Bitwarden for Enterprise Features Datasheet
This document describes and references the features available to
Application Range and Ease-of-use
Enterprise Features | Description |
|---|---|
Deployment Options | Cloud, Private Cloud, and Self-hosted. |
Web Application | Fully encrypted cloud web app at |
Mobile Apps (with Mobile Login Controls) | Available for iOS and Android. |
Browser Extensions | Available for Chrome, Firefox, Opera, Edge, Vivaldi, Brave, Tor, and Safari. |
Desktop Applications | Available for Windows, Mac, and Linux. |
Command-line Interface | Available for Windows, Mac, and Linux. |
Administrative Features and Capabilities
Enterprise Features | Description |
|---|---|
Simple user management | Add or remove seats and onboard or offboard users directly from the Web Vault. |
Role based access control | Assign role-based access for Organization users, including a custom role and granular permissions (e.g. Hide Passwords, Read-Only). |
Directory sync | Synchronize your Bitwarden Organization with your existing user directory. Provision and deprovision users, groups, and group associations. |
SCIM support | Use the SCIM protocol to manage and provision Bitwarden users, groups, and group associations from your Identity Provider or directory service for easy onboarding and employee succession. |
Account recovery administration | Designated administrators can reset Master Password of end-user accounts if an employee loses or forgets their Master Password. |
Collections with curated access | Create an unlimited amount of password collections containing an unlimited amount of passwords. Collections can be assigned to groups or individual users. |
Enterprise policies | Enforce security rules for all users, for example mandating use of Two-step Login. |
Temporary password sharing and generation | Create and share ephemeral data using Bitwarden Send. |
Complimentary Families plan for users | All enterprise users receive a complimentary family plan for personal use to practice good security habits outside of the workplace. |
Reporting
Enterprise Features | Description |
|---|---|
Vault health reports | Run reports for Exposed Passwords, Reused Passwords, Weak Passwords, and more. |
Data breach reports | Run reports for data compromised in known breaches (e.g. Email Addresses, Passwords, Credit Cards, DoB, etc.). |
Event logs | Get time stamped records of events that occur within your Organization Vault for easy use in the Web Vault or ingestion by other systems. |
Authentication
Enterprise Features | Description |
|---|---|
2FA for individuals | A robust set of 2FA options for any Bitwarden user. |
2FA at organization-level | Enable 2FA via Duo for your entire Organization. |
Biometric authentication | Available for: |
SSO with trusted devices | SSO with trusted devices allows users to authenticate using SSO and decrypt their vault using a device-stored encryption key, eliminating the need to enter a master password. |
Login with SSO | Leverage your existing Identity Provider to authenticate your Bitwarden Organization users via SAML 2.0 or OpenID Connect (OIDC). |
SSO with customer managed encryption | Employees use their SSO credentials to authenticate and decrypt all in a single step. This option shifts retention of the users master passwords to companies requiring the business to deploy a key connector to store the user keys. |
Security
Enterprise Features | Description |
|---|---|
Secure storage for Logins, Notes, Cards, and Identities | Bitwarden |
Zero knowledge encryption | All Vault data is end-to-end encrypted. |
Secure username and password Generator | Generate secure, random, and unique credentials for every Vault item. Available on web and in-app. |
Encrypted export | Download encrypted exports for secure storage of Vault data backups. |
Biometric authentication | Available for: |
Emergency access | Users can designate and manage trusted emergency contacts, who may request access to their Vault in case of emergency. |
Account fingerprint phrase | Security measure that uniquely and securely identifies a Bitwarden user account when encryption-related or onboarding operations are performed. |
Subprocessors | See our full list of subprocessors: |
Compliance, Audits, Certifications
Enterprise Features | Description |
|---|---|
SOC 2 Type II and SOC 3 | |
Security and compliance assessments | Bitwarden invests in annual third party audits, security assessments, and other compliance standards. All reports are available on the |
GDPR, CCPA, & HIPAA | |
White-box testing | Performed by unit tests and QA engineers. |
Black-box testing | Performed via automation and manual testing. |
Bug Bounty Program | Conducted through HackerOne. |
APIs and Extensibility
Enterprise Features | Description |
|---|---|
Programmatically accessible | Public and Private APIs for Organizations. |
Command line interface | Fully featured and self-documented command-line tool. |
Extensibility support | Automate workflows by combining API and CLI. |
Resiliency
Enterprise Features | Description |
|---|---|
Local cache & offline access |