Questions about organisation and sharing of vault contents

Confused, any infographics please?
I now have Vault with all my credentials in No folder?
I created an organisation for finance stuff.
I created a Collections and a folder in Collections called Shared.
My limited understanding is the Shared folder will share mutual credentials like the house Wi-Fi SSID and password.
I see theo invite button, but it’s unclear if all my credentials or nothing will be sent?
I tried the Send button with a test text.

@kotgc I moved your comment into its own thread, since it appears that you have questions about more than just sharing login credentials with your wife.

If the rest of this response does not address all of your questions, please explain specifically what you are confused about.

Folders do not appear automatically. You have to first create the folders that you want, and then assign vault items into folders. Alternatively, if your credentials are imported from a file, then you can control the organization of the imported data at the time of import.

This sounds like you may have misunderstood the purpose of “organizations” in Bitwarden. An “organization” is strictly for the purpose of sharing vault items between two or more Bitwarden users (i.e., yourself and any other Bitwarden user who you invite to become a member of the organization that you created). Unless you’re only planning to share “finance stuff” with your wife (or other organization members), it probably doesn’t make sense to use “Finance” as the name of the organization.

There would be more detailed information in the Admin Console, but from the screenshot you posted above, it looks like you have created no folders. Instead, you have created a collection inside the pre-existing “Default Collection” (i.e., you have created a so-called nested collection).

It will probably not cause you any problems to have a nested collection (other than possible issues when using the Search function to look for items in the collection) — but it is also not necessary. You can create a top-level (non-nested) collection if you wish, or you can simply make use of the existing “Default Collection”.

In case it’s not clear to you, each collection is part of an organization, and the main purpose of a collection is to control which organization members have access to different subsets of vault items that are stored in the organization vault.

OK, but this will only happen if you transfer those credentials into the “Shared” collection (or whatever collection you end up using instead of this nested collection), and if your wife (or whomever you wish to share mutual credentials with) is a member of the organization, and if this other organization member has been assigned permissions to view the contents of that collection. You can read more about collections here.

The + Invite member button does not “send” any credentials. It is the first step in a three-part process (Invite → Accept → Confirm) required to add another person to your organization. After they have been added as a member you can give them permissions to view (or even manage) the contents of one or more collections in your organization.

The Bitwarden Send feature is something completely different, completely unrelated to organizations and sharing. It is a way to securely transmit a short text message or a file to another person.

2 Likes

Thank you, however for a noob to learn and then to dig oneself out of a created mess, the confusion is increased.
All I would like is:

  1. to open my password manager and all non-finance credentials open in a list. Right now, All vaults seems to open by default, showing non-finance and finance Names. I used to have a 2nd Bitwarden password manager to separate Finance from non-finance, however to use the Emergency Access, I imported the Bitwarden Finance account into this 1 account. However, this now needs cleaning up for optimised ease of use and security.

  2. My idea/understanding is I could then select a Folder named Finance for all finance related credentials.

  3. I would like to have a “Shared” vault or folder or whatever the terminology is for where a partner can access the House Wi-Fi credentials.

  4. If there is an option for a non personal “Shared” vault or folder or whatever the terminlogy is, for non personal people to access a credential like “School Project”, that’s a bonus, however not critical

  5. The Emergency Access seems to have failed. I sent an invite to 2 people, 1 accepted and my Password Manager → Settings → Emergency access → Trusted emergency contacts → Name: status shows Invited. I need this to be tested and working.

  6. Some clarity on the Secrets Manager would be useful.

  7. the Password Manager → Send → sent a message, however the receiver did not see the text, what is going wrong here please?

OK, in that case, you could make a Collection for financial credentials, and set your own permissions so that you — as a user — do not have view access to that collection (you would still be able to view these credentials when accessing your organization vault as an Administrator). In this way, the financial credentials would be hidden from view when you open the password manager.

An alternative approach with essentially the same outcome would be to place your financial credentials in the organization vault, but do not assign them to any collection (not even the “Default Collection”) — leave them as “unassigned”.

