to the cloud, continue with the following steps: 1. (**Enterprise organizations only**) Re-implement your [enterprise policy](https://bitwarden.com/it-it/help/policies/) specifications and/or configure [login with SSO](https://bitwarden.com/it-it/help/about-sso/). 2. Manually [re-create user groups](https://bitwarden.com/it-it/help/about-groups/#create-a-group/) in the cloud and assign them to the proper collections. 3. Start [inviting users to your organization](https://bitwarden.com/it-it/help/managing-users/#invite/) manually or using [directory connector](https://bitwarden.com/it-it/help/directory-sync/). ### Host to host > [!NOTE] Host to host is only for linux > If you're experiencing issues with your self-hosted Linux server and are unable to troubleshoot the issue, this process will help you start fresh. To migrate from one self-hosted Bitwarden server to another: 1. Stop your existing Bitwarden server by running `./bitwarden.sh stop`. When you run this command, Bitwarden will go down for anyone currently using it. 2. Make a full copy of the `./bwdata` directory of the **old** server. This copy will be used to recreate your configuration, database, attachments, and more, for the new server. 3. [Install and deploy](https://bitwarden.com/it-it/help/install-on-premise-linux/) Bitwarden to your new server. 4. Once the new Bitwarden server is set up, replace the newly-created `./bwdata` directory with the copy from the old server. 5. Print the new Bitwarden server's UID by running `id -u bitwarden`. 6. Open the file `./bwdata/env/uid.env` and check that the listed values match what was printed in the previous step. If they do not match, replace **both** values with the result of `id -u bitwarden`. 7. If you specified a different server domain during **Step 2**, edit the following: - In `./bwdata/config.yml`, change the `url:` value to the new domain. - In `./bwdata/env/global.override.env`, change `globalSettings__baseServiceUri__vault=` to the new domain. 8. Run `./bitwarden.sh rebuild` to apply changes to `config.yml` and `global.override.env`. 9. Start your Bitwarden server with `./bitwarden.sh start`. ### Cloud to cloud To migrate from one Bitwarden cloud server to another, for example, from a [US server to EU server](https://bitwarden.com/it-it/help/server-geographies/): 1. [Export your organization vault](https://bitwarden.com/it-it/help/export-your-data/#export-an-organization-vault/) and instruct all organization members to [export their individual vaults](https://bitwarden.com/it-it/help/export-your-data/#export-an-individual-vault/). > [!TIP] For C2C migration, download attachments > Individually download any file attachments for vault items and note which items they belong to. 2. Create a new Bitwarden account in the desired region and start a trial organization. Bitwarden support will be able to migrate your subscription to the new region (see **Step 4**). 3. Set up your new organization, configuring things like enterprise policies, login with SSO, constructing group-collection relationships, and inviting users with Directory Connector or SCIM. For help, refer to the [Proof-of-Concept Checklist](https://bitwarden.com/it-it/help/proof-of-concept/). 4. [Contact Bitwarden support](https://bitwarden.com/it-it/contact/) to move your new organization off of trial and resume your subscription in your new region. 5. Import your organization vault data obtained in **Step 1**, and instruct organization members to import their individual vaults as well. > [!TIP] For C2C migrations, upload attachments > Manually upload the file attachments obtained in **Step 1**back to the vault items they were associated with. ### Migration FAQs **Q:** **Do I need to migrate?** **A:** Migrating regions is not required. The region selector allows organizations to specify the geographic location of vault data. Features and functions are identical across regions. **Q: Is there a process for migrating?** **A:** Bitwarden regions are distinct cloud environments. Bitwarden cannot migrate accounts from one region to another for customers. A script is available for organizations to help facilitate migrations. Subscriptions can be transferred from one region to another region by [contacting us](https://bitwarden.com/it-it/contact/). **Q: What does the migration script do?** **A:** The script works with the Bitwarden CLI to move data from one installation to another. Instructions are available in [this article](https://bitwarden.com/it-it/help/migration-script/). This script migrates all organization vault data, including attachments, as well as member roles (excluding the custom role), and collections permissions assigned both to members and groups. The script also automatically recreates your groups in the new organization if you’re not using directory integration for automatic provisioning. Note that this does not include the migration of individual user vaults. **Q: What does a manual migration look like?** A: A complete manual migration involves creating a new account in the preferred region and beginning the new organization creation process. Once the new organization is configured, re-invite users, and then export vault data from your old organization and import into the new one. Users will need to manually export/import their individual vaults. --- URL: https://bitwarden.com/it-it/help/monitoring-event-logs/ --- # Monitoring Event Logs Event monitoring with SIEM (system information and event management) integration is an important tool for monitoring your organization to maintain best security practices and ensure compliance. The following sections highlight several monitoring reference points that will provide increased observability of your Bitwarden solutions. This monitoring includes enabling insights into user actions in the vault, and providing examples of targets for automated alerting. These events have been selected from the [Bitwarden Event logs](https://bitwarden.com/it-it/help/event-logs/). By configuring a combination of instant alerts with alerting-over-time against the events that matter to your business, you will be able to audit your organization's use of Bitwarden in accordance with your unique security landscape. ## Understanding Logs Various SIEM platforms integrate with Bitwarden to review critical information on day to day vault usage. ![Panther JSON Object](https://bitwarden.com/assets/1wHDe1snFJ4NB1G13VBUBC/71def83a275e8bf25e25488b872a02f0/Header_object.png) SIEM event monitoring platforms will provide specific fields which should be monitored to maintain high security standards: | Value | Description | |------|------| | `actingUserEmail` | The email of the user performing the action. | | `actingUserId` | Unique id of user performing action. | | `actingUserName` | Name of the user performing an action. | | `collectionId` | Organization collection id. | | `device` | Numerical id of device. Exact mapping can be located [here](https://github.com/bitwarden/server/blob/d50ad97e6eeb733af9c069a949939b0567ba936d/src/Core/Enums/DeviceType.cs#L4). | | `ipAddress` | The ip address that performed the event. | | `itemId` | Vault item (cipher, secure note, etc..) of the organization vault. | | `policyId` | Organization policy update. See organization events [here](https://bitwarden.com/it-it/help/event-logs/#organization-events/). | ## Concerning trends Tracking Bitwarden usage trends can identify questionable activity, or potential security threats: #### Abnormal Rate of failed login attempts - Failed Login attempts - `1005` Login attempt failed with incorrect password - `1006` Login attempt failed with incorrect two step login. #### Abnormal rate of viewing sensitive or hidden fields - Viewing item - `1107` Viewed item `item-identifier` - `1108` Viewed password for item `item-identifier` - `1109` Viewed hidden field for item `item-identifier` - `1110` Viewed security code for item `item-identifier` - Copying item fields - `1111` Copied password for item `item-identifier` - `1112` Copied security code for item `item-identifier` ## Usage trends Monitor usage trends to identify users engaging with Bitwarden and maintaining security practices: #### Monitor user frequency - Vault usage - `1000` Logged in - `1010` User requested [device approval](https://bitwarden.com/it-it/help/approve-a-trusted-device/) ## Critical vault actions Specific events may be monitored in order to track critical actions made by high-level users, or changes made to critical vault items: #### Super-user activities - Individual account activity - `1000` Logged in - `1001` Changed account password - `1002` Enabled/updated two-step login - `1003` Disabled two-step login - `1007` User exported their individual vault items - `1603` Organization vault access by a managing [provider](https://bitwarden.com/it-it/help/providers/) - Organization activities - `1500` Invited user `user-identifier` - `1501` Confirmed user `user-identifier` - `1502` Edited user `user-identifier` - `1504` Edited groups for user `user-identifier` - `1511` Revoked organization access for user `user-identifier` - `1512` Restored organization access for `user-identifier` - `1513` Approved device for `user-identifier` - `1600` Edited organization settings - `1609` Modified collection management setting - `1700` Modified policy `policy-identifier` - `2001` Removed domain `domain-name` - Exporting organization vault information - `1602` Exported organization vault #### Critical item activities - Changes made to items that have been identified to be critical - `1101` Edited item `item-identifier` - `1105` Moved item `item-identifier` to an organization - `1106` Edited collections for item `item-identifier` - `1107` Viewed item `item-identifier` - `1108` Viewed password for item `item-identifier` - `1109` Viewed hidden field for item `item-identifier` - `1110` Viewed security code for item `item-identifier` - `1111` Copied password for item `item-identifier` - `1112` Copied hidden field for item `item-identifier` - `1113` Copied security code for item `item-identifier` - `1114` Autofilled item `item-identifier` - `1117` Viewed card number for item `item-identifier` --- URL: https://bitwarden.com/it-it/help/my-account-was-recovered/ --- # My Account Was Recovered If your organization administrator [resets your master password or two-step login method](https://bitwarden.com/it-it/help/recover-a-member-account/), Bitwarden will send you an email. This message is meant to keep you informed and help you regain access to your account. > [!NOTE] Account recovery doesn't bypass SSO > Account recovery only affects credentials configured within Bitwarden. It **does not bypass SSO** or any two-factor authentication configured with your IdP. If your organization [requires SSO authentication](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/), you are still required to use those methods to access your account after recovery. ## Reset master password After you receive the account recovery email, ask your administrator for the temporary master password. Use a secure channel to receive it, such as [Bitwarden Send](https://bitwarden.com/it-it/help/create-send/). To then reset your master password: 1. Within the email, select **Recover your account** to open the recovery web page. 2. Enter your email and select **Continue**. 3. Enter your temporary master password and select **Log in with master password**. 4. Create a new master password and select **Change master password**. 5. Log in to your Bitwarden account with your email and new master password. 6. (Optional) Go to **Settings** -> **Security** to set up a new [two-step login method](https://bitwarden.com/it-it/help/setup-two-step-login/). You are required to update your master password after a reset because a master password should be **strong**, **memorable**, and something **only you** know. ## Reset two-step login Your administrator may instead leave your master password as-in and only remove the two-step login configured for your Bitwarden account. To add a new two-step login method in this scenario: 1. Within the email, select **Recover your account** to open the recovery web page. 2. Enter your email and select **Continue**. 3. Enter your existing master password and select **Log in with master password**. 4. The page to set up [two-step login methods](https://bitwarden.com/it-it/help/setup-two-step-login/) will open. Set up the method of your choice. > [!NOTE] Need to restore account after account recovery if two-step policy enabled > If you're unable to access your organization's data after connecting a new two-step login method, contact your administrator. They may need to [restore](https://bitwarden.com/it-it/help/revoke-users/#restore-access/) your account. --- URL: https://bitwarden.com/it-it/help/my-items/ --- # I miei articoli **I miei articoli** è un luogo in cui i membri dell'organizzazione possono archiviare gli elementi che non devono essere condivisi con altri utenti, pur rimanendo di proprietà dell'organizzazione. Oggetti personali è disponibile per i membri dell'organizzazione quando questa utilizza il [criterio di proprietà dei dati dell'organizzazione](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/). Una volta che il criterio è stato attivato da un proprietario o da un amministratore, **Gli oggetti personali** verrà aggiunto al vault di ciascun membro dell'organizzazione. **I miei elementi** è la posizione principale di ciascun membro dell'organizzazione per l'archiviazione degli elementi, in particolare quelli che non devono essere condivisi con altri membri: - Gli oggetti presenti negli **Oggetti personali** sono di proprietà dell'organizzazione. Questi elementi non sono direttamente accessibili a nessuno, tranne che al membro in questione, ma sono soggetti alla [registrazione degli eventi](https://bitwarden.com/it-it/help/event-logs/) e ai [rapporti sullo stato](https://bitwarden.com/it-it/help/reports/) dell'organizzazione. - I membri non possono condividere gli elementi degli **Articoli personali** con altri membri senza averli prima [assegnati a una raccolta](https://bitwarden.com/it-it/help/sharing/). - Gli elementi condivisi con un membro tramite una [raccolta](https://bitwarden.com/it-it/help/about-collections/) non possono essere spostati o aggiunti agli **Oggetti personali**. - Quando l'account del membro viene [rimosso](https://bitwarden.com/it-it/help/remove-users/) o [eliminato](https://bitwarden.com/it-it/help/delete-member-accounts/) dall'organizzazione, gli elementi degli **Articoli personali** vengono trasferiti agli amministratori dell'organizzazione. ## Individuazione degli Oggetti personali **Gli Oggetti personali** sono disponibili come filtro del vault in qualsiasi app Bitwarden, ad esempio nell'app web: ![My Items in the web app](https://bitwarden.com/assets/7f20Jamu35GDGYF4sOmsgn/5e525f384e09aef4b22c0c7f7cf993cb/2026-01-27_09-27-31.png) *My Items in the web app* In questa schermata, la colonna **Proprietario** indica che l'elemento è di proprietà dell'organizzazione Enterprise. ## Uso di I miei articoli ### Salvataggio in I miei articoli Per i membri dell'organizzazione che vi hanno accesso, **I miei articoli** sarà la raccolta predefinita in cui salvare i nuovi articoli: ![Save to My Items](https://bitwarden.com/assets/5Z9lis0vkv5MNSWWIy8XHW/f66a9a878e33a1dc4fc038c3d5bfd3ba/2026-01-27_09-30-50.png) *Save to My Items* ### Importazione in I miei articoli Per i membri dell'organizzazione che vi hanno accesso, è possibile selezionare **Gli elementi personali** come raccolta in cui [importare i dati](https://bitwarden.com/it-it/help/import-data/): ![Import to My Items](https://bitwarden.com/assets/3PO3iAbypeTCIXsWCu2jQ2/a75eff626ca0bf19a12fca8b5cd50a1c/2026-01-27_09-38-30.png) *Import to My Items* I membri dell'organizzazione possono [importare gli articoli](https://bitwarden.com/it-it/help/import-data/) in I miei articoli su qualsiasi client Bitwarden selezionando **I miei articoli** dal menu a tendina **Collezione**: > [!NOTE] My items imports ignore folders > When you import a file to **My items**, any folder references within that file will not carry over. You can organize your imported data into [folders](https://bitwarden.com/it-it/help/folders/) after the import is complete. ## Dopo l'offboarding Quando un membro viene rimosso o viene [elimina](https://bitwarden.com/it-it/help/remove-users/)to [dall'orga](https://bitwarden.com/it-it/help/delete-member-accounts/)nizzazione, gli elementi de I miei art**icoli vengono a**utomaticamente trasferiti agli amministratori dell'organizzazione. Da qui, gli amministratori possono decidere come gestire questi elementi, ad esempio trasferendoli alle raccolte per l'utilizzo da parte di altri membri o eliminandoli dall'organizzazione. Per saperne di più sul [trasferimento degli articoli dopo il pensionamento e la successione dei dipendenti](https://bitwarden.com/it-it/help/remove-users/). --- URL: https://bitwarden.com/it-it/help/native-mobile-apps-release/ --- # Native Mobile Apps In a **future** release, Bitwarden Password Manager mobile apps downloaded via the Apple App Store and Google Play Store will be upgraded to [native mobile applications for iOS and Android](https://bitwarden.com/it-it/blog/native-mobile-apps/): - Users who **install** Bitwarden after this release will always receive the new native application. - Users who **already have Bitwarden installed** on their devices will have the new native application rolled out to them in phases. > [!WARNING] OS support for native mobile apps > Native mobile applications have stricter operating system requirements than Xamarin applications: > > - Android users must be on Version 10 or higher. Learn [how to check your Android version](https://support.google.com/android/answer/7680439?hl=en). > - iOS users must be in iOS 15.0 or higher. Learn [how to check your iOS version](https://support.apple.com/en-us/109065). > > If your device does not meet these version requirements, your Bitwarden mobile app will remain at the latest version available before this change. --- URL: https://bitwarden.com/it-it/help/networking-requirements/ --- # Networking Requirements Deploying Bitwarden in a self-hosted environment requires that your network infrastructure supports specific protocols, ports, and communication patterns. This article outlines the networking requirements and compatibility considerations for self-hosted Bitwarden deployments. Some client-side requirements may also apply to organizations using Bitwarden Cloud, these are noted inline with each applicable requirement. ## Protocol requirements The following sections describe strict protocol requirements when deploying a self-hosted Bitwarden server: ### Ports Bitwarden **requires** two open ports for traffic, one for HTTP (by default, `80`) and one for HTTPS (by default, `443`). Bitwarden does not support operating with only one port available, however HTTP and HTTPS ports can be changed from the default during installation: | Deployment | How to configure non-default ports | |------|------| | Docker, Standard (Linux & Windows) | Edit `http_port=` and `https_port=` in `./bwdata/config.yml` and subsequently run the rebuild command. | | Docker, Manual (Linux) | Create a copy of `docker-compose.yml` in the same directory and rename it `docker-compose.override.yml`. In the override file, edit the `nginx` port mappings. These changes will be merged at runtime. | | Docker, Offline (Linux & Windows) | Create a copy of `docker-compose.yml` in the same directory and rename it `docker-compose.override.yml`. In the override file, edit the `nginx` port mappings. These changes will be merged at runtime. | | Helm | Port exposure is controlled by your Kubernetes Ingress Controller rather than by Bitwarden services. | | Lite | Set the ports to use at runtime in the `docker run` command or `docker-compose.yml` file. | ### HTTP Verbs > [!NOTE] Networking requirement also applies to cloud. > This requirement also applies to cloud customers. Bitwarden **does not support** operating in environments where HTTP verbs are restricted or whitelisted. Bitwarden uses multiple HTTP verbs throughout the product. The exact verbs in use depend on the functionality being invoked, and may change to support existing or future features. ### WebSocket connections > [!NOTE] Networking requirement also applies to cloud. > This requirement also applies to cloud customers. Bitwarden **does not support** operating in environments where WebSocket connections are blocked. WebSocket (`wss://`) connectivity is required between Bitwarden clients and the self-hosted server. ## Intermediary network devices The following sections describe how intermediary network devices must be configured for a self-hosted deployment: ### Reverse proxies Bitwarden **supports** operating behind a reverse proxy, however using a reverse proxy **requires** that all headers, including `Host:`, be passed unmodified to the Bitwarden `nginx` container. ### Forward proxies Bitwarden **supports** operating behind a forward proxy, however in such an environment one of the following two deployment strategies is highly recommended: - Follow the instructions for offline deployment on [Linux](https://bitwarden.com/it-it/help/install-and-deploy-offline/) or [Windows](https://bitwarden.com/it-it/help/install-and-deploy-offline-windows/). - Follow the instructions for deploying using [Docker Compose with a forward proxy](https://bitwarden.com/it-it/help/configure-self-hosted-environment-with-forward-proxy/). ### Whitelist firewalls Bitwarden **supports** operating behind a whitelist firewall when configured to allow [necessary traffic](https://bitwarden.com/it-it/help/bitwarden-addresses/), however in such an environment one of the following two deployment strategies is highly recommended: - Follow the instructions for offline deployment on [Linux](https://bitwarden.com/it-it/help/install-and-deploy-offline/) or [Windows](https://bitwarden.com/it-it/help/install-and-deploy-offline-windows/). - Follow the instructions for deploying using [Docker Compose with a forward proxy](https://bitwarden.com/it-it/help/configure-self-hosted-environment-with-forward-proxy/). ### Web application firewalls & intrusion prevention systems > [!NOTE] Networking requirement also applies to cloud. > This requirement also applies to cloud customers. Bitwarden **is compatible** with operation behind a web application firewall (WAF) or intrusion prevention system (IPS), however in such an environment the WAF or IPS should be set to learning (also called "training" or "simulation") mode prior production rollout of the Bitwarden server. This will allow administrators the opportunity to review rulesets while the Bitwarden server is in test, reducing the likelihood that transmission of encrypted payloads, access tokens, or other cryptographic data is blocked when the server is in production and the WAF or IPS is actively blocking. ## Other network platforms The following sections describe how other devices on your network may interact with a self-hosted Bitwarden server: ### Endpoint detection, mail scanning, & anti-virus > [!NOTE] Networking requirement also applies to cloud. > This requirement also applies to cloud customers. Endpoint detection & response, mail scanning, and anti-virus platforms has been reported to interfere with the normal operation of Bitwarden containers; specifically, reports include Windows anti-virus platforms flagging Bitwarden containers for being Linux-based, and mail-scanning platforms redacting or reformatting hyperlinks in invitation emails. **Do not disable these solutions** unless recommended by Bitwarden support during troubleshooting, but if you experience these issues check your endpoint detection, mail scanning, and anti-virus platforms for false positives related to the normal operation of Bitwarden. ### Man-in-the-middle proxies Bitwarden may be dangerous to operate in environments with man-in-the-middle (MITM) proxies deployed (for example, ZScaler) depending on your organization's configuration. **Logging full data from Bitwarden traffic should be disabled** on this type of network connection in order to preserve critical security technologies, such as transit-layer encryption on Bitwarden traffic. ## Environmental factors The following section describes how a self-hosted Bitwarden server can operate in certain environments: ### Air-gapped environments Bitwarden **supports** operating in an air-gapped or offline environment, however migration between a standard "online" deployment and offline deployment is not recommended. Use one of the following documents to deploy in an offline environment: - [Linux Offline Deployment Guide](https://bitwarden.com/it-it/help/install-and-deploy-offline/) - [Windows Offline Deployment Guide](https://bitwarden.com/it-it/help/install-and-deploy-offline-windows/) --- URL: https://bitwarden.com/it-it/help/new-device-verification/ --- # New Device Login Protection To keep your account safe and secure, Bitwarden requires additional verification **for users who do not use**[**two-step login**](https://bitwarden.com/it-it/help/setup-two-step-login/). After entering your Bitwarden master password, you will be prompted to enter a one-time verification code sent to your account email to complete the login process **when logging in from a device you have not logged in to previously**. For example, if you are logging in to a mobile app or a browser extension that you have used before, you will not receive this prompt. > [!NOTE] Turn off your mail filter! > It's important that verification emails reach your inbox. If you use spam filtering, check your inbox settings to make sure these emails won't be discarded upon receipt. Most users will not experience this prompt unless they are frequently logging into new devices. This verification is only needed for new devices or after clearing browser cookies. If you regularly access your email, retrieving the verification code should be straightforward. If you prefer not to rely on your Bitwarden account email for verification, you can [set up two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) through an [Authenticator app](https://bitwarden.com/it-it/help/setup-two-step-login-authenticator/), a [hardware key](https://bitwarden.com/it-it/help/setup-two-step-login-yubikey/), or two-step login via a [different email](https://bitwarden.com/it-it/help/setup-two-step-login-email/). ## FAQs ### When did this happen? Beginning **March 4 2025**, logins from new devices began to be be prompted for this new verification. This change was initially only in the web app, then extended to other Bitwarden apps as users updated to the latest release versions. ### Why did Bitwarden implement this? Bitwarden implemented this change to enhance security for users who don't have [two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) activated. If someone gains access to your password, they still won't be able to log into your account without secondary verification (the code sent to your email). This extra layer helps protect your data from hackers who often target weak or exposed passwords to gain unauthorized access. ### When will I get prompted for this verification? You will only get prompted for this verification when logging in from new devices. If you’re logging into a device that you’ve used before, you will not be prompted.  ### What is considered a new device?  A new device is any device that hasn't been previously used to log into your Bitwarden account. This could include a new phone, tablet, computer, or browser extension that you’ve never logged in from before. When you log in from a new device, you'll be asked to verify your identity via a one-time code sent to your email.  Other scenarios that will initiate a new device will be: - Uninstalling and reinstalling the mobile, desktop app, or browser extension will initiate a new device. - Clearing browser cookies will initiate a new device for the web app, but not for browser extensions. - Using the browser extension in Virtual Desktop Infrastructure (VDI) that resets user profile storage after each session. In this scenario [local storage](https://bitwarden.com/it-it/help/data-storage/#on-your-local-machine/) is not persisted. ### My email credentials are saved in Bitwarden. Will I be locked out of Bitwarden? Email verification codes will only be required on new devices for users that do not have two-step login enabled. You will not see this prompt on previously logged in devices and you will log in as normal with your account email and your master password.  If you are logging into a new device, your Bitwarden account email will receive a one-time verification code. If you have access to your email, i.e. a persistent logged in email on your mobile phone, then you will be able to grab the one-time verification code to log in. Once logged in to the new device, you will not be prompted again for the verification code.  If you regularly log into your email using credentials saved in Bitwarden or do not want to rely on your email for verification, you should [set up two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) that will be independent from the Bitwarden account email. This includes an authenticator app like the [Bitwarden Authenticator mobile app](https://bitwarden.com/it-it/help/bitwarden-authenticator/), security key, or email-based two-step login with a different email. Having any 2FA method active will opt the user out of the email-based new device verification. Users with 2FA active should also save their Bitwarden [recovery code](https://bitwarden.com/it-it/help/two-step-recovery-code/) in a safe place. ### Who is excluded from this account email-based new device verification? The following categories of logins are excluded: - Users who have [two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) set up are excluded. - Users who log in with SSO, with a passkey, or with an API key are excluded. - Self-hosted users are excluded. - Users who log in from a device where they have previously logged in are excluded. - Users whose accounts are less than 24 hours old. - Users who opt-out from their **Settings** → **My account** screen are excluded (**Not recommended**). ### My organization uses SSO, do my users have to complete new device verification? No. Users logging in with SSO are exempt and not asked to verify the login on a new device. However, if a user, without two-step login enabled, logs in with a username and password without going through SSO, they are asked to verify the new device. ### I do not want to share my real email with Bitwarden, how can I set up my account? Users who want to remain anonymous have several options available: - Use a [two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/) option that doesn’t require an email, including an authenticator app, security key, or email-based two-step login with a different email. - Use an email alias forwarding service. - Self-host Bitwarden. Bitwarden encourages users to have an active email, as Bitwarden sends important security alerts like failed login attempts. ### If I use the 2FA recovery code on a new device because I've lost my 2FA access, will I still be subject to this new device verification? Bitwarden will be updating the recovery code flow so that when you submit your password and recovery code, you are logged into the web app and taken to your 2FA settings. If you are concerned about being locked out, you should **avoid** going through this flow in an incognito browser or on a device with unreliable internet connectivity to make sure you can complete any necessary setup steps in this logged in session. ### I want to opt-out! Is there an option to? This is added security for users that do not have two-step login enabled. Users that do not have two-step login enabled are more vulnerable to unauthorized access by attackers because passwords can be compromised in multiple ways, even if they are strong and unique. For example, common methods include: - **Phishing attacks:** Cybercriminals use deceptive emails or websites to trick you into revealing your password.  - **Social engineering**: Attackers may attempt to manipulate or deceive you into revealing your password through phone calls, texts, or other means.  - **Password cracking via brute-force attack**s: Attackers will use automated tools to repeatedly try guesses for the password. - **Keylogging or malware:** If your device is infected with malware or a keylogger, attackers could record every keystroke you make—including your password—without your knowledge.  With new device verification, even if your password is compromised through one of the methods above, the attacker would still need to retrieve the second verification, which is the one-time code in your email. This significantly reduces the likelihood of unauthorized access. New device verification is designed to be less intrusive than traditional two-step login. It only applies when logging in from a device or client you haven’t used before, so most users won’t experience this extra step, as they’re regularly logging in on their everyday devices. The verification process uses your email, which is something many people keep open on a phone or computer, so retrieving the code is quick and easy. Users that may experience some challenges are those do the following: - Do not have two-step login enabled. - Store their email password in Bitwarden. - Constantly uninstall and reinstall Bitwarden. - Log out of their email everywhere.  Only users that do all these things and match the conditions above will experience friction with this security update. If users do get locked out of their account, they can reach out to Customer Success at Bitwarden.  If users do not want new device verification, it is strongly recommended to turn on an alternate two-step login method (either via an authenticator app, hardware key, or a different mail) to protect your account.  If users do not want new device verification, do not want to set up an alternate two-step login method, and **do not want any additional security on their account,**there is an option to opt-out by navigating to the **Settings** → **My account** screen and scrolling to the Danger Zone section. We must emphasize that this is **strongly not recommended**, as it leaves your account vulnerable to various attacks. --- URL: https://bitwarden.com/it-it/help/non-native-siem/ --- # Non-native SIEM Bitwarden provides comprehensive event logging capabilities that enable integration with Security Information and Event Management (SIEM) platforms beyond the solutions for which official integrations are offered. This article provides guidance for integrating Bitwarden with those SIEM solutions, such as popular platforms like Datadog, etc. etc. ## Requirements To integrate Bitwarden with your SIEM platform, you will need: - A Bitwarden Teams or Enterprise plan (required for event logging and API access). - Administrative access to your Bitwarden organization via the admin, owner, or custom role. - Understanding of your SIEM platform's available data ingestion methods. ## Data access Bitwarden provides multiple methods for accessing data that may be relevant to your SIEM monitoring, allowing flexibility in how your platform ingests information: ### Public API access (**Recommended**) The Bitwarden Public API provides programmatic access to event logs through the `/events` endpoint. The API returns JSON-formatted event data that can be consumed by most modern SIEM platforms, and can be used to access more organization data than just events, including member information through the `/members` endpoint, group data through the `/groups` endpoint, and collection data through the `/collections` endpoint. [Learn more about the API](https://bitwarden.com/it-it/help/public-api/). ### CLI data extraction The Password Manager CLI can be used to extract additional data that may provide useful context to API-provided event analysis, for example using the `list` command to retrieve item data correlated to a member, group, or collection ID accessed from the API. [Learn more about the Password Manager CLI](https://bitwarden.com/it-it/help/cli/). ### Event exports For SIEM platforms that prefer file-based ingestion, Bitwarden allows manual exporting of event logs in .csv format. This method works well for batch processing scenarios and historical data analysis. [Learn more about exporting event logs](https://bitwarden.com/it-it/help/event-logs/#export-events/). --- URL: https://bitwarden.com/it-it/help/november-deprecation-notice/ --- # November Deprecation Notice With the next release of Bitwarden (2022.11.0), planned for 11-16-2022, two endpoints of the Bitwarden server's API service will be deprecated. The function of the endpoints that will be deprecated will be taken over by endpoints in the Identity service. The new endpoints, which will be used by Bitwarden clients of version 2022.11.0 and above, were added in server version 1.46.0. **This means that self-hosted servers running version 1.45.4 or any earlier version will not be compatible with 2022.11.0 clients.**[ Learn how to check your server version.](https://bitwarden.com/it-it/help/versioning/) We recommend [updating your self-hosted server](https://bitwarden.com/it-it/help/updating-on-premise/) prior to the release of 2022.11.0. If for any reason you cannot, [contact us](https://bitwarden.com/it-it/contact/). > [!NOTE] Non-updated Server & Web Vault > As the web vault is packaged with server, the web vault will continue to work normally if you do not update your server. --- URL: https://bitwarden.com/it-it/help/oidc-microsoft-entra-id/ --- # Microsoft Entra ID OIDC This article contains **Azure-specific** help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Microsoft Entra ID via SAML 2.0, see [OIDC Configuration](https://bitwarden.com/it-it/help/configure-sso-oidc/) or [Microsoft Entra ID SAML Implementation](https://bitwarden.com/it-it/help/saml-microsoft-entra-id/). Configuration involves working simultaneously within the Bitwarden web app and the Azure Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Open SSO in the web vault Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) Select **Settings** → **Single sign-on** from the navigation: ![OIDC configuration](https://bitwarden.com/assets/51wSToXTHHVmBCrLrE8T0E/85aa432ea19eadf0195317f4f233e973/2024-12-04_09-41-46.png) If you haven't already, create a unique **SSO identifier**for your organization. Otherwise, you don't need to edit anything on this screen yet, but keep it open for easy reference. > [!TIP] Self-hosting, use alternative Member Decryption Options. > There are alternative **Member decryption options**. Learn how to get started using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). ## Create an app registration In the Azure Portal, navigate to **Microsoft Entra ID** and select **App registrations.** To create a new app registration, select the **New registration** button: ![Create App Registration ](https://bitwarden.com/assets/6NVeq0dGoBAO8bhhE3zvsC/d107017a0858a388fc8a9b5038942608/azure-newapp.png) Complete the following fields: ![Register redirect URI](https://bitwarden.com/assets/fA8tUAnlBC3eu7oKUOi5c/59c6956688f8f6cf84e5a0c1127ccc51/Register_an_application.png) 1. On the **Register an application** screen, give your app a Bitwarden-specific name and specify which accounts should be able to use the application. This selection will determine which users can use Bitwarden login with SSO. 2. Select **Authentication** from the navigation and select the **Add a platform** button. 3. Select the **Web** option on the Configure platforms screen and enter your **Callback Path** in the Redirect URIs input. > [!NOTE] Callback Path > Callback Path can be retrieved from the Bitwarden SSO Configuration screen. For cloud-hosted customers, this is `https://sso.bitwarden.com/oidc-signin` or `https://sso.bitwarden.eu/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL](https://bitwarden.com/it-it/help/install-on-premise-linux/#configure-your-domain/), for example `https://your.domain.com/sso/oidc-signin`. ### Create a client secret Select **Certificates & secrets** from the navigation, and select the **New client secret** button: ![Create Client Secret ](https://bitwarden.com/assets/7wGy3TYoN71TVlDkdvUIMe/5e8d221a695ab34232892b6b309838ed/azure-newcert.png) Give the certificate a Bitwarden-specific name, and choose an expiration timeframe. ### Create admin consent Select **API permissions** and click ✓ **Grant admin consent for {your directory}**. The only permission needed is added by default, Microsoft Graph > User.Read. ## Back to the web app At this point, you have configured everything you need within the context of the Azure Portal. Return to the Bitwarden web app to configure the following fields: | **Field** | **Description** | |------|------| | Authority | Enter `https://login.microsoftonline.com//v2.0`, where `TENANT_ID `is the **Directory (tenant) ID**value retrieved from the app registration's Overview screen. | | Client ID | Enter the App registration's **Application (client) ID**, which can be retrieved from the Overview screen. | | Client Secret | Enter the **Secret Value**of the [created client secret](https://bitwarden.com/it-it/help/oidc-azure/#create-a-client-secret/). | | Metadata Address | For Azure implementations as documented, you can leave this field blank. | | OIDC Redirect Behavior | Select either **Form POST**or **Redirect GET**. | | Get Claims From User Info Endpoint | Enable this option if you receive URL too long errors (HTTP 414), truncated URLS, and/or failures during SSO. | | Additional/Custom Scopes | Define custom scopes to be added to the request (comma-delimited). | | Additional/Custom User ID Claim Types | Define custom claim type keys for user identification (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Additional/Custom Email Claim Types | Define custom claim type keys for users' email addresses (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Additional/Custom Name Claim Types | Define custom claim type keys for users' full names or display names (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Requested Authentication Context Class Reference values | Define Authentication Context Class Reference identifiers (`acr_values`) (space-delimited). List `acr_values `in preference-order. | | Expected "acr" Claim Value in Response | Define the `acr `Claim Value for Bitwarden to expect and validate in the response. | When you are done configuring these fields, **Save** your work. > [!TIP] Policies for SSO Guides > You can require users to log in with SSO by activating the [single sign-on authentication policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/). ### Additional custom claim types If your SSO configuration requires custom claim types, additional steps are required in order for Microsoft Entra ID to recognize the non-standard claims. 1. On Microsoft Entra ID, add a custom claim type by navigating to **Enterprise applications** → **App registrations** → **Token configuration**. 2. Select + **Add optional claim** and create a new optional claim with a selected value. ![Microsoft Entra ID custom claim](https://bitwarden.com/assets/2qFhIkcJvFpLLKyNEEJN5c/1e5477a6fe8cac0760eaa3897f0c208a/optional_claim_Entra.png) 3. On the Bitwarden SSO configuration screen, enter the fully qualified path for a custom claim field in the corresponding **custom claim types** field. For example: `https://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn`. 4. Select **Save** once you have completed the configuration. ## Test the configuration Once your configuration is complete, test it by navigating to [https://vault.bitwarden.com](https://vault.bitwarden.com), entering your email address and selecting the **Use single sign-on** button: ![Log in options screen](https://bitwarden.com/assets/3BdlHeogd42LEoG06qROyQ/c68021df4bf45d72e9d37b1fbf5a6040/login.png) Enter the [configured organization identifier](https://bitwarden.com/it-it/help/configure-sso-saml/#step-1-enabling-login-with-sso/) and select **Log In**. If your implementation is successfully configured, you will be redirected to the Microsoft login screen: ![Azure login screen ](https://bitwarden.com/assets/j1YuXioPGFIwxsqfxCrpm/d0185848b3812c22940c6c5956e0b2be/az-login.png) After you authenticate with your Azure credentials, enter your Bitwarden master password to decrypt your vault! > [!NOTE] SSO must be initiated from Bitwarden > Bitwarden does not support unsolicited responses, so initiating login from your IdP will result in an error. The SSO login flow must be initiated from Bitwarden. ## Next steps 1. Educate your organization members on how to [use login with SSO](https://bitwarden.com/it-it/help/using-sso/). --- URL: https://bitwarden.com/it-it/help/oidc-okta/ --- # Okta OIDC This article contains **Okta-specific** help for configuring login with SSO via OpenID Connect (OIDC). For help configuring login with SSO for another OIDC IdP, or for configuring Okta via SAML 2.0, see [OIDC Configuration](https://bitwarden.com/it-it/help/configure-sso-oidc/) or [Okta SAML Implementation](https://bitwarden.com/it-it/help/saml-okta/). Configuration involves working simultaneously within the Bitwarden web app and the Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Open SSO in the web vault Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) Select **Settings** → **Single sign-on** from the navigation: ![OIDC configuration](https://bitwarden.com/assets/51wSToXTHHVmBCrLrE8T0E/85aa432ea19eadf0195317f4f233e973/2024-12-04_09-41-46.png) If you haven't already, create a unique **SSO identifier**for your organization. Otherwise, you don't need to edit anything on this screen yet, but keep it open for easy reference. > [!TIP] Self-hosting, use alternative Member Decryption Options. > There are alternative **Member decryption options**. Learn how to get started using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). ## Create an Okta app In the Okta Admin Portal, select **Applications** → **Applications** from the navigation. On the Applications screen, select the **Create App Integration** button. For Sign-on method, select **OIDC - OpenID Connect**. For Application type, select **Web Application**: ![Create App Integration](https://bitwarden.com/assets/7fGYbP4aawIh8eorrQF6b7/a52951b16123a3e2f4d7bb293ba22a20/okta-createapp.png) On the **New Web App Integration** screen, configure the following fields: | **Field** | **Description** | |------|------| | App integration name | Give the app a Bitwarden-specific name. | | Grant type | Enable the following [grant types](https://developer.okta.com/docs/concepts/oauth-openid/#choosing-an-oauth-2-0-flow): - Client acting on behalf of itself → **Client Credentials** - Client acting on behalf of a user → **Authorization Code** | | Sign-in redirect URIs | Set this field to your **Callback Path**, which can be retrieved from the Bitwarden SSO Configuration screen. For cloud-hosted customers, this is `https://sso.bitwarden.com/oidc-signin` or `https://sso.bitwarden.eu/oidc-signin`. For self-hosted instances, this is determined by your [configured server URL](https://bitwarden.com/it-it/help/install-on-premise/#configure-your-domain/), for example `https://your.domain.com/sso/oidc-signin`. | | Sign-out redirect URIs | Set this field to your **Signed Out Callback Path**, which can be retrieved from the Bitwarden SSO Configuration screen. | | Assignments | Use this field to designate whether all or only select groups will be able to use Bitwarden Login with SSO. | Once configured, select the **Next** button. ### Get client credentials On the Application screen, copy the **Client ID** and **Client secret** for the newly created Okta app: ![App Client Credentials ](https://bitwarden.com/assets/6Q5iWqSrrXUp4s197bfyRt/d1d85d41c31ce60029d84fa6738372f8/okta-clientcredentials.png) You will need to use both values [during a later step](https://bitwarden.com/it-it/help/oidc-okta/#back-to-the-web-vault/). ### Get authorization server information Select **Security** → **API** from the navigation. From the **Authorization Servers** list, select the server you would like to use for this implementation. On the **Settings** tab for the server, copy the **Issuer** and **Metadata URI** values: ![Okta Authorization Server Settings ](https://bitwarden.com/assets/7hUKbE9s9HGJUwbqC2W36u/11cee32a7b469a662ae35b9c3cc1a2ba/okta-authserver.png) You will need to use both values [during the next step](https://bitwarden.com/it-it/help/oidc-okta/#back-to-the-web-vault/). ## Back to the web app At this point, you have configured everything you need within the context of the Okta Admin Portal. Return to the Bitwarden web app to configure the following fields: | **Field** | **Description** | |------|------| | Authority | Enter the [retrieved Issuer URI](https://bitwarden.com/it-it/help/oidc-okta/#get-authorization-server-information/) for your Authorization Server. | | Client ID | Enter the [retrieved Client ID](https://bitwarden.com/it-it/help/oidc-okta/#get-client-credentials/) for your Okta app. | | Client Secret | Enter the [retrieved Client secret](https://bitwarden.com/it-it/help/oidc-okta/#get-client-credentials/) for your Okta app. | | Metadata Address | Enter the [retrieved Metadata URI](https://bitwarden.com/it-it/help/oidc-okta/#get-client-authorization-server-information/) for your Authorization Server. | | OIDC Redirect Behavior | Select **Redirect GET**. Okta currently does not support Form POST. | | Get Claims From User Info Endpoint | Enable this option if you receive URL too long errors (HTTP 414), truncated URLS, and/or failures during SSO. | | Additional/Custom Scopes | Define custom scopes to be added to the request (comma-delimited). | | Additional/Custom User ID Claim Types | Define custom claim type keys for user identification (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Additional/Custom Email Claim Types | Define custom claim type keys for users' email addresses (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Additional/Custom Name Claim Types | Define custom claim type keys for users' full names or display names (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Requested Authentication Context Class Reference values | Define Authentication Context Class Reference identifiers (`acr_values`) (space-delimited). List `acr_values `in preference-order. | | Expected "acr" Claim Value in Response | Define the `acr `Claim Value for Bitwarden to expect and validate in the response. | When you are done configuring these fields, **Save** your work. > [!TIP] Policies for SSO Guides > You can require users to log in with SSO by activating the [single sign-on authentication policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/). ## Test the configuration Once your configuration is complete, test it by navigating to [https://vault.bitwarden.com](https://vault.bitwarden.com), entering your email address and selecting the **Use single sign-on** button: ![Log in options screen](https://bitwarden.com/assets/3BdlHeogd42LEoG06qROyQ/c68021df4bf45d72e9d37b1fbf5a6040/login.png) Enter the [configured organization identifier](https://bitwarden.com/it-it/help/oidc-okta/#/) and select **Log In**. If your implementation is successfully configured, you'll be redirected to the Okta login screen: ![Log in with Okta ](https://bitwarden.com/assets/3Rh2Bg17sCE57xJsUKfqwN/8f6e1d8555c9e1b60d2e145d0f0bb565/Log_in_with_Okta.png) After you authenticate with your Okta credentials, enter your Bitwarden master password to decrypt your vault! > [!NOTE] Okta bookmark app > Bitwarden does not support unsolicited responses, so initiating login from your IdP will result in an error. The SSO login flow must be initiated from Bitwarden. Okta administrators can create an [Okta Bookmark App](https://support.okta.com/help/s/article/How-do-you-create-a-bookmark-app?language=en_US) that will link directly to the Bitwarden web vault login page. > > 1. As an admin, navigate to the **Applications** drop down located on the main navigation bar and select **Applications**. > 2. Click **Browse App Catalog**. > 3. Search for **Bookmark App**and click **Add Integration**. > 4. Add the following settings to the application: > > 1. Give the application a name such as **Bitwarden Login**. > 2. In the **URL** field, provide the URL to your Bitwarden client such as `https://vault.bitwarden.com/#/login` or `your-self-hostedURL.com`. > 5. Select **Done** and return to the applications dashboard and edit the newly created app. > 6. Assign people and groups to the application. You may also assign a logo to the application for end user recognition. The Bitwarden logo can be obtained [here](https://github.com/bitwarden/brand/tree/master). > > Once this process has been completed, assigned people and groups will have a Bitwarden bookmark application on their Okta dashboard that will link them directly to the Bitwarden web vault login page. --- URL: https://bitwarden.com/it-it/help/okta-directory/ --- # Sync with Okta This article will help you get starting using Directory Connector to sync users and groups from your Okta directory to your Bitwarden organization. ## Create an Okta API token Directory Connector requires knowledge of an Okta-generated token to connect to your directory. Complete the following steps to create and obtain an Okta API token for use by Directory Connector: 1. From your Okta Developer Console (`https://yourdomain-admin.okta.com`) navigate to **Security** → **API** → **Tokens**. 