We need admin access to all user’s work-related passwords. But we don’t want to have to change a user’s master password every time they’re on vacation and we need to get one of their work passwords.
Looks like we need to have users store all those passwords in the Organization vault. And it appears that they must be added to a Collection.
Is my best (only?) option to create a Collection for each user that is shared only with the admins, then have the user create (or move) their work-related passwords there?
Hi @KraftMarker, welcome to Community! 
Yes, that would generally be the best practice. Because of the Bitwarden zero-knowledge architecture, the Individual vault and the Organization vault have separate encryption. Once this migration is complete, you can eliminate this issue in the future by using an Enterprise policy to remove Individual vaults entirely. This will ensure all future data is saved to the Organization vault.
We also have this handy video if you want to easily show your users how to move items to their Organization vault.
I hope these resources help, but please let me know if you have additional questions!
Is a Collection visible only to the users who have permissions to it?
Collections are only visible to Users and Managers that have permissions for them, but all Collections are visible to Admins and Owners through the Admin Console. You can learn more about Member roles here: User Types and Access Control | Bitwarden Help Center