Hi, Our company is looking to move away from Lastpass so we started a trial with Bitwarden. We have an enterprise account with enterprise policies, but we’ve been running into some hurdles that need to figure out.
When we invite someone to our Bitwarden organization, we ask that they use their @company.com email address to create their company vault. This gets them into BW successfully and it creates an individual vault for the employee. This is good because individual employees have individual credentials for sites that they need to access. This is what we would expect. The problem is that Bitwarden doesn’t see that as a company account, BW sees that as a normal account and is disconnected from the company. (The user has an account to BW, but it is linked to the company. It is not a company account. BW expects that the employee maintains access to this account after they leave the company.) This is also a problem when using reports such as the ‘weak passwords.’ Since BW see this individual ‘personal’ vault (that was created for an employee to store their work related credentials) as not part of the organization, the organization reports don’t report on these individual vaults. (such as the organizational weak password report.) The organization also loses the ability to manage these individual vaults.
In BW’s help website, there is a section talking about the “Remove individual Vault” policy that enterprise customers can use and force saving to individual collections. One of the problems here is that when you turn that policy on, browser extensions no longer prompts to update/save passwords. Is this a bug? Any plans on fixing this?
When an employee leaves the company, it is not expected that they maintain access to their individual vault that could store company secrets (passwords/cards/notes) when it was created use by the employee of the company. I understand that there is an Organizational vault, but users cannot save to that unless they save to a collection. How do employees create their own vault to be used for company items (not personal items), that show up in enterprise vault health reports and stay with the company if the employee leaves? It is difficult to gain compliance where employees save to an individual collection and not personal vaults, especially because for the browser extension work and prompt to save new passwords, a company cannot disable individual vaults as the help docs suggest.
We are still early in our trial but I’ve been through the help docs and I’ve got to be missing something because I don’t see a way to keep company items from being mixed with the personal ‘individual vault’.
Is there any enterprise users who can shed light on these issues?