2. Select the **Create token** button and give your token a Bitwarden-specific name (for example, `bitwarden-dc`). 3. Copy the generated **Token value** to the clipboard. > [!NOTE] Okta api token value > Your token value will not be shown again. Paste it somewhere safe to prevent it from being lost. ## Connect to your directory Complete the following steps to configure Directory Connector to use your Okta Directory: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Settings** tab. 3. From the **Type** dropdown, select **Okta**. The available fields in this section will change according to your selected type. 4. Enter your Okta Organization URL in the **Organization URL** field (for example, `https://yourdomain.okta.com`). 5. Paste the API Token Value in the **Token** field. ## Configure sync options > [!NOTE] Clear sync cache > When you're finished configuring, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations. For more information, see [Clear Sync Cache](https://bitwarden.com/it-it/help/clear-sync-cache/). Complete the following steps to configure the settings used when syncing using Directory Connector: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Settings** tab. 3. In the **Sync** section, configure the following options as desired: | **Option** | **Description** | |------|------| | Interval | Time between automatic sync checks (in minutes). | | Remove disabled users during sync | Check this box to remove users from the Bitwarden organization that have been disabled in your directory. | | Overwrite existing organization users based on current sync settings | Check this box to always perform a full sync and remove any users from the Bitwarden organization if they are not in the synced user set. | | More than 2000 users or groups are expected to sync | Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups. | | Sync users | Check this box to sync users to your organization. Checking this box will allow you to specify **User Filters**. | | User Filter | See [Specify sync filters](https://bitwarden.com/it-it/help/okta-directory/#specify-sync-filters/). | | Sync groups | Check this box to sync groups to your organization. Checking this box will allow you to specify **Group Filters**. | | Group Filter | See [Specify sync filters](https://bitwarden.com/it-it/help/okta-directory/#specify-sync-filters/). | ### Specify sync filters Use comma-separated lists to include or exclude based on user email or group name. Additionally, Okta APIs provide limited filtering capabilities for users and groups that may be used in Directory Connector filter fields. Consult Okta documentation for more information about using the `filter` parameter for [users](https://developer.okta.com/docs/api/resources/users#list-users-with-a-filter) and [groups](https://developer.okta.com/docs/api/resources/groups#filters). #### User filters ##### Include/Exclude users by email To include or exclude specific users based on email address: ``` include:joe@example.com,bill@example.com,tom@example.com ``` ``` exclude:joe@example.com,bill@example.com,tom@example.com ``` ##### Concatenate with `filter` To concatenate a user filter with the `filter` parameter, use a pipe (`|`): ``` include:john@example.com,bill@example.com|profile.firstName eq "John" ``` ``` exclude:john@example.com,bill@example.com|profile.firstName eq "John" ``` ##### Use only `filter` To use only the `filter` parameter, prefix the query with a pipe (`|`): ``` |profile.lastName eq "Smith" ``` #### Group filters > [!NOTE] nested groups not supported okta > Syncing nested groups is not supported by Okta. ##### Include/Exclude groups To include or exclude groups by name: ``` include:Group A,Group B ``` ``` exclude:Group A,Group B ``` ##### Concatenate with `filter` To concatenate a group filter with the `filter` parameter, use a pipe (`|`): ``` include:Group A|type eq "APP_GROUP" ``` ``` exclude:Group A|type eq "APP_GROUP" ``` ##### Use only `filter` To use only the `filter` parameter, prefix the query with a pipe (`|`): ``` |type eq "BUILT_IN" ``` ## Test connection > [!TIP] BWDC connect to EU server. > Before testing or executing a sync, check that Directory Connector is connected to the right cloud server (e.g. US or EU) or self-hosted server. Learn how to do so with the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/#getting-started/) or [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/#config/). To test whether Directory Connector will successfully connect to your directory and return the desired users and groups, navigate to the **Dashboard** tab and select the **Test Now** button. If successful, users and groups will be printed to the Directory Connector window according to specified [sync options](https://bitwarden.com/it-it/help/okta-directory/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/okta-directory/#specify-sync-filters/): ![Test sync results](https://bitwarden.com/assets/6LbdKcCZucynwqW7eoOetT/331b88e5bc07cbe92f67a2a92f2d807d/dc-okta-test.png) ## Start automatic sync Once [sync options](https://bitwarden.com/it-it/help/okta-directory/#configured-sync-options/) and [filters](https://bitwarden.com/it-it/help/okta-directory/#specify-sync-filters/) are configured as desired, you can begin syncing. Complete the following steps to start automatic sync with Directory Connector: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Dashboard** tab. 3. In the **Sync** section, select the **Start Sync** button. You may alternatively select the **Sync Now** button to execute a one-time manual sync. Directory Connector will begin polling your directory based on the configured [sync options](https://bitwarden.com/it-it/help/okta-directory/#configured-sync-options/) and [filters](https://bitwarden.com/it-it/help/okta-directory/#specify-sync-filters/). If you exit or close the application, automatic sync will stop. To keep Directory Connector running in the background, minimize the application or hide it to the system tray. > [!NOTE] Teams Starter + BWDC > If you're on the Teams Starter plan, you are limited to 10 members. Directory Connector will display an error and stop syncing if you try to sync more than 10 members. > > **This plan is no longer available for purchase**. This error does not apply to Teams plans. --- URL: https://bitwarden.com/it-it/help/okta-scim-integration/ --- # Okta SCIM System for cross-domain identity management (SCIM) can be used to automatically provision and de-provision members and groups in your Bitwarden organization. > [!NOTE] SCIM vs. BWDC > SCIM integrations are available for **Teams and Enterprise organizations**. Customers not using a SCIM-compatible identity provider may consider using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) as an alternative means of provisioning. This article will help you configure a SCIM integration with Okta. Configuration involves working simultaneously with the Bitwarden web vault and Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Supported features The following provisioning features are supported by this integration: - **Push users: **Users in Okta that are assigned to Bitwarden are added as users in Bitwarden. - **Deactivate users:**Users with the deactivated status will no longer have access to their assigned apps. Deactivating a user in Okta will change their Bitwarden status to revoked.  - **Delete user**: Users deleted in Okta will be moved to revoked status in the Bitwarden organization. > [!NOTE] Suspended users Okta > Choosing the suspended status for a user in Okta will **not** result in a [revoked status in Bitwarden](https://bitwarden.com/it-it/help/revoke-users/). - **Push groups: **Groups and their users in Okta can be pushed to Bitwarden. > [!NOTE] SCIM Okta Support for Email Stuff > Bitwarden does not support changing a user's email address once provisioned. Bitwarden also does not support changing a user's email address type or using a type other than `primary`. The values entered for email and username should be the same. [Learn more](https://bitwarden.com/it-it/help/about-scim/#required-attributes/). ## Enable SCIM in Bitwarden > [!NOTE] Self-hosting SCIM > **Are you self-hosting Bitwarden?** If so, complete these steps to [set up SCIM for your server](https://bitwarden.com/it-it/help/self-hosting-scim/) before proceeding. To start your SCIM integration: 1. From the Admin Console, go to **Settings**→ **SCIM provisioning**. 2. Check **Enable SCIM**. 3. Select **Save**. 4. Your **SCIM URL**and **SCIM API key** will appear, which you will later [enter in Okta](https://bitwarden.com/it-it/help/okta-scim-integration/#connect-your-bitwarden-organization/): ![SCIM provisioning](https://bitwarden.com/assets/6sw1kuK7GuZ3dfQkkbs6rV/e665df6992fb880114fcef82e4e4c07c/SCIM_provisioning_URL_and_API_key.png) *SCIM provisioning* ## Add the Bitwarden app to Okta To add Bitwarden within Okta: 1. From the Okta Admin Portal, go to **Applications** → **Applications**. 2. Select **Browse App Catalog**. 3. In the search bar, enter `Bitwarden` and select **Bitwarden**: ![Browse app catalog for Bitwarden](https://bitwarden.com/assets/7DjlcFofhaHLVKyy2TId7c/86dc82876b88ba717ecfb107b192e7c7/Browse_app_catalog_for_Bitwarden_.png) *Browse app catalog for Bitwarden* 4. Select **Add Integration**, which will open the Bitwarden app's general settings. 5. Enter a unique, Bitwarden-specific name in **Application label**. 6. Check **Do not display application icon to users.** 7. Select **Done**. ## Set up provisioning in Okta To set up provisioning, the following steps must be completed in the same order that's presented here. ### Connect your Bitwarden organization To connect Okta with Bitwarden: 1. While still on the Bitwarden app configuration page in Okta, select **Provisioning**. 2. Select **Configure API Integration**. 3. Check **Enable API Integration**. 4. Enter details you found earlier in the Bitwarden Admin Console, from **Settings**→ **SCIM provisioning**: - In the **Base URL** field, enter your **SCIM URL** from Bitwarden. - In the **API Token** field, enter your **SCIM API key** from Bitwarden. ![Enter Bitwarden SCIM URL and API key](https://bitwarden.com/assets/5GMQfUOLdpOaKhNxDf88D6/86617a7ee28f2fc5d2e6d646652406a1/Enter_Bitwarden_SCIM_URL_and_API_key.png) *Enter Bitwarden SCIM URL and API key* 5. Select **Test API Credentials**. If you see a confirmation message like "Bitwarden was verified successfully!" then your connection works. 6. Select **Save**. ### Set provisioning actions To allow specific provisioning actions: 1. While still on the **Provisioning** tab, select **To App**. 2. Select **Edit**: ![Provisioning to app](https://bitwarden.com/assets/2xFykuY8l8QtAp8ZfvrwQB/f7e98ede27e13479d54aa04f1a8fec18/Provisioning_to_app.png) *Provisioning to app* 3. Check **Create Users** and **Deactivate Users**. 4. Select **Save**. 5. (Optional) Customize the **Bitwarden Attribute Mappings**. ### Set Assignments Open the **Assignments**tab and use the **Assign** dropdown menu to assign people or groups to the application. Assigned users and groups will be automatically issued an invitation. Depending on your workflow, you may need to use the **Push Groups**tab to trigger group provisioning once they are assigned. ## Finish user onboarding Now that your users have been provisioned, they will receive invitations to join the organization. Instruct your users to [accept the invitation](https://bitwarden.com/it-it/help/managing-users/#accept/) and, once they have, [confirm them to the organization](https://bitwarden.com/it-it/help/managing-users/#confirm/). > [!NOTE] Invite/Accept/Confirm > The Invite → Accept → Confirm workflow facilitates the decryption key handshake that allows users to securely access organization vault data. --- URL: https://bitwarden.com/it-it/help/onboarding-and-succession/ --- # Onboarding and Succession Guide > [!NOTE] > Read the full paper below or [download the PDF](https://start.bitwarden.com/hubfs/PDF/enterprise-password-management-throughout-employee-lifecycle.pdf). ## Password management to fit your business Getting new employees up and running quickly drives productivity. Likewise, saying farewell properly drives assurance in the security of your business's systems and accounts. Whether your business leans towards consolidation and centralization, or prefers a flexible and dynamic environment, Bitwarden fits your needs. This guide covers the Bitwarden approach to onboarding and succession planning for members of your organization, starting with our approach to the relationship between members and organizations, then covering the simplest use-cases for onboarding and succession, and finally and moving on to the levers and options at your disposal to fit Bitwarden to your needs. ## The Bitwarden approach The Bitwarden vision is to imagine a world where no one gets hacked. We carry this forward in our mission to help individuals and companies manage their sensitive information easily and securely. Bitwarden believes that: - Basic password management for individuals can and should be **free**. We provide just that, a [basic free account for individuals](https://bitwarden.com/it-it/help/password-manager-plans/#free-individual/). - Individuals and families should take an active role in their security using [TOTPs, emergency access, and other supporting security features](https://bitwarden.com/it-it/help/password-manager-plans/#premium-individual/). - Organizations can greatly improve their security profile through [organizational password management and secure sharing](https://bitwarden.com/it-it/help/password-manager-plans/#bitwarden-business-plans/). > [!NOTE] > For Bitwarden, [different plans](https://bitwarden.com/it-it/help/password-manager-plans/) and options are connected and complementary, all originating in our vision of a hack-free world. Empowering everyone at work **and** at home with password management gets us one step closer to that goal. A key aspect of Bitwarden is that, unlike many software applications, everything in every vault is [end-to-end encrypted](https://bitwarden.com/it-it/help/what-encryption-is-used/). To maintain this security model, every person using Bitwarden must have a unique account with a unique [master password](https://bitwarden.com/it-it/help/master-password/). Master passwords should be **strong** and **memorable**. Each user is in charge of their master password. Bitwarden is a zero-knowledge encryption solution, meaning that the team at Bitwarden, as well as Bitwarden systems themselves, have no knowledge of, way to retrieve, or way to reset any master password. ### Use Bitwarden anywhere Security everywhere means security anywhere, so the best password managers provide access across all your devices. Bitwarden supports a [range of client applications](https://bitwarden.com/it-it/download/), any of which can be connected to our cloud-hosted servers or a self-hosted server of your own: ![Bitwarden Clients/Servers ](https://bitwarden.com/assets/aONk4rWXWWHtOivPOt58m/e75d2f9876a86d7d9a81b7d9fd7182c3/bitwarden-clients-cloud-server.png) ### Users' individual vaults Anyone who creates a Bitwarden account will have their own individual vault. Accessible from any client application, individual vaults are unique to each user and only that user holds the key to access it, using a combination of their email address and master password. Personal accounts, and the individually-owned [vault items](https://bitwarden.com/it-it/help/managing-items/) stored therein, are the account owners responsibility. Organization [owners, admins, and managers](https://bitwarden.com/it-it/help/user-types-access-control/) cannot see any other user's individual vault by design, guaranteeing someone's individual vault data remains their own. ![Personal Vaults ](https://bitwarden.com/assets/211wU2Nguupsr80j2vCSRz/d157eca06fe478049a3386cbe5b7ce56/bitwarden-individual-personal-vault.png) Families, Teams, and Enterprise organizations automatically provide members individually with premium features, like [emergency access](https://bitwarden.com/it-it/help/emergency-access/) and [encrypted attachment storage](https://bitwarden.com/it-it/help/attachments/), which they can choose to use. Data in an individual vault belongs to the user. Individual vaults do not enable sharing, [organizations do](https://bitwarden.com/it-it/help/onboarding-and-succession/#bitwarden-organizations/). > [!NOTE] > **Why provide individual vaults by default?** > > Individual vaults are an instrumental component of the [Bitwarden approach](https://bitwarden.com/it-it/help/onboarding-and-succession/#the-bitwarden-approach/). Employees use a range of credentials every day, personally and professionally, and **habits formed in one area typically become habits in the other**. In our view, employees that use proper security practices in their personal lives will carry over that good behavior to their professional lives, **protecting your business** in the process. > > Using the same tool in both areas helps that habit form faster and easier. Enterprise organizations have the option to [configure policies](https://bitwarden.com/it-it/help/onboarding-and-succession/#enterprise-policies/), including to disable individual vaults. ## Bitwarden organizations **Bitwarden organizations** add a layer of collaboration and sharing to password management for your team or enterprise, allowing you to securely share common information like office wifi passwords, online credentials, or shared company credit cards. Secure sharing through organizations is safe and easy. ![Organization Vault](https://bitwarden.com/assets/8wJfYqraeZpZLtfdsVRRF/f0eaf08e43e72d9ea4f728e2de197a1a/bitwarden-organization-collections.png) Anyone can start an organization directly from the web app: ![Nuova organizzazione](https://bitwarden.com/assets/3eSqWiTIuPSFxXdo5AAjT9/248b0fa7bb381add0d71682acd244a63/2024-12-03_13-57-58.png) Once created, you'll land in the Admin Console, which is the central hub for all things sharing and organization administration. Whoever launches the organization will be the [owner](https://bitwarden.com/it-it/help/user-types-access-control/), giving them full control to oversee the vault, to manage items, members, [collections](https://bitwarden.com/it-it/help/onboarding-and-succession/#collections/), and [groups](https://bitwarden.com/it-it/help/onboarding-and-succession/#groups/), to run reporting, and configure settings like [policies](https://bitwarden.com/it-it/help/onboarding-and-succession/#enterprise-policies/): ![Console di amministrazione dell'organizzazione gratuita](https://bitwarden.com/assets/hzBuypc5ISzqC3jUmYbea/edcb03ce3d3071cea4f9afb6c7f8eca9/2024-12-03_13-46-09.png) ### Collections Bitwarden organizations manage members and data in a scalable and secure fashion. Managing members and data on an individual basis is inefficient for large businesses and can leave room for error. To solve this, organizations provide collections and [groups](https://bitwarden.com/it-it/help/onboarding-and-succession/#groups/). **Collections** gather together logins, notes, cards, and identities for [secure sharing](https://bitwarden.com/it-it/help/sharing/) within an organization: ![Using Collections ](https://bitwarden.com/assets/3dkYfn5K3E4t3Ts3Rs5At0/02954064a4a43a626f03fc9746db4006/collections-graphic-1.png) ### Onboarding members Once your organization is established and collections are setup to store your data, owners and administrators should invite new members. To ensure the security of your organization, Bitwarden applies a 3-step process for onboarding new members, [Invite](https://bitwarden.com/it-it/help/managing-users/#invite/) → [Accept](https://bitwarden.com/it-it/help/managing-users/#accept/) → [Confirm](https://bitwarden.com/it-it/help/managing-users/#confirm/). Members can be onboarded using [SCIM](https://bitwarden.com/it-it/help/about-scim/), by syncing with a directory using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/), [directly from the web vault](https://bitwarden.com/it-it/help/managing-users/#add-new-members/), or through Just in Time (JIT) provisioning using [login with SSO](https://bitwarden.com/it-it/help/about-sso/). #### Adding members In the simplest cases, users can be added to your organization directly from the web app. When adding users, you can designate which [collections](https://bitwarden.com/it-it/help/onboarding-and-succession/#collections/) to grant them access to, which [role](https://bitwarden.com/it-it/help/onboarding-and-succession/#comprehensive-role--based-access-controls/) to give them, and more. [Learn step-by-step how to add users to your organization](https://bitwarden.com/it-it/help/managing-users/#add-new-members/). Once users are fully onboarded to your organization, you can assign access to your organization's vault data by assigning them to [collections](https://bitwarden.com/it-it/help/onboarding-and-succession/#collections/). Teams and Enterprise organizations can assign users to [groups](https://bitwarden.com/it-it/help/onboarding-and-succession/#groups/) for scalable permissions assignment, and construct group-collection associations instead of assigning access on the individual level. > [!NOTE] > For large organizations, [SCIM](https://bitwarden.com/it-it/help/about-scim/) and [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) are the best ways to onboard and offboard users at scale. #### Groups Groups relate together individual users, and provide a scaleable way to assign permissions including access to [collections](https://bitwarden.com/it-it/help/onboarding-and-succession/#collections/) and other [access controls](https://bitwarden.com/it-it/help/onboarding-and-succession/#comprehensive-role--based-access-controls/). When onboarding new users, add them to a group to have them automatically inherit that groups's configured permissions: ![Using Collections with Groups ](https://bitwarden.com/assets/2BrgW8B8pbDiVAKyoYnxjR/e9348006d33dbd3ad25b9a25a5a27095/collections-graphic-2.png) #### Comprehensive role-based access controls Bitwarden takes an enterprise-friendly approach to sharing at scale. Members can be added to the organization with [a number of different roles](https://bitwarden.com/it-it/help/user-types-access-control/), belong to different [groups](https://bitwarden.com/it-it/help/onboarding-and-succession/#groups/), and have those groups assigned to various [collections](https://bitwarden.com/it-it/help/onboarding-and-succession/#collections/) to regulate access. Among the available roles is a [custom role](https://bitwarden.com/it-it/help/user-types-access-control/#custom-role/) for granular configuration of administrative permissions. ### Deprovisioning users At Bitwarden, we see sharing of credentials as a vital aspect to getting work done efficiently and securely. We also recognize that once a credential is shared, it is *technically* possible for the recipient to keep it. For that reason, secure onboarding using appropriate [role-based access controls](https://bitwarden.com/it-it/help/onboarding-and-succession/#comprehensive-role--based-access-controls/) and [implementing policies](https://bitwarden.com/it-it/help/onboarding-and-succession/#enterprise-policies/) plays an important role in facilitating secure succession. There are a variety of tools provided by Bitwarden for tailoring your workflow and exercising more control over succession. The following sections will describe a [basic succession workflow](https://bitwarden.com/it-it/help/onboarding-and-succession/#basic-deprovisioning/), which uses none of these tools, and some [advanced succession tactics](https://bitwarden.com/it-it/help/onboarding-and-succession/#advanced-deprovisioning/) frequently used by organizations: ### Basic deprovisioning Deprovisioning users from Bitwarden involves removing users from your organization, and like onboarding can be done [directly from the web vault](https://bitwarden.com/it-it/help/managing-users/#deprovision-users/) or in automated fashion using [SCIM](https://bitwarden.com/it-it/help/about-scim/) or[ Directory Connector](https://bitwarden.com/it-it/help/onboarding-and-succession/#directory-connector/). Alice is a **User** in your organization, which is hosted on the Bitwarden cloud and uses company email addresses (e.g. `first-last@company.com`). Currently, this is how Alice uses Bitwarden: | **Product area** | **Description** | |------|------| | **Client applications** | Uses Bitwarden on mobile and a browser Extension personally and professionally, and the web vault for occasional organization-related work. | | **Email & master password** | Logs in to Bitwarden using `alice@company.com `and `p@ssw0rD`. | | **Personal items** | Stores assorted personal items, including logins and credit cards, in her personal vault. | | **Two-step login** | Uses organization-wide [Duo 2FA](https://bitwarden.com/it-it/help/setup-two-step-login-duo/). | | **Collections** | Alice has Manage collection permission for the "Marketing Credentials" collection, granted her the ability to manage many aspects of that collection. | | **Shared items** | Created and shared several vault items that are owned by by the organization and reside in her team's Collection. | Once Alice is removed from your organization: | **Product area** | **Description** | |------|------| | **Client applications** | Can continue to use any Bitwarden application to access her individual vault, however will lose access to organization-owned items, all collections, and all shared items. See the tip at the end of this section for information on local caching. | | **Email & master password** | Can continue to log in using `alice@company.com `and `p@ssw0rD`, however since she won't have access to her `@company.com `inbox, she should be advised to change the email associated with her Bitwarden account. | | **Individual items** | Will still be able to use her individual vault and access the items stored therein. | | **Permissions in the organization** | Will**lose all permissions over and access to**anything related to the organization. | | **Two-step login** | Won't be able to use organization Duo 2FA to access her vault, but can setup one of our free two-step login options or upgrade to premium for more. | | **Created collections** | Organization owners, admins and custom role members with the **Edit any collection**permission will temporarily gain access to Alice's "Marketing Team" collection so they can can assign a new member the **Manage collection** permission. | | **Shared items** | Ownership of collections and shared items **belongs to the organization**, so Alice will lose access to all these items despite having created them. | > [!TIP] Remove Org Members + Cacheing > Offline devices cache a read-only copy of vault data, including organizational vault data. Some clients may retain access to this read-only data for a short period of time after a member is deprovisioned. If you anticipate malicious exploitation of this, credentials the member had access to should be updated when you remove them from the organization. ### Advanced deprovisioning > [!WARNING] Accounts without MPs & TDE > For member accounts that **do not have master passwords** as a result of [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/): > > - [Removing them from your organization](https://bitwarden.com/it-it/help/remove-users/#remove-members-from-an-organization/) eliminates all access to their Bitwarden account unless they were previously assigned a master password using [account recovery](https://bitwarden.com/it-it/help/account-recovery/) and they log in with that master password at least once before being removed. > > These users will not be able to re-join your organization unless the above steps are taken **before** they are removed from the organization. If they aren't, each removed user will be required to [delete their account](https://bitwarden.com/it-it/help/delete-your-account/#delete-an-individual-account/) and be issued a new invitation to create an account and join your organization. > - [Revoking access to the organization](https://bitwarden.com/it-it/help/revoke-users/), but not removing them from the organization, will still fully locked them out of their account until their access to the organization is restored. #### Claimed member accounts When you claim a domain, any organization member accounts that have email addresses with a matching domain (e.g. `jdoe@mycompany.com`) will also be claimed by your organization. Claimed member accounts are functionality owned by the organization, meaning they can be outright deleted by organization administrators, instead of only being able to be removed from the organization. Owners and admins can delete a claimed account from the Admin Console's **Members** page using the ⋮ menu: ![Delete claimed accounts](https://bitwarden.com/assets/6HUnGTfMstF4IasZcKBfdi/0d2dbd328ba4a006611576e7d91c70df/2025-01-14_10-45-56.png) #### Administrative take-over Using the [Master password reset policy](https://bitwarden.com/it-it/help/policies/#master-password-reset/), owners and admins in your organization can [reset a user's master password](https://bitwarden.com/it-it/help/account-recovery/) during succession. Resetting a user's master password logs the user out of all active Bitwarden sessions and resets their login credentials to the ones specified by the administrator, meaning that administrator (and only that administrator) will have the keys to the user's vault data, including items in the individual vault. This vault takeover tactic is commonly used by organizations to ensure that employees don't retain access to individual vault items that may be work-related and can be used to facilitate audits of every credential an employee may have been using. > [!NOTE] 2FA Admin takeover > **Admin password reset does not bypass two-step login**. In many cases, we recommend using SSO as some IdPs will allow you to configure 2FA and 2FA bypass policies for your users. #### Removing the individual vault If your organization requires real-time control of all vault items, you can use the [Centralize organization ownership](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) policy to require users to save all vault items to the organization. This will circumvent the need to takeover and audit a user's account during succession, as it'll be completely empty of data once removed from the organization. #### Login-less account deletion As mentioned previously, removing a user from your organization does not automatically delete their Bitwarden account. In the basic succession workflow, when a user is removed they can no longer access the organization or any shared items and collections, however they will still be able to log in to Bitwarden using their existing master password and access any individual vault items. Organizations wanting to completely delete the account, including all individual vault items, may be able to use one of the following methods to do so during succession: 1. If you're self-hosting Bitwarden, an authorized admin can delete the account from the [System Administrator Portal](https://bitwarden.com/it-it/help/system-administrator-portal/). 2. If the account has an @yourcompany.com email address that your company controls, you can use the [delete without logging in](https://bitwarden.com/it-it/help/delete-your-account/#delete-an-individual-account/) workflow and confirm deletion within the @yourcompany.com inbox. ## Designing your organization for your business At Bitwarden, we often say that password management is people management, and we can fit the workflows suited to your organization. By offering a wide range of options, shared via our open source approach, customers can rest assured that they can meet their own individual needs. [Get started today](https://bitwarden.com/it-it/pricing/business/) with a free Enterprise or Teams trial. ### SCIM For Enterprise organizations with large user-bases that operate using a supported identity (currently, Azure AD, Okta, OneLogin, and JumpCloud), SCIM integrations can be used to automatically provision members and groups in your Bitwarden organization. [Learn more](https://bitwarden.com/it-it/help/about-scim/). ### Directory Connector For companies with large user-bases that operate using directory services (LDAP, AD, Okta, and others), Directory Connector can synchronize users and groups from the directory to the Bitwarden organization. Directory Connector is a stand-alone application that can be run anywhere with access to your directories and to Bitwarden. ![Directory Connector ](https://bitwarden.com/assets/6kt3QORL97ZWxcZX2gicVl/038aaad07a9c4e00dd4cf7d6303d9578/bitwarden-directory-connector.png) Many Bitwarden Teams and Enterprise organizations focus their onboarding efforts on the Directory Connector and use the organization vault administration areas to manage group-collection relationships. Directory Connector will: - Sync LDAP-based directory groups with Bitwarden groups - Sync users within each group - Invite new users to join the organization - Remove deleted users from the organization ### Login with SSO Bitwarden Enterprise organizations can integrate with your existing identity provider (IdP) using SAML 2.0 or OIDC to allow members of your organization to login to Bitwarden using SSO. Login with SSO separates user authentication from vault decryption: **Authentication** is completed through your chosen IdP and retains any two-factor authentication processes connected to that IdP. **Decryption** of vault data requires the user's individual key, which is derived in part from the master password. There are two [decryption options](https://bitwarden.com/it-it/help/sso-decryption-options/), both of which will have users authenticate using their regular SSO credentials. - **Master password**: Once authenticated, organization members will decrypt vault data using their [master passwords](https://bitwarden.com/it-it/help/master-password/). - **Customer-managed encryption**: Connect login with SSO to your self-hosted decryption key server. Using this option, organization members won't need to use their master passwords to decrypt vault data. Instead, [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/) will retrieve a decryption key securely stored in a database owned and managed by you. - Leverage your existing identity provider. - Protect the end-to-end encryption of your data. - Provision users automatically. - Configure access with or without SSO. - Decrypt vault data according to your company's security needs. ### Enterprise policies Enterprise organizations can implement a variety of policies designed to lay a secure foundation for any business. Policies include: - **Require two-step login:** Require users to set up two-step login on their personal accounts. - **Master password requirements:** Set minimum requirements for master password strength. - **Password generator:** Set minimum requirements for password generator configuration. - **Single organization:** Restrict users from being able to join any other organizations. - **Centralize organization ownership:** Require users to save vault items to an organization by removing the personal ownership option. > [!TIP] Centralize organization ownership. > The **Enforce organization data ownership** policy, for example, fits into earlier discussion regarding the interplay between individual vaults and organization vaults. Some companies may desire the assurance of have all credentials retained in the organization vault. A possible implementation could involve allowing each individual user to have their own collection, which unlike individual vaults could be overseen by organization owners and admins. ### Event logs Bitwarden organizations include access to [event logs](https://bitwarden.com/it-it/help/event-logs/), which can be viewed directly from the web vault or [exported to be analyzed](https://bitwarden.com/it-it/help/event-logs/#siem-and-external-systems-integrations/) within security information and event management (SIEM) systems like Splunk. Event logs include information about: - User-item interactions - Changes made to vault items - Onboarding events - Organization configuration changes - Much, much more > [!NOTE] > In addition to these benefits, customers appreciate the ability to tightly integrate Bitwarden into their existing systems. Bitwarden offers a robust public [API](https://bitwarden.com/it-it/help/api/) and a fully-featured command line interface ([CLI](https://bitwarden.com/it-it/help/cli/)) for further integration into existing organization workflows. ### Self-hosting In keeping with the Bitwarden approach to offer password management anywhere and everywhere, Bitwarden provides an option to self-host to address an even wider range of use cases for Enterprises. There are many reasons for a company to choose to self-host. Specifically when it comes to onboarding, succession, and enhanced features, here are some of the reasons companies choose to do so: - **Immediate deletion of user accounts:** Because you control the server, users can be deleted entirely (including their individual vault). - **Network access control**: Organization owners can determine which network access employees must use to access their Bitwarden server. - **Advanced proxy settings:** Administrators can choose to enable or disable certain types of devices from accessing the Bitwarden Server. - **Use an existing database cluster:** Connect to an existing Microsoft SQL Server database. Additional databases will be supported in the future. - **Increase storage for file attachments and Bitwarden Send:** File attachments for Bitwarden items or Bitwarden Send are retained on user-provided storage. ## Put the pieces together SCIM, Directory Connector, Login with SSO, Enterprise policies, and your vault work well individually or in harmony to optimize your onboarding, succession, and organization management experience. The following table details how that it might look to string together these pieces into one smooth process: | **Step** | **Description** | |------|------| | **Synchronize** | Use SCIM or Directory Connector to sync groups and users to Bitwarden from your existing directory service. | | **Invite** | SCIM or Directory Connector will automatically issue invitations to synced users. | | **Authenticate** | Pair your login with SSO implementation with the SSO policy to require users to sign up with SSO when they accept their invitations. | | **Administer** | Use the web vault to promote some users to different roles and to ensure group-collection relationships are configured to grant the right access to the right users. | | **Re-synchronize** | Maintain your SCIM integration, or periodically re-run Directory Connector, to remove users from Bitwarden that are no longer active in your directory service and to start onboarding for new hires. | ## FAQs #### Q: If an employee already has a Bitwarden account, can we attach it to the organization so they don't need another Bitwarden account? **A:** Yes! You can. Some customers recommend that prior to attaching users to the organization, that those users have a Bitwarden vault attached to their company email. This choice is company-specific and either approach works. #### Q: When an employee leaves, can we detach their account from the organization so that they don't have access to company credentials anymore and they do not lose their individually-owned credentials? **A:** Yes! That's exactly what [deprovisioning entails](https://bitwarden.com/it-it/help/onboarding-and-succession/#offboarding-users/). #### Q: What happens to items that were created or shared by a former member of the organization? Will these items also be offboarded? A: No, sharing items from an individual vault to an organization vault will extend item ownership to the organization as well. #### Q: Can we prevent employees from duplicating credentials from the company organization to their individual vault **A:** Yes! Using our [comprehensive suite of role-based access controls](https://bitwarden.com/it-it/help/user-types-access-control/#access-control/) you can make credentials **Read Only** to prevent duplication. --- URL: https://bitwarden.com/it-it/help/onboarding-checklist/ --- # Onboarding checklist Use this onboarding checklist to track progress and make sure nothing is missed during your onboarding process ## Account setup - Confirm and review with users the 3-step account set up process: Invite > Accept > Confirm  - Log in with existing account or create new account using invited email - Complete SSO login set up if applicable - Create strong master password (14 to 16+ characters with mixed cases, numbers, symbols) Optional if you’re using SSO with trusted devices - Review company-specific password policies and guidelines - Follow company password guidelines, consider using passphrase - Set up 2FA using preferred methods (authenticator app, hardware key, or email) - Save and securely store 2FA recovery codes **Support links:** - [Using login with SSO](https://bitwarden.com/it-it/help/using-sso/) - [Setup SSO with Trusted Devices](https://bitwarden.com/it-it/help/setup-sso-with-trusted-devices/) ## Client installations - Install browser extension and pin it to the navigation toolbar - Download and install desktop application (Windows, Mac, Linux) - Download mobile app (iOS, Android) - Log into all installed clients with master password and 2FA, or SSO (if applicable) - Adjust login settings to preferences (biometric setup, timeout settings) **Support links:** - [Client downloads](https://bitwarden.com/it-it/download/) - [Automatic logout or lock](https://bitwarden.com/it-it/help/vault-timeout/) ## Get to know Bitwarden vault - Explore web app, browser extension, mobile and desktop apps interface and main navigation elements - Understand the differences between My vault (individual items) and Organization vault (shared items) - Learn to use search function - Familiarize with item types (logins, notes, cards, identities) **Support links:** - [Vault item types](https://bitwarden.com/it-it/help/managing-items/) - [Search your vault](https://bitwarden.com/it-it/help/searching-vault/) ## Password management fundamentals - Practice adding new login items (Click + or Add Item) - Learn to edit existing items - click Edit (pencil icon) - Set up extension autofill through browser settings - Practice using autofill from browser extension (hotkey, inline autofill) - Use built in password generator for creating strong passwords (in extension, click on password field or Generator tab) **Support links:** - [Browser autofill](https://bitwarden.com/it-it/help/auto-fill-browser/) - [Generating a strong password](https://bitwarden.com/it-it/help/getting-started-browserext/#generate-a-strong-password/) ## Secure credential sharing and collaboration - Understand collections concept for shared items: Collections act as shared folders for passwords/notes in organization vault - Practice accessing shared items through collections - Learn about groups and permission levels: Groups assign collection access to multiple users (eg. "Marketing Team") - Practice organizing individual My Vault items with folders **Support links:** - [Understanding collections](https://bitwarden.com/it-it/help/about-collections/) - [Collection access management](https://bitwarden.com/it-it/help/teams-enterprise-migration-guide/#step-5-configure-access-to-collections-and-items/) ## Features beyond password management - Explore Bitwarden Send for encrypted sharing to anyone, even non-Bitwarden users - Review password history for login items (Password History tab in login items) - Configure biometric unlock on desktop and mobile (if applicable) - Explore TOTP storage and generation **Support links:** - [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/) - [Unlock with biometrics ](https://bitwarden.com/it-it/help/biometrics/) - [Generate TOTP codes](https://bitwarden.com/it-it/help/integrated-authenticator/#generate-totp-codes/) ## Recovery planning - Understand account recovery options of master password is lost or forgotten - Document account recovery procedures - Verify secure storage of recovery codes and master password backup **Support links:** - [Recover user access ](https://bitwarden.com/it-it/help/account-recovery/) - [Get my recovery code](https://bitwarden.com/it-it/help/two-step-recovery-code/) ## Best practices - Emphasize Bitwarden in improving organizational security posture - Explain how Bitwarden reduces breach risks, aids compliance, and promotes safe practices - Schedule regular vault maintenance and security reviews - Send regular reminders for users to accept invitation to set up Bitwarden account - Use Vault Health reports to audit password health across company **Support links:** - [Vault health reports](https://bitwarden.com/it-it/help/reports/) --- URL: https://bitwarden.com/it-it/help/onboarding-workflows/ --- # Member Signup Workflows This document should be used to provide instructions to your users for signing up for the organization. There are a number of different factors that will impact the exact steps your users will need to take. Use this decision tree to help pick the correct option for your organization's users: ![Onboarding decision tree](https://bitwarden.com/assets/6Mjrxky33gwmWzhhF85QgG/523d7421e9dd0aa72a6b9119f50043fb/Final.png) *Onboarding decision tree* The following tabs document onboarding instructions you can provide to your users. Each tab's number corresponds to a selection from the above decision tree: ### 1 To join our organization: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now**button. 2. On the screen that opens from opening the link, choose the **Continue**option and log in to your Bitwarden account using your email and master password. *[If your master password does not meet the requirements of our organization, you will be prompted to update it.]* You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 2 To sign up for Bitwarden: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now**button. 2. On the screen that opens from opening the link, fill in the following details: 1. **Master password**: Create a master password. Bitwarden provides [guidance on how to create a strong master password](https://bitwarden.com/it-it/blog/picking-the-right-password-for-your-password-manager/). *[Make sure the master password you create complies with the requirements displayed above where you enter it.]* 2. **Confirm master password**: Re-enter the master password you just created. 3. Optionally, check the **Check known data breaches for the password** ([learn more](https://bitwarden.com/it-it/help/reports/#data-breach-individual-vaults-only/)) before submitting the form. 4. You'll be redirected back to the Bitwarden login page. Log in using the credentials you just created to accept the invitation to our organization. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 3 Your Bitwarden account's email address must match what you use to log in to *[IdP, e.g. JumpCloud]*. If it does not, [change your email address](https://bitwarden.com/it-it/help/product-faqs/#q-how-do-i-change-my-email-address/) and then complete the following steps to join our organization: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now**button. 