Policy Based Password Ownership and Personal/Business Account Separation

Leaping off what was discussed in this feature request: 🚧 Account Switching - #8 by wvanos

It would be great to see an implementation of policy-based password ownership for organizations. For example,

  1. Acme Inc invites [email protected] to the Organization.
  2. [email protected] accepts invitation and creates an account.
  3. Two workspaces/organizations are created for [email protected]: Personal, and Acme Inc.
  4. When creating a password the user can choose which workspace to save it to.
  5. At the administration level, admins can force users to save passwords to the business workspace given a set of parameters (e.g the login email is a company email)

The [email protected] would own all of the passwords in the Personal workspace, and if they were ever terminated from the organization, would have the option to continue using the data in their Personal workspace and migrate it to a personal/free plan.

Acme Inc would own all of the passwords in the Acme Inc workspace and have controls to revoke access from [email protected], transfer ownership, or destroy the data.

This is a feature that Dashlane offers which clarifies the ownership of data, and makes it practical to maintain both personal and business passwords on a single login.

I am a bit confused. It sounds like what you are explaining is already how Bitwarden organizations work… ?

What happens to passwords when the owner of an organization deletes a user? For example, let’s say [email protected] get’s fired and their BitWarden and Email access are removed. What happens to the data in their personal vault?

Cheers

As long as the user still knows their master password they can still access the Bitwarden account and all data stored in the personal vault on the account. Removing a user from the organization does not affect anything in their personal vault.