Well, not exactly. When you first open your password manager, you will see all credentials from all folders, and from all collections for which you have view access.

You can use folders to filter the list of credentials, so that you only see see the credentials contained in the folder, but when you first open the password manager, you will be presented with an unfiltered view (including both financial and nonfinancial vault items).

Then create a Collection (which you could name “Shared”, if you wish), set up the Collection permissions so that your partner has view access, transfer the credentials to the organization, and assign those credentials to the “Shared” collection. Also ensure that you yourself have permissions to view the collection contents.

I have no idea what you mean by “non personal people”, but the answer is that as long as this “non personal” person has joined your organization as a member, then you can set up a separate collection that they can view, and place the “school project” credential in that collection.

If you want more people other than your partner and yourself to join the organization, you will need to subscribe to a paid organization plan (e.g., a Family Plan or Teams Plan) — free organizations can have at most two members (you and one other person).

The person who did not accept yet must do so within 5 days of the invitation being sent. For the person who did accept the invitation, the tag shown in the Emergency Access setup page in your Web Vault should change from “Invited” to “Needs confirmation”, as shown here. Not sure why that hasn’t happened in your screenshot. If logging out and logging back in to the Web Vault does not fix this, then I would recommend that you contact support.

Are you a computer programmer/developer? If not, then the Secrets Manager product is not for you. If you are, then see here for an overview.

What do you mean by “sent a message”? When you create a Bitwarden Send, it just generates a web link that you can copy. To transmit the message to the intended recipient(s), you will need to copy the Send’s link from your vault, and send it to your recipient via email, text, or alternative methods of communication. For example, here is an example of a Send link that I might have included in an email message to my recipients:

https://send.bitwarden.com/#dgqXoG6CH0WNA7HeAC64Ig/ffwx22fOyLHmb3chjZWBHA

(feel free to click the above link — the message should be available until 2 September 2024).

1 Like

I’m trying to figure out point 1.
I researched how to backup Bitwarden by Web app → Bitwarden → Tools → Export vault → Export from: My vault → File format: .json → Confirm format → Master password → Export vault. Repeat for Finance.

I then navigated to Web app → Bitwarden → Vaults → All vaults → FILTERS → All vaults → Finance → vertical ellipse → Leave → Are you sure you want to leave this organisation? Yes → An error has occurred. Organisation must have at least one confirmed owner.

How do I make a Bitwarden owner?

The actions that you took were steps for you to leave the “Finance” organization (i.e., cancel your organization membership), leaving behind the other users of that organization (if any), or leaving behind an organization with no members. Each organization must have at least one admin/owner, and as you are the only admin/owner of the “Finance” organization, you cannot leave the organization until another organization member has been designated to take over your role as admin/owner. However, did you really want the “Finance” organization to continue to exist without you as a member?

If your goal is actually to delete the organization, then follow these instructions: in the Web Vault, click Admin Console in the lower left corner, then go to Settings > Organization info in the left-hand navigation menu; scroll down to the “Danger Zone” section, and click the Delete Organization button.

:warning: IMPORTANT: This will permanently and irrevocably delete any login credentials or other vault items that were stored within the “Finance” vault (including its unassigned items, and all items assigned to its “Default Collection” or to any collection that you may have created).


P.S. Why do you want to leave/delete the organization, anyway? It seems that your original goals could be achieved simply by renaming the “Finance” organization (to “My Organization” or some such).

1 Like

overwhelmed, but something like this…?

Not sure how to respond to your image. It contains some information that seems accurate, some information that confuses me, and some information that is inaccurate.

How about we clarify your goals, and then come up with some solutions?

One of your goals is to share your WiFi password and perhaps a few other credentials with a partner. This should be relatively straightforward, but we’ll hold off on setting this up until we figure out your other goals.

You expressed previously that your second goal was to ensure that all financial account credentials would be out of view when you first open your password manager. This can be done, but it takes some advanced configuration, and if you ever want to access your financial account credentials, the process will be more cumbersome than it needs to be.