2. On the screen that opens from opening the link, choose the **Continue**option and log in to your Bitwarden account using your email and master password. *[If your master password does not meet the requirements of our organization, you will be prompted to update it.]* You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. Once your membership is confirmed, complete the following steps to setup your web browser app as a [trusted device](https://bitwarden.com/it-it/help/add-a-trusted-device/): 1. Open *[vault.bitwarden.com or vault.bitwarden.eu] *or your Bitwarden app *[and change the ****Logging in on:**** selector to bitwarden.eu]*. 2. Enter your email address and select **Continue**. 3. On the next screen, choose the **Enterprise single sign-on**option. 4. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 5. On the next screen, ensure that the **Remember this device**toggle is on, and select choose **Approve with master password**. 6. Enter your master password and select **Continue**. The next time you log in on this web browser or app, you can use the **Enterprise single sign-on**option to log in and won't be required to enter your master password. You can add other trusted devices by completing these steps again with other apps. ### 4 Your Bitwarden account's email address must match what you use to log in to *[IdP, e.g. JumpCloud]*. If it does not, [change your email address](https://bitwarden.com/it-it/help/product-faqs/#q-how-do-i-change-my-email-address/) and then complete the following steps to join our organization: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now**button. 2. On the screen that opens from opening the link, choose the **Continue**option and log in to your Bitwarden account using your email and master password. *[If your master password does not meet the requirements of our organization, you will be prompted to update it.]* You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. Once your membership is confirmed, complete the following steps to setup your web browser app app as a [trusted device](https://bitwarden.com/it-it/help/add-a-trusted-device/): 1. Open *[vault.bitwarden.com or vault.bitwarden.eu] *or your Bitwarden app *[and change the ****Logging in on:**** selector to bitwarden.eu]*. 2. Enter your email address and select **Continue**. 3. On the next screen, choose the **Enterprise single sign-on**option. 4. On the next screen, enter *[your-SSO-identifier]* in the **SSO identifier**box and select **Log in**. 5. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 6. On the next screen, ensure that the **Remember this device**toggle is on, and select choose **Approve with master password**. 7. Enter your master password and select **Continue**. The next time you log in on this web browser or app, you can use the **Enterprise single sign-on**option to log in and won't be required to enter your master password. You can add other trusted devices by completing these steps again with other apps. ### 5 Your Bitwarden account's email address must match what you use to log in to *[IdP, e.g. JumpCloud]*. If it does not, [change your email address](https://bitwarden.com/it-it/help/product-faqs/#q-how-do-i-change-my-email-address/) and then complete the following steps to join our organization: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now**button. 2. On the screen that opens from opening the link, choose the **Continue**option and log in to your Bitwarden account using your email and master password. *[If your master password does not meet the requirements of our organization, you will be prompted to update it.]* You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. Once your membership is confirmed, you will be able to log in to Bitwarden using your *[IdP, e.g. JumpCloud]* credentials. ### 6 Your Bitwarden account's email address must match what you use to log in to *[IdP, e.g. JumpCloud]*. If it does not, [change your email address](https://bitwarden.com/it-it/help/product-faqs/#q-how-do-i-change-my-email-address/) and then complete the following steps to join our organization: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now**button. 2. On the screen that opens from opening the link, choose the **Continue**option and log in to your Bitwarden account using your email and master password. *[If your master password does not meet the requirements of our organization, you will be prompted to update it.]* You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. Once your membership is confirmed, you will be able to log in to Bitwarden using your *[IdP, e.g. JumpCloud]* credentials. When you do, you will be required to enter an **SSO identifier**, which is currently set to *[your-SSO-identifier]* for our organization. ### 7 To sign up for Bitwarden: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now** button. 2. On the screen that opens from opening the link, select **Log in**. 3. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 4. On the next screen, ensure that the **Remember this device** checkbox is checked and select **Continue**. The first time you log in to other Bitwarden apps, like on your mobile device, this last step will instead require you to **Request admin approval** or **Approve from another device**. We recommend that you log in on a mobile device next, as you'll be able to approve subsequent devices from there You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 8 To sign up for Bitwarden: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now** button. 2. On the screen that opens from opening the link, select **Log in**. > [!TIP] Take note of identifier > We recommend taking note of the **SSO identifier** that's pre-filled in on this screen. You'll need it when you log in to other Bitwarden apps. 3. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 4. On the next screen, ensure that the **Remember this device** checkbox is checked and select **Continue**. The first time you log in to other Bitwarden apps, like on your mobile device, this last step will instead require you to **Request admin approval** or **Approve from another device**. We recommend that you log in on a mobile device next, as you'll be able to approve subsequent devices from there You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 9 To sign up for Bitwarden: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now** button. 2. On the screen that opens from opening the link, select **Log in**. 3. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 4. On the next Bitwarden screen, set a master password. Bitwarden provides [guidance on how to create a strong master password](https://bitwarden.com/it-it/blog/picking-the-right-password-for-your-password-manager/). *[Make sure the master password you create complies with the requirements displayed above where you enter it.]* 5. Click **Submit**. You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 10 To sign up for Bitwarden: 1. Check your inbox for an email from Bitwarden. Select the **Join Organization Now** button. 2. On the screen that opens from opening the link, select **Log in**. > [!TIP] Take note of identifier > We recommend taking note of the **SSO identifier** that's pre-filled in on this screen. You'll need it when you log in to other Bitwarden apps. 3. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 4. On the next Bitwarden screen, set a master password. Bitwarden provides [guidance on how to create a strong master password](https://bitwarden.com/it-it/blog/picking-the-right-password-for-your-password-manager/). *[Make sure the master password you create complies with the requirements displayed above where you enter it.]* 5. Click **Submit**. You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 11 To sign up for Bitwarden: 1. Download and open the Bitwarden mobile app for [iOS](https://apps.apple.com/app/bitwarden-free-password-manager/id1137397744) or [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden&pli=1), or download and open the [Bitwarden desktop app](https://bitwarden.com/it-it/download/#downloads-desktop-applications/). 2. *[Change the ****Logging in on: ****selector to bitwarden.eu.]* 3. Enter your *[@company.com]* email address, which should be what you use to log in to *[IdP, e.g. JumpCloud]*, and select **Continue**. 4. On the next screen, choose the **Enterprise single sign-on**option. 5. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 6. On the next screen, ensure that the **Remember this device**toggle is on, and select **Continue**. The first time you log in to other Bitwarden apps, like on your computer's web browser, this last step will instead require you to **Approve from another device**, which you can do from the mobile app or desktop app. You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 12 To sign up for Bitwarden: 1. Download and open the Bitwarden mobile app for [iOS](https://apps.apple.com/app/bitwarden-free-password-manager/id1137397744) or [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden&pli=1), or download and open the [Bitwarden desktop app](https://bitwarden.com/it-it/download/#downloads-desktop-applications/). 2. *[Change the ****Logging in on: ****selector to bitwarden.eu.]* 3. Enter your *[@company.com]* email address, which should be what you use to log in to *[IdP, e.g. JumpCloud]*, and select **Continue**. 4. On the next screen, choose the **Enterprise single sign-on**option. 5. On the next screen, enter *[your-SSO-identifier]* in the **SSO identifier**box and select **Log in**. 6. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 7. On the next screen, ensure that the **Remember this device**toggle is on, and select **Continue**. The first time you log in to other Bitwarden apps, like on your computer's web browser, this last step will instead require you to **Approve from another device**, which you can do from the mobile app or desktop app. You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 13 To sign up for Bitwarden: 1. In a web browser, navigate to *[vault.bitwarden.com or vault.bitwarden.eu]*. 2. Enter your *[@company.com]* email address, which should be what you use to log in to *[IdP, e.g. JumpCloud]*, and select **Continue**. 3. On the next screen, choose the **Enterprise single sign-on**option. 4. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 5. On the next Bitwarden screen, set a master password. Bitwarden provides [guidance on how to create a strong master password](https://bitwarden.com/it-it/blog/picking-the-right-password-for-your-password-manager/).* [Make sure the master password you create complies with the requirements displayed above where you enter it.]* 6. Click **Submit**. You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. ### 14 To sign up for Bitwarden: 1. In a web browser, navigate to *[vault.bitwarden.com or vault.bitwarden.eu]*. 2. Enter your *[@company.com]* email address, which should be what you use to log in to *[IdP, e.g. JumpCloud]*, and select **Continue**. 3. On the next screen, choose the **Enterprise single sign-on**option. 4. On the next screen, enter *[your-SSO-identifier]* in the **SSO identifier**box and select **Log in**. 5. Log in to *[IdP, e.g. JumpCloud]* with your existing credentials. 6. On the next Bitwarden screen, set a master password. Bitwarden provides [guidance on how to create a strong master password](https://bitwarden.com/it-it/blog/picking-the-right-password-for-your-password-manager/).* [Make sure the master password you create complies with the requirements displayed above where you enter it.]* 7. Click **Submit**. You'll be logged in to Bitwarden. An administrator will be notified that you've accepted the invitation to join our organization and will need to confirm your membership. Once they do, you'll be granted access to shared vault data for your team. --- URL: https://bitwarden.com/it-it/help/onelogin-directory/ --- # Sync with OneLogin This article will help you get started using Directory Connector to sync users and groups from your OneLogin directory to your Bitwarden organization. ## Create API credentials Directory Connector requires knowledge of OneLogin-generated API credentials to connect to your directory. Complete the following steps to create and obtain API credentials for use by Directory Connector: 1. From your OneLogin Administration portal (`https://yourdomain.onelogin.com/admin`), select to **Developers** → **API Credentials** from the navigation menu. 2. Select the **New Credential** button and give your credential a Bitwarden-specific name (for example, `bitwarden-dc`). 3. Select the **Read Users** radio button to give read permission for user fields, roles, and groups, and select **Save**. 4. Copy the generated **Client ID** and **Client Secret**. You may return to view these at any time. ## Connect to your directory Complete the following steps to configure Directory Connector to use your OneLogin directory: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Settings** tab. 3. From the **Type** dropdown, select **OneLogin**. The available fields in this section will change according to your selected type. 4. Enter the **Client ID** and **Client Secret** [obtained from OneLogin](https://bitwarden.com/it-it/help/onelogin-directory/#create-api-credentials/). 5. From the **Region** dropdown, select your region. ## Configure sync options > [!NOTE] Clear sync cache > When you're finished configuring, navigate to the **More** tab and select the **Clear Sync Cache** button to prevent potential conflicts with prior sync operations. For more information, see [Clear Sync Cache](https://bitwarden.com/it-it/help/clear-sync-cache/). Complete the following steps to configure the settings used when syncing using Directory Connector: 1. Open the Directory Connector [desktop application](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Settings** tab. 3. In the **Sync** section, configure the following options as desired: | **Option** | **Description** | |------|------| | Interval | Time between automatic sync checks (in minutes). | | Remove disabled users during sync | Check this box to remove users from the Bitwarden organization that have been disabled in your directory. | | Overwrite existing organization users based on current sync settings | Check this box to always perform a full sync and remove any users from the Bitwarden organization if they are not in the synced user set. **Recommended for OneLogin directories.** | | More than 2000 users or groups are expected to sync | Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups. | | If a user has no email address, combine a username prefix with a suffix value to form an email | Check this box to form valid email options for users that do not have an email address.  **Users without real or formed email addresses will be skipped by Directory Connector.** Formed Email = `username `+ **Email Suffix** | | Email Suffix | A string (`@example.com`) used to create a suffix for formed email addresses. | | Sync users | Check this box to sync users to your organization. Checking this box will allow you to specify **User Filters**. | | User Filter | See [Specify sync filters](https://bitwarden.com/it-it/help/onelogin-directory/#specify-sync-filters/). | | Sync groups | Check this box to sync groups to your organization. Checking this box will allow you to specify **Group Filters**. **Please be aware, Directory Connector uses OneLogin****`role `****values to create Bitwarden groups.** | | Group Filter | See [Specify sync filters](https://bitwarden.com/it-it/help/onelogin-directory/#specify-sync-filters/). | ### Specify sync filters Use comma-separated lists to include or exclude from a sync based on user email or group. > [!NOTE] > Directory Connector will create Bitwarden groups based on OneLogin Roles, not OneLogin Groups. #### User filters To include or exclude specific users from a sync based on email address: ``` include:joe@example.com,bill@example.com,tom@example.com ``` ``` exclude:joe@example.com,bill@example.com,tom@example.com ``` #### Group filters > [!NOTE] Nested groups not supported OneLogin > Syncing nested groups is not supported by OneLogin. To include or exclude groups from a sync based on OneLogin roles: ``` include:Role A,Role B ``` ``` exclude:Role A,Role B ``` ## Test a sync > [!TIP] BWDC connect to EU server. > Before testing or executing a sync, check that Directory Connector is connected to the right cloud server (e.g. US or EU) or self-hosted server. Learn how to do so with the [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/#getting-started/) or [CLI](https://bitwarden.com/it-it/help/directory-sync-cli/#config/). To test whether Directory Connector will successfully connect to your directory and return the desired users and groups, navigate to the **Dashboard** tab and select the **Test Now** button. If successful, users and groups will be printed to the Directory Connector window according to specified [sync options](https://bitwarden.com/it-it/help/onelogin-directory/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/onelogin-directory/#specify-sync-filters/): ![Test sync results ](https://bitwarden.com/assets/5QYMxvtCPhjbluuoLcCapD/96e9c630ead9ceba5124b55f9d2764a3/dc-okta-test.png) ## Start automatic sync Once [sync options](https://bitwarden.com/it-it/help/onelogin-directory/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/onelogin-directory/#specify-sync-filters/) are configured as desired, you can begin syncing. Complete the following steps to start automatic sync with Directory Connector: 1. Open the Directory Connector [desktop app](https://bitwarden.com/it-it/help/directory-sync-desktop/). 2. Navigate to the **Dashboard** tab. 3. In the **Sync** section, select the **Start Sync** button. You may alternatively select the **Sync Now** button to execute a one-time manual sync. Directory Connector will begin polling your directory based on the configured [sync options](https://bitwarden.com/it-it/help/onelogin-directory/#configure-sync-options/) and [filters](https://bitwarden.com/it-it/help/onelogin-directory/#specify-sync-filters/). If you exit or close the application, automatic sync will stop. To keep Directory Connector running in the background, minimize the application or hide it to the system tray. > [!NOTE] Teams Starter + BWDC > If you're on the Teams Starter plan, you are limited to 10 members. Directory Connector will display an error and stop syncing if you try to sync more than 10 members. > > **This plan is no longer available for purchase**. This error does not apply to Teams plans. --- URL: https://bitwarden.com/it-it/help/onelogin-scim-integration/ --- # OneLogin SCIM Integration System for cross-domain identity management (SCIM) can be used to automatically provision and de-provision members and groups in your Bitwarden organization. > [!NOTE] SCIM vs. BWDC > SCIM integrations are available for **Teams and Enterprise organizations**. Customers not using a SCIM-compatible identity provider may consider using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) as an alternative means of provisioning. This article will help you configure a SCIM integration with OneLogin. Configuration involves working simultaneously with the Bitwarden web vault and OneLogin Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Enable SCIM > [!NOTE] Self-hosting SCIM > **Are you self-hosting Bitwarden?** If so, complete these steps to [set up SCIM for your server](https://bitwarden.com/it-it/help/self-hosting-scim/) before proceeding. To start your SCIM integration, open the Admin Console and navigate to **Settings**→ **SCIM provisioning**: ![SCIM provisioning](https://bitwarden.com/assets/6sw1kuK7GuZ3dfQkkbs6rV/e665df6992fb880114fcef82e4e4c07c/SCIM_provisioning_URL_and_API_key.png) Select the **Enable SCIM**checkbox and take note of your **SCIM URL**and **SCIM API Key**. You will need to use both values in a later step. ## Create a OneLogin app In the OneLogin Portal, navigate to the the **Applications** screen and select the **Add App** button: ![Add an Application ](https://bitwarden.com/assets/37OSt7e5j969j9ikvH8buI/3bf9fa6b57a45b357a9d2bc012d8a6af/ol-addapp.png) In the search bar, type `SCIM` and select the **SCIM Provisioner with SAML (SCIM v2 Enterprise)** app: ![SCIM Provisioner App](https://bitwarden.com/assets/1nhhqAjka2eRfzl0cG00re/009afae8e9a056db414523aaf99392b2/remove-name-3.png) Give your application a Bitwarden-specific **Display Name** and select the **Save** button. ### Configuration Select **Configuration**from the left-hand navigation and configure the following information, some of which you will need to retrieve from the Single Sign-On and SCIM Provisioning screens in Bitwarden. ![SCIM App Configuration](https://bitwarden.com/assets/2AeNYZyjrTZSU8CHupIXjY/d8e0475924f924fceebc9a6e4a2331b7/remove-name-4.png) #### Application details OneLogin will require you to fill in the **SAML Audience URL**and **SAML Consumer URL** fields even if you aren't going to use single sign-on. [Learn what to enter in these fields](https://bitwarden.com/it-it/help/saml-onelogin/#configuration/). #### API connection Enter the following values in the **API Connection** section: | **Application setting** | **Description** | |------|------| | SCIM base URL | Set this field to the SCIM URL ([learn more](https://bitwarden.com/it-it/help/onelogin-scim-integration/#enable-scim/)). | | SCIM bearer token | Set this field to the SCIM API key ([learn more](https://bitwarden.com/it-it/help/onelogin-scim-integration/#enable-scim/)). | Select **Save**once you have configured these fields. ### Access Select **Access** from the left-hand navigation. In the **Roles**section, assign application access to all the roles you would like provision in Bitwarden. Each role is treated as a group in your Bitwarden organization, and users assigned to any role will be included in each group including if they are assigned multiple roles. ### Rules Create a rule to map OneLogin Roles to Bitwarden groups: 1. Select **Rules**from the left-hand navigation. 2. Select the Add Rule button to open the **New mapping**dialog: ![Role/Group Mapping](https://bitwarden.com/assets/42I8sAk9GBypUCDFxWbb4V/3c34b07f12bc62fb85270bf91881f582/Screen_Shot_2022-07-21_at_12.14.25_PM.png) 3. Give the rule a **Name**like Create Groups from Rules. 4. Leave **Conditions**blank. 5. In the **Actions**section: 1. Select **Set Groups in ** from the first dropdown. 2. Select the **Map from OneLogin** option. 3. Select **role**from the "For each" dropdown. 4. Enter .* in the "with value that matches" field to map all roles to groups, or enter a specific role name. 6. Select the **Save**button to finish creating the rule. ### Test connection Select **Configuration**from the left-hand navigation, and select the **Enable**button under **API Status:** ![Test API Connection](https://bitwarden.com/assets/6JJ9yBJshFhR7BgxXBg83K/74cc06192465100b109c6f94cc9ae680/remove-name-6.png) This test **will not** start provisioning, but will make a GET request to Bitwarden and display **Enabled**if the application gets a response from Bitwarden successfully. ### Enable provisioning Select **Provisioning**from the left-hand navigation: ![Provisioning Settings](https://bitwarden.com/assets/YMC1HjBpeKREdb3lJNHqb/1abdcbb216848efb62795c921edc05b5/image.png) On this screen: 1. Select the **Enable Provisioning**checkbox. 2. In the **When users are deleted in OneLogin...**dropdown, select **Delete**. 3. In the **When user accounts are suspended in OneLogin...** dropdown, select **Suspend**. When you are done, select **Save** to trigger provisioning. ### Designate groups to provision Select **Parameters**from the left-hand navigation. Select **Groups**from the table, enable the **Include in User Provisioning**checkbox, and select the **Save**button: ![Include Groups in User Provisioning](https://bitwarden.com/assets/2h03FR4hdjbrxWuUojzzGb/c004d00d53e780b98429453f20591125/remove-name-5.png) ### Finish user onboarding Now that your users have been provisioned, they will receive invitations to join the organization. Instruct your users to [accept the invitation](https://bitwarden.com/it-it/help/managing-users/#accept/) and, once they have, [confirm them to the organization](https://bitwarden.com/it-it/help/managing-users/#confirm/). > [!NOTE] Invite/Accept/Confirm > The Invite → Accept → Confirm workflow facilitates the decryption key handshake that allows users to securely access organization vault data. ## Appendix ### User attributes Both Bitwarden and OneLogin's **SCIM Provisioner with SAML (SCIM v2 Enterprise)** application use standard SCIM v2 attribute names. Bitwarden will use the following attributes: - `active` - `emails`ª or `userName` - `displayName` - `externalId` ª - Because SCIM allows users to have multiple email addresses expressed as an array of objects, Bitwarden will use the `value` of the object which contains `"primary": true`. --- URL: https://bitwarden.com/it-it/help/openshift-deployment/ --- # OpenShift Deployment This article dives into how you might alter your [Bitwarden self-hosted Helm Chart](https://bitwarden.com/it-it/help/self-host-with-helm/) deployment based on the specific offerings of OpenShift. ## Requirements Before proceeding with the installation, ensure the following requirements are met: - [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed. - [Helm 3](https://helm.sh/docs/intro/install/) is installed. - You have an SSL certificate and key or access to creating one via a certificate provider. - You have a SMTP server or access to a cloud SMTP provider. - A [storage class](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) that supports ReadWriteMany. - You have an installation id and key retrieved from [https://bitwarden.com/host](https://bitwarden.com/it-it/host/). ### Rootless requirements Bitwarden will detect whether your environment restricts what user containers can be run as during startup and will automatically initiate deployment in rootless mode if restriction is detected. Successfully deploying in rootless mode requires one of the following two options: - Deploying an [external MSSQL database](https://bitwarden.com/it-it/help/external-db/) instead of the SQL container included by default in the Helm chart. - Assigning elevated privileges to the included SQL container [using a service account](https://bitwarden.com/it-it/help/kubernetes-service-accounts/), [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod), or other method. > [!TIP] SQL pod as root to non-root > While Microsoft requires that SQL containers be run as root, container startup will step down to a non-root user before executing application code. ## OpenShift routes This example will demonstrate [OpenShift Routes](https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html#overview) instead of the default ingress controllers. #### Disable default ingress 1. Access `my-values.yaml`. 2. Disable the default ingress by specifying `ingress.enabled: false`: ```bash general: domain: "replaceme.com" ingress: enabled: false ``` The remaining ingress values do not require modification, as setting `ingress.enabled: false` will prompt the chart to ignore them. #### Add raw manifest for routes Locate the `rawManifests` section in `my-values.yaml`. This section is where the OpenShift Route manifests will be assigned. An example file for a `rawManifests` section that uses OpenShift Routes can be downloaded ⬇️ [here](https://bitwarden.com/assets/330r6BrWsFLL9FLZbPSLIc/badadefadd43ce575fd5f42221155786/rawManifests.yaml). > [!NOTE] Rawmanifest example > In the example provided above, `destinationCACertificate` has been set to an empty string. This will use the default certificate setup in OpenShift. Alternatively, specify a certificate name here, or you can use Let's Encrypt by following [this guide](https://developer.ibm.com/tutorials/secure-red-hat-openshift-routes-with-lets-encrypt/). If you do, you will be required to add `kubernetes.io/tls-acme: "true"` to the annotations for each route. ## Shared storage class A shared storage class is required for most OpenShift deployments. `ReadWriteMany` storage must be enabled. This can be done through the method of your choice, one option is to use the [NFS Subdir External Provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md). ## Secrets The `oc` command can be used to deploy secrets. A valid installation id and key can be retrieved from [bitwarden.com/host/](https://bitwarden.com/it-it/host/). For more information, see [What are my installation id and installation key used for?](https://bitwarden.com/it-it/help/hosting-faqs/#q-what-are-my-installation-id-and-installation-key-used-for/) The following command is an example: > [!WARNING] Insecure way of setting a secret > This example will record commands to your shell history. Other methods may be considered to securely set a secret. ```bash oc create secret generic custom-secret -n bitwarden \ --from-literal=globalSettings__installation__id="REPLACE" \ --from-literal=globalSettings__installation__key="REPLACE" \ --from-literal=globalSettings__mail__smtp__username="REPLACE" \ --from-literal=globalSettings__mail__smtp__password="REPLACE" \ --from-literal=globalSettings__yubico__clientId="REPLACE" \ --from-literal=globalSettings__yubico__key="REPLACE" \ --from-literal=globalSettings__hibpApiKey="REPLACE" \ --from-literal=SA_PASSWORD="REPLACE" # If using SQL pod # --from-literal=globalSettings__sqlServer__connectionString="REPLACE" # If using your own SQL server ``` --- URL: https://bitwarden.com/it-it/help/org-faqs/ --- # Organizations FAQs This article contains Frequently Asked Questions (FAQs) regarding organizations. For more high-level information about organizations, refer to the following articles: - [About Organizations](https://bitwarden.com/it-it/help/about-organizations/) - [About Collections](https://bitwarden.com/it-it/help/about-collections/) - [About Groups](https://bitwarden.com/it-it/help/about-groups/) ## Organizations general ### Q: What's the difference between organizations and premium? **A:** Organizations enable secure sharing from organizations to organization users. Premium individual plans unlock premium password security and management features, including advanced 2FA options, the Bitwarden authenticator (TOTP), encrypted file attachments, and more. Premium individual does not include secure data sharing. Paid organizations (Families, Teams, or Enterprise) automatically include premium features (advanced 2FA options, Bitwarden authenticator, and more) for every user enrolled in the organization. ## Organization administration ### Q: My organization's owner is no longer with the company, can a new owner be created? **A:** Only an owner can create a new owner or assign owner to an existing user. For failover purposes, Bitwarden recommends creating multiple owner users. If your single owner has left the company, [contact us](https://bitwarden.com/it-it/contact/). ### Q: I have invited users but they cannot see shared items, what do I do? **A:** Invited users will receive an email asking them to join the organization. First, make sure they have accepted the invitation. If they have, an admin or owner should navigate to the **Members**screen and use the ⋮ options menu to select **Confirm**. ### Q: What events are audited for my organization? **A:** For a full list of what's included in Bitwarden event logs, see [Event Logs](https://bitwarden.com/it-it/help/event-logs/). ### Q: Can I prevent users from self-registering into my organization? **A:** If you are self-hosting, [configure the environment variable](https://bitwarden.com/it-it/help/environment-variables/) `globalSettings__disableUserRegistration=` to `true` to prevent users from signing up for an account via the registration page. Once configured, organization admins or owners must invite users to signup for an account on the self-hosted instance. ### Q: How do I change the name of my organization? **A:** To change the name of your organization: 1. In the web app, open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 2. Navigate to the ⚙️ **Settings** → **Organization info** screen. 3. Edit the **Organization name** field and select the **Save** button. **If you are self-hosting**, you will also need to: 1. Navigate to the ⚙️ **Billing** → **Subscription** page. 2. Select the **Download license** button to download a license with the updated organization name. 3. [Upload the new license](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/) to your self-hosted server. ### Q: How do I optimize performance for a vault with lots of items? **A**: Since decryption of vault items is done locally, never in our servers, load times may occasionally be longer for a vault with a large number of items. Our team is always working on performance optimization, however here are a few tips that can help reduce load times: - Follow the principle of least privilege, for example by using collections to organize your vault items. Reducing the number of items a user can access will reduce the number of items to be decrypted while the app is loading. - For owners and admins, don't use the **This user can access and modify all items**option. These user roles get access to everything via the organization vault anyway, so selecting this options will only add additional items to their **Vaults**view and increase the number of items to be decrypted while the app is loading. - If you manage multiple organizations, consider contacting us to become a [Provider](https://bitwarden.com/it-it/help/providers/). Accessing organizations from the Provider Portal will slightly reduce the amount of required to decrypt all managed items. ### Q: How do I leave an organization? **A**: To leave an organization, use the web app to select the ⋮ options menu for the organization you want to leave. From the dropdown, select [sign-in] **Leave**: ![Leave an organization](https://bitwarden.com/assets/2MP5ZWZbCJe6ArraaEMku9/eda75c81ab46706bd8ef373a395bd78b/2025-04-01_14-59-09.png) ## Sharing with an organization ### Q: How do I "unshare" an item from my organization? **A:** To unshare an item: 1. Clone the item back to your individual vault by using the ⋮ **Options** menu to select **Clone**. This can be done from the Admin Console or, if you are an Owner, Admin, or have Manage collection access to the collection the item is kept in, it can also be done from your Vaults view. 2. Delete the item from the organization vault by selecting **Delete** from the ⋮ **Options** menu. Alternatively, you can unshare items by moving them to a different collection with higher access control restrictions. ### Q: How do I hide a password from my organization's users? **A:** Assign the users you want to hide passwords from either **View items, hidden passwords**or **Edit items, hidden passwords**[permission](https://bitwarden.com/it-it/help/collection-permissions/) to relevant collections. ### Q: Does an item I move to the organization stay after I leave? **A:** It does! When a user shares an item with an organization, the organization takes ownership of the item. Even if the user leaves the organization or deletes their account, that item will remain in the organization vault. ## Organization installations ### Q: Can I silently install the Bitwarden desktop app for my users? **A:** Yes. When silently installing the desktop app across workstations, please do so as a privileged account like an administrator and use the `/allusers` switch in addition to `/S`. For single-user installation, or if your system supports `Logged on User`, use `/S` without `/allusers`.` ` --- URL: https://bitwarden.com/it-it/help/organization-renewal/ --- # Organization Renewal Organization subscriptions renew automatically on an annual or monthly basis. Organization [owners](https://bitwarden.com/it-it/help/user-types-access-control/#default-roles/) can check the renewal date from the web app Admin Console by navigating to organization's **Billing** → **Subscription** screen: ![Organization subscription view](https://bitwarden.com/assets/7MT9lfZZDTOQOBmnrLGceN/1ac8c615153e35250d15ce3921148cfe/2024-12-04_10-33-12.png) As your renewal date approaches, we recommend confirming your [payment method](https://bitwarden.com/it-it/help/payment-methods/) is up-top-date by going to **Billing**→ **Payment method**. Learn how to [update your billing information](https://bitwarden.com/it-it/help/update-billing-info/#update-billing-for-organizations/). > [!NOTE] Organization payment failure > If we cannot process your payment method, or if you have cancelled your subscription, your organization will be disabled. Bitwarden cloud customers will have a seven day grace period between the expiration of your [license](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/) and disabling of your organization. For **self-hosted customers**, there is a 60 day grace period. In either case, a disabled organization will result in the following: > > **Organization-owned vault items** > > [Owners](https://bitwarden.com/it-it/help/user-types-access-control/) will retain access to [shared vault items](https://bitwarden.com/it-it/help/sharing/), however all other users will lose access to these items. Organization vault items and existing [collections](https://bitwarden.com/it-it/help/about-collections/) **will not be deleted**. > > **Organization members** > > Members and existing [groups](https://bitwarden.com/it-it/help/about-groups/) **will not be removed** from the organization. When your organization is [re-enabled](https://bitwarden.com/it-it/help/organization-renewal/#re-enabling-a-disabled-organization/), members will not need to take any action. ## Re-enabling a disabled Organization If your cloud-hosted organization is disabled, paying the outstanding invoice on the Admin Console **Billing** → **Subscription** page will automatically restore services. If you encounter any issues, [contact us](https://bitwarden.com/it-it/contact/) with the subject **Disabled Subscription Organization**. The Bitwarden team will manually re-enable your organization and work with the Accounts Receivable team for any further billing assistance. If your self-hosted organization is disabled, download a new license file from your cloud-hosted Bitwarden organization vault. Once downloaded, open your self-hosted web vault and [update the license](https://bitwarden.com/it-it/help/licensing-on-premise/#tab-manual-update-4cDnzGHwlfBQEFs6eqrkut/) on the Admin Console **Billing** → **Subscription** page. --- URL: https://bitwarden.com/it-it/help/organization-sponsored-families-plans/ --- # Sponsored Families for Non-Members As a benefit to employees, Enterprise organizations can offer sponsorships for free Families organizations. Sponsored families organizations allow users to securely share personal credentials with up to five family members or friends, encouraging good security habits at home as well as at work. This article pertains to Families sponsorships for employees who are **not currently a member of the Bitwarden organization**, however organizations can also [sponsor members](https://bitwarden.com/it-it/help/families-for-enterprise/). Unlike [sponsorships for members](https://bitwarden.com/it-it/help/families-for-enterprise/), sponsored Families organizations **for non-members**: - Require that an organization owner [contact Bitwarden](https://bitwarden.com/it-it/contact/) to turn on the functionality. - Require that an [owner, admin, or permitted custom role member](https://bitwarden.com/it-it/help/user-types-access-control/) issue a sponsorship for each employee they wish to extend the benefit to. - Will occupy one seat in the Enterprise organization per employee who is issued a sponsorship. > [!TIP] Enabling F4E for self-hosted organizations. > If your Enterprise organization is self-hosted, an administrator will need to [complete these steps](https://bitwarden.com/it-it/help/families-for-enterprise-self-hosted/) before employees can redeem their Families sponsorships. The remainder of the instructions on this page will help administrators issue sponsorships and non-members redeem issued sponsorships. ## Issue a sponsorship > [!TIP] If you're a member, you don't need to be issued F4E. > If the employees you want to sponsor Families organizations for are **already members** of the Enterprise organization, they can [redeem the sponsorship without an administrator needing to manually issue it](https://bitwarden.com/it-it/help/families-for-enterprise/#redeem-a-sponsorship/). To issue a Families sponsorship to an employee who is not a member of thee Enterprise organization: 1. In the Admin Console, navigate to **Members** → **Free Bitwarden Families** and select + **Add sponsorship.** ![Free Bitwarden Families](https://bitwarden.com/assets/3ZLi9Ap4Hk44fCNWHvvrFY/b3e4a05fd72aa106e938295d27e0d37a/2025-05-21_11-35-45.png) 2. In the **Add sponsorship** box, enter the employee's email address and any notes you'd like to make about the sponsorship and select **Save** to issue a sponsorship invitation to that employee's inbox: ![Add sponsorship](https://bitwarden.com/assets/2bYAYxzbgIJqshhOIgNQtX/c35a70ea7ee48f4b4114ce86401caefe/2025-05-21_16-43-35.png) > [!NOTE] Re-issuing F4E sponsorships. > You can resend an invitation, or remove an employee's sponsorship, at any time using the ⋮ options menu on this page. One seat in the Enterprise organization will be occupied per employee who is issued a sponsorship using this method. ## Redeem a sponsorship To accept an Families sponsorship that has been issued to you by an employer: 1. Check your email inbox. When you receive the invitation, select **Accept Offer**: ![Invitation Email](https://bitwarden.com/assets/3oF2ARkXDOM7xMr8X1YdMS/d873a82a1ed8b129549731bb0c419673/2025-05-21_16-55-45.png) 2. Follow the prompts on-screen to log in with your personal Bitwarden account or create a new one. > [!TIP] You can apply F4E to an existing Families org. > If you have an existing Bitwarden Families organization, you can apply the sponsorship to that organization. Make sure you log in with the account that's an owner of your Families organization. 3. Once logged in, you'll be directed to a screen where you can redeem your sponsorship for a **New Families organization** or apply the sponsorship to an **Existing Families organization**: ### New Families organization Select **New Families organization**from the dropdown: ![New Free Bitwarden Families](https://bitwarden.com/assets/3NnhjGPkYir4aMCLzvmJf1/db51c17a40db8d7a399ed49ec65d98f5/2024-12-04_10-24-32.png) Fill in the following information: - An **Organization name** - A **Billing email** - Whether you want to add **Additional storage (GB)**. Your sponsorship covers 5 GB free. - **Payment information** You won't have to make any payments for the Families organization as long as you are an active member of the sponsoring organization, unless you add **Additional storage**. When you are done filling in your information, select **Submit.** ### Existing Families organization Select the organization from the dropdown and select **Accept Offer:** ![Existing Free Bitwarden Families](https://bitwarden.com/assets/5HIpHzcAzTsBjE4UZhjCV0/1f3ce019f188b2a1be20cc1587534864/2024-12-04_10-24-53.png) When you accept the offer, your old subscription will be replaced by the Enterprise sponsorship. You won't have to make any payments for the Families organization, unless you add **Additional storage**, for as long as you are an active member of the sponsoring organization. > [!NOTE] F4E for 2019 Families > If you are on the [2019 Families plan](https://bitwarden.com/it-it/help/updates-to-plans/), you can still redeem a sponsorship but your organization will not automatically include all features released after 2020. To upgrade your current plan, navigate to the **Subscriptions**→ **Billing** page and select **Upgrade plan**. > [!NOTE] You'll still get renewal emails when you're F4E. > After redeeming your sponsorship, you may still get renewal reminder emails for your Families organization in your personal inbox. As long as you're still an active member of that sponsoring Enterprise organization, you can ignore these emails. If you're no longer a member, navigate to **Billing** → **Payment method**, and check that the payment method is valid. --- URL: https://bitwarden.com/it-it/help/panther-siem/ --- # Panther SIEM Panther is a security information and event management (SIEM) platform that can be used with Bitwarden organizations. Organization users can monitor [event ](https://bitwarden.com/it-it/help/event-logs/)activity with the Bitwarden app on their Panther monitoring system. ## Setup ### Create a Panther account To start you will need a Panther account and dashboard. Create a Panther account on their [website](https://panther.com/). ### Initialize Panther Bitwarden Log Source 1. Access the Panther dashboard. 2. On the menu, open the **Configure** dropdown and select **Log Sources**. ![Panther Log Sources](https://bitwarden.com/assets/2ZE57tHcy87V0qBKbUykRO/c0bf68f1da74c896562f87a85950138c/Panther_Log_sources.png) 3. Select **Onboard your logs**. ![Panther Onboard logs](https://bitwarden.com/assets/4mefTa7wGIZ6Kc62Mf9oNu/ab043ca54203609664765bcc0132158d/Panther_integration_marketplace.png) 4. Search **Bitwarden** in the catalogue. ![Elastic Bitwarden integration](https://bitwarden.com/assets/3sSNvUFqgN8dwEWrfe0UFM/f9c1473e113c9851c506720992dfef2a/bitwarden_app.png) 5. Click on the **Bitwarden** integration and select **Start Setup**. ### Connect your Bitwarden organization After you select **Start Setup** you will be brought to the configuration screen. > [!NOTE] Panther cloud organizations > Panther SIEM services are only available for Bitwarden cloud hosted organizations. 1. Enter a name for the integration and then select **Setup.** 2. Next, you will have to access to your Bitwarden organization's **Client ID** and **Client Secret**. Keeping this screen open, on another tab, log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 3. Navigate to your organization's **Settings** → Organization info screen and select the **View API key**button. You will be asked to re-enter your master password in order to access your API key information. ![Organization api info](https://bitwarden.com/assets/6gHjAyqgeqDj6UPT6agsBK/3a614e043cb3836a41bd68f226835e53/2024-12-04_09-51-07.png) 4. Copy and paste the `client_id` and `client_secret` values into their respective locations on the Bitwarden App setup page. Once you have entered the information, continue by selecting **Setup**again. 5. Panther will run a test on the integration. Once a successful test has been completed, You will be given to option to adjust preferences. Complete the setup by pressing **View Log Source**. > [!NOTE] Panther data ingestion > Panther may take up to 10 minutes to ingest data following the Bitwarden App setup. ### Start monitoring data 1. To begin monitoring data, head over to the primary dashboard and select 🔍 **Investigate** and **Data Explorer**. 2. On the Data Explorer page, select the `panther_logs.public` database from the drop down menu. Make sure that `bitwarden_events `is being viewed as well. ![Panther Data Explorer](https://bitwarden.com/assets/3mrpsXxhYXiPHr5bAt2Dfk/9316f68edd7191180174869d37264752/data_explorer.png) 3. Once you have made all of your required selections, select **Run Query**. You may also **Save as** to use the query at another time. 4. A list of Bitwarden events will be produced at the bottom of the screen. ![Panther Event Logs](https://bitwarden.com/assets/3iyy9chBYenrpJ5hCwVKOd/385e7d5348621b7c58649f0632f198b2/Panther_event_logs.png) 5. Events can be expanded and viewed in JSON by selecting **View JSON**. [arrow-circle-right]. ![Panther JSON Object](https://bitwarden.com/assets/1wHDe1snFJ4NB1G13VBUBC/71def83a275e8bf25e25488b872a02f0/Header_object.png) For additional information regarding Bitwarden organization events, see [here](https://bitwarden.com/it-it/help/event-logs/#organization-events/). Additional options for specific queries are available, see the [Panther Data Explorer](https://docs.panther.com/search/data-explorer) documentation for more information. ### ### --- URL: https://bitwarden.com/it-it/help/password-and-generator-history/ --- # Password & Generator History Bitwarden maintains two distinct histories: one for saved login passwords and another for [generated usernames, passwords, and passphrases](https://bitwarden.com/it-it/help/generator/). Finding a previous password is helpful when you generate a password but forget to save it or don't finish resetting a password. ## Password history Bitwarden stores the last five saved passwords for each [login item](https://bitwarden.com/it-it/help/managing-items/), including [deleted items](https://bitwarden.com/it-it/help/managing-items/#delete/) before they're permanently removed. When you edit a [hidden custom field](https://bitwarden.com/it-it/help/custom-fields/), its previous value is also saved in the password history and counts as one of the five saved entries. Logging out or switching Bitwarden clients doesn't impact or clear the password history. > [!WARNING] Password history plain text > Accessing password history immediately reveals the older passwords in plain text. To review an item's password history: ### Web app Open the item and select **Password history**: ![Password history on web](https://bitwarden.com/assets/RT3R5a33WrejA8qnIcmqa/fed083be7acb5fbedfd52e223a086bb5/Password_history_on_web.png) *Password history on web* ### Mobile app Open the item and select **Password history**near the bottom of the window: ![Password history on mobile](https://bitwarden.com/assets/1RJbcOMMkIfVTprx3NZbyQ/82a1eb915b795d439df8fe91917d65af/Password_history_on_mobile.png) *Password history on mobile* ### Browser extension Open the item and select **Password history**: ![Password history on browser](https://bitwarden.com/assets/2XVetRKi7VLJ7Ctq7scOll/411a752e576a21b533f326b938ca6fa4/Password_history_on_browser.png) *Password history on browser* ### Desktop app Open the item and select **Password history**near the bottom of the window: ![Password history on desktop](https://bitwarden.com/assets/lvf2rvKuNcJNUYzXOTI99/cef223bdb6cf8f575314705ed12766aa/2026-04-23_11-08-39.png) *Password history on desktop* ## Generator history You can also access the [generator's](https://bitwarden.com/it-it/help/generator/) recent history. Each client stores its own generated usernames, passwords, and passphrases; generator history is not synced across Bitwarden clients. Logging out erases that client's specific generator history. For example, passwords generated in the mobile app only appear in the mobile app's generator history. They don't appear in the web app's generator history, and logging out of the web app doesn't remove the mobile app's generator history. > [!WARNING] Generator history plain text > Accessing generator history immediately reveals the previously generated options in plain text. ### Web app To access the generator history: 1. Select **Tools**. 