To be able to strictly limit secret accesses to organization users, the organization policies should allow to forbid emergency access (for example, when the Single Organization policy is enabled).
When the policy “Account recovery administration” is enabled, if a user of the organization looses his access, an administrator is able to reset his access. The emergency access is in this case useless and unsafe because it permits to grant uncontrolled accesses to an organization vault.
Seconding -
While emergency access may serve a purpose for non-enterprise users, it introduces unnecessary risk in enterprise environments. Specifically, it can be exploited by insider threat actors who, before departing the organization, designate a personal email address as an emergency access recipient. This bypasses enterprise-grade security controls such as SSO, MFA, and trusted device policies.
In such a scenario, the individual is removed from the Bitwarden organization and its collections, but retains access to their individual vault containing work-related credentials in perpetuity.
Although best practices like key/password rotation and thorough offboarding procedures can mitigate such a threat, the emergency access feature undermines these efforts without providing a meaningful benefit. Administrative takeover solves much of the same problem as emergency access attempts to tackle, and is much more appropriate in a business environment.
We are actually holding back widespread deployment of Bitwarden at our organization until this feature can be disabled by policy. I walked through the process with a coworker a few months ago and was left horrified; no notifications were ever sent to my administrative account that they had added my personal account as their emergency contact, and no alarm bells rang when I was allowed to take over their account. How is this not a deal-breaker for other organizations?
@johnmbradley Welcome to the community!
Before you have a heart attack, do know that emergency access only grants access to the employee’s personal vault, not the organizational vault. The goal behind emergency access is to allow the employee’s executor or power-of-attorney to gain access to the personal items.
You should be training your users to keep company stuff in the company vault and personal stuff in the personal vault. My employer’s philosophy is that we want our employees to protect their personal bank account creds, just as they would company creds. After all, they have a vested interest in learning to protect the former.
One can reasonably debate in which vault individual creds to company assets (as opposed to shared creds) belong. But it also does not really matter because you have no assurance they were not also written down or posted on AOL, so the only known secure reaction to end-of-service is disabling/changing any creds that may have been known by the former staffer.
@johnmbradley Welcome to the forum!
I’m not quite sure if there are different “rules” for Enterprise plans, but according to the documentation (Log In With Emergency Access | Bitwarden) I didn’t see any hints to that – so you should have gotten an invitational email from your worker. And you should have had to accept that invitation. – And then they shouldn’t have been able to just add you against your will or knowledge as an emergency contact.
And when they confirmed your “acceptance”, you should also have gotten an email notification about that.
In fact, I think you and your worker should have gotten several emails (e.g. also about you initiating the emergency access, getting that access etc.):
(–> see: Emails from Bitwarden Servers | Bitwarden)
If neither of you didn’t get any of those emails, there might be something wrong with email notifications in your BW organization (I’m also thinking you may be self-hosting the organization and then, again, you probably should check your email configurations).
Thanks! Apologies, I should have been clearer in my explanation, and as it turns out I may be misunderstanding the risk here anyway. I have an administrator account in our Bitwarden Enterprise environment as well as a personal Bitwarden account. My coworker designated my personal Bitwarden account as their emergency access contact for their regular account in our Bitwarden Enterprise environment. I did receive several emails to that account, as did they. What did not receive any notice was my administrator account, which surprised me based on my understanding of the feature.
I’m not so sure about this. The emergency access page for my work’s enterprise account shows me this warning:
Warning
You are an owner of one or more organizations. If you give takeover access to an emergency contact, they will be able to use all your permissions as owner after a takeover.
But that could be is due to the fact that I’m and owner of that org.
(and testing this with a non admin account is too much work for my will, since we have mandatory sso enabled).
Edit to add:
That’s not how I see it: Personal stuff does not belong to the corporate bitwarden account (in any vault). Personal stuff goes to personal accounts. And the corporate’s individual vault is for credentials that are exclusive to the user but, I repeat, always work related.
For example: the credentials to access my personal corporate email account (those go to my individual vault because they should not be shared with anyone else).
I understand that reasoning (as you also say, this is reasonable to debate). My argument against this is that I, as an admin, can takeover a user’s account. For that I don’t want to be able to find any personal stuff there (bank accounts are the first example that comes to mind, there are several others).
Thanks all, the team is looking at making improvements/restrictions to this workflow for Business, stay tuned!
The corresponding Help Site – I guess the source for @DenBesten’s statements as well – is clear about “View”, but indeed a bit unclear about what happens exactly with “Takeover”:… actually, it is clear about both – when you actually read it. 
Ah, then please also update the Help Sites accordingly, adding more clarity here. Never mind… 
Actually, this is indeed documented in the last paragraph of your image.
Thanks!
When you (I) include it, but only read the part above…
This.
But I think you’ve figured that out now. Nonetheless, since there is already some confusion in this thread, I would suggest that you edit your comment to strike out (markdown syntax: ~~strike out~~) or otherwise annotate the parts that you now know to be potentially misleading.
