Password Sharing with Organizations
Editor's Note: This article was originally written on May 2nd, 2017 and was updated on July 22nd, 2022.
The ability to securely share passwords was one of the most requested features since Bitwarden came into existence. Password sharing has many applications. To the personal user, you may want to do things like share a Netflix password with the entire family, or share your Amazon login with your spouse. You can use Bitwarden to share passwords with your family. If you are a company or some other type of organization, you may have hundreds of logins that need to be securely shared with users across teams and departments, each in their own unique way. Traditional methods of sharing passwords usually lead to bad password practices and quickly become a headache to manage.
So without further ado, here's how you can securely share passwords in Bitwarden!
To share passwords with users in Bitwarden, you first need to create an organization. An organization is simply an entity that relates users together that want to share logins with another user. An organization could be a family, team, company, or any other type of group that desires to share logins in Bitwarden.
Organizations in Bitwarden come in various types of plans. For personal use, our Free and Premium plans allow users to share vault items with one other user, while our Families plan offers the ability to share vault items between six people. If you are a company or large organization, you'll need to purchase a Teams or Enterprise plan. You can read more about the different features of these plans on our main website.
Collections allow you to group related logins within your organization that your wish to share. A simple personal organization for a family may only want to have one or two collections (ex. Parents and Kids), while a larger organization like a company may have many collections (ex. each department such as Sales, IT, Developers, Dev Ops, etc).
When you add a new user to your organization (see below), you can associate that user to one or more collections within your organization. Once the user has access to your organization, any logins that are placed into that user's associated collections will be available in their vault. When associating a user to a particular collection, you can also decide whether or not that user has write access to logins contained within it. Selecting the Read Only option will ensure that the user cannot edit any logins within that particular collection (they can just view and use them).
Note that collections are different than folders. Collections are a way to organize logins and limit user access within an organization's vault, while folders are a way for individual users to organize logins within their own personal vault. An individual user may wish to further organize the logins being shared with them in their own vault into a personalized folder structure that makes sense just for them.
Once you've set up your organization's collections (you can also do this before setting up collections if you'd like) you're ready to start adding users to your organization. Adding new users to your organization involves a three step process: invite, accept, and confirm.
To invite a user to your organization simply enter their email address, select what type of user they are (normal user, admin, or owner) and select the collection(s) that they should have access to (you can change this later by editing the user). You can also designate a user as having access to all items for the organization and collection assignment will not be necessary.
Once you invite a user they will receive an email where they will need to click a link to accept the invitation. After clicking the accept link the user will be prompted to create a new Bitwarden account or log into an existing account registered at that email address.
After the user has successfully accepted the organization invite, an organization admin will then need to confirm the user from the same area in the web vault that you invited the user from (Organization Admin -> People). Only after the user is confirmed will they then have access to that organization and the items being shared with them.
Now we're ready to start sharing logins. Sharing logins with an organization's users can be done in a couple of different ways.
First, from the organization's admin area you can add new logins to the organization vault. After adding a login to the organization vault, you can select which collections that login belongs to.
You may also already have logins in your personal vault that you want to "move" to an organization. After adding a login to your main personal vault like usual, simply select the Share option. From the share page you can select the organization and any collections for that organization that you have access to.
After placing a login into a collection, all users that also have rights to that collection will then have access to view or edit the login (unless they are limited with Read Only access to that collection).
You may be wondering how to share a password and how Bitwarden is able to share logins across users accounts while still maintaining our policy of never transmitting unencrypted vault data. The answer is public/private key, or asymmetric encryption. All sharing in Bitwarden follows the same zero-knowledge principles that we have always followed, protecting you and your data with end-to-end encryption. No unencrypted data ever leaves your device(s).
As always, feel free to contact us if you have any questions or issues regarding organizations and/or password sharing in general.
Interested in simplifying your security with Bitwarden? Sign up for a free business trial to keep your team secure online, or register for a free individual account.