2. Select **Generator**. 3. Select **Generator history**: ![Generator history on web](https://bitwarden.com/assets/W3Cbil4ZzaNUgIoarf6Qm/76248637321f4e4314eb0aa89b1f42af/Generator_history_on_web.png) *Generator history on web* ### Mobile app Generated passwords and passphrases are listed in the mobile app’s generator history. Generated usernames are not currently included. To access the generator history: 1. Tap the [generate] **Generator icon**. 2. Tap the ⋮ **Menu icon**. 3. Tap **Password history**. ### Browser extension To access the generator history: 1. Select **Generator**. 2. Scroll down and select **Generator history**: ![Generator history on browser](https://bitwarden.com/assets/10EgyHZiwC9p2gkuOdhbkN/52083c2ccc2cbd1abd2bd5afb8cbb74e/Generator_history_on_browser.png) *Generator history on browser* ### Desktop app To access the generator history, go to **View** → **Generator history** from the menu bar. To delete the client’s generator history, select **Clear history** below the list: ![Clear generator history](https://bitwarden.com/assets/1BFNT1klLnRNy3o8NLXGmB/0b21df796fbdc3e26d5ff2a046b82b15/Clear_generator_history.png) *Clear generator history* --- URL: https://bitwarden.com/it-it/help/password-manager-overview/ --- # Password Manager Overview Bitwarden Password Manager enables businesses and individuals to protect their online data in the face of rising cybercrime threats. Use Bitwarden Password Manager to generate strong, unique passwords for every account you use online. This way if one site suffers a data breach, none of your other accounts are compromised. Password Manager makes it easy to do this by creating, saving, and autofilling those strong passwords, so that you don't need to worry about remembering them. ## Key features For individuals and end-users, some of the most popular features that Bitwarden Password Manager offers are: - **Easy import:**[Import](https://bitwarden.com/it-it/help/import-data/) your credentials from almost any password management solution. - **Robust autofill**: Use Password Manager to more easily log in to websites [from browser extensions](https://bitwarden.com/it-it/help/auto-fill-browser/) and [from mobile apps](https://bitwarden.com/it-it/help/auto-fill-ios/). - **Credential generators**: Use the [username and password generator](https://bitwarden.com/it-it/help/generator/) to confidently create secure credentials when signing up for new websites. - **Integrated authentication**: [Generate and autofill temporary one-time passwords (TOTP)](https://bitwarden.com/it-it/help/integrated-authenticator/) for two-factor authentication (2FA) right from Bitwarden Password Manager. - **Two-step login options**: Setup a variety of [two-step login methods](https://bitwarden.com/it-it/help/setup-two-step-login/), including free options, to keep your important credentials secure. For businesses and administrators, some of the most popular features that Bitwarden Password Manager offers are: - **Easy import**: [Import](https://bitwarden.com/it-it/help/import-to-org/) your company's shared credentials from almost any password management solution. - **User management integrations**: Sync end-users to your Bitwarden organization using one of many [system for cross-domain identity management (SCIM)](https://bitwarden.com/it-it/help/about-scim/) or [direct-to-directory](https://bitwarden.com/it-it/help/directory-sync/) integrations. - **Login with SSO**: [Authenticate your end-users with your existing single sign-on (SSO)](https://bitwarden.com/it-it/help/about-sso/) setup through any SAML 2.0 or OIDC identity provider. - **Robust policies**: Enforce security practices for your end-users, like setting up the ability for admins to [recover lost accounts](https://bitwarden.com/it-it/help/account-recovery/), using [enterprise policies](https://bitwarden.com/it-it/help/policies/). ## Security-first principles Bitwarden is committed to building security-first products. Password Manager is: - **Open source**: All source code is hosted on GitHub and is free for anyone to review and audit. Third-party auditing firms and security researchers are paid to do so regularly. - **End-to-end encrypted**: All encryption and decryption of vault data is done client-side, meaning no sensitive data ever hits our servers unencrypted. - **Zero-knowledge encrypted**: Bitwarden team members can't see your vault data, including data like URLs that other password managers don't encrypt, or your master password. ## Clients Password Manager offers client applications for most devices and many use-cases: - **Web app**: The Password Manager web app is your home for vault administration and organization management. [Get started today](https://bitwarden.com/it-it/help/getting-started-webvault/). - **Browser extensions**: Password Manager browser extensions are perfectly suited for autofilling and seamlessly creating credentials to make surfing the web even easier. [Get started today](https://bitwarden.com/it-it/help/getting-started-browserext/). - **Mobile apps**: Password Manager mobile apps are built to help you securely take your credentials on the go. [Get started today](https://bitwarden.com/it-it/help/getting-started-mobile/). - **Desktop apps**: Password Manager desktop apps bring a full and elegant vault experience natively to your desktop. [Get started today](https://bitwarden.com/it-it/help/getting-started-desktop/). - **CLI**: The Password Manager command-line interface (CLI) is a powerful, fully-featured tool for accessing and managing your vault, and is well-positioned to help in automated or development workflows. [Get started today](https://bitwarden.com/it-it/help/cli/). --- URL: https://bitwarden.com/it-it/help/password-manager-plans/ --- # Piani di gestione delle password Questo articolo descrive ogni piano di abbonamento a Bitwarden Password Manager per aiutarvi nel vostro percorso di gestione delle password e di archiviazione sicura dei dati. Questo articolo riflette gli attuali piani di Password Manager, aggiornati di recente al 04 giugno 2024. Gli utenti che hanno creato un account prima di tale data possono conoscere i loro piani [qui](https://bitwarden.com/it-it/help/updates-to-plans/). Per vedere invece i piani di Secrets Manager, vedere [qui](https://bitwarden.com/it-it/help/secrets-manager-plans/). ## Piani personali I piani personali sono progettati per fornire a voi o alla vostra famiglia tutti gli strumenti necessari per gestire i dati in modo sicuro: ### Individuale gratuito Bitwarden ritiene che tutti debbano avere accesso a strumenti di sicurezza per le password. Le funzioni principali di Bitwarden Password Manager sono gratuite al 100% e comprendono l'archiviazione illimitata di login, note, carte e identità, l'accesso a Bitwarden su qualsiasi dispositivo, un generatore di password sicure e altro ancora. Iscriviti [gratuitamente](https://bitwarden.com/it-it/go/start-free/). ### Premium individuale Aggiornate il vostro account individuale per sbloccare funzioni di sicurezza e gestione delle password premium, tra cui opzioni 2FA avanzate, l'autenticatore Bitwarden (TOTP), allegati di file crittografati, accesso di emergenza e altro ancora. **Per passare a un account Premium**, utilizzare l'applicazione web per navigare nella sezione **Impostazioni** e selezionare **Go Premium**, oppure utilizzare il seguente link per [registrarsi per un nuovo account individuale Premium](https://bitwarden.com/it-it/go/start-premium/). > [!NOTE] Premium features > Premium does not include secure data sharing. In order to access sharing features, you will need a subscription to an organization ([Free](https://bitwarden.com/it-it/help/password-manager-plans/#free-organizations/), [Families](https://bitwarden.com/it-it/help/password-manager-plans/#families-organizations/), [Teams](https://bitwarden.com/it-it/help/password-manager-plans/#teams-organizations/), or [Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/#enterprise-organizations/)). Paid organizations ([Families](https://bitwarden.com/it-it/help/password-manager-plans/#families-organizations/), [Teams](https://bitwarden.com/it-it/help/password-manager-plans/#teams-organizations/), or [Enterprise](https://bitwarden.com/it-it/help/password-manager-plans/#enterprise-organizations/)) include premium features for all users enrolled in that organization. Gli abbonamenti individuali Premium vengono fatturati annualmente. ### Organizzazioni gratuite Avviare un'organizzazione gratuita per archiviare e condividere in modo sicuro i dati con un altro utente. Le organizzazioni gratuite offrono a entrambi gli utenti tutte le funzioni principali di Password Manager e la condivisione sicura dei dati in un massimo di due raccolte. Ogni utente di qualsiasi piano può essere proprietario di un'organizzazione Free. ### Organizzazioni familiari Avviare un'organizzazione familiare per condividere i dati privati tra voi e cinque amici o familiari. Le organizzazioni familiari includono tutte le funzioni premium per tutti e sei gli utenti e la condivisione sicura e illimitata dei dati all'interno dell'organizzazione familiare. Gli abbonamenti delle organizzazioni familiari vengono fatturati annualmente. ### Confronta i piani personali Nella tabella seguente, le "funzioni premium" (incluse per le organizzazioni **Premium individuali** e **Famiglie**) sono contrassegnate da un asterisco (*). | **Caratteristiche per voi** | **Gratuito** | **Premio** | **Org gratuito** | **Famiglie org** | |------|------|------|------|------| | Utenti massimi | 1 | 1 | 2 | 6 | | Memorizzazione sicura di login, note, schede e identità. | Illimitato | Illimitato | Illimitato | Illimitato | | Numero massimo di raccolte | - | - | 2 | Illimitato | | Accesso a Password Manager su tutti i dispositivi | ✓ | ✓ | ✓ | ✓ | | Sincronizzazione dello storage tra i dispositivi | ✓ | ✓ | ✓ | ✓ | | Generatore di password sicuro | ✓ | ✓ | ✓ | ✓ | | Opzione self-hosting | ✓ | ✓ | - | ✓ | | [Esportazione criptata](https://bitwarden.com/it-it/help/encrypted-export/) | ✓ | ✓ | ✓ | ✓ | | [Bitwarden Invia](https://bitwarden.com/it-it/help/about-send/) | Solo testo | Testo e file | Solo testo | Testo e file | | *[Accesso in due fasi](https://bitwarden.com/it-it/help/setup-two-step-login/) | Chiave di sicurezza hardware, app autenticatore o e-mail | Chiave di sicurezza hardware, app autenticatore, e-mail, Yubico OTP e Duo | Chiave di sicurezza hardware, app autenticatore o e-mail | Chiave di sicurezza hardware, app autenticatore, email, Yubico OTP e Duo (non include [Duo per le organizzazioni](https://bitwarden.com/it-it/help/setup-two-step-login-duo/)) | | *[Allegati di file crittografati](https://bitwarden.com/it-it/help/attachments/) | - | 5 GB | - | 5 GB per utente + 5 GB condivisi | | *[Autenticatore integrato](https://bitwarden.com/it-it/help/integrated-authenticator/) (TOTP) | - | ✓ | (Se anche individuo Premium) | ✓ | | *[Rapporti sullo stato di salute del caveau](https://bitwarden.com/it-it/help/reports/) | - | ✓ | - | ✓ | | *[Accesso di emergenza](https://bitwarden.com/it-it/help/emergency-access/) | - | ✓ | - | ✓ | | Idoneo per il [componente aggiuntivo Secrets Manager](https://bitwarden.com/it-it/help/secrets-manager-overview/) | - | - | ✓ | - | | *Supporto prioritario | - | ✓ | - | ✓ | | Costo per l'utente | Gratuito | 1,65 dollari al mese, fatturati annualmente | Gratuito | 3,99 dollari al mese, con addebito annuale | ## Piani aziendali I piani aziendali di Bitwarden sono progettati per soddisfare le esigenze di archiviazione e condivisione di piccoli team, aziende in crescita e grandi imprese: ### Organizzazioni a squadre Le organizzazioni di team sono ideali per condividere in modo sicuro i dati con i colleghi, il reparto o l'intera azienda. Le organizzazioni Teams includono tutte le funzionalità premium per tutti gli utenti iscritti, la condivisione sicura e illimitata dei dati all'interno dell'organizzazione Teams e una suite di strumenti operativi come la registrazione degli eventi e un'API per la gestione dell'organizzazione. Le organizzazioni di team possono aggiungere [Secrets Manager](https://bitwarden.com/it-it/help/secrets-manager-overview/) al loro portafoglio prodotti a un [costo aggiuntivo](https://bitwarden.com/it-it/help/secrets-manager-plans/). A differenza delle organizzazioni familiari e delle organizzazioni gratuite, Teams può avere un numero illimitato di utenti (con prezzo per utente). Gli abbonamenti delle organizzazioni di team possono essere fatturati annualmente o mensilmente. ### Organizzazioni aziendali Avviate un'organizzazione aziendale per proteggere i vostri segreti aziendali. Le organizzazioni enterprise includono tutte le funzionalità premium per tutti gli utenti iscritti, tutti gli strumenti operativi inclusi nelle **organizzazioni team** e strumenti esclusivamente enterprise come l'autenticazione SSO, l'applicazione dei criteri aziendali e un'opzione self-host. Le organizzazioni aziendali possono aggiungere [Secrets Manager](https://bitwarden.com/it-it/help/secrets-manager-overview/) al loro portafoglio di prodotti a un [costo aggiuntivo](https://bitwarden.com/it-it/help/secrets-manager-plans/). A differenza delle organizzazioni familiari e di quelle gratuite, le organizzazioni Enterprise possono avere un numero illimitato di utenti (prezzo per utente). Gli abbonamenti delle organizzazioni aziendali possono essere fatturati annualmente o mensilmente. ### Confronto dei piani aziendali Nella tabella seguente, le "funzioni premium" (incluse per le **organizzazioni Teams** ed **Enterprise**) sono contrassegnate da un asterisco (*). | **Caratteristiche per la vostra attività** | **Organizzazioni a squadre** | **Organizzazioni aziendali** | |------|------|------| | Archiviazione sicura di login, note, schede e identità. | Illimitato | Illimitato | | Condivisione dei dati | Illimitato | Illimitato | | Accesso a Password Manager su tutti i dispositivi | ✓ | ✓ | | Sincronizzazione dello storage tra i dispositivi | ✓ | ✓ | | Generatore di password sicuro | ✓ | ✓ | | Numero base di utenti | 1 | 1 | | Numero massimo di utenti | Illimitato | Illimitato | | Numero massimo di raccolte | Illimitato | Illimitato | | [Esportazione criptata](https://bitwarden.com/it-it/help/encrypted-export/) | ✓ | ✓ | | [Bitwarden Invia](https://bitwarden.com/it-it/help/about-send/) | Testo e file | Testo e file | | *[Accesso in due fasi](https://bitwarden.com/it-it/help/setup-two-step-login/) | App Authenticator, email, Yubikey, FIDO2 e Duo | App Authenticator, email, Yubikey, FIDO2 e Duo | | [Duo per le organizzazioni](https://bitwarden.com/it-it/help/setup-two-step-login-duo/) | ✓ | ✓ | | *[Allegati di file crittografati](https://bitwarden.com/it-it/help/attachments/) | 5 GB per utente + 5 GB condivisi | 5 GB per utente + 5 GB condivisi | | *[Autenticatore integrato](https://bitwarden.com/it-it/help/integrated-authenticator/) (TOTP) | ✓ | ✓ | | *[Accesso personale di emergenza](https://bitwarden.com/it-it/help/emergency-access/) | ✓ | ✓ | | *[Rapporti sullo stato di salute del caveau](https://bitwarden.com/it-it/help/reports/) | ✓ | ✓ | | *Supporto prioritario | ✓ | ✓ | | [Registri eventi](https://bitwarden.com/it-it/help/event-logs/) | ✓ | ✓ | | [Gruppi di utenti](https://bitwarden.com/it-it/help/about-groups/) | ✓ | ✓ | | [Accesso API](https://bitwarden.com/it-it/help/public-api/) | ✓ | ✓ | | [Connettore di directory](https://bitwarden.com/it-it/help/directory-sync/) | ✓ | ✓ | | Idoneo per il [componente aggiuntivo Secrets Manager](https://bitwarden.com/it-it/help/secrets-manager-overview/) | ✓ | ✓ | | [Accesso all'intelligenza](https://bitwarden.com/it-it/help/access-intelligence/) | - | ✓ | | [Accesso con SSO](https://bitwarden.com/it-it/help/about-sso/) | - | ✓ | | [Connettore a chiave](https://bitwarden.com/it-it/help/about-key-connector/) | - | ✓ | | [Politiche aziendali](https://bitwarden.com/it-it/help/policies/) | - | ✓ | | [Recupero del conto](https://bitwarden.com/it-it/help/account-recovery/) | - | ✓ | | [Opzione self-host](https://bitwarden.com/it-it/help/install-on-premise/) | - | ✓ | | [Ruolo di gestione personalizzato](https://bitwarden.com/it-it/help/user-types-access-control/) | - | ✓ | | [Sponsorizzazione delle famiglie per i membri](https://bitwarden.com/it-it/help/families-for-enterprise/) | - | ✓ | | [Integrazioni SCIM](https://bitwarden.com/it-it/help/about-scim/) | ✓ | ✓ | | Costo per l'utente | **Squadre**: $4 per utente al mese, fatturati annualmente o 5 dollari per utente al mese, con fatturazione mensile | o 6 dollari per utente al mese, con fatturazione annuale o 7 dollari per utente al mese, con fatturazione mensile | ## Organizzazioni self-hosted Le organizzazioni Bitwarden self-hosted potranno utilizzare tutte le funzionalità a pagamento previste dal piano scelto. Solo le organizzazioni Famiglie ed Enterprise possono essere importate su server self-hosted. Per saperne di più sull'[auto-hosting di un'organizzazione](https://bitwarden.com/it-it/help/self-host-an-organization/). --- URL: https://bitwarden.com/it-it/help/payment-methods/ --- # Payment Methods Bitwarden accepts several payment methods for paid plans. Payment methods vary depending on your plan and billing country. ## Accepted payment methods All available payment methods are listed when you upgrade or [update billing information](https://bitwarden.com/it-it/help/update-billing-info/) in the web app. The payment method on file is used for automatic [Premium plan renewals](https://bitwarden.com/it-it/help/premium-renewal/) and [organization plan renewals](https://bitwarden.com/it-it/help/organization-renewal/) to ensure you don't lose access to paid features unexpectedly. It's also used when you add [attachment](https://bitwarden.com/it-it/help/attachments/#add-storage-space/) storage space. ### Credit or debit card All Bitwarden plans types accept major credit cards, including Visa, Mastercard, American Express, and Discover. Card payments are processed securely through Stripe. Card details are added in the web app when first signing up or [updating your billing information](https://bitwarden.com/it-it/help/update-billing-info/). ### PayPal PayPal is available as a payment method for all plans. You can link your PayPal account for automatic payments or to add [account credit](https://bitwarden.com/it-it/help/payment-methods/#account-credit/). PayPal includes built-in buyer protection and additional security features. To use PayPal, select this method during checkout or when updating your billing information. ### Bank account Bank account payments are available for some Teams and Enterprise plans: - For domestic transfers within the United States, you can set up a direct bank deposit (ACH) through your [payment details](https://bitwarden.com/it-it/help/update-billing-info/) or via invoiced billing. ACH payments are processed using Stripe's bank transfer system. - Wire transfers from outside of the United States are only accepted with [invoiced billing](https://bitwarden.com/it-it/help/payment-methods/#invoiced-billing/). Once invoiced, you'll find our bank account details on the invoice to complete your wire transfer. To confirm that your account is eligible for international wire transfer payments and switch to invoiced billing, [contact us](https://bitwarden.com/it-it/contact/). ### Check Corporate checks are accepted for annual Teams and Enterprise subscriptions when you [pay by invoice](https://bitwarden.com/it-it/help/payment-methods/#invoiced-billing/). The mailing address is listed on your invoice. To ensure the fastest processing, checks must include your company name, invoice number, and contact information. ### Cryptocurrency Cryptocurrency, such as Bitcoin, is accepted. You need to purchase [account credit](https://bitwarden.com/it-it/help/payment-methods/#account-credit/) to upgrade or renew your subscription with cryptocurrency. ### Account credit Account credit lets you pay for your Bitwarden upgrade or subscription in advance. Purchase credits in your local currency through PayPal or cryptocurrency through BitPay. If you want to pay via account credit, make sure you purchase the account credits **before** upgrading or your renewal date. We'll deduct the upgrade or renewal cost from your account credit balance. To add credit to your account: 1. Go to **Settings → Billing**. 2. Select **Add credit**. 3. Enter the total in USD that you'd like to purchase. 4. Select **Submit**. 5. You'll be taken to PayPal or BitPay to complete the transaction. Once complete, you will receive an email confirmation. > [!NOTE] Apply account credit to invoice > To pay an unpaid invoice with account credit, [contact us](https://bitwarden.com/it-it/contact/). ## Invoiced billing Most payment methods are processed automatically when you upgrade or on your renewal date. Some plans allows you to instead pay an emailed [invoice](https://bitwarden.com/it-it/help/invoices-and-receipts/). With this option, an invoice is sent to the billing contact on your renewal date. Pay the invoice manually with one of the methods listed on the invoice itself. > [!TIP] Keep billing contact accurate > Keep your billing contact's email address current to avoid missed invoices. For the individual Premium plan, this is your [account email](https://bitwarden.com/it-it/help/product-faqs/#q-how-do-i-change-my-email-address/). For organizations, only [owners](https://bitwarden.com/it-it/help/user-types-access-control/#default-roles/) can view and update their [billing contact](https://bitwarden.com/it-it/help/update-billing-info/#update-billing-email/). Who is eligible for invoiced billing and when invoice payments are due depends: | Subscription type | Payment due date | |------|------| | Annual Teams and Enterprise subscriptions switched to invoicing after [contacting us](https://bitwarden.com/it-it/contact/) | 30 days from invoice date | | Annual plans set up through [Bitwarden sales](https://bitwarden.com/it-it/contact-sales/) | 30 days from invoice date | | [Resellers](https://bitwarden.com/it-it/help/bitwarden-resellers/) | 45 days from invoice date | > [!NOTE] Failed payments, invoice due > If you are on any other plan and we were unable to process your automatic payment, an [unpaid invoice](https://bitwarden.com/it-it/help/invoices-and-receipts/) will appear in your **Billing history**. Payment is due 14 days from the invoice date to avoid disruption. If you need help, please [contact us](https://bitwarden.com/it-it/contact/). If an invoice is not paid by its due date, your account and, if applicable organization members, may be affected. Pay the invoice to [restore your organization's services](https://bitwarden.com/it-it/help/organization-renewal/#re-enabling-a-disabled-organization/) or your Premium plan. ## Manage your payment method Use the Bitwarden web app to [review or update your payment details](https://bitwarden.com/it-it/help/update-billing-info/). --- URL: https://bitwarden.com/it-it/help/personal-api-key/ --- # CLI Authentication via API Key Your Bitwarden personal API key can be used as a method for authenticating into the command line interface (CLI). > [!NOTE] Personal API key vs organization API key > Your personal API key is **not the same** as the [organization API key](https://bitwarden.com/it-it/help/public-api/#authentication/) used to access the [Bitwarden Public API](https://bitwarden.com/it-it/help/public-api/) or [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/). Personal API keys will have a `client_id` with format `"user.clientId"`, while organization API keys will have a `client_id` with format `"organization.ClientId"`. ## Get your personal API key To get your personal API key: 1. In the Bitwarden web app, navigate to **Settings** → **Security** → **Keys**: ![Keys settings](https://bitwarden.com/assets/3IHpaOpEB5a13TF3B3RqqB/fab175095404a90d9d372542745bb9bb/Keys_settings.png) *Keys settings* 2. Select the **View API key** button and enter your master password to validate access. Once entered, you will be provided the following: - `client_id: "user.clientId"` (This value is unique to your account and does not change.) - `client_secret: "clientSecret"` (This value is unique and can be rotated). - `scope: "api"` (This value will always be `"api"`). - `grant_type: "client_credentials"` (This value will always be `"client_credentials"`). ### Rotate your API key Select the **Rotate API Key** button to rotate your personal API key. Rotating your key will only change your `client_secret`. Rotating your key will invalidate your previous key and all active sessions using that key. ## Authenticate using your API key Using the [personal API key](https://bitwarden.com/it-it/help/personal-api-key/) for CLI authentication is suitable for automated workflows, for providing access to an external application, or if your account uses a 2FA method not supported by the CLI (FIDO2 or Duo). The following command will prompt you for your personal `client_id` and `client_secret`: ``` bw login --apikey ``` While there are some commands that do not require your data be decrypted, to use many of the CLI commands you will need to subsequently decrypt your data using the `unlock` command ([learn more](https://bitwarden.com/it-it/help/cli/#unlock/)), unless you're a member of an organization using [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). Your API key is **not a substitute for your master password.** #### Using API key environment variables In scenarios where automated work is being done with the Bitwarden CLI, you can save environment variables to prevent the need for manual intervention at authentication. | **Environment variable name** | **Required value** | |------|------| | BW_CLIENTID | `client_id` | | BW_CLIENTSECRET | `client_secret` | --- URL: https://bitwarden.com/it-it/help/phishing-blocked/ --- # Phishing Blocker Bitwarden phishing blocker detects known phishing websites and redirects Bitwarden users to a secure notification page, helping to ensure that credentials are not mistakenly entered or compromised. Phishing blocker identifies phishing websites using the regularly updated, open source [Phishing.Database](https://github.com/Phishing-Database/Phishing.Database). Phishing blocker is available for Bitwarden individual Premium and Families plans on browser clients `2026.1.1` and newer. > [!NOTE] Phishing blocker unavailable for Safari > At this time, phishing blocker is not available on the Bitwarden browser extension for Safari. ## Phishing blocker Phishing blocker operates using the browser extension. When phishing blocker identifies a known phishing website: 1. Instead of loading a known phishing website, Bitwarden will redirect the user to a warning page, indicating that the site has been blocked. ![Phishing blocker](https://bitwarden.com/assets/7IDSIId3ZA7nRT1T8gdX1T/3382ba87ffa5a38d8fa68b03d4ea0dcc/Phiishing-blocker-cropped.png) 2. Select the appropriate option: - **Close tab**: Selecting this option will close out the malicious tab that Bitwarden has blocked. - **Continue**: Selecting this option will allow you to continue to the website and close the Bitwarden phishing blocker. > [!NOTE] Continue to phishing website warning > Selecting **Continue** will proceed to the website that was identified for previous phishing activity. This action could result in your credentials being compromised. Caution is recommended if selecting this option. ## Toggle phishing blocker By default, phishing blocker will be enabled for individual premium and families users. You may toggle the feature **on**or **off** in the browser extension by navigating to **Settings** → **Account security** and selecting the toggle: ![Toggle phishing blocker](https://bitwarden.com/assets/4jeEBHYQeUpsZNOoKKUeW1/d19fe64cfed2edba32983f45c5434490/phishing_setting.png) *Toggle phishing blocker* ## How it works Bitwarden phishing blocker uses the Phishing.Database to reference known phishing sites. This open source tool is updated daily by users to identify harmful URLs. > [!NOTE] Phishing blocker performs checks local > All website checks are performed locally by the Bitwarden browser extension. No data is ever shared with Bitwarden or third parties. 1. The Bitwarden browser extension fetches the list from Phishing.Database directly. 2. The Bitwarden API uses the SHA-256 checksum to identify changes in the list and fetch updated lists. 3. Using the browser extension, Bitwarden will check URLS against the phishing list on page load. 4. If the site is a match with a known threat on the phishing database, Bitwarden will take you to a blocked screen, providing the options to leave the site or continue. --- URL: https://bitwarden.com/it-it/help/ping-identity-oidc-implementation/ --- # Ping Identity OIDC This article contains Ping Identity specific help for configuring Login with SSO via OpenID Connect (OIDC). For help configuring Login with SSO for another OIDC IdP, or for configuring Ping Identity via SAML 2.0, see [OIDC Configuration](https://bitwarden.com/it-it/help/configure-sso-oidc/) or [Ping Identity SAML implementation](https://bitwarden.com/it-it/help/ping-identity-saml-implementation/). Configuration involves working simultaneously within the Bitwarden web app and the Ping Identity Administrator Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Open SSO in the web vault Log in to the Bitwarden [web app](https://bitwarden.com/it-it/help/getting-started-webvault/) and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) Select **Settings** → **Single sign-on** from the navigation: ![OIDC configuration](https://bitwarden.com/assets/51wSToXTHHVmBCrLrE8T0E/85aa432ea19eadf0195317f4f233e973/2024-12-04_09-41-46.png) If you haven't already, create a unique **SSO identifier**for your organization. Otherwise, you don't need to edit anything on this screen yet, but keep it open for easy reference. > [!TIP] Self-hosting, use alternative Member Decryption Options. > There are alternative **Member decryption options**. Learn how to get started using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). ## Create OIDC app In the Ping Identity Administrator Portal, select **Applications** and the + Icon at the top of the screen to open the **Add Application** screen: ![Ping Identity OIDC App](https://bitwarden.com/assets/3upFJSqFSgStI3FB5hSIDH/0714a45788207aed199dc3f3df78e6dd/2024-07-22_16-14-00.png) ### Add application 1. Enter a Bitwarden Specific name in the **Application Name** field. Optionally, add desired description details as needed. 2. Select the **OIDC Web App** option and select **Save** once you have finished. ### Configure application On the Application screen, select the **Configuration** tab and then the edit button located on the top right hand of the screen. ![Ping OIDC Configuration Edit](https://bitwarden.com/assets/7JxMu92pW8hFkRV7Mmh5Qr/870237c0d0580c7407973aeef0109d2c/2024-07-25_11-30-30.png) In the edit screen, fill in the following values retrieved from the Bitwarden Single sign-on screen: | **Ping Identity Field** | **Description** | |------|------| | Redirect URIs | Copy and paste the **Callback path** value retrieved from the Bitwarden Single sign-on page. | | Signoff URLs | Copy and Paste the **Signed out callback path** value retrieved from the Bitwarden Single sign-on page. | Once this step has been completed, select **Save** and return to the **Configuration** tab on the Ping Identity Application screen. No other values on this screen require editing. ## Resources On the Resources tab of the Ping Identity Application screen, select the **edit** icon and enable the following allowed scopes: - email - openid ## Back to the web app At this point, you have configured everything you need within the context of Ping Identity. Return to the Bitwarden web app to configure the following fields: | **Field** | **Description** | |------|------| | Authority | Enter `https://auth.pingone.eu/`, where `TENANT_ID `is the **Environment ID** on Ping Identity. | | Client ID | Enter the App's **Client ID**retrieved from the Application's Configuration tab. | | Client Secret | Enter the Secret Value of the created client secret. Select **Generate New Secret**on the application's Configuration tab. | | Metadata Address | For Ping Identity implementations as documented, you can leave this field blank. | | OIDC Redirect Behavior | Select either **Form POST** or **Redirect GET**. | | Get Claims From User Info Endpoint | Enable this option if you receive URL too long errors (HTTP 414), trusted URLS, and/or failures during SSO. | | Additional/Custom Scopes | Define custom scopes to be added to the request (comma-delimited). | | Additional/Custom Email Claim Types | Define custom claim type keys for users' email addresses (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Additional/Custom Name Claim Types | Define custom claim type keys for users' full names or display names (comma-delimited). When defined, custom claim types are searched for before falling back on standard types. | | Requested Authentication Context Class Reference values | Define Authentication Context Class Reference identifiers (`acr_values`) (space-delimited). List `acr_values `in preference-order. | | Expected "acr" Claim Value in Response | Define the `acr `Claim Value for Bitwarden to expect and validate in the response. | When you are done configuring these fields, **Save** your work. > [!TIP] Policies for SSO Guides > You can require users to log in with SSO by activating the [single sign-on authentication policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/). ## Test the configuration Once your configuration is complete, test it by navigating to [https://vault.bitwarden.com](https://vault.bitwarden.com), entering your email address and selecting the **Use single sign-on** button: ![Log in options screen](https://bitwarden.com/assets/3BdlHeogd42LEoG06qROyQ/c68021df4bf45d72e9d37b1fbf5a6040/login.png) Enter the [configured organization identifier](https://bitwarden.com/it-it/help/configure-sso-saml/#step-1-enabling-login-with-sso/) and select **Log In**. If your implementation is successfully configured, you will be redirected to the Ping Identity login screen: ![Ping Identity SSO](https://bitwarden.com/assets/1QwyIzAp4JtyGwNLXZNXFI/6d1cc0ca3f278f46d7ad251ff2898dd4/2024-07-22_12-18-19.png) After you authenticate with your Ping credentials, enter your Bitwarden master password to decrypt your vault! > [!NOTE] SSO must be initiated from Bitwarden > Bitwarden does not support unsolicited responses, so initiating login from your IdP will result in an error. The SSO login flow must be initiated from Bitwarden. ## Next steps - Educate your organization members on how to [use login with SSO](https://bitwarden.com/it-it/help/using-sso/). --- URL: https://bitwarden.com/it-it/help/ping-identity-saml-implementation/ --- # Ping Identity SAML This article contains **Ping Identity-specific** help for configuring login with SSO via SAML 2.0. For help configuring login with SSO for another IdP, refer to [SAML 2.0 Configuration](https://bitwarden.com/it-it/help/configure-sso-saml/). Configuration involves working simultaneously with the Bitwarden web app and the Ping Identity Administrator Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Open SSO in the web app Log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) Open your organization's **Settings** → **Single sign-on** screen: ![SAML 2.0 configuration ](https://bitwarden.com/assets/20720mRAluo6crSdTiYJrn/1175889d7f6ab42fe7614f34cdd1dcdd/2024-12-04_09-41-15.png) If you haven't already, create a unique **SSO identifier**for your organization and select **SAML**from the the **Type**dropdown. Keep this screen open for easy reference. You can turn off the **Set a unique SP entity ID**option at this stage if you wish. Doing so will remove your organization ID from your SP entity ID value, however in almost all cases it is recommended to leave this option on. > [!TIP] Self-hosting, use alternative Member Decryption Options. > There are alternative **Member decryption options**. Learn how to get started using [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/) or [Key Connector](https://bitwarden.com/it-it/help/about-key-connector/). ## Create SAML app In the Ping Identity Administrator Portal, select **Applications** and the + Icon at the top of the screen to open the **Add Application** screen: ![Ping Identity Add Application](https://bitwarden.com/assets/6F36iKjI660tvX77XXXaOn/d983daff3168cca8b19da3d4ff2b934b/new_application.png) 1. Enter a Bitwarden Specific name in the **Application Name** field. Optionally add desired description details as needed. 2. Select the **SAML Application** option and then **Configure** once you have finished. 3. On the **SAML Configuration** screen select **Manually Enter**. Using the information on the Bitwarden single sign-on screen, configure the following fields:: | **Field** | **Description** | |------|------| | ACS URL | Set this field to the pre-generated **Assertion Consumer Service (ACS) URL**. This automatically-generated value can be copied from the organization's **Settings** → **Single sign-on** screen and will vary based on your setup. | | Entity ID | Set this field to the pre-generated **SP Entity ID**. This automatically-generated value can be copied from the organization's **Settings** → **Single sign-on** screen and will vary based on your setup. | Select **Save** to continue. ## Back to the web app At this point, you have configured everything you need within the context of the Ping Identity Administrator Portal. Return to the Bitwarden web app to complete configuration. The Single sign-on screen separates configuration into two sections: - **SAML service provider configuration** will determine the format of SAML requests. - **SAML identity provider configuration** will determine the format to expect for SAML responses. ### Service provider configuration Configure the following fields according to the information provided in the Ping Identity app **Configuration** screen: | **Field** | **Description** | |------|------| | Name ID Format | Set this field to the **Subject Name ID** **Format** specified in the Ping Identity app configuration. | | Outbound Signing Algorithm | The algorithm Bitwarden will use to sign SAML requests. | | Signing Behavior | Whether/when SAML requests will be signed. | | Minimum Incoming Signing Algorithm | By default, Ping Identity will sign with RSA SHA-256. Select `sha-256` from the dropdown. | | Expect signed assertions | Whether Bitwarden expects SAML assertions to be signed. This setting should be **unchecked**. | | Validate Certificates | Check this box when using trusted and valid certificates from your IdP through a trusted CA. Self-signed certificates may fail unless proper trust chains are configured with the Bitwarden Login with SSO docker image. | When you are done with the service provider configuration, **Save** your work. ### Identity provider configuration Identity provider configuration will often require you to refer back to the Ping Identity Configuration screen to retrieve application values: | **Field** | **Description** | |------|------| | Entity ID | Set this field to the Ping Identity application's **Entity ID**, retrieved from the Ping Identity Configuration screen. | | Binding Type | Set to **HTTP POST**or **Redirect**. | | Single Sign On Service URL | Set this field to the Ping Identity application's **Single Sign-on Service**url, retrieved from the Ping Identity Configuration screen. | | Single Log Out URL | Login with SSO currently **does not**support SLO. This option is planned for future development, however you may pre-configure it if you wish. | | X509 Public Certificate | Paste the signing certificate retrieved from the application screen. Navigate to the **Configuration** tab and **Download Signing Certificate**. `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` The certificate value is case sensitive, extra spaces, carriage returns, and other extraneous characters **will cause certification validation to fail**. | | Outbound Signing Algorithm | By default, Ping Identity will sign with RSA SHA-256. Select `sha-256 `from the dropdown. | | Disable Outbound Logout Requests | Login with SSO currently **does not**support SLO. This option is planned for future development. | | Want Authentication Requests Signed | Whether Ping Identity expects SAML requests to be signed. | > [!NOTE] X509 cert expiration > When completing the X509 certificate, take note of the expiration date. Certificates will need to be renewed to prevent any disruptions in service to SSO end-users. If a certificate expires, Admin and Owner accounts can still log in with their email address and master password. When you are done with the identity provider configuration, **Save** your work. > [!TIP] Policies for SSO Guides > You can require users to log in with SSO by activating the [single sign-on authentication policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/). ## Test the configuration Once your configuration is complete, test it by navigating to [https://vault.bitwarden.com](https://vault.bitwarden.com), entering your email address and selecting the **Enterprise Single-On** button: ![Log in options screen](https://bitwarden.com/assets/3BdlHeogd42LEoG06qROyQ/c68021df4bf45d72e9d37b1fbf5a6040/login.png) Enter the configured organization identifier and select Log in. If your implementation is successfully configured, you will be redirected to the Ping Identity login screen: ![Ping Identity SSO](https://bitwarden.com/assets/1QwyIzAp4JtyGwNLXZNXFI/6d1cc0ca3f278f46d7ad251ff2898dd4/2024-07-22_12-18-19.png) After you authenticate with your Ping Identity credentials, enter your Bitwarden master password to decrypt your vault! > [!NOTE] SSO must be initiated from Bitwarden > Bitwarden does not support unsolicited responses, so initiating login from your IdP will result in an error. The SSO login flow must be initiated from Bitwarden. ## Next steps - Educate your organization members on how to [use login with SSO](https://bitwarden.com/it-it/help/using-sso/). --- URL: https://bitwarden.com/it-it/help/ping-identity-scim-integration/ --- # Ping Identity SCIM Integration System for cross-domain identity management (SCIM) can be used to automatically provision and de-provision members and groups in your Bitwarden organization. > [!NOTE] SCIM vs. BWDC > SCIM integrations are available for **Teams and Enterprise organizations**. Customers not using a SCIM-compatible identity provider may consider using [Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) as an alternative means of provisioning. This article will help you configure a SCIM integration with Ping Identity. Configuration involves working simultaneously with the Bitwarden web vault and Ping Identity Administrator dashboard. As you proceed, we recommend having both readily available and completing steps in the order they are documented. ## Enable SCIM > [!NOTE] Self-hosting SCIM > **Are you self-hosting Bitwarden?** If so, complete these steps to [set up SCIM for your server](https://bitwarden.com/it-it/help/self-hosting-scim/) before proceeding. To start your SCIM integration, open the Admin Console and navigate to **Settings**→ **SCIM provisioning**: ![SCIM provisioning](https://bitwarden.com/assets/6sw1kuK7GuZ3dfQkkbs6rV/e665df6992fb880114fcef82e4e4c07c/SCIM_provisioning_URL_and_API_key.png) Select the **Enable SCIM**checkbox and take note of your **SCIM URL**and **SCIM API Key**. You will need to use both values in a later step. ## Create a SCIM app 1. Navigate to provisioning + **New Connection**. ![Ping Identity new Connection](https://bitwarden.com/assets/7rehLEEEAvNwsBHGKqDwln/babec3f81595ead3253285229fe0e653/2024-10-09_11-29-32.png) 2. In the Create a New Connection window, choose the **Select** option for **Identity Store**. 3. In the Identity Store, enter SCIM into the search box and select **SCIM Outbound**. Once this step is complete, select **Next**. ![SCIM Connection ](https://bitwarden.com/assets/1FYhcQpQbuh78ypyLxi2Jn/9081de91a419870aad37dded7c5db080/2024-10-09_11-35-23.png) 4. Input a Name and Description for the SCIM connection. 5. Next, you will be required to input the **SCIM BASE URL**. Copy the **SCIM URL** value located on the Enable SCIM page in the Bitwarden Admin Console and paste it into this field. 6. Using the **Authentication Method** dropdown menu, select **OAuth 2 Bearer Token**. A field will appear named **Oauth Access Token**, paste the **SCIM API key** value from the Bitwarden Admin Console into this field. ![Ping Identity SCIM connection test](https://bitwarden.com/assets/7uGtHe2xM6QxJnqs5LNycl/6408a86d4332001ab1dac5f99c222887/2024-10-09_12-06-25.png) 7. Once setup is complete, you may select **Test Connection**. If successful, select **Next**. 8. On the **Configure Preferences** page, select desired preferences and actions. > [!NOTE] Remove action Ping Identity SCIM > Setting the Remove Action setting to `Disable` will result in Bitwarden users being moved to `Revoked` status rather if the user fails to meet the filter criteria set on Ping Identity. Restoring the criteria will return the user to their `previous state`. > > If the Remove Action is set to `Delete`, the same action will [deprovision the user](https://bitwarden.com/it-it/help/onboarding-and-succession/#deprovisioning-users/). 9. Select **Save** once complete. Select the newly created Connection and enable the Connection using the toggle. ![Enable Ping Identity Connection](https://bitwarden.com/assets/1GpO1UTspVLzLh0SwRgKuf/4669f4225cca00108f4f0a8700c38e2e/2024-10-09_14-13-24.png) ## Create a Rule Before syncing user groups and directories, a Rule is required to sync the user groups to Bitwarden SCIM. 1. Return to the Provisioning Screen. 2. Select the **Rules**tab and then + **New Rule**. 3. Enter an app specific name for the Rule and select **Create Rule**. 4. Edit the new Rule in the Configuration tab. Select **Bitwarden SCIM connection** and then **Save**. ![Ping Identity Rule](https://bitwarden.com/assets/3eKZXwtiFdQqhlUNRSm6jr/167c28c624cf7f9ceb7dc563d58c64f4/2024-10-09_14-11-35.png) 5. Select the Configuration tab and add a [pencil] **User Filter**. For more information, see the [Ping Identity documentation](https://docs.pingidentity.com/pingone/integrations/p1_add_provisioning_filter.html). Select **Save** once complete. ![Ping Identity User Filter](https://bitwarden.com/assets/1dgfaEYambvyHm7J4WBASe/9b2245b92629e61341856c8cb197be2f/2024-10-09_14-32-31.png) 6. Enable the Rule using the toggle. ![Ping Identity new Rule](https://bitwarden.com/assets/73Y4cHkTeLtxtuqB3xIrOR/6faf11b60a278eab11f5c83d52035b57/2024-10-09_14-37-44.png) ## Provision groups 1. To assign groups, return to the Provisioning screen and select the rule ⋮ **Edit Group Provisioning**. ![Edit group provisioning](https://bitwarden.com/assets/10ztwQpTzsxZoi0vh83no6/f976a4f57d1fbe60b1f616f6114ce635/2024-10-09_15-11-57.png) 2. Choose the group or groups to provision and select **Save**. Once saved, the directory will trigger a sync. ## Appendix ### Required attributes Both the Bitwarden and Ping Identity **SCIM Provisioner with SAML (SCIM v2 Enterprise)** applications use standard SCIM v2 attribute names. Bitwarden will use the following attributes: #### User attributes - `active` - `emails`ª or `userName` - `displayName` - `externalId` ª - Because SCIM allows users to have multiple email addresses expressed as an array of objects, Bitwarden will use the `value` of the object which contains `"primary": true`. #### Group attributes For each group, Bitwarden will use the following attributes: - `displayName` (**required**) - `members`ª - `externalId` ª - `members` is an array of objects, each object representing a user in that group. --- URL: https://bitwarden.com/it-it/help/policies/ --- # Enterprise Policies Enterprise policies allow Enterprise organizations to enforce security rules and default settings for all members, like mandating the use of a two-step login. > [!WARNING] Enable policies before invite. > We recommend setting enterprise policies before inviting users to your organization. Some policies will [revoke](https://bitwarden.com/it-it/help/revoke-users/) non-compliant users when turned on, and some are not retroactively enforceable. ## Set Enterprise policies Organization owners and admins can apply Enterprise policies. To update a policy: 1. Within the Bitwarden web app, open the Admin Console. 2. Select **Settings**. 3. Select **Policies**. 4. Select the name of the policy you want to change: ![Set Enterprise policies](https://bitwarden.com/assets/2flohk6BsRKvazjztwvzsJ/66bdf4f937a1d37646207c79e6ec24be/Set_Enterprise_policies.png) *Set Enterprise policies* 5. Check or uncheck **Turn on**. 6. (Optional) If more options appear, configure them. 7. Select **Save**. ## Data Controls Policies in the **Data Controls**section add guardrails to how data may be shared and dictate who owns vault data. ### Single organization Turn on the **Single organization** policy to restrict non-owner/non-admin members of your organization from being able to join other organizations or from creating other organizations. This policy is enforced even for users who have only [accepted](https://bitwarden.com/it-it/help/managing-users/#accept/) invitation to your organization, however this policy is not enforced for owners and admins. > [!WARNING] Non-compliance revokation warning > **Organization members who are not owners or admins and do not comply with this policy will have access revoked when you activate this policy.