Sorry if duplicate, I did a quick search and didnt find an exact replica of my question, but I’m sure there must be similar questions. Please point me to it.
So I currently have a BW family organization subscription between me + spouse.
Now I want to manage passwords for my aging parents alongwith my sibling.
So the setup I want is me + spouse have individual accounts and we share collections between us for our common stuff.
I want to setup one account for my Sibling and one for my Parents (single account), and configure a collection to put my parents stuff in and shared between me & my sibling.
I dont want my sibling/parent to access me & spouses collection and also my main question is to make sure that we dont have admin/recovery options over each others individual accounts. This way impact of compromised account is minimized. I havent had the time to go through the whole documentation yet, so I figured i’ll ask here.
Technically, Bitwarden’s Terms of Service specify that “a single login may not be shared by multiple people”, so to be compliant with the terms, your parents would each have to have separate individual accounts (which are then each joined to your Family plan), but other than that you should be able to do most of what you described in your post.
As a organization owner/admin, you will always have a way of accessing vault data stored in any of the organization’s collections. A collection’s access permissions could be configured so that you do not see any of the collection’s contents while you are using your own Bitwarden apps — however, you would still be able to go into the Admin Console (accessible from the Web Vault only), where you will have the ability to see collections for which your user account has not been given view access.
You can certainly set up permissions to prevent your siblings and parents from viewing any collections that are shared between you and your spouse, and since only you are the organization admin, they will not have access to the Admin Console “back door” for accessing these private collections.
The Family organizations do not offer any method for admins to “recover” other members’ individual accounts (e.g., if they lose access to their master password or 2FA), so you don’t have to worry about that — the individual vaults will always be safe (as long as each user has a master password that is unique, confidential, and randomly generated, has enabled 2FA, has good security for their devices, and practices good internet hygiene).
One of my parents is an invalid and cannot move or speak, so only one account is really needed there where all of their stuff is combined, and so that me & my sibling can help out managing their affairs.
The org owner/admin backdoor info is useful. I suppose if my sibling & their spouse (neither use a password manager, and I’m trying to get them to use bw ) also want to setup their own accounts with shared stuff between them, which is inaccessible to me , then the only real way is for them to buy their own separate family plan and add themselves to it?
The setup then is my family Organization with me, spouse, parent, sibling, and my sibling’s family Organization with sibling, spouse?
If they don’t trust you not to access their private collection via the Admin Console “back door”, then yes, they would need their own organization. However, if they are just sharing between two individuals, they would not need a separate Family plan — each individual Bitwarden account (even free accounts) have the ability to set up a two-person organization for free. However, please note that with a free organization, premium benefits (such as file attachments, advanced Vault Health Reports, or integrated TOTP generation) would not apply to shared items stored in the free organization’s collections — even if the two members of the free organization each have premium benefits for their individual accounts.
And yes, your sibling & sibling-in-law can be members both of your Family plan and of their own organization (whether it is a free organization or a second paid Family plan).
Follow up question:
What happens if I add parent, sibling, sibling spouse to my organization and sibling and sibling spouse create a Free Organization with just them 2? They still get premium subscription for being part of my Organization, and privacy from me having backdoor access to my Organization.
Do they lose out on any features in their Free organization apart from unlimited collections and limited to just 2 users and then they cant add their kid to it?
Other than being limited to 2 users and 2 collections, they will not get premium benefits (such as file attachments, advanced Vault Health Reports, or integrated TOTP generation) for any shared items that are stored in the free organization’s collections. They would still have such benefits for items stored in their individual vaults (as long as they remain in your Family plan), and for any shared vault items that are stored in collections belonging to your Family organization.
) also want to setup their own accounts with shared stuff between them, which is inaccessible to me , then the only real way is for them to buy their own separate family plan and add themselves to it?