You also mentioned a third (optional) goal, involving sharing of credentials with a “non personal” person (a concept that I do not understand, and that you have not explained). This is something that can be done, if you have paid for an organizational subscription (e.g., a Family Plan or one of the business plans).

Please respond to these questions:

  1. Would it be a dealbreaker to you if the financial accounts are visible when you first open the password manager, but you can hide them with one click? Such a setup would be much easier to set up and to work with, than what you originally asked for (ensuring that all financial accounts are hidden when you first open the Bitwarden app). The latter is also possible, but more complicated and cumbersome.

  2. What was it about your previous solution (a separate Bitwarden account for storing your financial account credentials) that wasn’t working? You mentioned something about Emergency Access, but what was the problem exactly? Having a separate account for the financials may be better solution if it is essential to you that these financial accounts are not shown when you first open the password manager (i.e., if hiding the financial accounts with an extra click is not an acceptable solution to you).

  3. Do you already have a Family Plan subscription, or if not, would you be willing to pay for such a subscription ($40 USD/year, which includes Premium individual accounts for all plan members)? This would allow you to share credentials with up to 4 “non personal people” (in addition to your partner). If there are more than 4 “non personal people” who need access to shared credentials, would you be willing to pay for a Teams Plan subscription ($336 USD/year or more, depending on the number of plan members)?

1 Like
  1. not a deal breaker if finance accounts are visible when first opening password manager and then one click to hide them.
    Disappointing though as I prefer optimising navigation paths and less clicks is more intuitive and less effort in the grand scheme of all the other software UX, which adds up over time and may or may not contribute to RSI and frustration

  2. My previous solution with a 2nd Bitwarden account for finance was perfect with finance separated from general and more frequently used general credentials, however I have recently set up Bitwarden Emergency Access which seems to solve a long standing question about inheritance in the case of my loss of access to the Master Password.
    Having 1 paid Bitwarden Emergency Access account for $US10 p.a. protects the general credentials, however Emergency Access would also need access to finance credentials.
    Therefore, I exported the finance credentials from account 2 (with its separate master password) and imported the finance credentials into account 1 with its separate master password.
    Now I only have to memorise 1 master password which is benefit, however the appearance currently irks me seeing less used and more sensitive finance credentials on first log in glance for what I 99% of the time log in to see, general credentials and not finance credentials; also usability seems to have introduced 1 extra click (however this is minor and if I can compare this to the complex setup, will have to suffice).

  3. I don’t think I need more than the free and $US10 p.a. Emergency Access subscription.
    I would like to share the house Wi-Fi and perhaps a few other minor credentials that come to mind with my partner.
    By non-personal, I mean non-partner people who should have no access to my credentials nor the shared house Wi-Fi…so school or professional projects or general kerfuffle. This is not a deal breaker, however being clear how to set it up when a project needs a quick team setup might come in handy. Certainly nothing on the enterprise price range of $US336 p.a, more like volunteer secular charity projects and code development to ease working class struggles with FOSS solutions.

You have some options:

Option 1:

Revert to your previous solution of having two separate individual accounts. You only need a Premium subscription to initially set up (or make configuration changes to) the Emergency Access. Thus, it would be a one-time fee of $10 to set up Emergency Access for the second account, not a recurring annual subscription fee (assuming that you go ahead and cancel your Premium subscription after you have set up the Emergency Access to your liking).

Option 2:

If even a one-time $10 expense is too much, you could consider having Emergency Access only for the first account, and then storing the login credentials (username and master password, as well as the 2FA authentication key or two-step login recovery code) for accessing the second account within the vault of the first account. That would allow anybody who takes over your first account to also gain access to yoru second account.

Option 3:

Keep a single account with all credentials, but create two folders: “Financial”, and “Non-Financial”. When you first open the password manager, all credentials will be shown. If you click the “Non-Financial” folder in the Filter section, all of the financial account credentials will be hidden.