**Users who have access revoked as a result of this policy will be notified via email, and must take steps to become compliant before their access can be restored. The **Single organization** policy must be turned on before activating the following policies: - [Account recovery administration](https://bitwarden.com/it-it/help/policies/#account-recovery-administration/) - [Require single sign-on authentication](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/) - [Default URI match detection](https://bitwarden.com/it-it/help/policies/#default-uri-match-detection/) - [Session timeout](https://bitwarden.com/it-it/help/policies/#session-timeout/) If you are unable to turn off the **Single organization** policy, verify that all of the above policies are deactivated, that you don't have a [claimed domain](https://bitwarden.com/it-it/help/claimed-domains/), and then try again. ### Centralize organization ownership Turn on the **Centralize organization ownership** policy to prevent private ownership of vault items. This adds [My Items](https://bitwarden.com/it-it/help/my-items/), an organization-owned location that can only be accessed by that member. **My Items** replaces the individual's **My vault**, shifting ownership from the user to the organization. While the member is active in the organization, administrators are unable to edit or export the user's My Items. > [!NOTE] Centralize data ownership doesn't apply to admins and owners > This policy only affects members who are not organization owners or admins. Organization owners and admins can continue using **My vault**. Once turned on, all new saved items are placed in that member’s **My Items** by default. When on the Add Item screen, a banner informs users that a policy affects item ownership options. After a [member is removed](https://bitwarden.com/it-it/help/remove-users/), the data in that member’s **My Items** stays with the organization. Owners, admins, and some custom role users can assign other members access to the removed members’ **My Items**. #### Prompt users to move items to the organization Turn on this sub-option of the **Centralize organization ownership** policy to prompt users who have items currently stored in **My Vault** to [transfer all such items to organization ownership under the My items location](https://bitwarden.com/it-it/help/transfer-ownership/). This transfer procedure is a quick, one-click process. Members can **accept** or **decline** the prompt. Accepting transfers all individually-owned items to organization ownership, and declining will immediately revoke that member's access to the organization to allow them time to filter which items should be transferred and which should not. [Events are logged ](https://bitwarden.com/it-it/help/event-logs/#organization-events/)for either scenario. ### Send controls Turn on the **Send controls** policy to specify options for creating and editing [Sends](https://bitwarden.com/it-it/help/about-send/). This policy is not enforced for owners and admins. When turning on this policy, you must check one of the listed options: - **Remove Send** prevents members from creating or editing a Send. If they previously created Sends, they can view and delete them from the **Sends** page in all Bitwarden clients except the web app. Members subject to this policy can still open [received Sends](https://bitwarden.com/it-it/help/receive-send/). - **Always show member's email address with recipients when creating or editing a Send** removes the [hide email option](https://bitwarden.com/it-it/help/send-privacy/#hide-email/), providing transparency to those who receive a Send. > [!NOTE] Send controls, only check one setting > Make sure you select only one setting. If you check both, members will be subject to the **Remove Send** option. ### Remove export Turn on the **Remove export**policy to prohibit non-owner and non-admin members of your organization from [exporting their individual vault data](https://bitwarden.com/it-it/help/export-your-data/#export-an-individual-vault/). This policy is not enforced for owners and admins. In the web app and CLI, a message is displayed to users indicating that a policy is affecting their options. In other clients, the option will simply be disabled: ![Vault export removed](https://bitwarden.com/assets/5E2871D2vZBzveBmVyv9lO/b89f979980566dda40928db1ce450507/2024-10-14_08-50-45.png) *Vault export removed* ## Authentication Policies in the **Authentication** section help you harden your organization's security by forcing members to have robust authentication standards to access their Bitwarden vault. ### Master password requirements Turn on the **Master password requirements** policy to enforce a configurable set of minimum requirements for users' master password strength. Organizations can enforce: - Minimum master password complexity - Minimum master password length - Types of characters required Password complexity is calculated on a scale from 0 (weak) to 4 (strong). Bitwarden calculates password complexity using the [zxcvbn library](https://github.com/dropbox/zxcvbn). Use the **Require existing members to change their passwords**option to require existing, non-compliant organization members, regardless of role, to update their master password during their next login. Users who create a new account from the organization invite will be prompted to create a master password that meets your requirements. ### Account recovery administration Turn on the **Account recovery administration** policy to allow owners and admins to help members regain access to their account. With this policy, owners and admins can send members enrolled in [account recovery](https://bitwarden.com/it-it/help/account-recovery/) a link to reset their master password. By default, users must [self-enroll in account recovery](https://bitwarden.com/it-it/help/account-recovery-enrollment/#self-enrollment/) to be eligible. To simplify account recovery enrollment, check **Require new members to be enrolled automatically** when activating the policy. This enrolls new members when their [invitation to the organization is accepted](https://bitwarden.com/it-it/help/managing-users/#accept/) and prevents them from withdrawing from account recovery. Current organization members are not retroactively added, so they still need to self-enroll. The **Account recovery administration** policy is required for your organization to use [SSO with trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/). > [!NOTE] Single org policy required > The [**Single organization**](https://bitwarden.com/it-it/help/policies/#single-organization/) policy must be turned on before activating this policy. ### Require single sign-on authentication Turn on the **Require single sign-on authentication** policy to require non-owner/non-admin users to log in with SSO. If you're self-hosting, you can enforce this policy for owners and admins using [an environment variable](https://bitwarden.com/it-it/help/environment-variables/). For more information, see [Using Login with SSO](https://bitwarden.com/it-it/help/using-sso/). This policy is not enforced for owners and admins. Members of organizations using this policy will not be able to [log in with passkeys](https://bitwarden.com/it-it/help/login-with-passkeys/). > [!NOTE] Single org policy required > The [**Single organization**](https://bitwarden.com/it-it/help/policies/#single-organization/) policy must be turned on before activating this policy. ### Require two-step login Turn on the **Require two-step login** policy to require members to use any two-step login method to access their vaults. If you are using an SSO or identity provider's 2FA functionality, you don't need to enable this policy. This policy is enforced even for users who have only [accepted](https://bitwarden.com/it-it/help/managing-users/#accept/) invitation to your organization. > [!WARNING] Non-compliance revokation warning > **Organization members who are not owners or admins and do not comply with this policy will have access revoked when you activate this policy.**Users who have access revoked as a result of this policy will be notified via email, and must take steps to become compliant before their access can be restored. ### Block account creation for claimed domains > [!NOTE] Pre-req "Block account creation" policy. > A [domain must be claimed](https://bitwarden.com/it-it/help/claimed-domains/) before you can turn on this policy. Turn on the **Block account creation for claimed domains** policy to prevent people with email addresses that match your [claimed domain](https://bitwarden.com/it-it/help/claimed-domains/) from creating a Bitwarden accounts on that Bitwarden server that are outside the organization. When this policy is on, email addresses that match your claimed domain can only be used to create Bitwarden accounts on that server by being invited to join your organization or when [JIT provisioning using SSO](https://bitwarden.com/it-it/help/jit-provisioning/). > [!TIP] Block account creation on cloud when self-hosting > If you're self-hosting Bitwarden but want to **block account creation on both your self-hosted server and a Bitwarden cloud server**, you must claim your domain and activate the **Block account creation** policy option on both servers. ### Session timeout Turn on the **Session timeout** policy to set limits and control members' [session timeout](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout/) behavior. When this policy is turned on and users edit their account's **Session timeout** settings, the **Timeout** options will not exceed the maximum you picked for the organization and some, like **On browser restart** and **Never**, will not be available. This policy does not affect organization owners. You can customize two options: - From the **Maximum allowed timeout** dropdown menu, set a limit to how long sessions can remain active: - **Immediately**: When the user stops interacting with Bitwarden - **Custom**: After the amount of time entered in **Hours** and **Minutes** - **On system lock**: When the device is locked or the screensaver activates (browser extension and desktop app only) - **On app restart**: When the Bitwarden app is closed and reopened - **Never**: No maximum session duration is set. > [!WARNING] Never timeout > The **Never** timeout option stores your encryption key unencrypted on your device, which may hinder security. To keep your data secure, we strongly recommend choosing a different option. - From the **Session timeout action** dropdown menu, choose what happens after a session ends. You can specify [**Lock or Log out**](https://bitwarden.com/it-it/help/vault-timeout/#session-timeout-action/) or select **User preference** to let members choose in their account settings. > [!TIP] Log out for trusted devices > If your organization uses [trusted devices](https://bitwarden.com/it-it/help/about-trusted-devices/), consider selecting **Log Out**. After a session times out, this allows members to access their vault without a master password via SSO on a trusted device. > [!NOTE] Single org policy required > The [**Single organization**](https://bitwarden.com/it-it/help/policies/#single-organization/) policy must be turned on before activating this policy. ### Remove Unlock with PIN Turn on the **Remove Unlock with PIN** policy to prohibit members from configuring or using [unlock with PIN](https://bitwarden.com/it-it/help/unlock-with-pin/) on web apps, browser extensions, and desktop apps. This policy applies to all organization members when turned on, including admins and owners. > [!NOTE] Mobile support added in a future release > Support for enforcing this policy on mobile apps is planned for a future release. Members who are using unlock with PIN prior to the policy will have it enforced on their next log in, meaning if they have an already logged-in session they will still see the option in the UI and be able to unlock with PIN **until** they log out **or** turn off the unlock with PIN option in the client. ## Vault Management Policies in the **Vault Management** section allow you to set default and minimum standards for your members' items. ### Password generator Turn on the **Password generator** policy to enforce a configurable set of minimum requirements for any user-generated passwords for all members, regardless of role. Organizations can enforce: - Password, passphrase, or user preference **For passwords:** - Minimum password length - Minimum number (0-9) count - Minimum special character (!@#$%^&*) count - Types of characters required **For passphrases:** - Minimum number of words - Whether to capitalize - Whether to include numbers > [!WARNING] Password generator policy warning. > Existing non-compliant passwords **will not** be changed when this policy is turned on, nor will the items be removed from the organization. When changing or generating a password after this policy is turn on, configured policy rules will be enforced. > > A banner is displayed to users on the password generator screen to indicate that a policy is affecting their generator settings. ### Default URI match detection Turn on the **Default URI match detection** policy to set the [default URI match detection](https://bitwarden.com/it-it/help/uri-match-detection/#default-match-detection/) for your members. This helps you configure [autofill](https://bitwarden.com/it-it/help/auto-fill-browser/) to best meet your organization's security and policy needs. When turning on this policy, select your organization's **Default URI match detection** from the dropdown menu: - Base domain - Host - Exact - Never > [!NOTE] Default URI policy doesn't include starts with or regex > Users not subject to this policy have two more options when setting their individual account's default match detection: **Starts with** and **Regular expression**. These options are not offered for an organization's default because they can match unintended pages and expose credentials. Once the policy is activated, members cannot view or change their account's **Default URI match detection** in ⚙️ **Settings** → **Autofill**. They can, however, still choose a URI match for individual login items. This policy does not affect organization owners or admins. > [!NOTE] Single org policy required > The [**Single organization**](https://bitwarden.com/it-it/help/policies/#single-organization/) policy must be turned on before activating this policy. ### Automatic login with SSO Turn on the **Automatically login with SSO** policy to allow login forms to be filled and submitted automatically when accessing non-SSO apps from your identity provider. In order to enable this setting: 1. To enable the **Automatic login with SSO** policy, check the **Turn on** box, and enter your**Identity provider host** URL(s). The URL should include `protocol://domain`. ![Automatically log in users for allowed applications](https://bitwarden.com/assets/2qHW4T4CDwpQJmPK6oDDn8/e25f021aa609e6072ffa664ae757ea7f/2025-11-19_09-34-16.png) *Automatically log in users for allowed applications* 2. As an Administrator on your IdP, add an application, or app shortcut to your end-user dashboard containing the destination URL with the added parameter `/#autosubmit=1` 3. Once the application has been saved, users may select the application from the IdP dashboard and Bitwarden will autofill and login to the application. > [!NOTE] Automatically login users browser extension > Automatic login with SSO will autofill data based on the users current active account on the Bitwarden browser extension. Additionally, the data autofilled will be the most recent credential that user used associated with the target application's URL. ### Activate autofill Turn on the **Activate auto-fill**policy to automatically turn on the [autofill on page load feature](https://bitwarden.com/it-it/help/auto-fill-browser/#on-page-load/) on the browser extension for all existing and new members of the organization. If activated, members will not have the ability to disable autofill on page load. ### Remove card item type Turn on the **Remove card item type**policy will prevent members from creating or importing credit cards to organization and individual vaults. Users who are members of multiple organizations will still be able to use cards only in an organization that allows it, even if a different organization has activated this policy. Existing cards will be automatically hidden, however the data will not be deleted and cards will re-appear should administrators disable the policy. ### Remove Free Bitwarden Families sponsorship Turn on the **Remove Free Bitwarden Families sponsorship**policy to prevent members of your organization from having the option to [redeem a free Families plan](https://bitwarden.com/it-it/help/families-for-enterprise/) through your organization. Users who have redeemed a sponsored Families organization prior to the policy being activated will continue to have their organization sponsored until the end of the current billing cycle. Their stored payment method will be charged for the organization when the next billing cycle begins. ![Vault export removed](https://bitwarden.com/assets/5E2871D2vZBzveBmVyv9lO/b89f979980566dda40928db1ce450507/2024-10-14_08-50-45.png) *Vault export removed* ### Automatic user confirmation Turn on the **Automatic user confirmation** policy to automatically confirm members that accept invitations to join your organization, rather than the standard manual process. To use this policy: 1. Verify your organization's [eligibility](https://bitwarden.com/it-it/help/automatic-confirmation/). In particular, the [**Single organization**](https://bitwarden.com/it-it/help/policies/#single-organization/) policy must be turned on and all members—including the owner and admins—must be compliant before activating this policy. 2. [Contact us](https://bitwarden.com/it-it/contact/) to add the**Automatic user confirmation** policy to your Enterprise policies settings. 3. Go to **Settings** → **Policies** and turn on the now available**Automatic user confirmation** policy. 4. At least one owner, admin, or relevant custom role member must [activate the automatic confirmation setting](https://bitwarden.com/it-it/help/automatic-confirmation/#for-each-administrator/). --- URL: https://bitwarden.com/it-it/help/premium-renewal/ --- # Premium Renewal Premium individual subscriptions renew automatically on an annual basis. You can check your renewal date from your [web vault](https://bitwarden.com/it-it/help/getting-started-webvault/) by navigating to **Settings** → **Subscription:** ![Subscription page](https://bitwarden.com/assets/3Ru9TSLguhRNYtLe2TLwXk/bec6794eb58efa8780504720d4acb250/2026-03-03_10-24-17.png) *Subscription page* As your renewal date approaches, we recommend confirming your [payment method](https://bitwarden.com/it-it/help/payment-methods/) is up-top-date by going to **Settings** → **Subscription**→ **Payment method**. Learn how to [update your billing information](https://bitwarden.com/it-it/help/update-billing-info/#update-billing-for-individual-premium-subscriptions/). > [!NOTE] Payment disruption > If we cannot process your payment method, or if you have cancelled your subscription, your account will revert to [free individual](https://bitwarden.com/it-it/help/password-manager-plans/#free-individual/). Until you re-instate your premium subscription, this will result in the following: > > **Two-step login** > > You will **not** be locked out of your vault, however you will not be able to use advanced two-step login options such as Yubikey or Duo for authentication. > > - If you have a core two-step login option enabled (authenticator app or email), you will be prompted to use the enabled option. > - If you do not have another two-step login option enabled, you will authenticate into your vault without two-step login. > > Your secret keys will remain stored in vault items in the **Authenticator Key (TOTP)** field, however Bitwarden will not generate TOTP codes. > > **Encrypted file attachments** > > Files will **not** be deleted from your vault, however you will not be able to upload or download. > > **Emergency access** > > Trusted emergency contacts will still be able to request and obtain access to your vault. As a grantor, however, you will not be able to add new or edit existing trusted emergency contacts. --- URL: https://bitwarden.com/it-it/help/prepare-your-org-for-prod/ --- # Prepare your Trial Organization for Production This guide will help guide your business in preparing for a production implementation of Bitwarden after a successful trial period. If you're just starting your trial period, we recommend starting with the [Proof-of-Concept Project Checklist](https://bitwarden.com/it-it/help/proof-of-concept/) before using this guide. ## Step 1: Upgrade or restart your organization When you're ready to move a trial organization into production for your business, you can upgrade your existing organization in-place or start a new organization from scratch. Most customers upgrade their existing organization in-place and purge their vault of test data used during their trial period before importing all shared data into production (**Step 4a**). | Step | Duration (hrs) | Action | Description | |------|------|------|------| | 1a | 0.5 | Upgrade or restart your organization | [Upgrade your organization](https://bitwarden.com/it-it/help/about-organizations/#upgrade-an-organization/) or [start a new organization](https://bitwarden.com/it-it/help/about-organizations/#create-an-organization/). | > [!TIP] Return to POC Guide > If you choose to start a new organization for your production implementation, revisit the [Proof-of-Concept Project Checklist](https://bitwarden.com/it-it/help/proof-of-concept/) and work through those steps before proceeding. ## Step 2: Prep for broader onboarding While you probably have a number of members in your trial organization, most businesses add a lot more users when they move to production. With that in mind, here are a few critical steps you should take before onboarding the rest of your team: | Step | Duration (hrs) | Action | Description | |------|------|------|------| | 2a | 0.5 | Check your policy configuration | To make sure your configured policies are applied to all members as soon they join, [check that all desired policies are enabled](https://bitwarden.com/it-it/help/policies/). | | 2b | 0.25 | Activate account recovery | The account recovery policy is considered critical by many organizations for its ability to recover the accounts of users that forget their master password or are deprovisioned. [Activate this policy now](https://bitwarden.com/it-it/help/policies/). | ## Step 3: Get a production license **This step only applies if you're self-hosting Bitwarden**. During your trial of Bitwarden, you're using a special trial license that will need to be upgraded to a production license. Once you upgrade your self-hosted server to the production license, you can activate automatic license syncing. Follow these steps: | Step | Duration (hrs) | Action | Description | |------|------|------|------| | 3a | 0.25 | Retrieve your production license | Retrieve your production license from the Bitwarden cloud web app by following [these steps](https://bitwarden.com/it-it/help/licensing-on-premise/#retrieve-organization-license/). | | 3b | 0.25 | Manually update your license file | Upload the retrieved license to your self-hosted server by following the **Manual update**procedure [here](https://bitwarden.com/it-it/help/licensing-on-premise/#update-organization-license/). | | 3c | 0.5 | Activate billing sync | Setup your organization to automatically pull your license file in the future by following the **Automatic sync**procedure [here](https://bitwarden.com/it-it/help/licensing-on-premise/#update-organization-license/). | ## Step 4: Import your data Before onboarding the rest of your team, ensure that all required credentials are collected in your organization, and that members will only have access to what they need once onboarded. Many customers purge their vault of test data used during their trial period before importing all shared data into production (**Step 4a**). Purging vault data, which can be done from the organization's **Settings**→ **Organization info**view, will prevent the creation of duplicates and help you start with a clean slate. You may have completed most or all of these steps, but we recommend double checking that they're done to your satisfaction: | Step | Duration (hrs) | Action | Description | |------|------|------|------| | 4a | 0.5 | Import your data | [Import all shared data](https://bitwarden.com/it-it/help/import-to-org/) to your production organization. | | 4b | 0.5 | Audit collections | Ensure that your [collections](https://bitwarden.com/it-it/help/about-collections/) contain the right vault items before granting broader access. | | 4c | 0.5 | Audit groups | Ensure that your [groups](https://bitwarden.com/it-it/help/about-groups/) are assigned to the right collections before assigning more users. | Additionally, now is a good time to check the privileges you're granting to individual users on your administrative team. Defining good practices for member roles and permissions now will make promoting users easier once you begin onboarding more employees: | Step | Duration (hrs) | Action | Description | |------|------|------|------| | 4d | 0.75 | Review member role assignments | Review the pre-defined [member roles](https://bitwarden.com/it-it/help/user-types-access-control/) available in Bitwarden and determine which role is appropriate for IT, managers, etc. | | 4e | 1 | Set up custom admin accounts | Many organizations find it useful to create custom roles for admins in order to assign granular levels of permission to users. Check out [this guide](https://bitwarden.com/it-it/resources/setting-up-administrative-accounts-with-lesser-privileges/) for some best practices. | ## Step 5: Configure client apps Since you'll have a large number of users starting to use Bitwarden soon, it can be useful to setup some processes for centrally configuring and deploying key Bitwarden applications: | Step | Duration (hrs) | Action | Description | |------|------|------|------| | 5a | 1 | Configure clients for self-hosting | **Self-hosted only**. Bitwarden clients can be pre-configured to point to your self-hosted server. To do so, follow [these instructions](https://bitwarden.com/it-it/help/configure-clients-selfhost/). | | 5b | 1 | Deploy browser extensions to managed devices | Bitwarden browser extensions, the app end-users will most often use in their day-to-day workflows, can be deployed in automated fashion to your users' devices. To do so, follow [these instructions](https://bitwarden.com/it-it/help/browserext-deploy/). | ## Step 6: Onboard your team Now that your organization is ready for use in production, onboard the rest of your users. Depending on how you setup your organization during the trial period, this may be: - [Using SCIM](https://bitwarden.com/it-it/help/about-scim/) - [Using Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) - [Using manual invitation](https://bitwarden.com/it-it/help/managing-users/#add-new-members/) We highly recommend reviewing, or re-reviewing, the [Onboarding and Succession](https://bitwarden.com/it-it/help/onboarding-and-succession/) guide before onboarding your remaining users. --- URL: https://bitwarden.com/it-it/help/private-mode/ --- # Use Bitwarden in Firefox Private Windows ## Allow private windows To allow the browser extension to run in Firefox private windows: 1. Navigate to `about:addons` in your browser and select Bitwarden from the extension list. 2. On the **Details** tab, scroll down to **Run in Private Windows**and toggle **Allow.** ![Enable Extensions in Private Windows](https://bitwarden.com/assets/1tdckgSp5yF97cp3Jk1nsw/41ae31a8c39b067edefb09a6236d9302/Screen_Shot_2022-03-10_at_11.56.20_AM.png) --- URL: https://bitwarden.com/it-it/help/product-faqs/ --- # Password Manager FAQs This article contains frequently asked questions (FAQs) about general Bitwarden Password Manager functionality. ## Most asked questions ### Q: What do I do if I forgot my master password? **A:** As a zero-knowledge encryption solution, Bitwarden and its systems have no knowledge of, way to retrieve, or way to reset your master password. If you have already lost your master password, there is unfortunately no way for the team to recover the account. For help understanding what to do next, or what to do proactively to protect yourself from such a scenario, refer to the article on [your master password](https://bitwarden.com/it-it/help/master-password/). ### Q: Is there a way for someone to access my vault items in case of emergency? **A:** There is! Users with a premium subscription can proactively setup trusted emergency contacts who can access your vault in case of emergency. For more information, see [Emergency Access](https://bitwarden.com/it-it/help/emergency-access/). ### Q: How do I change my master password hint? **A:** To change your master password hint, follow the [change master password](https://bitwarden.com/it-it/help/master-password/#change-master-password/) workflow. You can't at this time, change you hint without also changing your master password itself. ### Q: How do I change my email address? > [!NOTE] Changing Email vs. Changing 2FA Email > Changing your account email address will not change the address that received 2FA codes if you are using [two-step login via email](https://bitwarden.com/it-it/help/setup-two-step-login-email/). **A:** To change the email address attached to your account: 1. In the web app, navigate to **Settings** → **My account**. 2. On the **My Account** page, find the **Change email** section. 3. Enter your current **Master password** to prove you have the authority to take this action, and specify the **New email** you'd like to change to. 4. Select the **Continue** button. Bitwarden will email a verification code to the specified email address. Check your inbox for the code and enter it into the **Code** text input displayed in your web vault to finalize the change. If you don't receive the verification code, check your spam folder. You can also whitelist `no-reply@bitwarden.com` to help ensure delivery in the future. When you change your email address, you should immediately logout of all Bitwarden apps you use, and log back in with the new credentials. Sessions using a "stale" email address will eventually be logged out. ### Q: What features are unlocked when I verify my email? **A**: When you verify your email address, you'll unlock the ability to [create file Sends](https://bitwarden.com/it-it/help/create-send/) (provided you also have access to premium features). ### Q: Why is a vault item missing from my mobile app, desktop app, or browser extension? **A:** Typically, this is because an app's vault data has fallen behind a web vault or other app's. Performing a vault sync should bring everything up to date. For more information, see [Sync your Vault](https://bitwarden.com/it-it/help/vault-sync/). ### Q: What's the safest way to make a backup of my vault data? **A:** You can use [encrypted exports](https://bitwarden.com/it-it/help/encrypted-export/#create-an-encrypted-export/) to make secure long-term backups of your vault data that are encrypted with your account encryption key, organization encryption key, or with a password of your choosing. ### Q: Can I set Bitwarden to automatically start when my computer starts? **A:** Yes, toggle the **Start automatically on login** setting on in the Bitwarden desktop app in order to have it automatically launch when you login to your computer. ### Q: Why am I getting a ‘New Device’ email? **A:** Typically this occurs for users that have a setting on their browser which clears their local storage and/or cookies whenever they close the browser or while they are using the browser. There are extensions that perform these actions. If this happens, you lose the indicator which tells our servers that it is an existing device. New device notification messages are not contingent on the IP address, only the device itself. We use local storage in the browser or client to label the device with an id. If that id has never logged in before then you will get an email. If a user clears this local storage, a new id is generated for that device and it will get a new email. You may need to make an exception for Bitwarden or configure your whitelist to keep the cookie or local storage from being cleared for Bitwarden. This could also happen if you have your browser set to never remember history. ## Other questions ### Q: Can I install Bitwarden without Google Play, for instance on F-Droid? **A:** Yes! You can download directly from GitHub [https://github.com/bitwarden/android/releases](https://github.com/bitwarden/android/releases/) or via F-Droid by adding our repo [https://github.com/bitwarden/f-droid](https://github.com/bitwarden/f-droid), which removes all non-approved libraries. Unfortunately, F-Droid can not compile our app from source as it is based on Xamarin and it is not supported by F-Droid's current compiler methods, so we must use a separate repo. ### Q: Can I turn off automatic updates for Bitwarden? **A:** Yes! On Windows, you can add the environment variable `ELECTRON_NO_UPDATER=1` to your desktop app template to prevent automatic update procedures from trying and failing on your end-user workstations. > [!WARNING] Running older versions. > Like with any software, running old versions may present a security risk. ### Q: How do I get logs for the desktop app? **A**: Add the environment variable `ELECTRON_ENABLE_LOGGING=true` to your desktop app template to print logs from the desktop app to the console, or start the desktop app from your console and use command line switches to write logs to a file: - (Windows) `Bitwarden.exe --enable-logging=file --log-file=bitwarden.log` - (macOS) `./Bitwarden.app/Contents/MacOS/Bitwarden --enable-logging=file --log-file=bitwarden.log` ### Q: What happens when I purge my vault? **A:** When you purge an **individual vault**, all vault items and folders will be deleted. When you purge an **organization vault**, all shared (for example owned by the organization) vault items will be deleted however existing users, collections, and groups will remain in place. To purge your vault: ### Individual vault > [!WARNING] Purging your vault > Purging your vault is permanent. It cannot be undone. To purge your individual vault: 1. In the Bitwarden web app, navigate to **Settings** → **My account**. 2. In the Danger zone section, select **Purge vault**. You'll need to confirm your master password to complete a purge. ### Organization vault > [!WARNING] Purging your vault > Purging your vault is permanent. It cannot be undone. To purge an organization vault you must be an [organization owner](https://bitwarden.com/it-it/help/user-types-access-control/): 1. In the Bitwarden web app, open the Admin Console and navigate to **Settings** → **Organization info**. 2. In the Danger zone section, select **Purge vault**. You'll need to confirm your master password to complete a purge. ### Q: Can I print my vault data? **A:** Not directly from Bitwarden, however you can [export your vault data](https://bitwarden.com/it-it/help/export-your-data/) as a `.csv` or `.json` file and print it out from your text editor. ### Q: Can I prevent my credentials from being saved to the clipboard? **A:** Yes! To automatically clear values copied from Bitwarden from the clipboard: - In your browser extension, navigate to **Settings** → **Autofill** and set **Clear clipboard**to a value other than **Never**. - In your mobile app, navigate to **Settings** → **Other** and set **Clear clipboard**to a value other than **Never**. - In your desktop app, navigate to **Settings**and in the **Preferences**section set **Clear clipboard**to a value other than **Never**. ### Q: Does uninstalling or deleting my Bitwarden app also delete my vault data? **A:** No, deleting a Bitwarden app/extension will not delete your vault data. Vault data will remain encrypted on the server. If you wish to **permanently** delete your vault data, see [Delete an Account or Organization](https://bitwarden.com/it-it/help/delete-your-account/). ### Q: Does Bitwarden manage in-browser browser extensions on Android mobile? **A:** There are Bitwarden browser extension available in the Firefox and Edge browsers on Android mobile devices. However, these extensions are not officially supported by Bitwarden, and the team is aware that some functionality in this client is known to not work correctly. Android users may prefer to use the Bitwarden [mobile app](https://bitwarden.com/it-it/help/getting-started-mobile/) for an officially supported password manager client. ### Q: Does Bitwarden have any settings that can be adjusted for graphics or performance? **A:** Yes, Bitwarden does include settings in the desktop app to adjust for system performance: - Graphical (GPU) acceleration can be disabled in two ways on Bitwarden desktop apps: - Navigate to **Settings** → **APP SETTINGS (ALL ACCOUNTS)** and uncheck the box labeled **Use hardware acceleration**. - From the navigation bar, **Help** → **Troubleshooting** → **Disable hardware acceleration and restart**. ### Q: Can Bitwarden be installed in an Android private space? **A**: Currently, Bitwarden does not recommend installing the Android application in a private space (15.0+) as private spaces are not suitable for apps that need to run in the background for functions like autofill and syncing. --- URL: https://bitwarden.com/it-it/help/product-highlights-and-recent-updates/ --- # Product highlights and recent updates ## Advancing Bitwarden Bitwarden continuously adds new capabilities and is packed with features to keep businesses secure and delight admins. ### Save and share anything How business uses stored items: - Logins and passkeys - websites, apps, servers, routers, SSH Keys - Cards - Company credit cards, purchasing cards (P-cards) - Identities - Shipping addresses, mail stops, executive travel info for assistants - Secure notes - Sensitive information, security procedures, backup codes ### Access your vault quickly without passwords - Log in with device - SSO with trusted devices - Passkey login - Biometric unlock for desktop, mobile apps and browser extension - PIN unlock ### Make accessing websites easy for everyone - Activate autofill policy - Autofills logins when webpage loads - Automatic login with SSO policy - Use shortcuts in your Identity Provider’s dashboard for fast access to websites and a universal SSO experience ### Let users self-approve new SSO logins - SSO with trusted devices allows for users to login without a password - Users self-approve new logins from other trusted logged-in Bitwarden apps - Approve from web, mobile and desktop apps, and browser extension ### Customize your organization with policies - Account recovery administration policy - Session timeout policy  - Set other security requirements such as master password and password generator complexity ### Decide who can create and access collections Use Collection management settings to decide how collections work. Note: adjustable only by the organization owner. - Choose to allow admins and owners to access all items in the organization - Decide if creating or deleting a collection can only be done by admins - Give users the power to self-serve directly ### Enhance security for your organization Set these policies for tighter control - Account recovery administration - Single organization - Remove export - Require Single Sign-on authentication - Centralize organization ownership Then - Claim your domain - Integrate with SIEM tools - Run Access Intelligence reports ### Assign URIs and URI matching for internal pages The URI (URL or mobile app identifier) verifies the page for autofill - Create custom URI controls to adjust how autofill matching works - Block autofill from running on specified domains (compatibility) ### Give Bitwarden to your employees - Free Bitwarden families plan for every organization member - Non-members, such as factory workers, can have plans sponsored too - Reinforces good security practices outside work ### Integrate your tech stack Set up Bitwarden to use your existing technology infrastructure - Support for Directory integration, SCIM, SSO Identity Providers, Managed devices, SIEM - Use Public API and Vault Management API to create your own integratio ## New in 2025 Select innovations and new business features for Bitwarden in 2025. ### Access Intelligence Included in all Enterprise subscriptions, take action on at-risk credentials associated with high priority applications. Uncover shadow IT and unauthorized applications your members are using, prioritize risk resolution by application, guide employees to make password changes, and track security improvements. Learn more: [Access Intelligence](https://bitwarden.com/it-it/help/access-intelligence/) ### Vault health alerts and password coaching Users receive proactive notifications about credential security issues directly in their vault. Bitwarden redirects users to the website’s change password form and helps generate and save a new secure password. Learn more: [Change at-risk passwords](https://bitwarden.com/it-it/help/change-at-risk-passwords/) ### Centralize data ownership policy Ensure all items saved in Bitwarden are owned by the organization. Users receive a **My items** location inside the organization vault. - Allows for complete reporting - When employees leave the organization, admins are granted access to the user’s **My items** Learn more: [Enterprise policies](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) ### Use Bitwarden with AI - Bitwarden MCP Server Model Context Protocol (MCP) server is the foundation for secure AI authentication with password management. Use it to write plain text commands to interact with Bitwarden. Designed for use locally with self-hosted Bitwarden servers. Learn more: [Bitwarden sets foundation for secure AI authentication with MCP server](https://bitwarden.com/it-it/blog/bitwarden-mcp-server/) ### Improvements to collection management settings Additional event logging and clearer naming make it easier to understand how the settings affect the organization. In addition, a new option allowing for owners to choose whether members with the Manage collection permission may be allowed to fully delete items from the organization vault. Learn more: [Collection settings](https://bitwarden.com/it-it/help/collection-management/) ### New enterprise policies Additional enterprise policies have been added to provide additional control over how Bitwarden organizations work. - Block account creation for claimed domains - Remove card item type - Remove Unlock with PIN - Default URI match detection - Remove free Bitwarden Families sponsorship Learn more: [Enterprise policies](https://bitwarden.com/it-it/help/policies/) ### Log in with passkeys Access the Bitwarden vault quickly with any passkey that supports the WebAuthn PRF extension, such as a YubiKey - Supported in the web app and Bitwarden browser extension - Does not need the username, password, or two-step login verification - an excellent option for an administrative break-glass account. Learn more: [Log in with passkeys](https://bitwarden.com/it-it/help/login-with-passkeys/) ### Browser direct import Import credentials directly from Chromium-based browsers to the Bitwarden vault without needing to export and manage a CSV file. Improves user onboarding experience and admin deployment. Requires the Bitwarden desktop application. Learn more: [Import directly from browser](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) ### Streamlined SSO login Simplified SSO authentication flow that reduces login steps and improves the user experience. Users that must login using SSO will have other login options grayed out. ### SSH Agent The Bitwarden SSH Agent is built into the Bitwarden desktop application and can be used for authenticating to servers, signing Git commits, and interacting with other SSH based services. This streamlines developer workflows while maintaining centralized organization ownership. Learn more: [SSH Agent](https://bitwarden.com/it-it/help/ssh-agent/) ### Approve SSO logins from other devices When using SSO with trusted devices, users can self-approve new device logins from an already-authenticated Bitwarden web, mobile and desktop application, and the browser extension. This provides flexible, secure device verification without IT intervention. Learn more: [Approve a trusted device](https://bitwarden.com/it-it/help/approve-a-trusted-device/) ### Claimed accounts When an Enterprise organization claims a domain, onboarded organization member accounts that use an email address with a matching domain (e.g. jdoe@mycompany.com) will be claimed by the organization, allowing for greater control of member accounts. Learn more: [Claimed domains](https://bitwarden.com/it-it/help/claimed-domains/#claimed-member-accounts/) > [!NOTE] See more > For a full list of updates and features, visit the [Bitwarden release notes page](https://bitwarden.com/it-it/help/releasenotes/). For monthly updates about new features and security tips, subscribe to the [Bitwarden newsletter](https://bitwarden.com/it-it/newsletter-subscribe/). --- URL: https://bitwarden.com/it-it/help/projects/ --- # Projects Projects are collections of [secrets](https://bitwarden.com/it-it/help/secrets/) logically grouped together for management access by your DevOps and cybersecurity teams. Projects that your user account has access to are listed in the primary Secrets Manager view as well as by selecting **Projects** from the navigation: ![Projects](https://bitwarden.com/assets/71lYVBOdFFIcautbuha9k1/65abe5b658360c4dc3402d8d4f1c815c/2024-12-03_11-34-34.png) Opening a project will list the **Secrets**, **People**, and **Machine accounts**associated with it: ![Inside a project](https://bitwarden.com/assets/7IlJQx9yhxuO5ffABmKyqd/bef389322630e365c40e3dfa386bae4d/2024-12-03_11-35-19.png) ## Create a project To create a new project: [![Vimeo Video](https://vumbnail.com/846445432.jpg)](https://vimeo.com/846445432) *[Watch on Vimeo](https://vimeo.com/846445432)* **Capitoli del video:** Scopri di più sui progetti [qui](https://bitwarden.com/it-it/help/projects/). 1. Use the **New**dropdown to select **Project**: ![Create a project](https://bitwarden.com/assets/3gGgCYT0CgS3MKAngKDooL/03bd6080e1f8c695c46fd23918f56951/2024-12-03_11-25-44.png) 2. Enter a **Project name**. You can change the project's name at any time using the (⋮ ) options menu on the Projects page. 3. Select the **Save**button. ## Add secrets to a project You can add both new and existing [secrets](https://bitwarden.com/it-it/help/secrets/) to your project: ### Add existing secrets To add existing secrets to your project: 1. Navigate to the **Secrets**view and select the secret to add. 2. In the Edit Secret window, in the **Project**section, type or select the project to associate the secret with. Each secret can only be associated with a single project at a time. 3. When you're finished, select the **Save**button. ### Add new secrets To create new secrets for your project: 1. Use the **New** dropdown to select **Secret**: ![Create a secret](https://bitwarden.com/assets/3uEcZ7G5L2TJM4QgMmFZ4H/24d73aa7121de9c77383f51de618db02/2024-12-03_11-29-17.png) 2. On the New Secret window's Name/Value pair tab, enter a **Name**and **Value**. Adding **Notes**is optional. 3. In the **Project** section, type or select the project to associate the secret with. A few key points. - Only organization members with access to the project will be able to see or manipulate this secret. - Only [machine accounts](https://bitwarden.com/it-it/help/machine-accounts/) with access to the project will be able to create a pathway for injecting or editing this secret. - Each secret can only be associated with a single project at a time. 4. When you're finished, select the **Save**button. ## Add people to a project Adding organization members to your project will allow those people to interact with the project's secrets. To add people to your project: 1. In the project, select the **People**tab. 2. From the People dropdown, type or select the members or [groups](https://bitwarden.com/it-it/help/about-groups/) to add to the project. Once you've selected the right people, select the **Add**button: ![Add people to a project](https://bitwarden.com/assets/4Vu9wuBd8ceEz7ji7V2kHZ/2f11a06f3ed09a1cd64190ad8197e914/2024-12-03_11-27-19.png) 3. Once members or groups are added to the project, set a level of **Permissions**for those members or groups. Members and groups can have one of the following levels of permission: - **Can read**: Members/groups will be able to view existing secrets in this project. - **Can read, write**: Members/groups will be able to view existing secrets and create new secrets in this project. ## Add machine accounts to a project You can add both new and existing [machine accounts](https://bitwarden.com/it-it/help/machine-accounts/) to the project: ### Add existing machine accounts To add existing machine accounts to your project: 1. In the project, select the **Machine accounts**tab. 2. From the Machine accounts dropdown, type or select the machine account(s) to add to the project. Once you've selected the right machine accounts, select the **Add**button: ![Add a machine account](https://bitwarden.com/assets/1IJNE4LCOMqQsAMBYKN5pe/187a4d47245bfbd750e13aa052dc6fb3/2024-12-03_11-36-39.png) 3. For each added project, select a level of **Permissions:** - **Can read**: Machine account can retrieve secrets from assigned projects. - **Can read, write**: Machine account can retrieve and edit secrets from assigned projects, create new secrets in assigned projects, or create new projects altogether. > [!TIP] SM 07/25 dependency > Fully utilizing write access for machine accounts is dependent on a forthcoming [CLI](https://bitwarden.com/it-it/help/secrets-manager-cli/) release. For now, this simply makes the option available in the UI. Stay tuned to the [Release Notes](https://bitwarden.com/it-it/help/releasenotes/) for more information. ### Add new machine accounts To add a machine account for this project: 1. Use the **New**dropdown to select **Machine account**: ![New machine account](https://bitwarden.com/assets/LaVwicbqhvbliXPm6loOU/5559a5caf8ad70a95be3ea89f1b760ad/2024-12-03_11-29-17.png) 2. Enter a **Machine account name** and select **Save**. 