Policy Based Password Ownership and Personal/Business Account Separation

knowispow · January 2, 2019, 7:47pm

Leaping off what was discussed in this feature request: 🚧 Account Switching - #8 by wvanos

It would be great to see an implementation of policy-based password ownership for organizations. For example,

Acme Inc invites user@acme to the Organization.
user@acme accepts invitation and creates an account.
Two workspaces/organizations are created for user@acme: Personal, and Acme Inc.
When creating a password the user can choose which workspace to save it to.
At the administration level, admins can force users to save passwords to the business workspace given a set of parameters (e.g the login email is a company email)

The user@acme would own all of the passwords in the Personal workspace, and if they were ever terminated from the organization, would have the option to continue using the data in their Personal workspace and migrate it to a personal/free plan.

Acme Inc would own all of the passwords in the Acme Inc workspace and have controls to revoke access from user@acme, transfer ownership, or destroy the data.

This is a feature that Dashlane offers which clarifies the ownership of data, and makes it practical to maintain both personal and business passwords on a single login.

kspearrin · January 3, 2019, 4:45am

I am a bit confused. It sounds like what you are explaining is already how Bitwarden organizations work… ?

knowispow · January 3, 2019, 4:58am

What happens to passwords when the owner of an organization deletes a user? For example, let’s say user@acme get’s fired and their BitWarden and Email access are removed. What happens to the data in their personal vault?

Cheers

kspearrin · January 3, 2019, 5:10am

As long as the user still knows their master password they can still access the Bitwarden account and all data stored in the personal vault on the account. Removing a user from the organization does not affect anything in their personal vault.