Option 4:

Keep a single individual account, and create an organization. Set up a collection called “Financial” within your organization, and transfer all financial account credentials into this collection. Edit the permissions for the “Financial” collection to remove all view access from your individual account. Now, the financial account credentials will be hidden from view when you first open your password manager. However, if you ever do wish to access any financial account credentials, you would have to do so from the Admin Console in the Web Vault.

Option 5:

This will be identical to Option 4, except that you now will have two individual accounts, one of which can be free (just like before). Instead of storing the financial account credentials in the individual vault of the second account (as you did originally), keep the financial account credentials in the “Financial” collection as explained in Option 4. Set up the collection permissions so that your first individual account does not have any view access to the “Financial” collection, but your second individual account does have view access to the “Financial” collection. This second individual account will not need Emergency Access, since someone who takes over the first account suing Emergency Access will also be able to access the organization vault data through the Admin Console.

 

Let me know if you have a preference for one of the options above, and whether you need additional instructions for implementing your preferred option.

1 Like

Thank you for the clarity.
Option 2 seems a great solution with 2 separate accounts, however memorising 2 master passwords weighs twice as much on the mind, therefore option 4 seems most optimised with the somewhat hidden and not in plain sight finance credentials.

Could you please clarify with option 4 when you say “you would have to do so from the Admin Console in the Web vault”, do you mean Bitwarden must be viewed from:

  1. a desktop web browser
  2. a phone web browser
  3. a phone Bitwarden app?

In Option 2, you would actually not need to memorize the master password for the second account, since this second master password will be stored within the vault of the first account. Thus, you’d be able to access the second account (presumably the one that has the financial credentials) by initially logging in to the first account using its master password (memorized for convenience), and subsequently retrieving the login credentials for the second account.

Furthermore, in routine use, the Bitwarden browser extensions and client apps (except for the Web Vault) would remain logged in indefinitely, with the data secured by locking the vault rather than logging out when the vault is not in use. When a Bitwarden app or browser extension is locked, it an be unlocked using a PIN (or a password that is shorter than your master password), or biometrics (fingerprint or face ID).

There are other features available (such as “login with device” or “login with passkey”) that can make it easier to access a second account without having to memorize a second master password.

If you set things up as suggested in Option 4, then you would have to log in to the Web Vault by navigating to vault.bitwarden.com (or vault.bitwarden.eu, depending on where your accounts are hosted) using a web browser running either on a desktop computer, on a laptop computer, or on a mobile device (phone or tablet).

1 Like

Thank you, so option 4 would have no way to access the finance credentials from the Bitwarden phone app?

That’s correct, unless you use first go through the Web Vault Admin Console to give view permissions to your account.

1 Like

Yes, I would setup Bitwarden on a desktop web browser for ease of using a large display.
Therefore, option 4 will work also on a phone Bitwarden app.
Now I just need to follow the thread and action the process.

To be clear, your financial credentials will not be viewable from the Bitwarden mobile app running on your phone, unless you first use the Web Vault to reverse the setting that hides the “Finance” collection from view.

1 Like

Topology existing currently (probably all messed up in an attempt to set up the wish list):

  • Vaults (for individuals)
    All vaults shows General and Finance credentials.
    All vaults → Finance shows Finance credentials.
    All vaults → My vault shows General credentials.
    I didn’t create a 2nd vault, I created 1 organisation named Finance for finance credentials.

  • Folders (groupings for vaults)
    Folders shows Finance and No folder.
    Folders → Finance folder is empty.
    Folders → No folder shows General and Finance credentials.

  • Organisations (for groups)
    Organisations: I don’t see any menu for organisations?

  • Collections (groupings for organisations)
    Collections shows a right window with Name Default collection.
    Collections → Default collection shows Finance credentials.
    Collections → Default collection → Shared is empty.

Wish list:

  1. Bitwarden account menus and sub-menus, how can this be cleaned up for the minimum titles needed?

  2. Vault shows on initial log in → would like to show general credentials (finance credentials hidden).

  3. Folder, are they needed in my wishlist?

  4. Organisation to be created named something? → create a Collection named Finance, within an organisation → how to add Admin rights or whatever?

