Multiple Accounts for Browser Extension

It would be nice if the Bitwarden Browser Extension supported multiple accounts. When you have a private Bitwarden and one from work on the same laptop/ PC, it’s annoying since you can only be logged in into one account.

I’d like if there is also an option where you can choose if you want the passwords to merge (show both private and work passwords) or if you just want to switch the account that shows the data.

Note:
This is not about just the account switching like this feature request:

It’s about you having multiple accounts and don’t have to switch

The feature you are describing exists, and it is called an Organization.

Is this what you’re looking for?

image987×294 42.4 KB

I see commits on github relating to this so maybe December ??

@DoctorB No, he specifically clarified that he was not requesting account switching. He wants to share work credentials with a personal account and vice versa, which you could do using an organization.

I’m aware of that feature, and it’s practical for just a few orgs/ if I’m a manager of an org/ … But if I’m just a normal user, I can’t add my personal account to an organization. As well, it’s impractical if the work account has access to many organizations or changing organizations.

In my case, I have a personal account (self-hosted) for my passwords and a work account (self-hosted) for work related passwords. At work, we have a lot of organizations (100+) since these are structured by projects that a user only has access to passwords he explicitly needs.

In this situation, it would be really practical if I can access passwords from both accounts at the same time without switching accounts/ browser/ browser profile/ …

I also need this feature. My organization moved from LastPass to Bitwarden, granting licenses for both the enterprise account and a “sponsored” personal account to every employee (~7000 users). In LP, the associated personal account is linked to the enterprise account, so when logged in with my work credentials it has access to both my work and personal vaults, but when logged in with personal credentials it can only see my personal vault. Our Bitwarden licenses work the same way, with everyone eligible for a personal account based on the enterprise account license, but that interoperability is missing.

Bitwarden organizations, as suggested earlier in this thread, don’t address this common situation.

For those who lack imagination and can’t conceive of a use for this, here’s one I encounter several times a week personally, and thousands of times a week across the organization.

Our cloud-based HR system, which I frequently need to access off hours, on vacation, etc. to adjust/approve my team’s payroll, and to adjust my own submissions, requires password changes every 30 days (don’t get me started), and isn’t connected to our SSO platform for good reasons, so is a unique account only used in this one service. So, I need to have that password in my personal vault so I can make those time-sensitive changes from personal devices when needed.

The problem is when I’m at a work computer, and need to access this HR system, my work account doesn’t have access to the password. This leaves me (and everyone else in my org) with a number of bad options:

1. Since the browser extension now supports multiple accounts, keep the password in my personal vault, keep both my work and personal vaults logged in in the browser extension, and fuss around with the half-dozen extra steps to manually switch between the vaults. This is the least-bad option I’ve found so far, but it does increase exposure risk, and absolutely can and does result in work passwords stored in personal vaults due to humans forgetting which vault is active. Hopefully we can all agree that having a human do a tedious, repetitive, process manually instead of having the computer handle it automatically is a bad idea.
2. Keep the password only in the personal vault, and always have a personal device available to access the HR system from when working. Most days this would be a workaround for me, personally, but network security restrictions in many areas of our organization mean that isn’t the case for most people that would need to do this.
3. Manually copy the account info between the two vaults every time the password is changed, which is tedious, error prone, and an unnecessary risk.
4. Keep the password only in the enterprise vault, and log into my enterprise vault on my personal device whenever I need to access the HR system off-hours. I’m not the CISO, but I do work very closely with him and I’m pretty confident he wouldn’t be happy if we advised people to do this.
5. Keep the password only in the enterprise vault, and never log into the HR system from a personal device. Since I’m not going to carry around the 10 pound work laptop in my personal time, this’d mean I couldn’t adjust my reported time for unexpected leave, and couldn’t approve my team’s time when on vacation. Maybe the best option from a security perspective, but the unintentional fraud risk from not reporting things like sick/personal leave before payroll runs, and the certainty that this would result in missed paychecks due to approval deadlines being missed are more than enough to make this option unviable.

That’s just one system out of about a dozen where I, along with the other users in my organization, would benefit from having access to the linked personal vault from within the enterprise vault. Bitwarden already knows the relationship between these vaults for billing/licensing, so all of the information is already there to implement this on the back-end, but I haven’t looked at the code to see how hard it’d be architecturally.

If this can’t be done on the back-end, a simple change to the browser plugin to allow password selection from all open vaults while only adding new accounts to the “selected” open vault would also address the need.

PLEASE implement this functionality one way or another, it’s a critical need for us. I’ve already observed people ignoring the enterprise account and putting everything in their personal account to work around the problem, which is bad for the organization’s security posture.

@Volta Welcome to the forum!

If I understand correctly, you currently have the HR system password stored in the individual vault of your personal Bitwarden account. Is there a reason why you can’t create an organization owned by this personal Bitwarden account, and invite your work account to join that organization as a member? If this is possible, you would be able to place the HR system credentials in a collection that is shared between your personal account and your work account.

Yes, there is, the system won’t allow that. If I try to invite my work account to an organization in my personal account, I get an error accepting the invitation “Unable to accept invitation. You cannot join this organization because you are a member of another organization which forbids it”. If I try to create a second organization in my work account, I get “Your current organization has a policy that does not allow you to join more than one organization.”