3. Open the machine account and, in the **Projects** tab, type or select the name of the project(s) that this service account should be able to access. For each added project, select a level of **Permissions:** - **Can read**: Machine account can retrieve secrets from assigned projects. - **Can read, write**: Machine account can retrieve and edit secrets from assigned projects, as well as create new secrets in assigned projects or create new projects. > [!TIP] SM 07/25 dependency > Fully utilizing write access for machine accounts is dependent on a forthcoming [CLI](https://bitwarden.com/it-it/help/secrets-manager-cli/) release. For now, this simply makes the option available in the UI. Stay tuned to the [Release Notes](https://bitwarden.com/it-it/help/releasenotes/) for more information. ## Delete a project To delete a project, use the (⋮ ) options menu for the project to delete to select **Delete project**. Deleting a project **will not**delete the secrets associated with it. Projects are fully removed once deleted and **do not** get [sent to the trash like secrets do](https://bitwarden.com/it-it/help/secrets/#delete-a-secret/). Enter the name of the project into the Delete project dialogue and select **Delete project**. --- URL: https://bitwarden.com/it-it/help/proof-of-concept/ --- # Proof-of-Concept Project Checklist This guide is designed by our Product, Implementation, and Sales specialists at Bitwarden to help guide your business in running a PoC of Bitwarden. Bitwarden offers a free trial for [Enterprise Organizations](https://bitwarden.com/it-it/help/about-organizations/), and we're confident that spreading out these steps over that time will help shape a successful PoC. ## Phase 1: Installation | **Step** | **Key Person** | **Action** | **Resource** | **Duration (hrs)** | |------|------|------|------|------| | Identify Organization Owner | Organization Owner | [Create a free Bitwarden account](https://bitwarden.com/it-it/go/start-free/) for your Organization Owner, who will manage your Organization's settings, structure, and subscription. **Note:**If you wish to have a EU-hosted cloud instance, instead navigate to https://vault.bitwarden.eu | [Create your Bitwarden Account](https://bitwarden.com/it-it/help/create-bitwarden-account/) | 0.1 | | Create Organization | Organization Owner | [Create a free organization on the Bitwarden cloud](https://bitwarden.com/it-it/help/getting-started-organizations/#setup-your-organization/). Once created, let us know and we'll upgrade you to an Enterprise trial. If you're self-hosting, this Organization will be used only for billing purposes. | [Organizations](https://bitwarden.com/it-it/help/about-organizations/) | 0.1 | | **Self-hosting only** Download a license file for your self-hosted installation | Organization Owner | If you're self-hosting Bitwarden, a license file enables Enterprise functionality and the right number of seats for your instance. | [License Paid Features](https://bitwarden.com/it-it/help/licensing-on-premise/#organization-license/) | 0.1 | | **Self-hosting only** Install self-hosted instance | Organization Owner / IT Team | Setup your Bitwarden server. We recommend deploying on Linux for optimal performance and lowest total cost of ownership. | [Install and Deploy](https://bitwarden.com/it-it/help/install-on-premise/) | 2.5 | | Add administrators | Organization Owners + Admins | Onboard [Admins](https://bitwarden.com/it-it/help/user-types-access-control/) to Bitwarden, who can manage *most *Organization structures. We also recommend adding a second Owner for redundancy. | [User Management](https://bitwarden.com/it-it/help/managing-users/) | 0.2 | | Create Collections for vault items | Organization Owners + Admins | Collections gather items for secure sharing with Groups of users. | [Collections](https://bitwarden.com/it-it/help/about-collections/) | 0.25 | | Create Groups to assign users to | Organization Owners + Admins | Groups gather users for scalable assignment of permissions and access to Collections. If you decide to sync Groups and users from your Identity Provider or Directory Service, you may need to reconfigure user and Group assignments later. | [Groups](https://bitwarden.com/it-it/help/about-groups/) | 0.25 | | Assign Groups to Collections | Organization Owners + Admins | Assign Groups to Collections, making shared items available to supersets of users. | [Collections Assignment](https://bitwarden.com/it-it/help/about-groups/#edit-collections-assignments/) | 0.25 | | Share items to Collections | Organization Owners + Admins | [Add items manually](https://bitwarden.com/it-it/help/sharing/#create-an-organization-item/) or [import data](https://bitwarden.com/it-it/help/import-to-org/) from another password management application. | [Sharing](https://bitwarden.com/it-it/help/sharing/) [Import to an Organization](https://bitwarden.com/it-it/help/import-to-org/) | 0.25 | | Select collection management settings | Owner | Choose how collections will behave in the organization. These settings allow for a spectrum of full admin control to completely self-serve where users can create their own collections. These settings can be used to establish a policy of least privilege. | [Collection Management](https://bitwarden.com/it-it/help/collection-management/) [Resource: Collections Management Settings](https://bitwarden.com/it-it/resources/resource-collections-management-settings/) | | | Configure Enterprise Policies | Organization Owners + Admins | Enterprise Policies can be used to tailor your Bitwarden Organization to fit your security needs. **Enable and configure desired policies before user onboarding begins.** | [Enterprise Policies](https://bitwarden.com/it-it/help/policies/) | 0.1 | | Configure Login with SSO (optional) | Organization Owners + Admins | Configure Bitwarden to authenticate using your SAML 2.0 or OIDC Identity Provider. Choose how vault data will be decrypted after users authenticate using SSO. For a streamlined SSO workflow for end-users, verify the ownership of your domain with a DNS TXT record. | [About Login with SSO](https://bitwarden.com/it-it/help/about-sso/) [Member Decryption Options](https://bitwarden.com/it-it/help/sso-decryption-options/) [Domain Verification](https://bitwarden.com/it-it/help/claimed-domains/) [Resource: Choose the Right SSO Login Strategy](https://bitwarden.com/it-it/resources/choose-the-right-sso-login-strategy/) | 1.5 | | Review additional integrations | Organization Owners + Admins | Visit the Integrations page in the Admin Console to review relevant integrations and complete the set-up process. Additional integrations may be achieved using the two Bitwarden APIs | [Bitwarden Integrations](https://bitwarden.com/it-it/integrations/) | | | Add early users to Groups | Organization Owners + Admins | Add a set of users to your Organization manually and assign them to different groups. With these users, you'll broadly test all pre-configured functionality in the next step, **before**moving on to advanced functions like Directory Connector. | [User Management](https://bitwarden.com/it-it/help/managing-users/) | 0.5 | | Download Bitwarden Client Applications | All POC users | All Organization members added for the POC should download Bitwarden on an assortment of devices, login, and test access to shared items/Collections/Groups and application of applied Policies. **If you're self-hosting,**users will need to [connect each client to your server](https://bitwarden.com/it-it/help/change-client-environment/). | [Download Bitwarden](https://bitwarden.com/it-it/download/) | 0.5 | | Choose between SCIM and Directory Connector | Organization Owners + Admins | Decide whether SCIM or Directory Connector is the right user onboarding and user lifecycle management solution for your Organization. | [About SCIM](https://bitwarden.com/it-it/help/about-scim/) [About Directory Connector](https://bitwarden.com/it-it/help/directory-sync/) | 1 | | Configure and test user onboarding with SCIM or Directory Connector | Organization Owners + Admins | Configure and test Bitwarden SCIM integrations or the Bitwarden Directory Connector application to automatically sync users and groups. | | 1.5 | | Onboard users with SCIM or Directory Connector | Organization Owners + Admins | Execute on SCIM or Directory Connector syncing to invite your remaining users to the Organization. | | 1 | ## Phase 2: Test and evaluate features When evaluating Bitwarden Password Manager be sure to also review the features highlighted below. Choose to use your own data for your POC or import an [example vault](https://start.bitwarden.com/hubfs/VaultImportExample.json) for testing. | **Feature** | **Action** | **Resource** | |------|------|------| | **Security and Compliance** | | | | Generate a report with Access Intelligence | In the admin console, visit Access Intelligence. Bitwarden Access Intelligence enables you to identify, prioritize, and guide remediation of weak, reused, and exposed passwords throughout the organization. Run the report to see how Bitwarden lists risks based on the associated application and follow the steps detailed in the help center to begin remediation of the risks. | [Access Intelligence](https://bitwarden.com/it-it/help/access-intelligence/) | | Event logs | Navigate to the Event logs in the Admin Console. Review the data displayed on-screen, and export the logs for more detailed viewing in another application. Event logs can also be viewed for specific users or vault items from the Members or Collections windows through the item modals. These detailed and auditable event logs aid in security investigation, auditing, and compliance certification. | [Event logs](https://bitwarden.com/it-it/help/event-logs/) | | Review collections access options | In the admin console, go to Settings > Organization info > Collection management. There are several toggleable options, leading to different configurations in how access to items is managed. These options allow for a policy of least privilege, where only intended users have access to vault items. Your organization can be configured so that Administrators will only have access to items that they were intentionally assigned to. **Note:**Collections management settings are only available to the organization owner | [Collections management settings](https://bitwarden.com/it-it/resources/resource-collections-management-settings/) | | Manage collection permissions | Create a test collection, such as “Finance team test.” Assign an individual user, such as your company’s accountant, to that collection and grant the Manage collection permission. This user can now add/remove items, and add/remove users and groups to the collection. Assign a group, such as “IT department” to the collection with the same Can manage permission. Now anyone within that group can add/remove items and add/remove users and groups. This permission for collections allows for delegation of control to team leads or to a group of administrators that help in the day-to-day company work processes. | [Collection permissions](https://bitwarden.com/it-it/help/collection-permissions/) | | Custom role creation | From the admin console member management window, access a test user in your organization and change their role to Custom. Evaluate the available options. These permissions are useful for various scenarios, such as giving Help Desk employees access to the organization to assist end users, but limiting their ability to access other settings such as SSO. | [Custom roles](https://bitwarden.com/it-it/help/user-types-access-control/#custom-role/) | | **Operational Efficiency** | | | | Assign an item to multiple collections | In the admin console, go to Collections, choose any vault item, and click on the three dot menu > Collections. Use the check boxes to add that item to as many collections as you like. Navigate to the collections you assigned the item to and see it there. Make a change to the item, such as the name, and note that the update is reflected in all the other collections the item is assigned to. This makes updating or deleting an item easy and instant, with no need to duplicate items to have it available to multiple user groups. | [Scalable sharing in Bitwarden](https://bitwarden.com/it-it/resources/best-for-businesses-the-bitwarden-scalable-sharing-model/) [Move an item between collections](https://bitwarden.com/it-it/help/about-collections/#move-an-item-between-collections/) | | Offboard a user and regain access to their vault items items | Ensure you have the Centralize organization ownership policy turned on. Log into a test user account and create and store vault items in their My items folder. From an admin account, delete the user from your organization. Notice that their My items folder is now accessible to admins from the Collections pane in the Admin console. This ensures that critical business logins can be retired or reassigned when a user leaves the organization. This is a critical component of credential lifecycle management. | [Centralized ownership in Bitwarden](https://bitwarden.com/it-it/resources/best-for-businesses-centralized-ownership-in-bitwarden/) [Centralize organization ownership](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) | | Restore a deleted item | As a test user, create an item in a shared collection, then delete it. As an admin, navigate to the admin console, go to Collections > Trash, find the item and restore it. Note that it gets restored to the same collections that it was originally assigned to and users immediately regain access to the item. | [Managing collections](https://bitwarden.com/it-it/help/about-collections/) | | Use Account Recovery to test business continuity flows | As a test, begin the account recovery process for an enrolled user. Create a new master password for the user. Send that new master password to the user in a secure channel, such as through a Bitwarden Send, so they can log in and create a new master password. **Note:** in cases where access to the account is needed, the admin can use the new master password to log in and access stored individual vault items. This simple, streamlined process makes it easy to reset account passwords or gain access to accounts for separated employees. | [Account recovery](https://bitwarden.com/it-it/help/account-recovery/) | | Nested collection | Create a nested collection - one collection within another. In the Admin Console, open a parent collection, and from the New dropdown select Collection. The nested collection is for display purposes for organizing the vault and will not inherit permissions from the parent collection. This prevents accidental access and ensures all access to vault items is intentional. | [Nested collections](https://bitwarden.com/it-it/help/about-collections/#nested-collections/) | | **Platform Flexibility** | | | | Download and test the CLI | The Bitwarden command-line interface (CLI) allows for scripting, automation, and API-based commands. | [Bitwarden CLI](https://bitwarden.com/it-it/help/cli/) | | Public and Vault APIs | Review the two APIs available to your organization: The Public API and the Vault Management API. These APIs can be used for scripting, automation, and integration with third-party applications, such as SIEM tools. | [Bitwarden APIs](https://bitwarden.com/it-it/help/bitwarden-apis/) | | Test data portability and migration with Export and Import | Export the items you have stored in your organization vault. The created export file can be used as a partial backup solution or for migrating to another service if necessary. Data can also be imported into the organization vault from other services. Test the import function from your prior solution or from this example file: https://start.bitwarden.com/hubfs/VaultImportExample.json | [Export your data](https://bitwarden.com/it-it/help/export-your-data/) | | Use Bitwarden Send to share encrypted data with others | Create a test Send from any Bitwarden client. Choose to send either text or a file, adjust the security settings to your preferences and save. Share the link or test it yourself. The file or text is encrypted end-to-end. The key to decode the file is included within the shared URL and is a zero-knowledge process. Bitwarden Send can be used to share sensitive information within the company, such as HR documents, or share with external partners, such as creative agencies. It may also be completely disabled with an enterprise policy. | [About Bitwarden Send](https://bitwarden.com/it-it/help/about-send/) | | **User Adoption** | | | | Import directly from browsers | Download and install the Bitwarden desktop application. Go to File > Import Data and follow the steps. For browsers that have saved passwords in a profile, the option for “Import directly from browser” appears. This allows users to easily import their passwords from their browser into Bitwarden, without having to manage a sensitive exported CSV file. | [Browser direct import](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) | | Benchmark end-user satisfaction - app store ratings of clients | Read the reviews on app stores and note the rating of the Bitwarden app and compare it to other solutions. End user satisfaction is an important factor for successful adoptions, and app ratings offer a proxy evaluation of usability. | [Bitwarden client list](https://bitwarden.com/it-it/download/) | | Employee benefit: Free families plan for all users | Visit Account settings > Free Bitwarden Families. All users of your enterprise plan are granted a free license for a Bitwarden Families Plan. This reinforces good security habits by having employees practice them at home. Note that the families plan requires a different email address than the user’s email that is attached to the enterprise plan. This maintains separation of personal and work accounts. | [Families plans for enterprise users](https://bitwarden.com/it-it/help/families-for-enterprise/) | | Browse the Bitwarden Community Forum | Bitwarden has an active community of users, both personal and professional. The community forums are a channel for providing feedback, getting support from others, and participating in user research studies and beta programs. | [Bitwarden community forums](https://community.bitwarden.com) | | **Trust and transparency** | | | | Visit the Bitwarden GitHub repo and review source code | View the Bitwarden source code and browse the available repositories to see the work going into Bitwarden Password Manager. Bitwarden is open source, and all the code is visible for security researchers, the community, and customers to review. Source code transparency is the foundation of trust in important security solutions. Having the eyes of thousands of security enthusiasts on the Bitwarden code makes it safer, with any vulnerabilities quickly discovered and rapidly resolved. | [Bitwarden Open Source](https://bitwarden.com/it-it/open-source/) [Bitwarden GitHub](https://github.com/bitwarden/) | | Review results of most recent security audit | Bitwarden publishes the results of independent third-party security audits annually. These show identified issues, their impacts, and resolutions. Combining the professional independent auditing with the open source code makes Bitwarden a trusted security partner. | [Bitwarden third-party security audits](https://bitwarden.com/it-it/help/is-bitwarden-audited/) | ## Deployment best practices We've seen a lot of deployments and have found that taking the following actions can positive contribute towards a successful PoC and successful adoption with your users: | | | | | |------|------|------|------| | **Step** | **Key Person** | **Action** | **Resource** | | Determine timeline for rollout to first-wave users | Senior Leadership & Security teams | There are lots of different strategies for rolling out Bitwarden. Take things at whatever pace best suits your team. | | | Craft internal messaging about Bitwarden rollout | Internal Training & Managers | Bitwarden provides a lot of resources to help users quickly adopt, check some out with the links in the **Resource(s)**column. | [Bitwarden YouTube Channel](http://youtube.com/bitwarden) [Help Center](https://bitwarden.com/it-it/help/) [Courses](https://bitwarden.com/it-it/help/courses/) | ## Next steps When you're ready to move from a proof-of-concept to putting Bitwarden into production, use the following resources: - [Prepare your Trial Organization for Production](https://bitwarden.com/it-it/help/prepare-your-org-for-prod/) --- URL: https://bitwarden.com/it-it/help/provider-billing/ --- # Provider Billing ## About provider billing When you sign up to be a Provider, you will designate two separate seat count minimums; a **Teams seat minimum** and an **Enterprise seat minimum**. These counts are a fixed floor which you are billed for monthly. When creating client organizations and provisioning their users, client user seats will be pulled from your designated seat count at no additional monthly cost as long as there are remaining unassigned seats. For example, if you signed up for 50 Enterprise seats and have 1 Enterprise client organization utilizing 25 seats, you can add an additional 25 Enterprise seats to this or any Enterprise client organization at no additional monthly charge. Seats can be added to client organizations above your designated seat count minimums at any time and will be: - Listed as **Additional seats purchased** when managing a client organization's seat count or creating a new client organization. - Automatically added to your invoice in the next billing cycle. > [!NOTE] Auto-scaling and Providers > As a provider, you must actively manage client organizations' seat counts as described in the following section. Client organizations that are managed by a provider will not automatically add user seats when they reach the assigned amount, so make sure you're periodically checking to ensure a client's assigned seat count meets their needs. ## Manage seats To add or remove seats from a client organization, use the ⋮ options menu and select **Manage subscription**: ![Add client organization seats](https://bitwarden.com/assets/5azlW7UdPa9zT23P9Iou6B/13bc3905d44745494afac3f847d87ff2/2024-12-05_16-14-43.png) If you **add** seats to client organizations such that you rise **above** your designated Teams seat minimum or Enterprise seat minimum, a prorated charge will be applied to your next invoice. If you **remove** seats from client organizations such that you drop **back to** your designated Teams seat minimum or Enterprise seat minimum, the cost of the additional seats provisioned above the minimum will be automatically removed from your invoice in the next billing cycle. ## View billing information > [!TIP] Client orgs can't see billing > Only Provider admins can see billing information for their client organizations. Owners of client organizations, when navigating to their **Billing** → **Subscription**screen in the Admin Console, will be shown the following: > > ![Managed client billing](https://bitwarden.com/assets/6vZd3ywiuIByFj88UddPPr/1b39d3bdbd229ce1ad79014f51c3c356/2024-07-02_10-56-01.png) ### Subscription From the **Billing** → **Subscription** page, you can view the total number of Teams and Enterprise seats you are paying for, the rate being charged for each seat, and the date of next charge. ### Billing history From the **Billing** → **Billing history** page, you can download PDF invoices for each billing period as well as .csv files containing a client-by-client breakdown of assigned seats. ## More information ### Partner program Bitwarden offers MSPs incentives on cumulative seats under management in any teams and enterprise organizations, including any created for use by reseller or MSP employees. To learn more about the MSP program, please contact sales [here](https://bitwarden.com/it-it/contact/). ### Customer support All MSP's receive priority support from our 24/7 customer support team. [Contact us ](https://bitwarden.com/it-it/contact/)for support. --- URL: https://bitwarden.com/it-it/help/provider-events/ --- # Provider Event Logs ## What are event logs? Event logs are timestamped records of events that occur within your Provider. Event logs for the Provider are accessible only to [Provider admins](https://bitwarden.com/it-it/help/provider-users/) from the **Manage** → **Event logs** view of the Provider Portal: ![Provider event logs ](https://bitwarden.com/assets/78qTc5NI4nFDbpxWMDjwJz/e17201d717128c15e9fb55e55be6b57c/2024-12-05_09-44-47.png) Selecting the **Export** button will create a `.csv` of all events within the specified date range: ![Export Provider event logs ](https://bitwarden.com/assets/1BYgVWThvhR5CWpNKBTuOT/862268581c453d9f3a0aa25df477f9ef/2024-12-05_09-44-47.png) ### Events Event logs record several different types of events for Providers. The event logs screen captures a **Timestamp** for the event, client app information including the application type and IP (accessed by hovering over the [globe] globe icon), the **User** connected to the event, and an **Event** description. Provider events include: - Invited user *user-identifier* - Confirmed user *user-identifier* - Edited user *user-identifier* - Removed user *user-identifier* - Accessed *organization-identifier* organization vault. - Created organization *organization-identifier* (triggered when [a new organization is created within provider](https://bitwarden.com/it-it/help/client-org-setup/#create-a-client-organization/)) - Added organization *organization-identifier* (triggered when [an existing organization is added to provider](https://bitwarden.com/it-it/help/providers-faqs/#q-can-i-add-an-existing-organizations-to-my-provider/)) - Removed organization *organization-identifier* > [!NOTE] Provider events not in event log > Provider events do not currently roll up the events logged for each [client organization](https://bitwarden.com/it-it/help/providers/#client-organizations/). Provider users can access organization event logs from the client organization's vault. [Learn more](https://bitwarden.com/it-it/help/event-logs/). --- URL: https://bitwarden.com/it-it/help/provider-users/ --- # Provider Users ## Onboard provider users To ensure the secure administration of your client organizations, Bitwarden applies a three-step process for onboarding a new Provider member, [Invite](https://bitwarden.com/it-it/help/provider-users/#invite/) → [Accept](https://bitwarden.com/it-it/help/provider-users/#accept/) → [Confirm](https://bitwarden.com/it-it/help/provider-users/#confirm/). ### Invite To invite users to your Provider: 1. Log in to Bitwarden and and open the Provider Portal using the product switcher: ![Product switcher - Provider Portal](https://bitwarden.com/assets/4xn04Sj9u8n73TPxZUWi5f/dac0d56f47a05e2d8b28754e997a1391/2025-02-25_15-16-00.png) 2. Open the **Manage** → **Members** view and select the + **Invite member** button: ![Aggiungi un utente provider](https://bitwarden.com/assets/6E5GA111xdiHHkA0gb5LtG/5e5b5fddb5911e1b2ed468c1d49134ad/2024-12-05_09-27-45.png) 3. On the Invite member panel: - Enter the **Email** address where new users should receive their invites. You can add up to 20 members at a time by comma-separating email addresses. - Select the **User type** to be applied to this batch of users. [User type](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/) will determine what access these users will have to the provider. **Both user types** will be able to fully administer any [client organization](https://bitwarden.com/it-it/help/client-org-setup/). 4. Click **Save** to invite the designated users to join the Provider. > [!NOTE] Resend Provider Invitations > **Invitations expire after five days**, at which point the user will need to be re-invited. Re-invite users in bulk by selecting each user and using the ⋮ option menu to **Resend invitations**: > > ![Resend provider invitation ](https://bitwarden.com/assets/6Sx6YxDzCYoaw7qFGgMvvv/77c341b80fd47aa6865821c30a887a8c/2024-12-05_09-34-07.png) ### Accept Invited users will receive an email from Bitwarden inviting them to join the Provider. Clicking the link in the email will open a Bitwarden invitations window. **Log In** with an existing Bitwarden account or **Create Account** to accept the invitation: ![Email Invitation ](https://bitwarden.com/assets/1DlzjKAmxR82fsAMFqIBwB/ed0e704ccdea7785609b562e79310e0b/provider-accept-invite.png) ### Confirm To confirm accepted invitations to your Provider: 1. In the Provider Portal, navigate to the **Manage**→**Members** view. 2. Select any `Accepted` users and use the ⋮ options menu to ✓ **Confirm selected**: ![Confirm invited provider user](https://bitwarden.com/assets/IxUeScxNYYmI4y8jceC5v/ebdf3fa89abbd69fbb028e0cff8c99aa/2024-12-05_09-29-04.png) 3. On the panel that appears, verify that the [fingerprint phrases](https://bitwarden.com/it-it/help/fingerprint-phrase/) for new users match those they can find in their **Settings** → **My account**screen. Each fingerprint phrase is unique to its account, and ensures a final layer of oversight in securely adding users. If they match, select **Confirm**. ## Deprovision users To remove users from your Provider: 1. In the Provider Portal, navigate to the **Manage**→**Members** view. 2. Select the members you want to remove from the provider and use the ⋮ options menu to [close] **Remove**: ![Remove provider users ](https://bitwarden.com/assets/DC18TP9xNK1V8768meTDT/bfedb940285677f78e408294aadf5e0f/2024-12-05_09-36-46.png) ## Provider user types > [!NOTE] Managing distinct user types > **Managing a client organization's users?** Organizations have a set of [member roles and access controls](https://bitwarden.com/it-it/help/user-types-access-control/) that are distinct from Provider user types. Bitwarden Provider users can be granted one of two user types to manage their access to the Provider. **Both user types will be able to fully administer any client organization.** Bitwarden strongly recommends that you provision a second user with a Provider admin role for failover purposes. You can set user types when you [invite](https://bitwarden.com/it-it/help/provider-users/#invite/) provider users, or at any time from the **Manage** → **Members** screen in your Provider Portal. User types include: | **Role** | **Description** | |------|------| | Service user | Service users can access and manage all [client organizations](https://bitwarden.com/it-it/help/client-orgs/), including: - Create or delete collections - Assign users and user groups to collections - Assign users to user groups - Create or delete user groups - Invite and confirm new users - Manage enterprise policies - View event logs - Export organization vault data - Manage password reset - Add or remove seats from a client organization, as long as they're within the [total seats available to the provider](https://bitwarden.com/it-it/help/provider-billing/#about-provider-billing/) | | Provider admin | Provider admins manage all aspects of the provider and all client organizations. Provider admins can do all of the above, plus: - Create new client organizations - Invite and confirm new service users and provider admins - View provider event logs - Edit provider settings - Manage billing, subscription, and [total seats available to the provider](https://bitwarden.com/it-it/help/provider-billing/#about-provider-billing/) | --- URL: https://bitwarden.com/it-it/help/providers-faqs/ --- # Providers FAQs ## Provider Portal ### Q: Is there a startup or monthly fee for using the Provider Portal? **A:** There is no fee for MSPs or their users to use the Provider Portal. It is provided, free of charge, as part of the Bitwarden partner program. If you would like to set up an organization for use by your internal team, those seats will be billed at the discounted rate. ### Q: What happens if I am locked out of my Provider admin account? **A:** Access to the Provider Portal is through your Bitwarden account. If you forget your master password, Bitwarden has no knowledge of, way to retrieve, or way to reset your master password and you will be unable to access the Provider Portal. Provider members' accounts cannot be reset with [account recovery](https://bitwarden.com/it-it/help/account-recovery/). **Bitwarden strongly recommends that you provision a second user with a Provider admin role for failover purposes.** ## Deployment ### Q: What deployment options are available? **A:** Access to the Bitwarden Provider Portal is available through the Bitwarden cloud service. The Provider Portal is not supported for self-hosted environments at this time. ## Client management ### Q: Is there a recommended workflow for onboarding new clients? **A:** Yes! We recommend this [MSP deployment workflow](https://bitwarden.com/it-it/help/bitwarden-for-msps/#phase-1-pre-onboarding/). ### Q: How does an MSP access client organizations? **A:** MSPs can access all client organizations under management from the Provider Portal. Learn more [here](https://bitwarden.com/it-it/help/manage-client-orgs/). ### Q: Can an MSP administrator see or manage credentials for all clients? **A:** No. As of 2024.7.0, Provider admins and service users may not view, manage, or create credentials within their client organizations. They may, however, manage collections, users, groups, and other functions within the organization as well as import data directly to their client organizations. ### Q: Can we set default enterprise policies that apply to all clients? **A:** Each client organization operates independently with individually configured policies. [Learn more about configuring enterprise policies](https://bitwarden.com/it-it/help/policies/). --- URL: https://bitwarden.com/it-it/help/providers/ --- # Provider Portal Overview > [!TIP] Provider Requirements > Interested in becoming a Provider? To get started, we ask that: > > - Your business has an active Enterprise organization. > - Your business has a client ready to be onboarded under your Provider. > > [Become a partner](https://bitwarden.com/it-it/partners/) ## What are Providers? Providers are administration entities in Bitwarden that allow managed service providers (MSPs) to create and manage any number of [client organizations](https://bitwarden.com/it-it/help/providers/#client-organizations/) on behalf of individual business customers. Client organization management is easily accessible through the **Provider Portal**, available through the product switcher: ![Product switcher - Provider Portal](https://bitwarden.com/assets/4xn04Sj9u8n73TPxZUWi5f/dac0d56f47a05e2d8b28754e997a1391/2025-02-25_15-16-00.png) ### What is the Provider Portal? The Provider Portal is an all-in-one management experience that enables providers to manage customers' Bitwarden organizations at scale. The Provider Portal streamlines administration tasks by centralizing a dedicated space to access and support each client, or to create a new one: ![Provider Portal](https://bitwarden.com/assets/7AoSHeZgJJTBXQmpZ13UBr/56ca464fe6987c8c5fc8e7099235d640/2025-02-25_15-17-46.png) Providers are built with two distinct [user types](https://bitwarden.com/it-it/help/provider-users/#provider-user-types/): - **Service users** can administer [client organizations](https://bitwarden.com/it-it/help/providers/#client-organizations/). - **Provider admins** can administer [client organizations](https://bitwarden.com/it-it/help/providers/#client-organizations/) and administer the Provider itself, including adding new service users to the team. ## Client organizations Client organizations are any [organization](https://bitwarden.com/it-it/help/about-organizations/) that is attached to or administered by a [Provider](https://bitwarden.com/it-it/help/providers/#what-are-providers/). To your customers, there's no difference between a "client" organization and a "regular" organization except for who is conducting administration. All Provider members have access to all client organizations, however members of a client organization cannot see or access information about the Provider's other client organizations: ![Structure of a Provider ](https://bitwarden.com/assets/28M8mkU03SyVFq70ZgD0Bp/04e3c65eba73892ae3301d366ce97ce1/provider-diagram.png) > [!NOTE] Provider credentials > **As denoted in the above diagram**, if Providers want to use an [organization](https://bitwarden.com/it-it/help/about-organizations/) to manage their own credentials, they **should not** include it as a client organization that is administered by the Provider. > > Creating an independent organization for this case will ensure users can be given the appropriate [user types and access controls](https://bitwarden.com/it-it/help/user-types-access-control/) over credentials. Organizations relate Bitwarden users and vault items together for [secure sharing](https://bitwarden.com/it-it/help/sharing/) of logins, cards, notes, and identities. Organizations have a unique view, the Admin Console, where Provider service users can manage the organization's collections, manage members and groups, run reporting, import data, and configure organization settings: ![Client organization vault ](https://bitwarden.com/assets/5fXREt9aHmnVgLLRPBs8yg/dbecd580231e8ea2f4eec2be224a1e64/2025-02-25_15-20-08.png) Members of a client organization (such as your customer's end-users) will find shared items in their **Vaults** view alongside individually-owned items, as well as several methods for filtering the item list to only organization items or items in particular [collections](https://bitwarden.com/it-it/help/about-collections/): ![Cassaforte abilitata per l'organizzazione](https://bitwarden.com/assets/4D2tlh9YKPzDY20SYGVKcG/dff56b66549d29405b1af211860f698e/2024-12-03_14-07-28.png) Once you have [contacted us](https://bitwarden.com/it-it/contact/) and been setup with a Provider by a member of the Bitwarden team, [start a client organization](https://bitwarden.com/it-it/help/client-org-setup/). --- URL: https://bitwarden.com/it-it/help/public-api/ --- # Bitwarden Public API The Bitwarden Public API provides organizations a suite of tools for managing members, collections, groups, event logs, and policies. > [!NOTE] Management of vault items in CLI > This API does not allow for management of individual vault items. If this is what you need to accomplish, use the [Vault Management API](https://bitwarden.com/it-it/help/bitwarden-apis/#vault-management-api/) instead. The Public API is a RESTful API with predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs. The Public API is compatible with the OpenAPI Specification (OAS3) and publishes a compliant [`swagger.json`](https://bitwarden.com/it-it/help/api/) definition file. Explore the OpenAPI Specification using the Swagger UI: - For public cloud-hosted instances: `https://bitwarden.com/help/api/` - For self-hosted instances: `https://your.domain.com/api/docs/` > [!NOTE] Public API access > Access to the Bitwarden Public API is available for all Enterprise and Teams organizations. For more information, see [Password Manager Plans](https://bitwarden.com/it-it/help/password-manager-plans/). ## Endpoints ### Base URL For cloud-hosted, `https://api.bitwarden.com` or `https://api.bitwarden.eu`. For self-hosted, `https://your.domain.com/api`. ### Authentication endpoints For cloud-hosted, `https://identity.bitwarden.com/connect/token` or `https://identity.bitwarden.eu/connect/token`. For self-hosted, `https://your.domain.com/identity/connect/token`. ## Authentication The API uses bearer access tokens to authenticate with protected API endpoints. Bitwarden uses an [OAuth2 Client Credentials](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/) application request flow to grant bearer access tokens from the endpoint. Authentication requests take `client_id` and `client_secret` as required parameters. > [!NOTE] API key authentication > The API key used to authenticate with the Public API is **not the same** as the [personal API Key](https://bitwarden.com/it-it/help/personal-api-key/). Organization API keys will have a `client_id` with format `"organization.ClientId"`, whereas personal API keys will have a `client_id` with format `"user.clientId"`. The API Key `client_id` and `client_secret` can be obtained by an owner from the Admin Console vault by navigating to **Settings** → **Organization info** screen and scrolling down to the **API key** section: ![Get organization API key ](https://bitwarden.com/assets/1Mq824Xunm2wmzd8f905AJ/792cca9c6edddee71abfc350479ec813/Screenshot_2024-02-28_at_2.43.34_PM.png) If, as an owner, you want to share the API key with an admin or other user, use a secure communication method like [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/). > [!NOTE] Rotate API key > Your organization API key enables full access to your organization. Keep your API key private. If you believe your API key has been compromised, select **Settings > Organization info >** **Rotate API key** button on this screen. Active implementations of your current API key will need to be reconfigured with the new key before use. ### Bearer access tokens To obtain a bearer access token, make a `POST` request with `Content-Type: application/x-www-form-urlencoded` with your `client_id` and `client_secret` to the [authentication endpoint](https://bitwarden.com/it-it/help/public-api/#authentication-endpoints/). When using the API for organization management, you will always use `grant_type=client_credentials` and `scope=api.organization`. For example: ``` curl -X POST \ https://identity.bitwarden.com/connect/token \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=client_credentials&scope=api.organization&client_id=&client_secret=' ``` This request will result in the following response: ``` { "access_token": "", "expires_in": 3600, "token_type": "Bearer" } ``` In this response, `3600` represents the expiration value (in seconds), meaning this token is valid for 60 minutes after being issued. Making an API call with an expired token will return a `401 Unauthorized` [response code](https://bitwarden.com/it-it/help/public-api/#response-codes/). ## Content types The Bitwarden Public API communicates with `application/json` requests and responses, with one exception: The [authentication endpoint](https://bitwarden.com/it-it/help/public-api/#authentication-endpoints/) expects an `application/x-www-form-urlencoded` request, however will respond with `application/json`. ## Sample request ``` curl -X GET \ https://api.bitwarden.com/public/collections \ -H 'Authorization: Bearer ' ``` Where `` is the value for the `access_token:` key in the obtained [bearer access token](https://bitwarden.com/it-it/help/public-api/#bearer-access-tokens/). This request will result in a response: ``` { "object": "list", "data": [ { "object": "event", "type": 1000, "itemId": "string", "collectionId": "string", "groupId": "string", "policyId": "string", "memberId": "string", "actingUserId": "string", "date": "2020-11-04T15:01:21.698Z", "device": 0, "ipAddress": "xxx.xx.xxx.x" } ], "continuationToken": "string" } ``` ## Status Bitwarden has a public [status page](https://status.bitwarden.com), where you can find information about service health and incidents for all services including the Public API. ## Response codes The Bitwarden Public API uses conventional HTTP response codes to indicate the success or failure of an API request: | **Status Code** | **Description** | |------|------| | `200 OK` | Everything worked as expected. | | `400 Bad Request` | The request was unacceptable, possibly due to missing or malformed parameter(s). | | `401 Unauthorized` | The bearer access token was missing, invalid, or expired. | | `404 Not Found` | The requested resource doesn't exist. | | `429 Too Many Requests` | Too many requests hit the API too quickly. We recommend scaling back the number of requests. | | `500, 502, 503, 504 Server Error` | Something went wrong on Bitwarden's end, try again in a moment. If the issue persists, [contact support](https://bitwarden.com/it-it/contact/) with the timestamp and endpoint URL you were attempting to use. | ## Continuation token A continuation token is provided for queries that return over 50 logs, this value `field: string` is provided at the bottom of the request response, for example: ```plain text { "object": "list", "data": [ { "externalId": "external_id_123456", "object": "collection", "id": "539a36c5-e0d2-4cf9-979e-51ecf5cf6593", "groups": [ { "id": "bfbc8338-e329-4dc0-b0c9-317c2ebf1a09", "readOnly": true, "hidePasswords": true, "manage": true } ] } ], "continuationToken": "string" } ``` `continuationToken` is present for the following endpoints: - `get/public/collections` - `get/public/events` - `get/public/groups` - `get/public/members` - `get/public/policies` Add the value of the `continuationToken` to the existing request to view the paginated results, for example: ```plain text https://api.bitwarden.com/public/events?continuationToken= ``` ## Further reading For more information about using the Bitwarden Public API, see the following articles: - [Bitwarden Public API OAS Specification](https://bitwarden.com/it-it/help/api/) - [Event logs](https://bitwarden.com/it-it/help/event-logs/) --- URL: https://bitwarden.com/it-it/help/rapid7-siem/ --- # Rapid7 SIEM Rapid7 is a security platform offering several ways to analyze vulnerabilities and threat data, such as security information and event management (SIEM). With the Rapid7 Bitwarden integration, developed by the team at Rapid7, organizations can monitor Bitwarden organization and [event](https://bitwarden.com/it-it/help/event-logs/) activity with the Bitwarden app on Rapid7's InsightConnect software. > [!NOTE] Rapid7 Options > The Bitwarden plugin on InsightConnect is available for cloud and Insight Orchestrator users. This guide will demonstrate the cloud setup. For more information on Insight Orchestrator, see the Rapid7 documentation [here](https://docs.rapid7.com/insightconnect/orchestrator/). ## Setup ### Create Rapid7 account To start, you will need an account with Rapid7 with access to InsightConnect. Create an account on the [Rapid7](https://www.rapid7.com/) website. ### Download the Bitwarden plugin 1. Access the InsightConnect dashboard. 2. On the navigation menu, select **SETTINGS** → **Plugins & Tools**. ![Rapid7 Plugins](https://bitwarden.com/assets/1dr9pERHfn4fdumb0QbJfy/f2aebdf026bb1d9ab470855980e40388/settings.png) 3. Search **Bitwarden** in the Extension catalogue and install the plugin. 4. Return to your Extension library and select the Bitwarden plugin, then + **Create Connection**. Keep the connection window open, information from the Bitwarden web vault is required to complete the next step. ![Bitwarden New Connection](https://bitwarden.com/assets/4iHermwAq1WYzraF6pnoK6/a3a841ef3c806242783236c034a80f25/new_connection.png) 5. In a new tab or window, access your Bitwarden organization's **Client ID** and **Client Secret.** Log in to the Bitwarden web app and open the Admin Console using the product switcher: ![Product switcher](https://bitwarden.com/assets/2uxBDdQa6lu0IgIEfcwMPP/e3de3361749b6496155e25edcfdcf08b/2024-12-02_11-19-56.png) 6. Navigate to your organization's **Settings** → **Organization info** screen and select the **View API key**button. You will be asked to re-enter your master password in order to access your API key information. ![Organization api info](https://bitwarden.com/assets/6gHjAyqgeqDj6UPT6agsBK/3a614e043cb3836a41bd68f226835e53/2024-12-04_09-51-07.png) 7. Copy the `client_id` and `client_secret` values. Return to the Create a Cloud Connection window: 1. Paste the `client_id` value into the **Client ID** field. 2. Paste the `client_secret` value into the **Client Secret** field. In order to access this field, select **Add Credential** from the **Select Credential** dropdown menu. Paste the `client_secret` value in the **Secret Key** field. Complete any additional Name and Description values you wish to include in the connection. 8. Once you have input the values, select **Save & Test Connection**. Rapid7 will run a connection test and indicate if the setup was successful. > [!NOTE] Org API information sensitive > Your organization API key information is sensitive data. Do not share these values in nonsecure locations. ## Create a workflow To begin monitoring data with Rapid7, create an InsightConnect workflow. This guide will demonstrate creating a cloud workflow and then testing the workflow. 1. On the main navigation, select **WORKFLOWS**. 2. In the right corner of the screen, select **Add Workflow** to begin. 3. A window will appear showing different options for creating a workflow. For this example, select **Start From Scratch**. Advanced users may choose to browse existing templates. ![Add Workflow](https://bitwarden.com/assets/5jTVduSflnf6c5aHYGbv0h/fd139b270cf7e8af6bdf97ce477fdf96/2024-08-20_11-08-03.png) 4. On the Create New Workflow window, complete the following required fields: 1. **Workflow Name:** Create a name for the Workflow such as **Bitwarden Logs**. 2. **Time Savings:** Time that this Workflow will save. 3. **Optional:** Include Summary and Tags for the Workflow as desired. 5. Select **Create** once you have finished. ### Create workflow trigger 1. Click on the new trigger in the workflow editor. In the Select a Trigger window, select select the trigger you would like to use to initiate your workflow, such as **API Trigger**. Complete the following required fields: 1. **Name:**Provide a name for the new trigger. 2. **Variable:** Choose variable such as `Event`. 3. **Data Type:** Select **String**. 4. **Optional:** Enter a Trigger Description to keep notes about the use of the trigger. 2. Select **Close** once you have completed the setup. ### Add a workflow step 1. On the workflow editor, select the + plus icon to add a new step. ![Add Step](https://bitwarden.com/assets/6B6GApClPXwr3yypKZJ5N0/38a6edc616bd3f23e3ee07ef4f9dfaeb/2024-08-20_12-26-54.png) 2. Select + **Action**to add a new action. Select **Bitwarden** from the plugins list. 3. On the Select an Action screen, choose the action you with to monitor. For this example, we will be selecting **List Events**. Select **Continue** once you have made your selection. ![List Events Action](https://bitwarden.com/assets/jYba6MvQBxtEd81fzUlca/521681306f9cf8d174487589b683ca7c/2024-08-20_12-32-15.png) 4. Choose the **Cloud** option for running. On the connection drop down, choose the Bitwarden connection we established previously in the guide. Select **Continue** once complete. 