  5. Organisation to be deleted, but how to add at least one confirmed owner?

  6. Collection “Finance”, how do I edit the permissions to remove all view access from the individual account?

Seems like you haven’t tried changing anything since we first started this thread — other than adding a “Finance” folder to your individual account.

Please understand that an organization has a vault, just like an individual has a vault. You are the owner of your individual vault (“My Vault”). Similarly, the organization is the owner of the organization vault (which you’ve named “Finance”). So, by creating an organization, you did create a second vault — namely, the organization vault (“Finance”).

The description “groupings for vault” does not seem apropos. Folders are structures that exist within your personal account, and can be used to categorize vault items (logins, etc.) for which you have view access (including any item stored in your individual vault, and items stored in the organization vault).

Again, the description “for groups” seems odd to me, and may hint at a misunderstanding on your part. FYI, you do have an organization, namely the “Finance” organization that owns the “Finance” vault.

Management of organizations is generally done from the Admin Console, so you will not see any relevant menus while still in the Password Manager view (which is what’s shown in your screenshot).

 

Not sure what you mean by this. Are you referring to folders and nested folders, for organizing login credentials that are accessed within your individual account? Or are you talking about account switching (switching between one Bitwarden account and another, as in Options 1, 2, and 5 from my earlier response)?

I’ve discussed this above. All of the proposed options except Option 3 will meet this requirement.

I cannot answer that question. They would definitely be required if you go with Option 3, but would be optional otherwise. It seems like you like to put accounts into categories, though, so you might like using folders.

This list of yours is becoming very stream-of-consciousness now, and getting a bit difficult to interpret. You already created an organization (which you named “Finance”). By default, you are the admin of the organization that you created. For the record, I would recommend that you rename your organization from “Finance” to something more general, like “My Organization”, or “KotgcOrg” (since it will also house nonfinancial credentials).

Why do you want to delete the organization, and why do you want to add another owner to the organization if you plan to delete it? Neither of these actions seem like a good idea.

Well, you would first need to create a collection named “Finance”. The steps for creating a collection are outlined here. Do not specify any existing collection in the Nest collection under dropdown selector.

I’m just trying to clean up the mess and setup Option 4. Bitwarden prompts that I cannot delete the Organisation “Finance” unless there’s an owner.
I guess I just want to rename Organisation “Finance” to “definitelyNothingToSeeHere” or something.

I updated my understanding below, with 6 uncertainties:

Here are some steps to get you started:

  1. Rename your organization from “Finance” to “My Organization”: in the Web Vault Admin Console, use the left-hand navigation menu to go to Settings > Organization info, where you can modify the “Organization Name” field, after which you should click the Save button.

  2. Back in the Password Manager section of the Web Vault, open your nested collection named “Shared”, then delete the “Shared” collection by clicking the V arrow icon next to the collection name at the top of the page (as shown in this screenshot), and selecting :wastebasket: Delete.

  3. Still in in the Password Manager section of the Web Vault, create two new collections: name one of them “Finance”, and name the other “Shared”. To create a collection, click the blue New V button in the top right corner of the vaults view in the Password Manager, and then select “Collection” (as shown in this screenshot). In the Collection info tab, enter the desired collection a Name, and ensure that the Organization value is set to “My Organization” (or whatever name you choose in Step 1 above); ignore the External ID field. Important: Make sure that the option Nest Collection Under is set to “No collection”. Don’t forget to click the Save button when you’ve defined the parameters for the first collection; then repeat the whole process for the second collection.

  4. Go back to the Admin Console, go to the Members view, and check whether there are any members in your organization.

After completing the above, I would suggest that you post a screenshot showing the “Filters” view (similar to the screenshots you’ve posted above), and also describe or screenshot the list of organization members (if posting a screenshot of the Members view, please ensure that any real names and email addresses shown in the “Name” column have been redacted to protect your privacy).