While I’d phrased the comment using myself as an example, I’m not looking to solve this as a one-off, I’m looking to solve it for my entire user base.

My position in the org is high enough that I could get a configuration change pushed through to allow multiple organizations and cross-tenant organization membership, if I thought that was a viable option. But I’m talking about 7000 mostly non-technical users here that are already coming up with their own insecure workarounds, and putting that configuration burden on the individual users is just too much complexity for this user population, especially considering this was completely automatic in our last password management platform.

In most ways Bitwarden is better, which is a big part of why I pushed for the move, but this one area is a big hole in the user experience, and it seems like there are a few different ways Bitwarden could make a big UX improvement here. It’s not the end of the world now that the browser plugin has been extended to allow multiple accounts, it’s just getting tedious to have to keep switching back and forth between the two unlocked vaults.

What about inviting personal accounts to join a restricted-access user group within the enterprise organization, setting up one or more enterprise-owned collections to hold credentials that employees must access from personal devices, and then giving the personal accounts group (or individual personal accounts within the group) access to that shared collection (but nothing else)?

Perhaps the solution is to ask the CISO for the “corporate answer”. It sounds like you have encountered a use-case that had not been considered.

@grb’s answer is the best one, “invite your work account to join that [personal] organization”. This closely mimics the described LastPass behavior. The error, “organization … forbids it”, indicates that they either have not considered or intentionally do not want to support your use case.

That’s got some potential, thanks, I’ll look into it. For it to be viable I’d need to be able to automate the access controls to that restricted-access group, and ensure that it was set up in a way that doesn’t inadvertently give people access to other user’s credentials. So far we’ve only used enterprise collections to share credentials between members of working groups (e.g. sysadmins have access to the collection where admin/root creds are stored).

I’m responsible for our enterprise IT strategy, that “corporate answer” would come from me. This is a use case that was considered when we made the switch, and were told that it was “coming soon” with multi-account support in the browser plugins. That support is now here, and after an extended time using it, is falling short of expectations in this one area. I’m looking to reduce friction so our users will stop finding workarounds to make their day-to-day lives easier that are bad for our security posture.

Also, in context that full quote was:

The specific piece I’m confident he (and I) wouldn’t be happy about is telling people to sync the enterprise password vault on their personal devices. Allowing that is a non-starter.

Going in the other direction, I don’t recall what his specific concern was, but at the time it was enough to convince me to wait for the plugin update. If organizations are the only way to accomplish this in Bitwarden, I can revisit that discussion with him, but I still think the user setup required in their personal accounts for that option is going to be too much friction to overcome with the user community.

The browser plugin has both vaults accessible and unlocked, is it really so much to ask that all credentials stored in both vaults are accessible within the browser without manually selecting which vault to access through the plugin UI? Sure, if there are entries for example.com in both vaults there will be more than one credential to choose from, but the interface already handles multiple matches well.

It’s really weird how hostile the Bitwarden community is to this perennial feature request, even before considering that the Bitwarden competition has supported this use case well for years.

Another option… use separate browser profiles (or separate brands of browser) to remain logged into both the personal account and the enterprise account. Then use whichever one matches the vault you want. Yes, annoying but perhaps less annoying than switching Bitwarden profiles.

I struggle to understand why an organization would forbid one to invite an enterprise account to a personal vault, but is OK with the user logging into the personal account from the enterprise device. They seem like substantially the same behavior/risk/functionality to me. What am I missing?

I apologize if our suggestions sound hostile. That is not our intent. Searching for matches in all open vaults does sound perfectly reasonable to me, but that is not how it works today. Since community members have very little influence (1 vote each) regarding development priorities, we tend to focus on finding workarounds that can be implemented with today’s capabilities.

I wouldn’t necessarily consider this particular request to be “perennial”, as it is not even a year old, and has accumulated only 5 votes.

It’s unfortunate that you’ve perceived the responses here as hostile, when that is not the intent. Mods usually engage in some initial questioning to determine whether what is being asked for may be something that already exists, or may be a duplicate of an existing feature request. Beyond that, it is very common for feature request posts to be met by a flurry of suggestions for work-arounds — this practice arises from the fact that only a small fraction of feature requests are ultimately implemented by Bitwarden, and those that do eventually find their way into production typically take a relatively long time go through the process of research, development, QA testing, and release (none of which happens until after Bitwarden management has shortlisted an idea for inclusion on the development roadmap). The community may propose alternative solutions on the feature request threads in the hopes of identifying an acceptable work-around until such time that the feature may be implemented in a future release.

The only time I’ve seen “hostile” responses is when a feature request proposes an idea that would adversely affect the security or UX for other users, or when the proposal is deemed frivolous (in which case users who prefer that developers pursue more meritorious feature requests may state something to that effect). I have not seen evidence of any such reactions in this thread.

There are a couple of enterprise policies that require the the Single organization policy to be enabled if you want to enable them (Require single sign-on authentication or Account recovery administration perhaps being the most relevant ones).

Just an example.