Bitwardenブログ

Password Sharing with Organizations

著者:
Kyle Spearrin
投稿日:
2022年7月22日

Editor's Note: This article was originally written on May 2nd, 2017 and was updated on July 22nd, 2022.

The ability to securely share passwords was one of the most requested features since Bitwarden came into existence. Password sharing has many applications. To the personal user, you may want to do things like share a Netflix password with the entire family, or share your Amazon login with your spouse. You can use Bitwarden to share passwords with your family. If you are a company or some other type of organization, you may have hundreds of logins that need to be securely shared with users across teams and departments, each in their own unique way. Traditional methods of sharing passwords usually lead to bad password practices and quickly become a headache to manage.

So without further ado, here's how you can securely share passwords in Bitwarden!

It's all about "organizations"

To share passwords with users in Bitwarden, you first need to create an organization. An organization is simply an entity that relates users together that want to share logins with another user. An organization could be a family, team, company, or any other type of group that desires to share logins in Bitwarden.

Organizations in Bitwarden come in various types of plans. For personal use, our Free and Premium plans allow users to share vault items with one other user, while our Families plan offers the ability to share vault items between six people. If you are a company or large organization, you'll need to purchase a Teams or Enterprise plan. You can read more about the different features of these plans on our main website.

Set up collections

Collections allow you to group related logins within your organization that your wish to share. A simple personal organization for a family may only want to have one or two collections (ex. Parents and Kids), while a larger organization like a company may have many collections (ex. each department such as Sales, IT, Developers, Dev Ops, etc).

1 A EMBBwcAU j4sJSsBmvNA
1 A EMBBwcAU j4sJSsBmvNA

Collections listing for an organization.

When you add a new user to your organization (see below), you can associate that user to one or more collections within your organization. Once the user has access to your organization, any logins that are placed into that user's associated collections will be available in their vault. When associating a user to a particular collection, you can also decide whether or not that user has write access to logins contained within it. Selecting the Read Only option will ensure that the user cannot edit any logins within that particular collection (they can just view and use them).

Note that collections are different than folders. Collections are a way to organize logins and limit user access within an organization's vault, while folders are a way for individual users to organize logins within their own personal vault. An individual user may wish to further organize the logins being shared with them in their own vault into a personalized folder structure that makes sense just for them.

Invite users

Once you've set up your organization's collections (you can also do this before setting up collections if you'd like) you're ready to start adding users to your organization. Adding new users to your organization involves a three step process: invite, accept, and confirm.

To invite a user to your organization simply enter their email address, select what type of user they are (normal user, admin, or owner) and select the collection(s) that they should have access to (you can change this later by editing the user). You can also designate a user as having access to all items for the organization and collection assignment will not be necessary.

1 hCLlf5izAayCyZh8hRq0VQ
1 hCLlf5izAayCyZh8hRq0VQ

Popup modal for inviting a new user to an organization.

Once you invite a user they will receive an email where they will need to click a link to accept the invitation. After clicking the accept link the user will be prompted to create a new Bitwarden account or log into an existing account registered at that email address.

1 LUiXN3NW8 rIXQAMFZB3Hw
1 LUiXN3NW8 rIXQAMFZB3Hw

After clicking an emailed link, the invited user is prompted to accept the invitation to the organization.

After the user has successfully accepted the organization invite, an organization admin will then need to confirm the user from the same area in the web vault that you invited the user from (Organization Admin -> People). Only after the user is confirmed will they then have access to that organization and the items being shared with them.

1 OPhoPRhLDuipizuDUbvPig
1 OPhoPRhLDuipizuDUbvPig

After the user accepts the invitation, confirm the user from the options dropdown menu.

Share some logins

Now we're ready to start sharing logins. Sharing logins with an organization's users can be done in a couple of different ways.

First, from the organization's admin area you can add new logins to the organization vault. After adding a login to the organization vault, you can select which collections that login belongs to.

1 3cLyj8PWgfQ0ZsK SQfoXw
1 3cLyj8PWgfQ0ZsK SQfoXw

An organization's vault.

You may also already have logins in your personal vault that you want to "move" to an organization. After adding a login to your main personal vault like usual, simply select the Share option. From the share page you can select the organization and any collections for that organization that you have access to.

1 bfaWN6dC HZzVvHGHgubNQ
1 bfaWN6dC HZzVvHGHgubNQ

To move a login from your personal vault to an organization, select the Share option from your vault.

After placing a login into a collection, all users that also have rights to that collection will then have access to view or edit the login (unless they are limited with Read Only access to that collection).

How is this secure?

You may be wondering how to share a password and how Bitwarden is able to share logins across users accounts while still maintaining our policy of never transmitting unencrypted vault data. The answer is public/private key, or asymmetric encryption. All sharing in Bitwarden follows the same zero-knowledge principles that we have always followed, protecting you and your data with end-to-end encryption. No unencrypted data ever leaves your device(s).

1 VtWayeYq404OATkaQdsulg
1 VtWayeYq404OATkaQdsulg

A simple illustration of public/private key encryption. Source: Wikipedia.

As always, feel free to contact us if you have any questions or issues regarding organizations and/or password sharing in general.

Get Started with Bitwarden

Interested in simplifying your security with Bitwarden? Sign up for a free business trial to keep your team secure online, or register for a free individual account.

この記事の内容:

ブログ一覧に戻る

今すぐBitwardenを使い始める。

無料アカウントを作成
言語
© 2022 Bitwarden, Inc.
利用規約プライバシーポリシーサイトマップ