5. On the Configure Details screen, complete the optional fields as required by your setup, such as **Start Date**. 6. Select **Save Step** once you have customized the step details. > [!NOTE] Additional action steps may be added > Rapid7 allows several actions to be created and chained together. You may repeat this step with additional Bitwarden actions to report more information. See a complete list of Bitwarden integration actions [here](https://extensions.rapid7.com/extension/bitwarden). ### Test workflow 1. Return to the Workflow Editor and select **Test** to try out the workflow. The Test Workflow window will appear. Select **Test Workflow** at the bottom of the window to run the process. 2. This may take a moment. Once complete, a Job Details window will appear with results of the workflow: ![Rapid7 Event Output](https://bitwarden.com/assets/1jgRIiIjIjnPRqn82afwSt/300c593b6221f854deff10f7c85b27d2/Events.png) ### Enable workflow 1. To enable the workflow, select **WORKFLOWS** from the primary navigation. 2. Activate the workflow by using the toggle option: ![Enable Workflow](https://bitwarden.com/assets/6u6JvyiCi3RMkBKgYovZxO/18b513d4e19eefa54045a3ba6ac83a7f/2024-08-20_12-53-54.png) 3. Once active, reports will be generated based on the trigger settings established on your workflow. View these reports by selecting **JOBS**on the navigation. ![View Rapid7 Jobs](https://bitwarden.com/assets/74bmUmBX6LQlNTDeHDYgkm/f10055bdb9c2c791e8c75b9b996ecb84/2024-08-29_11-04-36.png) --- URL: https://bitwarden.com/it-it/help/receive-send/ --- # Receive a Send Sends can be received and opened by anyone with the link, including those who do not have Bitwarden accounts—unlike regular vault items. Send links are randomly generated, and will look something like this: - `https://send.bitwarden.com/#...`, which will automatically resolve to `https://vault.bitwarden/com/#/send/...` - `https://your.selfhosted.domain.com/#/send/....` if you're self-hosting ![A received Send](https://bitwarden.com/assets/LLnrgZwyr6IAJ0GImXLnj/da3e363db0474f4cd6a57a44a6f1bd8f/Receive_a_send.png) *A received Send* Depending on the [options configured](https://bitwarden.com/it-it/help/create-send/) by the sender, the recipient of a Send may be required to: - Enter a password to access the contents of the send - Enter an [emailed verification code](https://bitwarden.com/it-it/help/receive-send/#email-verified-sends/) - Manually toggle visibility on a hidden-text send ## Email-verified Sends Premium Bitwarden users may create a Send with required email-verification to view. If you receive a Send link that requires email-verification, you will be prompted to enter a verification code after opening the Send link. To open an email-verified Send: 1. Open the Send link you received from the sender and enter your email address: ![Enter email Send](https://bitwarden.com/assets/6guff4hS04wXAcGp7DUMDo/5ba4409fd5fcf3171f665896fa17ca9f/2026-02-24_16-06-03.png) *Enter email Send* 2. If the entered email matches the email address specified by the sender, you will receive an authorization code in your email inbox: ![Send verification code](https://bitwarden.com/assets/3f6f5IfMdXDqrR3cMwgoWN/65f8d6ffe2b3239049e7f76dfca33253/2026-02-24_16-06-56.png) *Send verification code* 3. Enter the authorization code to view the Send. ![Enter Send verification code](https://bitwarden.com/assets/7qM22jPeoKCnGE6GS03wz7/4f959a8b1b7b9f13674bdda975af9a5d/2026-02-24_17-04-46.png) *Enter Send verification code* ## Hidden-email Sends By default, Sends will display the email address of the sender to recipients, as in the above screenshot. Senders can optionally hide their email address, which will substitute in a warning message: ![Hidden-email text Send](https://bitwarden.com/assets/47RPmr6xOowzjJbG6JxVG3/42ba660b4316b57c4857ed7f7fcd58e3/Hidden_email_send.png) *Hidden-email text Send* If you receive a Send with this warning, here's what you should do: - **Was this Send expected?** If this Send was expected, get in touch with the sender. Validate with this person that the link you received (`https://vault.bitwarden.com/#/send/xxx/yyy`) matches the one they created. - **Was this Send unexpected?** If this Send was unexpected, identify the sender before interacting with it. Ask your colleagues, managers, or friends whether they might have sent you something. If you do identify the sender, validate with this person that the link you received (`https://vault.bitwarden.com/#/send/xxx/yyy`) matches the one they created. **If you can't identify the sender**, don't interact with the Send. > [!WARNING] Trusting unexpected File Sends. > Taking the above measures to ensure the trustworthiness of a Send are particularly important in the case of file downloads. **Don't download mysterious files.** ## Deleted, expired, and disabled Sends When a Send is [deleted, expired, or disabled](https://bitwarden.com/it-it/help/send-lifespan/) and you try using the Send link, the page will state that the Send does not exist or is no longer available: ![A deleted, expired, or disabled Send ](https://bitwarden.com/assets/6sveEP7CK57cGvSa9zpdwe/8da52464833e2dbfab7ef228f38f77e6/A_deleted__expired__or_disabled_Send.png) *A deleted, expired, or disabled Send * --- URL: https://bitwarden.com/it-it/help/recover-a-member-account/ --- # Recover a Member Account To [recover](https://bitwarden.com/it-it/help/account-recovery/) the account of a member who lost their master password, two-step login method, or trusted devices: - You must be an [owner, admin, or permitted custom role](https://bitwarden.com/it-it/help/account-recovery/#who-can-recover-accounts/) member. - Your organization must have the [Account recovery administration policy](https://bitwarden.com/it-it/help/policies/#account-recovery-administration/) turned on. - The member whose account you want to recover must be [enrolled](https://bitwarden.com/it-it/help/account-recovery-enrollment/). > [!TIP] See who is enrolled in account recovery > You can view which members are enrolled in account recovery on the **Members** page. A 🔑 **Key icon** will be present in the **Policies** column. To help your organization member regain access via account recovery: 1. In the Admin Console, go to **Members**. 2. (Optional) If the account is revoked, select **Revoked**. 3. For the member whose account you want to recover, select the ⋮ **Menu icon**on the same line as their account. 4. Select 🔑 **Recover account**: ![Recover account](https://bitwarden.com/assets/26oD8iqDY15SNJXCJlQE71/22e66b7e11a56d99c13ac41a1236c4e7/2024-12-03_15-35-51.png) *Recover account* 5. In the **Recover account** window that appears, check which credential(s) you want to reset: - Check **Reset master password** to create a new temporary password, which must meet your organizations' requirements if the [Master password requirements policy](https://bitwarden.com/it-it/help/policies/#master-password-requirements/) is on. Copy the new master password and share it securely with the member, such as with [Bitwarden Send](https://bitwarden.com/it-it/help/create-send/). - Check **Reset two-step login** to remove two-factor authentication set up for Bitwarden (not your IdP). If the member hasn't set up any two-step login method, this option cannot be checked. > [!NOTE] Account recovery, revoked if 2FA policy > If the [Require two-step login policy](https://bitwarden.com/it-it/help/policies/#require-two-step-login/) is on, resetting a member's two-step login method will automatically [revoke](https://bitwarden.com/it-it/help/revoke-users/) them because they'll no longer be compliant. Ask them to notify you after they set up a new two-step login method to [restore access](https://bitwarden.com/it-it/help/revoke-users/#restore-access/). 6. Select **Save**. This will send an email to the member's account email with [next steps](https://bitwarden.com/it-it/help/my-account-was-recovered/) and log the user out of their current sessions. Active sessions on some client applications, like mobile apps, may remain active for up to one hour. --- URL: https://bitwarden.com/it-it/help/releasenotes/ --- # Release Notes > [!TIP] Subscribe to Release Notes > Want Release Announcements delivered straight to your inbox? Sign up to receive an email update with the latest Bitwarden release notes. > > [Contact form] > > You can also subscribe to the [Bitwarden Status RSS Feed](https://status.bitwarden.com/) for service updates, including announcements of release windows. ## Overview The releases labelled in this document represent releases of the Bitwarden server. Client applications (browser extensions, mobile apps, desktop apps, and the CLI) that are released within the same window will be listed with their specific version number, which may vary from the associated server version number. Learn more about [software release support at Bitwarden](https://bitwarden.com/it-it/help/bitwarden-software-release-support/)*.* ### Client apps and self-hosted servers Client applications and self-hosted servers are released in the days following a server release to ensure stability. Apps distributed through app stores go through an additional approval process by the distributor. As a result, client **applications and self-hosted servers should expect to receive new features following their announcement** on this page. ### Progressive feature rollout Some features are rolled out progressively to users over time. Features that are being rolled out in this manner may be available for some users before others. > [!TIP] Progressive rollout star > Features marked with a ⭐ **Star icon** are part of a progressive rollout. ### Links to GitHub Bitwarden believes source code transparency is an absolute requirement for security solutions like ours. View full, detailed Release Notes in GitHub using any of the following links: - [Server Releases](https://github.com/bitwarden/server/releases) - [Web Releases](https://github.com/bitwarden/clients/releases/) - [Desktop Releases](https://github.com/bitwarden/clients/releases) - [Browser Extension Releases](https://github.com/bitwarden/clients/releases) - [Android Releases](https://github.com/bitwarden/android/releases) - [iOS Releases](https://github.com/bitwarden/ios/releases) - [CLI Releases](https://github.com/bitwarden/clients/releases) - [Directory Connector Releases](https://github.com/bitwarden/directory-connector/releases) ## Release Announcements ## 2026.5.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.5.0, Browser Extension 2026.5.0, Desktop 2026.5.0, Mobile 2026.5.0, and CLI 2026.5.0)* #### Password Manager - ⭐ **Devices list now available on desktop**: The [Devices list](https://bitwarden.com/it-it/help/manage-devices/) is now available on the desktop app, alongside the web app and browser extension, to surface devices that your account has been used on. - **Biometrics integration now available on Flatpak and Snap**: [Biometric unlock of browser extensions](https://bitwarden.com/it-it/help/biometrics/), usable through an integration with the Bitwarden desktop app, is now available on Flatpak and Snap distributions. - ⭐ **Web app quick actions**: Launch a website and copy vault data from new quick actions buttons, available by hovering over an item in the web app. - **Send UI update:**Selecting a [Send](https://bitwarden.com/it-it/help/about-send/) item in the browser extension and web app will now display a View screen instead of routing directly to the Edit screen. #### Admin Console - ⭐ **Blumira SIEM integration**: Teams and Enterprise organizations can now [integrate with Blumira](https://bitwarden.com/it-it/help/blumira-siem/) for security and event management (SIEM). - **Expanded account recovery options**: Account recovery now supports revoked members and can [reset two-step login methods](https://bitwarden.com/it-it/help/recover-a-member-account/). - **Revoked member reason**: There's a new tooltip next to each member on the **Members** → **Revoked** page that explains why members were [revoked](https://bitwarden.com/it-it/help/revoke-users/) from your organization. - **Updated event logs**: Password Manager now saves when an attachment is added to an organization-owned item, using the existing [Created attachment for item](https://bitwarden.com/it-it/help/event-logs/#item-events/) event. #### Self-host - **Helm Chart v2.0**: Version 2.0 of the self-host Helm chart will includes two breaking changes: - NGINX `ingress` is now **disabled by default** in this version of the chart. The chart includes support for Gateway API as an alternative. - The `image.name` field has been removed from `values.yaml`. Any configurations using `image.name` must be updated to use `image.repository` instead. > [!NOTE] Helm Ingress deprecation > Before upgrading to this version of the chart, review these changes and update your values file accordingly. For additional information on setting up or migrating to Gateway API, refer to [Helm Traffic Routing](https://bitwarden.com/it-it/help/traffic-routing/). ## 2026.4.1 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.4.2, Browser Extension 2026.4.0, Desktop 2026.4.0, Mobile 2026.4.1, and CLI 2026.4.0)* #### Password Manager - ⭐ **Change master password on extensions and desktop**: You can now [change your master password](https://bitwarden.com/it-it/help/master-password/#change-master-password/) on browser extensions and desktop apps. To support future improvements, workflows that allowed a master password change via the CLI were removed. - ⭐ **Desktop UI updates**: The desktop app UI has been updated with visual improvements. - ⭐ **Click to autofill by default**: Within the browser extension, you can now click anywhere on an item within **Autofill suggestions** to insert your credentials. This update removes the **Fill** button and **Click items in autofill suggestions to fill** setting for a more streamlined appearance. - **Updated Clear Clipboard default**: The browser extension's [Clear Clipboard setting](https://bitwarden.com/it-it/help/auto-fill-browser/#set-up-autofill/) now defaults to five minutes, an extra precaution to help keep your credentials secure. - **mTLS support now on iOS:** Both the iOS and Android mobile apps now support uploading mTLS certificates for self-hosted servers that require client authentication. Upload your certificate [when you set your server URL](https://bitwarden.com/it-it/help/change-client-environment/#tab-mobile-app-4dQ4hW1QAwVBuReXk2Txx0/). - **Attachment status loading bar**: Uploading an attachment on the desktop app and browser extension will display an upload status bar. - **Keeper JSON importer**: You can now [import data from Keeper](https://bitwarden.com/it-it/help/import-from-keeper/) with a JSON file. ## 2026.4.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.4.0 and Mobile 2026.4.0.)* #### Password Manager - **Preview image attachments on Android**: You can now [preview image attachments](https://bitwarden.com/it-it/help/attachments/#view-an-attachment/) from within the Password Manager Android app, without having to download the file to your device. Previewing image attachments will be available on iOS in a future release. #### Admin Console - **Send controls Enterprise policy**: Two Enterprise policies, Send Options and Remove Send, were merged into the newly titled [Send controls policy](https://bitwarden.com/it-it/help/policies/#send-controls/). If either policy was previously turned on, the chosen options will transfer and remain unchanged. - **Updated Enterprise Policies page**: On the Policies page, the [Enterprise Policies](https://bitwarden.com/it-it/help/policies/) are now organized into three categories: Data Controls, Authentication, and Vault Management. You can also review at a glance which policies are turned on or off. - **Access Intelligence dashboard update**: Visualize [how at-risk applications, passwords, and members have changed over time](https://bitwarden.com/it-it/help/access-intelligence/#activity/) relative to absolute changes in application, password, and member counts with new graphs on the Access Intelligence Activity view. ## 2026.3.2 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.3.1, Browser Extension 2026.3.0, Mobile 2026.3.1, Desktop 2026.3.1, and CLI 2026.3.0.)* #### Password Manager - ⭐ **Autofill button on View Login**: Autofill credentials directly from the [View Login](https://bitwarden.com/it-it/help/auto-fill-browser/#view-login/) page in the browser extension. - **Generator options for password protected Sends**: All password generator features are now available when creating password protected [Sends](https://bitwarden.com/it-it/help/about-send/). - **Arm64 builds available for Linux**: Arm64 desktop builds are now available for Linux users on Snapcraft and Flathub. See [downloads](https://bitwarden.com/it-it/download/#downloads-desktop-applications/) for additional information. #### Admin Console - ⭐ **Automatic confirmation policy**: A new policy allows for [automatic confirmation of new members joining the organization](https://bitwarden.com/it-it/help/automatic-confirmation/). Using this policy requires an understanding of how it works and Bitwarden support must be contacted to activate it in your organization. - ⭐ **Policy name update**: The Enforce organization data ownership policy has been renamed to [Centralize organization ownership](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/). - ⭐ **Transfer items from My Vault to My Items**: Organizations using the Centralize organization ownership policy can now [opt to prompt](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) users to [transfer items from My Vault to My Items](https://bitwarden.com/it-it/help/transfer-ownership/) using the browser extension. ## 2026.3.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.3.0, Browser Extension 2026.3.0, and Mobile 2026.3.0.)* #### Password Manager - **Email verification for Bitwarden Send**: Protect Sends with email verification is now available on mobile clients. Learn more about [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/). #### Authenticator - **Session timeout for Android**: The [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/) Android app can now be set to lock after a period of time that you can set. Unlock with your device’s chosen method, like a pin or biometric. - **New app icon for iOS**: The [Bitwarden Authenticator](https://bitwarden.com/it-it/help/bitwarden-authenticator/) iOS app has a new app icon. #### Admin Console - ⭐ **Bulk invite improvements**: Several improvements have been added to the [organization user invite process](https://bitwarden.com/it-it/help/managing-users/), such as a visual status indicator and bulk-action warnings. ## 2026.2.1 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.2.1, Browser Extension 2026.2.0, Mobile 2026.2.1, Desktop 2026.2.1, and CLI 2026.2.0.)* #### Password Manager - **Email verification for Bitwarden Send**: When users create a Send, they can choose to protect it with email verification for recipients. Learn more about [Bitwarden Send](https://bitwarden.com/it-it/help/about-send/). - **Item archiving**: Users on paid subscriptions can now [archive vault items](https://bitwarden.com/it-it/help/managing-items/#archive/) to exclude them from search and from autofill without removing them from the vault. - **Biometric unlock for Flatpak**: Flatpak-installed desktop apps now support [unlock with biometrics](https://bitwarden.com/it-it/help/biometrics/#tab-linux-2vCWb5iFg4OqKS0B2xXpqW/). - **Increase minimum KDF iterations**: If your PBKDF2 KDF iterations are below 600,000, the default level since [release 2023.2.0](https://bitwarden.com/it-it/help/releasenotes/#2023-2-0/), you'll be [asked to update](https://bitwarden.com/it-it/help/kdf-algorithms/#low-pbkdf2-kdf-iterations/) the setting or the increase will apply automatically when you next log in or unlock with your master password. #### Admin Console - **Huntress SIEM integration**: Bitwarden Teams and Enterprise organizations can now [integrate with Huntress](https://bitwarden.com/it-it/help/huntress-siem/) for security information and event management (SIEM). #### Secrets Manager - **Jenkins integration:**The Bitwarden Secrets Manager CLI can now be used to [inject secrets into Jenkins Pipelines](https://bitwarden.com/it-it/help/jenkins-integration/). ## 2026.2.0 *(This listed release number is for the Bitwarden Server, other version numbers released in this cycle include Web 2026.2.0, Browser Extension 2026.1.1, and Mobile 2026.2.0.)* #### Password Manager - **Import SSH keys from 1Password**: [SSH keys](https://bitwarden.com/it-it/help/ssh-agent/) can now be [imported directly to Bitwarden](https://bitwarden.com/it-it/help/import-from-1password/) using the `.1pux` export format offered by 1Password. - **Import passkeys from a Bitwarden .json**: [Passkeys](https://bitwarden.com/it-it/help/storing-passkeys/) that are [exported from Bitwarden](https://bitwarden.com/it-it/help/export-your-data/) in a .json file can now be [imported](https://bitwarden.com/it-it/help/import-data/) to a new Bitwarden account or used as a short-term backup. #### Admin Console - **API - New member management endpoints**: The [Public API](https://bitwarden.com/it-it/help/api/) now includes endpoints for [revoking and restoring access](https://bitwarden.com/it-it/help/revoke-users/) to organization members. ## 2026.1.1 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.1.1, Browser Extension 2026.1.0, Mobile 2026.1.0, Desktop 2026.1.0, and CLI 2026.1.0.)* #### Password Manager - **Unlock with passkeys**: Passkeys can now [unlock your web app or browser extension](https://bitwarden.com/it-it/help/login-with-passkeys/#set-up-encryption-for-unlock/). This grows existing passkey support beyond logging in, letting you access your vault without entering the master password. - **Desktop app UI update**: The desktop app UI has been updated, and more updates will follow. - **New default width for extensions**: Browser extensions have a new, wider default width. You can change back to the narrow version interface or to an extra wide one [from the Appearance menu](https://bitwarden.com/it-it/help/change-theme/#tab-browser-extension-1yAVQbGXha0iO7CioSiFvm/). > [!NOTE] 2025.1.1 Desktop Announcement > This release includes an update of our Linux desktop to Electron 39. Users of the Bitwarden Flatpak application on Fedora-based Linux distributions with KDE may experience issues with the clipboard when importing SSH keys. This is a known issue that Bitwarden is investigating. #### Self-host - **Enhanced error log redaction**: Error logs created for authentication tokens that are invalid, expired, or have an incorrect issuer, audience, or signature, now redact all personally identifiable information (PII) and authentication data. ## 2026.1.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2026.1.0.)* #### Password Manager - **More 2FA security keys for Premium**: Bitwarden Premium users may now use up to 10 security keys for [two-step login](https://bitwarden.com/it-it/help/setup-two-step-login/), including [passkeys](https://bitwarden.com/it-it/help/setup-two-step-login-fido/). #### Admin Console - **Export list of members**: All organizations can [download a .csv list of members](https://bitwarden.com/it-it/help/managing-users/#download-list-of-members/), which details when someone uses two-step login, if they can access the Secrets Manager, and more. ## 2025.12.2 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.12.2, Browser Extension 2025.12.1, Mobile 2025.12.1, Desktop 2025.12.1, and CLI 2025.12.1)* #### Password Manager > [!NOTE] 2025.12.2 Desktop App Announcements > **Desktop App Announcement** > > An issue has been fixed for the Windows portable desktop app, the result of which will automatically log users out when the app is updated to this version. Once logged back in, the Windows portable desktop app will resume working as normal. - **Subscription storage increase**: Premium subscriptions and paid organizations now offer 5GB of storage for [attachments](https://bitwarden.com/it-it/help/attachments/) and [Sends](https://bitwarden.com/it-it/help/about-send/). - **Updating PINs on legacy clients**: Updating Bitwarden clients from version 2025.9.0 or older to this version will require users to set their PIN again in order to continue using [unlock with PIN](https://bitwarden.com/it-it/help/unlock-with-pin/). No changes have been made to PIN requirements themselves. #### Admin Console - **Block account creation for claimed domains policy**: This [new policy](https://bitwarden.com/it-it/help/policies/#block-account-creation-for-claimed-domains/) will allow administrators to prevent people with email addresses that match your [claimed domain](https://bitwarden.com/it-it/help/claimed-domains/) from creating a Bitwarden account outside of the organization. - **Optimized bulk re-inviting**: The ability to re-send organization invitations in bulk from the Admin Console, previously limited to 500 invitations per action, now supports up to 8,000 invitations per action. - **Session timeout policy**: You can now pick from more options in the [session timeout Enterprise policy](https://bitwarden.com/it-it/help/policies/#session-timeout/): On system lock, On app restart, and Never. All of the new timeout options are enforced across all Bitwarden clients when selected. ## 2025.12.1 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.12.1)* #### Password Manager - **Import and export pages renamed**: To improve the user experience, the "Import data" and "Export vault" pages have been renamed simply "Import" and "Export" on the web app. These pages will be renamed in other clients in a future release. #### Admin Console - **Enterprise policy name updated**: The "Remove individual vault export" policy is now called [Remove export](https://bitwarden.com/it-it/help/policies/#remove-export/). This is a name change only; what the policy does remains the same. #### Self-host - **Key Connector confirmations**: To increase security, an additional organization confirmation dialogue has been added to the [Key Connector login process](https://bitwarden.com/it-it/help/about-key-connector/#log-in-using-key-connector/) for new users. ## 2025.12.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.12.0, Browser Extension 2025.12.0, Mobile 2025.12.0, Desktop 2025.12.0, and CLI 2025.12.0)* #### Password Manager - **Vault health alerts and password coaching**: As a new feature for Premium plans, Password Manager will now [alert users that they should update a password](https://bitwarden.com/it-it/help/change-at-risk-passwords/) when it's detected that the password is weak, re-used, or exposed and recommend that they be updated. - **Direct import for Chrome and Brave**: Transfer your data from Chrome and Brave browsers into Bitwarden quicker than ever with [direct import](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/). - **Autofill and save URI**: In the browser extension, the option to **Fill & save** has been rolled into the normal **Autofill** option. Now, when selecting Autofill for an item without a matching URI, an option to [save the current website URI to the login item](https://bitwarden.com/it-it/help/uri-match-detection/#save-uri-to-existing-login-item/) will appear. #### Admin Console - **Prevent SSO login for revoked users**: Users that have been revoked from an organization will no longer be able to use SSO to log in to their SSO-linked account. ## 2025.11.1 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.11.2, iOS 2025.11.0, and Android 2025.11.1)* #### Password Manager - **Log in with passkeys**: Now generally available in the browser extension and web app, log in to your Bitwarden account faster and more securely using [passkeys](https://bitwarden.com/it-it/help/login-with-passkeys/). - **Android autofill update**: Password manager on Android uses an updated [autofill match logic for Opera, Edge, and Samsung Internet](https://bitwarden.com/it-it/help/auto-fill-android/#browser-integrations/) by default. Prior to this version, this logic used only when the Compatibility Mode option was turned on. #### Admin Console - **Access Intelligence**: Enterprise organizations can use [Access Intelligence](https://bitwarden.com/it-it/help/access-intelligence/) to review at-risk credentials and notify members they need to [take action on those credentials](https://bitwarden.com/it-it/help/change-at-risk-passwords/). - **Policy name update**: The Automatically log in users for allowed applications policy has been renamed to [Automatic login with SSO](https://bitwarden.com/it-it/help/policies/#automatic-login-with-sso/). #### Self-host - **Bitwarden lite general availability**: [Bitwarden lite](https://bitwarden.com/it-it/help/install-and-deploy-lite/), formerly Bitwarden Unified, is now generally available. - **Environment variable update**: The self-host environment variable `globalSettings__syslog__destination` has been deprecated. Learn more about Self-hosted [environment variables](https://bitwarden.com/it-it/help/environment-variables/). #### Security - **No logout on KDF change**: [Changing KDF algorithm](https://bitwarden.com/it-it/help/kdf-algorithms/) will no longer log you out of client applications. ## 2025.11.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.11.0, Browser Extension 2025.11.0, Mobile 2025.11.0, Desktop 2025.11.0, and CLI 2025.11.0)* #### Password Manager - **Log in with passkey support on browser extensions**: Users can now log in to browser extensions [with a passkey](https://bitwarden.com/it-it/help/login-with-passkeys/). Currently, Chrome and Chromium-based browsers like Edge are supported. - **Windows Hello update**: You can now unlock your vault with biometrics immediately after the Windows desktop app restarts, rather than entering a master password or PIN. When setting up [biometrics in the Windows desktop app](https://bitwarden.com/it-it/help/biometrics/#set-up-biometrics-for-desktop-app/), uncheck **Require master password or PIN on app restart**. - **Right-click in web app**: In the web app Vaults view, you can now right-click to call up the same menu you'd access using the ⋮ options menu. - **Improved sign-up flow for premium subscription**: Users seeking the benefits of a paid Bitwarden plan will find it easier to upgrade their account. Select the **Upgrade your plan** button within the web app navigation to learn more about and select a paid plan. #### Admin Console - **Default URI match detection for organizations**: Organization owners and admins can now choose the [default URI match detection method](https://bitwarden.com/it-it/help/policies/#default-uri-match-detection/) for their members. Members can still edit the URI match detection method for individual login items. - **My items**: When the [Enforce organization data ownership](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/) policy is turned on, the organization owns new members’ items by default. Members subject to this policy can now save items in a new [My items](https://bitwarden.com/it-it/help/my-items/) location, providing members with privacy while ensuring admins can transfer data after a member leaves the organization. #### Self-host > [!NOTE] Helm Version Update > **Helm Charts Versioning Update**: For Bitwarden self-host Helm charts, the CalVer versioning scheme (2025.8.0) will be deprecated on November 13, 2025. Moving forward, only SemVer versions will be supported and released. - **Backup script update**: Docker deployments utilizing the packaged [backup-db.sh script](https://bitwarden.com/it-it/help/backup-on-premise/) have been updated to the [Simple recovery model](https://learn.microsoft.com/en-us/sql/relational-databases/backup-restore/recovery-models-sql-server?view=sql-server-ver17) to prevent transaction log file sizes from compounding. - **Web clients require https configuration:**Self-hosted server connections will now require `https://` configuration. Server URLs without https:// will receive an error message. ## 2025.10.1 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.10.1 and Mobile 2025.10.1)* #### Password Manager - **Android Chrome integration version requirement**: To continue using the [Chrome browser integration on Android](https://bitwarden.com/it-it/help/auto-fill-android/#browser-integrations/), upgrade the Chrome app to at least version 135. This is required due structural changes in Chrome and Bitwarden autofill integration processes. #### Admin Console - **Sumo Logic SIEM integration**: A new integration is available for security information and event management (SIEM) [with Sumo Logic](https://bitwarden.com/it-it/help/sumo-logic-siem/). The integration offers comprehensive event coverage across authentication, organizational activities, and vault items. ## 2025.10.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.10.0, Browser Extension 2025.10.0, Mobile 2025.10.0, Desktop 2025.10.0, and CLI 2025.10.0)* #### Password Manager - **Direct importer for Edge, Opera, and Vivaldi browsers**: Move your data into Bitwarden quickly and securely with [direct import](https://bitwarden.com/it-it/help/import-from-chrome/#import-directly-from-browser/) for Edge, Opera, and Vivaldi browsers. - **Simplified login screen for SSO users**: Members of organizations using the [Require single sign-on policy](https://bitwarden.com/it-it/help/policies/#require-single-sign-on-authentication/) will now have other authentication options greyed-out on the login screen, provided they've authenticated at least once on that device. #### Secrets Manager - **New event logs**: Secrets Manager will now [log events](https://bitwarden.com/it-it/help/event-logs/#secrets-manager-events/) when machine accounts are created, deleted, have users or groups assigned to them, and have users or groups removed from them. #### Self-host - **New environment variables**: New [environment variables](https://bitwarden.com/it-it/help/environment-variables/#refresh-token-variables/) are available for configuring the handling of refresh tokens, allowing users to determine the lifetime and timeout of authentication tokens on self-hosted servers. ## 2025.9.2 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.9.1)* #### Admin Console - **Member invitation subject line update**: The [email subject line](https://bitwarden.com/it-it/http://bitwarden.com/help/list-of-emails/#critical-member-emails/) for invitations to join an organization was updated. - **Tax ID reminder**: If you're a business owner or provider admin in a country that collects [value added tax (VAT)](https://bitwarden.com/it-it/help/tax-calculation/#value-added-tax-vat/) and haven't added your tax ID yet, you'll see a banner on the Admin Console, Payment Details, and Provider Portal pages. Click **Add a Tax ID** to update the billing details with your organization's tax ID. #### Secrets Manager - **Terraform Provider**: Bitwarden Secrets Manager now offers a Terraform provider, capable of fetching, creating, and managing Secrets Manager secrets for your Terraform infrastructure. Learn more about the Terraform provider [here](https://bitwarden.com/it-it/help/terraform-provider/). ## Secrets Manager Kubernetes Operator 1.0.0 - **Update to default mapped secrets behavior:** The new default behavior of the Kubernetes operator will only sync secrets that been mapped in the `BitwardenSecret` object, unless otherwise specified with `onlyMappedSecrets: false`. Learn more about the Secrets Manager Kubernetes operator [here](https://bitwarden.com/it-it/help/secrets-manager-kubernetes-operator/). ## 2025.9.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.9.0, Browser Extension 2025.9.0, Mobile 2025.9.0, Desktop 2025.9.0, and CLI 2025.9.0)* #### Password Manager - **Device approval using browser extensions**: Approve new [trusted devices](https://bitwarden.com/it-it/help/add-a-trusted-device/) and [login with device](https://bitwarden.com/it-it/help/log-in-with-device/) requests using the browser extension. - **CXP for iOS 26**: Users on iOS 26 can now import directly to or export directly from Bitwarden and any other iOS app that supports [FIDO's Credential Exchange Protocol](https://fidoalliance.org/specifications-credential-exchange-specifications). Learn more about [importing](https://bitwarden.com/it-it/help/import-data/) and [exporting](https://bitwarden.com/it-it/help/export-your-data/). #### Admin Console - **Collection settings updates**: Some collection management settings have been renamed and more granular events will now be logged when they're turned on or off. Learn more [here](https://bitwarden.com/it-it/help/collection-management/). - **Organization SSH keys**: SSH keys created with the Bitwarden SSH agent can now be stored and shared in organization collections. Learn more about the Bitwarden SSH agent [here](https://bitwarden.com/it-it/help/ssh-agent/). ## 2025.8.1 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.8.2 and Mobile 2025.8.1)* #### Password Manager - **Card autofill for Android**: The Bitwarden Android app can now autofill cards, such as debit or credit cards, in Chrome and Chromium-based browsers. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-card-id/). - **Failed 2FA emails**: Users will now receive an email notifying them of failed login attempts that were prevented by two-step login. If you receive these emails, update your master password immediately to one that is strong, unique, and has never been used before. Learn more [here](https://bitwarden.com/it-it/help/emails-from-bitwarden/). #### Secrets Manager - **New event logs**: Secrets Manager will now log events when projects are accessed, created, edited, or deleted. Learn more [here](https://bitwarden.com/it-it/help/event-logs/). ## 2025.8.2 (*This listed release includes ****only Browser Extensions & Desktop Apps****. The next release to include Server updates will resume the typical version progression (2025.8.1))* - To further protect against malicious websites, the inline autofill menu is now always displayed above other content on a web page. ## 2025.8.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.8.0, Browser Extension 2025.8.0, Mobile 2025.8.0, Desktop 2025.8.0, and CLI 2025.8.0)* > [!NOTE] Selfhost version support > To ensure compatibility with the latest Bitwarden release, please update both your clients and self-hosted server. Keeping your software current in accordance with the [Bitwarden software release support](https://bitwarden.com/it-it/help/bitwarden-software-release-support/) policy will help to maintain full compatibility, support, and unlock the latest Bitwarden features. #### Admin Console - **Remove card item type policy**: An enterprise policy was added that allows enterprise organizations to restrict the use of the card item type. Learn more [here](https://bitwarden.com/it-it/help/policies/#remove-card-item-type/). #### Password Manager - **Inline autofill** **password generator improvements**: The inline autofill password generator will now immediately offer to save the generated password as a new login item. Learn more about the inline autofill [here](https://bitwarden.com/it-it/help/auto-fill-browser/#inline-autofill-menu/). - **Improved Item view**: New improvements to viewing vault items have been added. Updates include favicons and other important information presented at the top of the vault item. Learn more about vault items [here](https://bitwarden.com/it-it/help/managing-items/). - **HTTPS now required on Android**: The Android Password Manager app now requires connection to a server using HTTPS. This change will only affect users who are self-hosting a Bitwarden server without a SSL/TLS certificate. Learn more about certificates [here](https://bitwarden.com/it-it/help/certificates/). - **Unlock with biometrics updates**: Desktop apps must now first be unlocked with a method other than biometrics, such as PIN or master password, after application restart. Following this, biometrics can be used to unlock. Learn more about unlock with biometrics [here](https://bitwarden.com/it-it/help/biometrics/). ## 2025.7.3 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.7.2)* #### Admin Console - **Members view performance improvements**: Loading times for the Members view, particularly for organizations with large numbers of members, have been optimized. #### Provider Portal - **Billing update**: Providers that have not added a payment method on the **Billing** → **Subscription** page should do so as soon as possible. Providers with unpaid invoices will now be suspended 30 days after an unpaid invoice is due, including suspension of client organizations. Adding a valid payment method, for those that have not already, will ensure seamless continuation of service. #### Self-host - **Deprecated logging methods**: For self-hosted users, the direct integration with `syslog` in Bitwarden - enabled by overriding `enabledglobalSettings__syslog__destination` - has been deprecated in favor of integrating with Docker's `syslog` drivers. Users with the deprecated method will receive warning logs to notify them of the change. Learn more [here.](https://bitwarden.com/it-it/help/hosting-faqs/#q-how-do-i-enable-logging-to-syslog/) ## 2025.7.1 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.7.1, Browser Extension 2025.7.0, Desktop 2025.7.1, and CLI 2025.7.0)* #### Password Manager - **URI Match Detection warning update**: Users who choose to setup URI match detection with the advanced options **Starts with** and **Regular expression** will see a warning dialogue to confirm they understand the potential security risks associated with these autofill options. Learn more [here](https://bitwarden.com/it-it/help/uri-match-detection/#match-detection-options/). - **Onscreen tips for new users - Browser extension**: To assist new users, onscreen tips have been added to the browser extension. These tips will help introduce new users to the features and components of the browser extension. Learn more [here](https://bitwarden.com/it-it/help/getting-started-browserext/). - **Browser extension permission update**: Browser extensions on Firefox and Safari will now require the notifications permission to support [log in with device](https://bitwarden.com/it-it/help/log-in-with-device/). - **Chromium integrations on Android**: If you use Brave or Chrome as your web browser, toggle the new **Use Brave autofill integration** or **Use Chrome autofill integration** options. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-android/). #### Secrets Manager - **New secrets events**: Event Logs will now log when secrets are created, edited, or deleted. Learn more [here](https://bitwarden.com/it-it/help/event-logs/#secrets-manager-events/). ## 2025.7.0 (*The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.7.0)* #### Password Manager - **Password Depot 17** **import**: Password Depot 17 has been added to the list of formats available for direct import into Bitwarden Password Manager. Learn more [here](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/). #### Admin Console - **Policy rename**: The Remove individual vault policy has been renamed to the Enforce organization data ownership policy. Learn more [here](https://bitwarden.com/it-it/help/policies/#centralize-organization-ownership/). - **Member permissions update**: Organization members with the **Manage account recovery** permission can reset organization member's master passwords. This permission can be granted separately from the Manage users permission. Learn more [here](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/). ## 2025.6.2 (*The listed release number is for the Bitwarden server, other version numbers released in this cycle also include Web 2025.6.1, Browser Extension 2025.6.0, Desktop 2025.6.0, and CLI 2025.6.0)* > [!WARNING] Legacy Users > Accounts using a legacy encryption scheme are no longer supported. Older accounts that were created before 2017 and have not logged into the web app since 2023 are using a legacy encryption scheme that is no longer supported. Only inactive accounts without user activity for two years may be impacted. Learn more [here](https://bitwarden.com/it-it/help/legacy-user-support/). > [!WARNING] Kerberos is broken > **Kerberos authentication support notice for Self-host**: In some deployment modes, self-host server versions 2025.6.0 through 2025.6.2 have had an interruption in their support for **Kerberos** external database authentication. This will be fixed in an upcoming release of the self-host server. Customers using Kerberos authentication should wait to upgrade their self-host deployments until the next release unless instructed otherwise by Bitwarden support. #### Password Manager - **Persistence in browser extensions when adding & editing items:** Browser extensions will now cache changes to item data for up to two minutes even if you click out of or minimize the extension window. - **Browser extension notification redesign**: Browser extension notifications have a new look and feel. Learn more [here](https://bitwarden.com/it-it/help/autosave-from-browser-extensions/). - **Advanced troubleshooting for mobile apps**: In mobile apps, users now have the option to to locally and temporarily log app events to help troubleshoot unexpected behaviors in the Bitwarden app. Learn more [here](https://bitwarden.com/it-it/help/flight-recorder/). #### Bitwarden Authenticator - **Sync TOTPs with Password Manager**: Users now have the option to seamlessly sync verification code data between Bitwarden Authenticator and Password Manager. Learn more [here](https://bitwarden.com/it-it/help/totp-sync/). ## 2025.6.1 (The listed release number is for the Bitwarden server, other version numbers released in this cycle include Web 2025.6.0 and Self-host 2025.6.1) > [!WARNING] Kerberos is broken > **Kerberos authentication support notice for Self-host**: In some deployment modes, self-host server versions 2025.6.0 through 2025.6.2 have had an interruption in their support for **Kerberos** external database authentication. This will be fixed in an upcoming release of the self-host server. Customers using Kerberos authentication should wait to upgrade their self-host deployments until the next release unless instructed otherwise by Bitwarden support. #### Self-host - **Rootless Containers for Helm**: Helm deployments can now run Bitwarden in rootless mode. Learn more [here](https://bitwarden.com/it-it/help/self-host-with-helm/#rootless-requirements/). ## 2025.5.3 #### Self-host - **SQL version support**: Release 2025.5.3 will be the last Bitwarden release that will maintain support for SQL Server 2019. Bitwarden fully supports SQL Server 2022. ## 2025.5.2 (*The listed release number is for the Bitwarden server, other version numbers released in this cycle also include Web 2025.5.1, Browser Extension 2025.5.1, Desktop 2025.5.0, iOS 2025.5.0, Android 2025.5.0, and CLI 2025.5.0*) > [!NOTE] 2025.5.2 Announcement > Important changes are coming to the Bitwarden clients! To help improve security and maintainability, please note that significantly older versions will cease to function if not kept up to date. This is especially important for users of our CLI. Please ensure that you have upgraded to the latest version of any installed clients. #### Password Manager - **Export attachments from desktop and CLI**: On the desktop app and CLI, you can now create a `.zip` export your individual vault file attachments. Learn more [here](https://bitwarden.com/it-it/help/attachments/). - **Support for dynamic colors on Android**: You can now apply color schemes to your Bitwarden Android app based on your wallpaper. Learn more [here](https://bitwarden.com/it-it/help/change-theme/#tab-mobile-1yAVQbGXha0iO7CioSiFvm/). - **SSH approval settings**: A new setting is available for users who have enabled the SSH agent on the desktop app. You may specify when Bitwarden will require you to authorize access to an SSH credential stored in the vault. Learn more about SSH agent settings [here](https://bitwarden.com/it-it/help/ssh-agent/). #### Admin Console - **Organization sponsored Families plan**: Organizations can issue sponsored Families plans directly to employees personal email accounts, including employees that aren't members of the current organization. Learn more about sponsored Families plans [here](https://bitwarden.com/it-it/help/organization-sponsored-families-plans/). - **Collection permissions update**: The **Can edit** and **Can edit, hidden passwords** permissions will now grant users the ability to delete collection items, unless the new **Limit item deletion to members with the Manage collection permission** has been enabled. Learn more about collection permissions [here](https://bitwarden.com/it-it/help/about-collections/#collections-permissions/). - **New collection management setting**: To increase privilege customization, a new collection management setting has been added, **Limit item deletion to members with the Manage collection permissions**. Learn more about collection management settings [here](https://bitwarden.com/it-it/help/collection-management/). ## 2025.5.0 (*The listed release number is for the Bitwarden server, other version numbers released in this cycle also include Web 2025.5.0 and Browser Extension 2025.5.0*) #### Password Manager - **Enhanced PIN requirements**: On browser extensions, PINs used for unlock must now be at least 4 characters. This will be updated in other clients in future releases. - **Export attachments from web and browser**: On the web app and browser extension, you can now create a `.zip` export that includes file attachments. This will be added to other clients in future releases. Learn more [here](https://bitwarden.com/it-it/help/attachments/). - **Nested collections in search results**: Nested collections are now included in search results, making it easier to find relevant items. Learn more about collections [here](https://bitwarden.com/it-it/help/about-collections/). #### Admin Console - **Organization features previews**: The Admin Console for Teams, Families, and Free organizations will now show previews of features included in higher subscription tiers. ## 2025.4.3 (*The listed release number is for the Bitwarden server, other version numbers released in this cycle also include Web 2025.4.1, Browser Extension 2025.4.0, Desktop 2025.4.2, and CLI 2025.4.0*) This release includes: #### Password Manager - **Persistence in browser extensions when approving devices:** Browser extensions will now wait for up to two minutes for approval even if you click out of or minimize the extension window in order to approve the request using the web app. - **Master password re-prompt desktop update**: When the master password re-prompt option is active for an item, desktop apps will now gate all fields behind successful verification instead of only hidden fields. Learn more [here](https://bitwarden.com/it-it/help/managing-items/#protect-individual-items/). #### Admin Console - **External ID display update**: External ID will now only be displayed for the group, collection, and member dialogue if configured using SCIM, Bitwarden Directory Connector or the API. Learn more about Directory Connector [here](https://bitwarden.com/it-it/help/directory-connector/). - **Member SSO external ID**: Member SSO external ID will be displayed in the member dialogue for members configured using SSO. ## 2025.4.0 This release includes: #### Password Manager - **Edge export (csv)**: Edge (csv) export has been added to the list of formats available for import into Bitwarden Password Manager. Learn more [here](https://bitwarden.com/it-it/help/import-data/). ## 2025.3.3 (*The listed release number is for the Bitwarden server, other version numbers released in this cycle also include Web 2025.3.1, Browser Extension 2025.3.2, Desktop 2025.3.2, and CLI 2025.3.0*) This release includes: #### Password Manager - **Browser extension filter persistence**: For an improved experience when navigating between the browser extension and a web page, search terms and filters will now persist for up to two minutes, or until you change the active tab in your browser extension. - **Browser extension loading times**: We have made several changes to improve the browser extension loading times. Learn more about the Bitwarden browser extension [here](https://bitwarden.com/it-it/help/getting-started-browserext/). - **Re-order website URIs**: On the web app and browser extensions Edit Login view, you can now re-order website URIs for better visual organization using the drag-and-drop (☰ ) button. - **FIDO2 two-step login support for Linux desktop**: Linux desktop apps now support two-step login using a FIDO2 passkey. Learn more [here](https://bitwarden.com/it-it/help/setup-two-step-login-fido/). - **SSH agent forwarding**: Support for SSH agent forwarding has been improved on the Bitwarden Desktop app. Learn more about the Bitwarden SSH agent [here](https://bitwarden.com/it-it/help/ssh-agent/). ## 2025.3.0 This release includes: #### My Account - **Verification of new devices, grace period for new accounts**: Newly created accounts will be exempt from new device login protection for the first 24 hours after account creation. Learn more [here](https://bitwarden.com/it-it/help/new-device-verification/). #### Password Manager - **Login request banner notifications**: Login with device requests will now prompt a banner notification to appear in the web app while pending approval. Learn more about login with device [here](https://bitwarden.com/it-it/help/log-in-with-device/). #### Admin Console - **Domain verification renamed**: Domain verification, available for Enterprise organizations, has been renamed to "claimed domains". Learn more [here](https://bitwarden.com/it-it/help/claimed-domains/). - **Claimed accounts**: When an Enterprise organization claims a domain, any member accounts with emails that match the domain will now be claimed by the organization, allowing account deletion by administrators. Claimed accounts also have a few other restrictions on account actions. Learn more [here](https://bitwarden.com/it-it/help/claimed-accounts/). - **Unassigned items in reports**: Organization-owned items not assigned to a collection are now listed with interactive links for further review in organization vault health reports. #### Self-hosting - **Move to GitHub Container Registry**: Container images have been moved from Docker Hub to GitHub Container Registry. If you're deploying with a method that doesn't use the `bitwarden.sh` or `bitwarden.ps1` scripts, update image references to GitHub Container Registry URLs (e.g. `ghcr.io/bitwarden/image_name:version`). ## 2025.2.1 (*The listed release number is for the Bitwarden server, other versions numbers released in this cycle also include Web 2025.2.2, Browser Extension 2025.2.2, Desktop 2025.2.1, and CLI 2025.2.0*) This release includes: #### My Account - **New device login protection**: To keep your account safe and secure, Bitwarden will gradually begin requiring additional verification for users who do not use two-step login or SSO. Learn more [here](https://bitwarden.com/it-it/help/new-device-verification/). - **Update to recovery code use**: Using a recovery code, while still requiring your email address and master password, will now automatically log you into your vault and deactivate two-step login, instead of only deactivating two-step login. Learn more [here](https://bitwarden.com/it-it/help/two-step-recovery-code/#use-your-recovery-code/). - **FIDO2 two-step login for macOS desktop**: macOS desktop apps now support two-step login using a FIDO2 passkey. Learn more [here](https://bitwarden.com/it-it/help/setup-two-step-login-fido/). #### Password Manager - **Click to autofill setting moved**: The Click to autofill setting on the browser extension has been moved to the **Settings** → **Appearance** tab. