How to scale with Collections and Groups
As a business, it's vital to be able to share data securely while also managing access at scale. The Bitwarden Password Manager handles this with Groups and Collections
Collections are a way to associate and share items, similar to a shared folder and an item can belong to one, two, or many Collections. Admins typically name their Collections based on:
Departments (ex. HR, Engineering)
Areas of Responsibility (ex. Social Media, Software Development)
Functions (ex. Compliance Reporting, Customer Outreach)
Whichever convention you choose, it's important to ensure that Collection names will be clear to an average member of your Organization as they are used for sharing new or existing items.
New Collections can only be created by Members with the Member role of Manager or above. These can be added in the Web app either in the Vaults tab New > Collection or by going to the Organizations tab Vault > New > Collection.
During the creation process, you can choose to nest the new Collection under an existing Collection. This is a UI feature that can help give additional context to your members and help indicate that the nested Collections are related. For example, a top level Collection may be named IT Support with the following Collections nested inside: Tier 1, Tier 2, and Tier 3 to indicate Teams within a Department.
You can grant permission for a Collection to each individual Member, but in order to easily scale, you can also grant Collection permissions to a Group of Members.
Groups are a way to associate the Members of your Organization, similar to user groups you may already have within your identity provider. Groups allow you to grant and remove Collection permissions in bulk as well as acting as a template when a new member joins your Organization.
Note that while a Member can belong to multiple Groups, they will be able to leverage the highest level of permissions granted to them, so it's important to ensure adequate separation when developing your Organization's Group structure.
To manually create a Group, navigate to the Web app > Organizations > Groups > New Group. This will open a dialogue where you can name the Group, use the Members tab to add new Members, and use the Collections tab to grant permissions to one or more Collections.
If you choose to manually name your Organization's Groups, some common naming conventions include:
Department Names (ex. HR, Engineering)
Vendor or Systems (ex. AWS, Production Servers)
Locality (ex. US Employees, UK Employees)
SCIM provisioning and Directory Connector are available to automatically provision and deprovision your Groups and Group membership. When you use either of these methods, your Group names will match the group names of your identity provider.
Learning Center
このページの変更を提案する
どうすればこのページを改善できますか?
技術、請求、製品に関するご質問は、サポートまでお問い合わせください。