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-browser/#customizing-autofill-behavior/). - **Prevent duplicate passkeys on iOS**: Duplicate passkeys cannot be saved on iOS that match an existing username and service already stored in the Bitwarden vault. The existing passkey may be modified or overwritten instead. Learn more about creating passkeys [here](https://bitwarden.com/it-it/help/storing-passkeys/#save-and-autofill-passkeys-with-bitwarden/). - **Enterprise single sign-on login update**: The "Use single sign-on" button has been added to the first step of the SSO login workflow in order to streamline Enterprise SSO login. Learn more [here](https://bitwarden.com/it-it/help/using-sso/#login-using-sso/). #### Admin Console - **Remove Unlock with PIN policy**: Enterprise organizations can now set a policy to prohibit members from using unlock with PIN in clients apps. Learn more [here](https://bitwarden.com/it-it/help/policies/#remove-unlock-with-pin/). - **Policy non-compliance change**: Policies that previously removed members from an organization for non-compliance will now revoke those members instead. Learn more [here](https://bitwarden.com/it-it/help/managing-users/#revoke-access/). - **Email notification for device approval requests**: Admins will now receive an email whenever a member of their organization submits a trusted device approval request. Learn more [here](https://bitwarden.com/it-it/help/approve-a-trusted-device/). #### Provider Portal - **Add existing organizations to Provider Portal**: Existing organizations may now be added to the Provider Portal by provider users if they are also the owner of the organization. Learn more [here](https://bitwarden.com/it-it/help/getting-started-providers/#add-an-existing-organization/). ## 2025.2.0 (*The listed release number is for the Bitwarden server, other versions numbers released in this cycle also include Web 2025.2.1*) > [!NOTE] New device verification release note > To keep your account safe and secure, in an upcoming release, Bitwarden will require additional verification **for users who do not use two-step login**. Users who want to avoid new device verification workflows can: > > - Preemptively set up two-step login by following any of the guides on [this page](https://bitwarden.com/it-it/help/setup-two-step-login/). > - Opt-out of this feature from the Settings → My account screen in the Danger Zone section. > > Learn more [here](https://bitwarden.com/it-it/help/new-device-verification/). This release includes: #### Password Manager - **Increased import item limit**: The limit to the number of items that can be in a Password Manager import has been increased. Learn more [here](https://bitwarden.com/it-it/help/import-data/). #### Admin Console - **Collection permissions updates:** - **Collection permission names updated**: Collection permission names have been updated to provide additional clarity. Learn more [here](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/). - **Update to "Edit items, hidden passwords" permission**: To increase security, the "Edit items, hidden passwords" permission will no longer allow users to assign items within the collection to another collection. ## 2025.1.2 (*The listed release number is for the Bitwarden web app, other versions numbers released in this cycle are Server 2025.1.4, Desktop 2025.1.4, Browser Extension 2025.1.3, CLI 2025.1.3, iOS 2025.1.2, and Android 2025.1.1*) This release includes: #### Password Manager - **Change vault item owner**: On the web app, you can now share a vault item directly from the Edit window by changing its owner to any organization you're a member of. Learn more [here](https://bitwarden.com/it-it/help/sharing/). - **Block autofill for browser extensions**: Browser extensions can now specifically be instructed not to allow autofill on certain domains. Learn more [here](https://bitwarden.com/it-it/help/blocking-uris/). - **Bitwarden Send updates on mobile**: Bitwarden Send options on mobile apps have discontinued support for setting an expiration date and deactivating the Send, in accordance with what is currently available on browser extensions. Support for these options will be discontinued in other clients in future releases. Learn more [here](https://bitwarden.com/it-it/help/send-lifespan/). #### Plans and Pricing - **Restart organization subscription**: Bitwarden subscriptions that have ended or lapsed will now have a 7 day grace period in which users can reactivate their subscription. Learn more about organization renewal [here](https://bitwarden.com/it-it/help/organization-renewal/). ## 2025.1.1 This release includes: #### Password Manager - **SSH agent**: Bitwarden users can now securely store and generate SSH keys directly with Bitwarden Password Manager. Learn more about the Bitwarden SSH agent [here](https://bitwarden.com/it-it/help/ssh-agent/). - **Use web device approval**: Use the web app to approve new trusted devices and login with device requests. Learn more [here](https://bitwarden.com/it-it/help/log-in-with-device/). - **Updated generator for desktop**: The password and username generator on desktop apps has had its UI refreshed to mirror newer designs from other Bitwarden apps. Learn more [here](https://bitwarden.com/it-it/help/generator/). #### Admin Console - **SSO external ID added to Public API responses**: Public API responses that return data on organization members will now include their SSO external identifiers when applicable. Learn more [here](https://bitwarden.com/it-it/help/api/). #### Self-hosting - **Legacy user encryption key migration**: When updated to server version `2025.1.3`, self-hosted servers will require users with extant legacy encryption keys, typically accounts created prior to 2021 who do not frequently use the web app, to log in to the web app to migrate legacy encryption keys. > [!NOTE] Extant legacy security keys > Impacted users will be logged out of, and prevented from logging in to, non-web Bitwarden clients until they have completed migration by logging into the Bitwarden web app. **To ensure there is no loss of service for your users, Bitwarden recommends**: > > 1. Upgrading your self-hosted server to `2025.1.0` as soon as possible. > 2. Notifying users that they should log in on the web app following this update to ensure extant legacy keys are migrated **before being enforced**by `2025.1.3`. > 3. Scheduling the upgrade of your hosted server to `2025.1.3` some period of time following the notification to allow users to migrate extant legacy keys. ## 2025.1.0 This release includes: #### Password Manager - **More autofill customization options**: Browser extensions now have more options for customizing your autofill experience, including the ability to select the item card to autofill instead of the **Fill** button, and several quick copy actions. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-browser/#customizing-autofill-behavior/). - **Biometric unlock for Snap Store desktop app**: Password Managed desktop apps downloaded via the Snap Store now support biometric unlock. Learn more [here](https://bitwarden.com/it-it/help/biometrics/#tab-desktop-2vCWb5iFg4OqKS0B2xXpqW/). - **Inline autofill for TOTP codes**: The inline autofill menu can now be used to select TOTP codes. Learn more about the inline autofill menu [here](https://bitwarden.com/it-it/help/auto-fill-browser/#use-the-inline-autofill-menu/). - **Long-press to autofill on iOS**: Long-press any text field on iOS 18+ to autofill from Bitwarden. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-ios/). - **New Public API operation**: A GET operation has been added to the` /public/organization/subscription` endpoint. Learn more about the Bitwarden Public API [here](https://bitwarden.com/it-it/help/public-api/). #### Admin Console - **Remove Free Bitwarden Families sponsorship policy**: This policy will allow Enterprise organizations to prevent users from redeeming a sponsored Families plan through their organization. Learn more [here](https://bitwarden.com/it-it/help/families-for-enterprise/). - **Integrations page**: An Integrations page has been added to the Admin Console navigation menu. The integrations page provides Help Center links to popular Bitwarden integrations for SSO, event management and more! #### Provider Portal - **Provider members can no longer export client vaults**: In order to increase security and privacy for client organizations, provider members will no longer have access to export client vaults. ## 2024.12.0 > [!NOTE] U2F Support in 2025 > In 2025, Bitwarden will begin phasing out support for FIDO Universal 2nd Factor (U2F) keys, which can be identifies as those marked **(Migrated from FIDO)** in the Two-step Login → Manage FIDO2 WebAuthn view of the web app. If you currently use a migrated U2F key, remove and re-register the key to automatically [set it up with WebAuthn](https://bitwarden.com/it-it/help/setup-two-step-login-fido/). This release includes: #### Password Manager - **Browser extension & web app UI refresh:** The Bitwarden Password Manager browser extension UI has been redesigned. Some included styling changes also enhance the web app's UI. Learn more [here](https://bitwarden.com/it-it/blog/bringing-intuitive-workflows-and-visual-updates-to-the-bitwarden-browser/). - **Web app view item panel**: The web app will now open items to a View panel, rather than directly to an Edit panel. Only users with edit access to items will be able to use the Edit button to change a vault item. Learn more [here](https://bitwarden.com/it-it/help/managing-items/). - **Autofill TOTP codes iOS 18.0+**: Bitwarden keyboard autofill feature on iOS 18.0 (or newer) will now autofill TOTP codes in login forms. Learn more about iOS autofill [here](https://bitwarden.com/it-it/help/auto-fill-ios/). - **PasswordXP .csv importer**: PasswordXP .csv has been added to the list of formats available for import into Bitwarden Password Manager. Learn more [here](https://bitwarden.com/it-it/help/import-data/). - **Netwrix Password Secure .csv importer**: Netwrix Password Secure .csv has been added to the list of formats available for import into Bitwarden Password Manager. Learn more [here](https://bitwarden.com/it-it/help/import-data/). #### Admin Console - **SCIM for Teams organizations**: Teams organizations can now use System of Cross-domain Identity Management (SCIM) to automatically provision members and groups from a source directory. This was previously only available for Enterprise organizations. Learn more [here](https://bitwarden.com/it-it/help/about-scim/). ## 2024.11.0 This release includes: #### My Account - **Email verification during sign up for all clients**: Users who create a new Bitwarden account using any Bitwarden client will now be asked to verify their email before creating a master password. Learn more [here](https://bitwarden.com/it-it/help/create-bitwarden-account/). #### Password Manager - **Inline autofill menu password generation**: The inline autofill menu can now be used to easily generate passwords when filling out account creation or password update fields. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-browser/#use-the-inline-autofill-menu/). - **Inline autofill menu options for cards and identities**: You can now turn on and off the option to include cards and identities as suggestions in the inline autofill menu. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-card-id/#using-the-inline-menu/). - **iOS copy & paste updates**: Several updates have been added to Bitwarden on iOS copy & paste functionality for ease of use. - **Improved error handling for non-official servers**: To help users who are using non-official Bitwarden servers, new error messaging has been added to help identify errors when connecting to a non-official server. - **Temporarily remove 'Allow screen capture' toggle on desktop apps:**To improve the experience with this feature, it has been temporarily removed from macOS and Windows desktop apps. Desktops apps will, for now, be captured by screenshots and screen sharing. - **Increase min number of words for passphrases**: The passphrase generator will now require that generated passphrases include at least 6 words, except on mobile clients. Learn more [here](https://bitwarden.com/it-it/help/generator/#password-types/). #### Admin Console - **Collection management settings update**: The limit collection creation and deletion to owners and admins setting has been separated into two individual settings for each action respectively. Learn more about collection management [here](https://bitwarden.com/it-it/help/collection-management/#collection-management-settings/). - **Can manage permission required for deleting collection items**: The **Can manage** permission is now required in order to delete collection items. Users with **Can edit** will not longer have the capability. Learn more about member permissions [here](https://bitwarden.com/it-it/help/user-types-access-control/#permissions/). ## 2024.10.4 This release includes: #### Admin Console - **Restrict access to**`**bw list org-members**`**command**: This command, and the equivalent endpoint in the Vault Management API, is now restricted to owners, admins, and custom users with the "Manage users" permission. #### Provider Portal - **Billing system migration**: Starting this month, existing providers will begin to be migrated to the updated client organization billing system. Learn more [here](https://bitwarden.com/it-it/help/provider-billing/). ## 2024.10.2 This release includes: #### My Account - **Email verification during sign up**: Users who create Bitwarden accounts through the web app will now be asked to verify their email before they create a master password. Learn more [here](https://bitwarden.com/it-it/help/create-bitwarden-account/). #### Password Manager - **Unlock with biometrics - Linux browser extension**: Unlock with biometrics for the Bitwarden browser extension is now available for Linux users on Chromium-based browsers. Learn more [here](https://bitwarden.com/it-it/help/biometrics/#enable-unlock-with-biometrics/). - **Desktop apps prevent screen capture:**By default, desktop apps for Windows and macOS will now prevent screen capture and recording. Learn more [here](https://bitwarden.com/it-it/help/getting-started-desktop/#next-steps/). - **Sync a locked vault on desktop**: Desktop apps can now manually sync even when the active account is locked. Learn more [here](https://bitwarden.com/it-it/help/vault-sync/#manual-sync/). #### Admin Console - **Microsoft Sentinel integration:** A new native integration is available for security information and event management (SIEM) with Microsoft Sentinel. The integration offers comprehensive event coverage across authentication, organizational activities, and vault items. Learn more [here](https://bitwarden.com/it-it/help/microsoft-sentinel-siem/). - **Ping Identity SCIM support**: System for cross-domain identity management (SCIM) with Ping Identity is now officially supported for Bitwarden organizations. Use the Ping Identity SCIM integration to automatically provision members and groups in your Bitwarden organization. Learn more [here](https://bitwarden.com/it-it/help/ping-identity-scim-integration/). - **Upgrade plan UI improvements**: Improvements have been made to streamline the process for upgrading your organization to another plan. Learn more [here](https://bitwarden.com/it-it/help/about-organizations/#upgrade-an-organization/). - **Automatically log in users for allowed applications policy**: This new policy will allow IdP administrators to enable non-SSO applications to automatically log in users when launched from their IdP dashboard. Learn more [here](https://bitwarden.com/it-it/help/policies/#automatically-log-in-users-for-allowed-applications/). ## 2024.9.2 This release includes: #### Password Manager - **PDF attachments now downloaded by default on web app**: PDFs stored as item attachments will be downloaded to your device for viewing, rather than opening in a new browser tab. Learn more [here](https://bitwarden.com/it-it/help/attachments/). #### Secrets Manager - **New Machine account view**: Machine accounts have a new **Config**tab, which provides a quick view of information that might be required when configuring an application to use a machine account. Learn more [here](https://bitwarden.com/it-it/help/machine-accounts/#configuration-information/). ## 2024.9.1 This release includes: #### Password Manager - **Inline autofill menu for passkeys**: Use the inline autofill menu to authenticate with passkeys. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-browser/#use-the-inline-autofill-menu/). #### Admin Console - **Member access report**: Enterprise organizations can use the member access report to monitor organization member's access to groups, collections and items. Learn more [here](https://bitwarden.com/it-it/help/reports/#member-access/). - **Fix for removed user events**: Events are now properly logged for users removed via the Public API or Directory Connector. ## 2024.8.2 This release includes: #### Password Manager - **Native mobile app for iOS**: Password Manager mobile apps downloaded via the Apple App Store have been upgraded to native mobile applications. Learn more [here](https://bitwarden.com/it-it/help/native-mobile-apps-release/). - **Password generator for password-protected exports**: Bitwarden can now generate unique passwords for password-protected exports. Learn more about password-protected exports [here](https://bitwarden.com/it-it/help/encrypted-export/#create-an-encrypted-export/). #### Admin Console - **Rapid7 SIEM integration:**Bitwarden organizations can now use Rapid7 for security information and event management (SIEM). Learn more [here](https://bitwarden.com/it-it/help/rapid7-siem/). ## 2024.8.0 > [!NOTE] Native mobile apps coming soon > In a **future** release, Password Manager mobile apps downloaded via the Apple App Store and Google Play Store will be upgraded to native mobile applications. Learn more [here](https://bitwarden.com/it-it/help/native-mobile-apps-release/). This release includes: #### Password Manager - **Autofill cards and identities**: Additional autofill methods can now fill cards and identities: - Autofill cards and identities using keyboard shortcuts. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-card-id/#using-keyboard-shortcuts/). - Use the inline autofill menu for cards and identities. Learn more [here](https://bitwarden.com/it-it/help/auto-fill-card-id/#using-the-inline-menu/). - **Unlock with biometrics Linux desktop app**: Unlock with biometrics on the Bitwarden desktop app is now available for Linux users using Polkit. Learn more [here](https://bitwarden.com/it-it/help/getting-started-desktop/#tab-3-6vQUhrVotSKFarA3cqyESG/). #### Secrets Manager - **Display total amount of machine accounts, projects and secrets**: The Secrets Manager navigation bar will now display the total number of machine accounts, projects, and secrets that you have access to. #### Admin Console - **Additional supported options when changing member decryption options**: If your organization moves from SSO with trusted devices to master password decryption, users will be prompted on next log in to create a master password instead of requiring administrators to issue one beforehand. Learn more [here](https://bitwarden.com/it-it/help/about-trusted-devices/#impact-on-master-passwords/). #### Provider Portal - **UI improvements**: The "People" page has been renamed to the "Members" page and the color scheme of the Provider Portal has been changed to match the Admin Console. ## 2024.7.3 This release includes: #### Secrets Manager - **New Secrets Manager landing page**: Quickly learn more about Secrets Manager and sign up for the product directly from the web app. Learn more [here.](https://bitwarden.com/it-it/help/secrets-manager-quick-start/#getting-to-secrets-manager/) #### Provider Portal - **Limiting provider access to vault items**: For added security and privacy for clients, provider users may no longer directly view, manage, or create items in client organizations' vaults. Provider users may, however, import vault data directly to client organizations. ## 2024.7.2 This release includes: #### Provider Portal - **Consolidated billing for new providers**: Billing procedures for providers that join Bitwarden after this release are now streamlined and managed exclusively from the Provider Portal. Existing providers will be migrated to the new billing system in a future release. Learn more [here](https://bitwarden.com/it-it/help/provider-billing/). ## 2024.7.1 This release includes: #### Password Manager - **Remove user verification for passkeys**: The recent update requiring user verification for using a passkey on the browser extension has been temporarily rolled back. - **PRF-Enabled Passkeys will persist through account encryption key rotation**: PRF keys used when logging into Bitwarden with a passkey will now persist if users rotate their account encryption key. Learn more [here](https://bitwarden.com/it-it/help/account-encryption-key/#rotate-your-encryption-key/). - **Invite clarification for emergency contacts and Providers**: Trusted emergency contacts and Provider users will now move to a "Needs confirmation" state after they've accepted an invitation to make your next steps clearer. - **Bulk assign items to collections**: From the Vaults view, you can now bulk assign items to an organization's collections. A previous version of this feature was called "Move to organization". Learn more [here](https://bitwarden.com/it-it/help/managing-items/#assign-to-collections/). - **Renamed adding items to folders**: From the Vaults view, the option to add item to a folder has been renamed from "Move selected" to "Add to folder". Learn more [here](https://bitwarden.com/it-it/help/folders/#move-items-to-a-folder/). - **Deprecate desktop app setting**: The desktop app can now approve device logins by default. Learn more [here](https://bitwarden.com/it-it/help/log-in-with-device/). - **Improved SSO identifier workflow**: Admins can now distribute the URL of the **Enterprise single sign-on** screen with their SSO identifier included as a query parameter to automatically redirect organizations members to the IdP for a more streamlined SSO experience. Learn more [here](https://bitwarden.com/it-it/help/sso-faqs/#q-do-i-need-to-enter-my-sso-identifier-every-time-i-login/). #### Secrets Manager - **Add direct access to a secret**: People and machine accounts can now be directly granted access to a secret rather than requiring a project as an intermediary. Learn more [here](https://bitwarden.com/it-it/help/secrets/). #### Self-hosting > [!NOTE] Individual item encryption server version notice > Users should upgrade self-hosted servers to at least this version prior to the 2024.10.x release to ensure compatibility with clients using vault item keys. - **Support for bulk device approval**: Self-hosted Bitwarden servers now support bulk device approval for SSO with trusted devices. Learn more [here](https://bitwarden.com/it-it/help/approve-a-trusted-device/#bulk-approve-requests/). #### Security - **Vault item keys**: An extra layer of encryption in the form of a new encryption key generated for each individual vault item has been added. Learn more [here](https://bitwarden.com/it-it/help/bitwarden-security-white-paper/#how-vault-data-is-encrypted/). #### Plans and Pricing - **Invoicing update, monthly-billed organizations**: Teams and Enterprise organizations billed monthly will see any prorated seat count adjustments included in their next occurring monthly invoice, rather than in a newly generated invoice per seat count change. - **Invoicing update, annually-billed organizations**: Teams and Enterprise organizations billed annually will see any prorated seat count adjustments included in a once-a-month adjustment invoice, rather than in an immediately-generated separate invoice per seat count change. ## 2024.6.3 This release includes: #### Password Manager - **SSO with trusted device bulk approval**: Admins and owners may now approve trusted device requests in bulk using the [web app](https://bitwarden.com/it-it/help/approve-a-trusted-device/#bulk-approve-requests/) or [CLI](https://bitwarden.com/it-it/help/cli/#device-approval/). - **Legacy user encryption key migration**: Bitwarden accounts created prior to 2021 will have their account encryption keys migrated to Bitwarden's modern user symmetric key. These users will be logged out of non-web Bitwarden clients until they have completed the migration by logging into the Bitwarden web client. Learn more about Bitwarden encryption [here](https://bitwarden.com/it-it/help/what-encryption-is-used/). #### Self-hosting - **Support for more collection management options**: Self-hosted Bitwarden servers now support the **Owners and admins can manage all collections and items** collection management option. Learn more [here](https://bitwarden.com/it-it/help/collection-management/). ## 2024.6.1 This release includes: #### Password Manager - **Collections management update**: A collection management option has been added that allows you to determine whether admins and owners are automatically provided management permissions to all collections, and the items therein, in your organization. Learn more [here](https://bitwarden.com/it-it/help/collection-management/). ## 2024.6.0 This release includes: #### Password Manager - **User verification for passkeys**: Browser extensions may now prompt users to verify with biometrics, PIN, or master password when using a stored passkey to login. Learn more [here](https://bitwarden.com/it-it/help/storing-passkeys/#tab-browser-extensions-3XutklkReT3Gw0l1qHhBem/). - **In-product getting started**: Users that are new to Password Manager will now be shown a getting started module to help them get started protecting credentials quickly. - **Browser extension settings reorganization**: Use the newly reorganized settings screen on browser extensions to quickly locate and modify browser extension settings. - **Firefox extension gains full functionality in private windows**: Bitwarden browser extensions used in Firefox private windows no longer have any limitations. Learn more [here](https://bitwarden.com/it-it/help/private-mode/). - **Additional location for product switcher**: The product switcher, used to move between Password Manager, Admin Console, Secrets Manager, and Provider Portal can now also be found in the bottom left of your navigation. - **Password-protected export for browser extensions and desktop**: Browser extensions and desktop apps can now export password protected encrypted exports. Learn more [here](https://bitwarden.com/it-it/help/encrypted-export/#create-an-encrypted-export/). #### Bitwarden Authenticator - **Import to Bitwarden Authenticator**: Import data directly to Bitwarden Authenticator from a variety of other authenticator apps, including Google Authenticator, LastPass Authenticator, Raivo, and 2FAS. Learn more [here](https://bitwarden.com/it-it/help/authenticator-import-export/). #### Secrets Manager - **Start a Secrets Manager trial**: Start a Secrets Manager enterprise trial to test a proof-of-concept and gain access to enterprise features like SSO and SCIM integrations, enterprise policies, self-hosting, event logs, and priority support. [Sign-up for a free 7-day trial of Secrets Manager today](https://bitwarden.com/it-it/go/start-secrets-enterprise-trial/). - **Secrets Manager Kubernetes Operator (beta)**: Use the Bitwarden Secrets Manager Kubernetes Operator to securely and efficiently integrate Secrets Manager into Kubernetes workflows. Learn more [here](https://bitwarden.com/it-it/help/secrets-manager-kubernetes-operator/). #### Admin Console - **Configure custom users via API**: Organization members' custom role permissions can now be configured via the Public API. Learn more [here](https://bitwarden.com/it-it/help/api/). ## 2024.5.0 This release includes: #### Password Manager - **Clone organization items from My vault**: Users with Can manage permission can now clone organization-owned items from their Vaults view. Learn more [here](https://bitwarden.com/it-it/help/managing-items/#clone/). - **Browser extension platform upgrade**: Starting this week, Password Manager browser extensions will begin a gradual upgrade to a new extension platform called Manifest V3, beginning with 1% of users and increasing incrementally throughout the month of May. You do not need to take action either to initiate this upgrade or once it’s completed. #### Admin Console - **Splunk Cloud integration**: The Bitwarden Event Logs app is available for information and event management on Splunk Cloud Classic and Splunk Cloud Victoria. Learn more [here](https://bitwarden.com/it-it/help/splunk-siem/). #### Self-hosting - **Collection management and deprecation of manager role**: Self-hosted servers can now access collections management functionality and will have users with the Manager role migrated to the User role with a new Can manage permission. Learn more [here](https://bitwarden.com/it-it/help/collection-management/). > [!TIP] Update license after FC migration > If you're self-hosting, set your [collection management settings in your cloud organization](https://bitwarden.com/it-it/help/collection-management/) and then [update your self-hosted server's license](https://bitwarden.com/it-it/help/licensing-on-premise/#update-organization-license/) to carry those settings over to your self-hosted organization. ## 2024.4.2 This release includes: #### Password Manager - **Use passkeys on mobile apps**: Password Manager mobile apps can now be used to create and sign in with passkeys. This feature is available for iOS and as a beta for Android. Learn more [here](https://bitwarden.com/it-it/help/storing-passkeys/). - **Delete stored passkeys**: Passkeys that have been stored with Bitwarden login items can now be deleted using the Bitwarden browser extension and desktop app. Learn more [here](https://bitwarden.com/it-it/help/storing-passkeys/). - **Additional permission for browser extensions**: Browser extensions in this version require a new permission from Manifest V2 browsers to better manage content script injection. Learn more [here](https://github.com/bitwarden/clients/pull/8222). #### Secrets Manager - **New integrations page**: Get quick access to Secrets Manager integrations through the new page available from the Secrets Manager web app. - **Secrets Manager CLI Docker image**: The Bitwarden Secrets Manager CLI is now available as a Docker image. Learn more [here](https://bitwarden.com/it-it/help/secrets-manager-cli/). ## Bitwarden Authenticator Introducing the new Bitwarden Authenticator standalone mobile app. Use Bitwarden Authenticator to generate verification codes for two factor authentication for apps and websites. Download from app stores or [learn more](https://bitwarden.com/it-it/help/bitwarden-authenticator/). ## 2024.4.1 This release includes: #### Password Manager - **Delete stored passkeys**: Passkeys that have been stored on Bitwarden login items can now be deleted from the **Vault item** → **Edit**screen of the Bitwarden web app. Learn more [here](https://bitwarden.com/it-it/help/storing-passkeys/#delete-vault-item-passkey/). #### Secrets Manager - **"Service accounts" now "Machine accounts"**: Service accounts have been renamed to machine accounts. ## 2024.3.1 > [!TIP] Unassigned curfuffle > With [recent migrations to a new permissions structure](https://bitwarden.com/it-it/help/collection-management/#collection-management-settings/) that brings greater collections management flexibility to your organization, vault items that are not assigned to a specific [collection](https://bitwarden.com/it-it/help/about-collections/) are now no longer displayed in your Password Manager **All vaults** view. [Learn how to access these items](https://bitwarden.com/it-it/help/unassigned-vault-items-moved-to-admin-console/). This release includes: #### Password Manager - **New languages available for Bitwarden apps**: With the contributions of community translators, new language options are now available across Bitwarden apps! See a complete list of languages [here](https://bitwarden.com/it-it/help/localization/). Learn more about contributing to Bitwarden localization [here](https://contributing.bitwarden.com/contributing/#localization-l10n). - **Desktop app hardware acceleration**: Bitwarden desktop apps now have an option to turn on or off hardware acceleration to optimize performance. This setting is enabled by default. #### Admin Console - **Bulk assign items to collections**: Organization items can be assigned to collections in bulk from the Admin Console. Learn more [here](https://bitwarden.com/it-it/help/about-collections/#bulk-assign-items-to-collections/). ## 2024.3.0 This release includes: #### Self-hosting - **New logs functionality for Linux deployments**: Linux deployments using the standard `bitwarden.sh` shell script can now use a new option to download compressed log files (see [here](https://bitwarden.com/it-it/help/install-on-premise-linux/#script-commands-reference/)). ## 2024.2.3 This release includes: #### Password Manager - **Web app navigation update:** The Bitwarden web app has been totally redesigned! We hope you enjoy the new experience ([learn more](https://bitwarden.com/it-it/blog/bitwarden-design-updating-the-navigation-in-the-web-app/)). - **Duo 2FA login update:**Duo has introduced Universal Prompt for users and admins. Duo admins who have enabled the service will see slight changes to the Duo 2FA login process. See [here](https://bitwarden.com/it-it/help/setup-two-step-login-duo/). #### Self-hosting - **Support for log in with passkeys (beta)**: Self-hosted Bitwarden servers now support the log in with passkeys feature (see [here](https://bitwarden.com/it-it/help/login-with-passkeys/)). ## 2024.2.2 This release includes: #### Admin Console - **Collection management for end-users**: Organizations now have the option to allow all users to create and manage their own collections. This option, located on the **Organization info** screen, is opt-in for existing organizations and opt-out for organizations created after 2024.2.2 (see [here](https://bitwarden.com/it-it/help/collection-management/)). - **Deprecation of Manager role**: When you turn on collection management, organization users with the Manager role will be migrated to the User role with a new Can manage permission over their assigned collections (see [here](https://bitwarden.com/it-it/help/user-types-access-control/)). #### Secrets Manager - **Ansible integration**: Use Bitwarden Secrets Manager to retrieve secrets and inject them into your Ansible playbook (see [here](https://bitwarden.com/it-it/help/ansible-integration/)). ## 2024.2.0 This release includes: #### Password Manager - **Browser extension TOTP capture**: Use the Bitwarden browser extension to scan a webpage and save TOTP authenticator QR codes (see [here](https://bitwarden.com/it-it/help/authenticator-keys/#scan-a-qr-code/)). - **Increased import item quantity maximum**: Imports made to Bitwarden Password Manager can now contain roughly double the amount of data (see [here](https://bitwarden.com/it-it/help/import-data/)). #### Admin Console - **Unique SP entity IDs per organization**: Organizations using SAML for SSO can now upgrade their entity IDs to be unique for their organization. Doing so will require re-configuring on the IdP (see [here](https://bitwarden.com/it-it/help/configure-sso-saml/)). #### Plans & Pricing - **Automatic tax calculation**: Tax rates for subscriptions will now be automatically calculated based on geography by our payments sub-processor. The subtotal charged by Bitwarden will remain the same, however you may notice a change in your tax-inclusive monthly invoice. ## 2024.1.2 This release includes: #### Password Manager - **Passkey storage for self-hosted**: Passkeys can now be stored in self-hosted Bitwarden servers (see [here](https://bitwarden.com/it-it/help/storing-passkeys/)). #### Admin Console - **More collections permissions via Public API**: You can now use the Public API to hide passwords from users for any collection (see [here](https://bitwarden.com/it-it/help/api/)). ## 2024.1.0 This release includes: #### My Account - **Log in with passkeys (beta)**: Passkeys can be used to log in to the Bitwarden web app as an alternative to using your master password and email (see [here](https://bitwarden.com/it-it/help/login-with-passkeys/)). #### Password Manager - **Account switching for browser extensions**: Log in to up to 5 accounts and switch seamlessly between them when using Bitwarden browser extensions (see [here](https://bitwarden.com/it-it/help/account-switching/)). #### Admin Console - **Configure subscription via Public API**: Use new Public API endpoints to configure subscription information like seat count, maximum auto-scaling, and storage (see [here](https://bitwarden.com/it-it/help/api/)). - **More organization upgrade paths**: More Bitwarden organizations can now upgrade to a different subscription without needing to contact support. ## Self-host with Helm GA Bitwarden can now be self-hosted in Kubernetes deployments using a Helm Chart (see [here](https://bitwarden.com/it-it/help/self-host-with-helm/)). ## 2023.12.1 This release includes: #### Password Manager - **Auto-fill menu**: Auto-fill credentials while browsing the web by turning on the new inline auto-fill menu (see [here](https://bitwarden.com/it-it/help/auto-fill-browser/#inline-auto-fill-menu/)). ## 2023.12.0 This release includes: #### Password Manager - **Option to turn off prompt to use passkeys**: You can now choose whether or not your browser extension will ask to save and use passkeys. (see [here](https://bitwarden.com/it-it/help/storing-passkeys/#turn-off-passkey-prompt/)). - **Forward Email support on mobile**: Forward Email can now be used on mobile apps as a forwarded email alias provider for the username generator (see [here](https://bitwarden.com/it-it/help/generator/#generate-a-username/)). - **Vault health reports update**: Organization members will now see organization-owned items which they have **Can edit**access to in their individual vault health reports. #### Admin Console - **Elastic integration**: Bitwarden organizations can now use Elastic for security information and event management (SIEM) (see [here](https://bitwarden.com/it-it/help/elastic-siem/)). - **CLI event logs**: Event logs viewed from the web app will now specify which events were logged by the Bitwarden CLI. #### Secrets Manager - **Secrets manager CLI output**: A new format has been added to output secrets as key-value pairs in the Secrets Manager CLI (v0.4.0) (see [here](https://bitwarden.com/it-it/help/secrets-manager-cli/#o-output/)). ## 2023.10.0 This release includes: #### Password Manager - **Save passkeys to your vault**: Passkeys can now be stored in your Bitwarden vault! Store and log in with passkeys using the Bitwarden browser extension (see [here](https://bitwarden.com/it-it/help/storing-passkeys/)). - **Direct LastPass importer**: Import data from LastPass directly to Bitwarden using browser extensions or desktop apps, including if you're a member of a team using SSO with LastPass (see [here](https://bitwarden.com/it-it/help/import-from-lastpass/#import-to-bitwarden/)). - **Import from browser extensions and desktop apps**: Data can now be imported to Bitwarden from browser extensions and desktop apps (see [here](https://bitwarden.com/it-it/help/import-data/)). - **Mobile settings reorganization**: The Settings tab on mobile apps has been reorganized into more intuitive categories. - **Support for self-hosted alias providers**: The username generator on Password Manager clients can now be connected to self-hosted Addy.io and SimpleLogin instances (see [here](https://bitwarden.com/it-it/help/generator/#tab-simplelogin-3Uj911RtQsJD9OAhUuoKrz/)). - **Auto-fill cards and identities via context menu**: Cards and identities can now be auto-filled by browser extensions using the context menu (see [here](https://bitwarden.com/it-it/help/auto-fill-card-id/#using-the-context-menu/)). #### Secrets Manager - **Support for self-hosting**: Enterprise organizations can now self-host Secrets Manager (see [here](https://bitwarden.com/it-it/help/manage-your-secrets-org/#self-hosting/)). - **New event logs view**: Service account event logs can now be accessed directly from the service accounts view (see [here](https://bitwarden.com/it-it/help/service-accounts/#service-account-events/)). ## 2023.9.0 This release includes: - **FIDO2 WebAuthn now a free two-step login option**: The FIDO2 WebAuthn method for two-step login has been expanded to free accounts. Now every Bitwarden user can improve login security using compatible FIDO2 WebAuthn credentials, such as those device-bound to hardware security keys (see [here](https://bitwarden.com/it-it/help/setup-two-step-login-fido/)). - **Organization member email verification**: Organization members will have their email automatically verified when they [accept an invitation](https://bitwarden.com/it-it/help/managing-users/#accept/) to join or if they are a member of an organization using [domain verification](https://bitwarden.com/it-it/help/claimed-domains/). - **Export update**: JSON exports of vault data will now include the password history for applicable items (see [here](https://bitwarden.com/it-it/help/export-your-data/)). - **CLI password generator options:** Generating a password using the CLI has additional option flags for customizing password complexity (see [here](https://bitwarden.com/it-it/help/generator/#generate-a-password/)). - **ProtonPass JSON importer**: ProtonPass JSON has been added to the list of formats available for direct import into Bitwarden Password Manager (see [here](https://bitwarden.com/it-it/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import/)). - **Desktop app theme update**: The desktop app's dark theme has been updated! ## 2023.8.2 This release includes: - **SSO with trusted devices:**SSO with trusted devices allows users to authenticate using SSO and decrypt their vault-stored encryption key without entering a master password (see [here](https://bitwarden.com/it-it/help/about-trusted-devices/)). - **Manager collection access:**To reduce visibility to non-essential data, managers can now only see collections that they are assigned to. ## 2023.8.0 This release includes: - **Secrets Manager - General availability**: Bitwarden Secrets Manager is now generally available for empowering developers, DevOps, and cybersecurity teams to centrally store, manage, automate, and deploy secrets at scale. Learn more about [Secrets Manager plans](https://bitwarden.com/it-it/help/secrets-manager-plans/) and [sign up today](https://bitwarden.com/it-it/help/sign-up-for-secrets-manager/). - **Import to a folder or collection:**Import data directly to an existing folder, or if you're a member of an organization directly to a collection, from the **Tools** → **Import data** screen. ## 2023.7.1 This release includes: - **Secrets Manager - CLI updates**: New commands were added for editing and creating projects and secrets, and the syntax used by the CLI has been restructured (see [here](https://bitwarden.com/it-it/help/secrets-manager-cli/)). - **EU Cloud**: Bitwarden cloud servers are now available with vault data storage in the European Union (see [here](https://bitwarden.com/it-it/help/server-geographies/)). ## 2023.7.0 This release includes: - **Login with device for self-hosted:**Bitwarden applications connected to self-hosted servers can now log in by sending an authentication request to a registered device instead of using a master password (see [here](https://bitwarden.com/it-it/help/log-in-with-device/)). - **Forward Email alias integration**: Connect the Bitwarden username generator to [Forward Email](https://forwardemail.net/) for easy creation of email aliases (see [here](https://bitwarden.com/it-it/help/generator/#username-types/)). - **Browser extension TOTP auto-fill:**Browser extensions will now auto-fill TOTP codes automatically unless you're using auto-fill on page load (see [here](https://bitwarden.com/it-it/help/auto-fill-browser/#totp-auto-fill/)). - **Policies - Renamed Admin password reset**: The Admin password reset policy is now named Account recovery administration (see [here](https://bitwarden.com/it-it/help/account-recovery/)). - **Use auto-fill in