What are key user management features of Teams, Enterprise, Families?

In a nutshell my firm has ~10 employees. We need a locally stored vault of 30 client’s info (maybe 10-50 logins each).

The key functionality I’m trying to understand is how Teams, Enterprise, (Families?) manage user roles & permissions:

  • Two managers have access to all clients.
  • Eight employees have access to 2-5 firms each.
  • Employees can update passwords and add new logins, but have no other admin permissions.
  • Employees will be removed and added and have no further access
1 Like

I don’t have any answers for you but I’m thinking of switching our similar-sized company from Lastpass to Bitwarden. Out LP grew organically based on individual accounts, some free some paid-for. It will definitely need some tidying up but I would add to your requirements in the following way:

  • Each person has their own personal logins in the account
  • Each person can have a personal, shared organisation for their family
  • Each person has access to one or more company “organisations” (in BW speak)
  • If a person leaves the company, they lose access to the company organisations but not their personal logins

I’m not sure if the best approach here is to pay for a Premium account for each person or go for a Teams account.

@lemo70 I’m not sure I understand the benefit to combine a personal user account (paid, free) with your employee/employer account. Logically they have nothing to do with each other and I wouldn’t dare to trust my personal info tied in any way to my employer’s data. Sounds like opportunity to lose everything. You wish reminds me of Google’s former one-account policy. For a long time google wanted every person to have one and only one gmail/google account. They imagined themselves like Facebook I guess (though, unlike facebook, you couldn’t necessarily have your preferred account name–think [email protected] or something like that.) I don’t see the user-value.

I’m asking the community for your experiences with the different Bitwarden products for Enterprise and even Family (because my firm is <10 ppl).

For me my question is from the perspective of the employer managing client’s data and employee access:

  • grant employees permission to access client A, and revoke client B (easy to manage dashboard, and not some drill-down through multiple screens and authorizations)
  • quickly shutdown a employee’s accounts (User Interaction which is unambiguous and clear)
  • prohibit employees from exporting logins
  • allow employees to add new logins, and update passwords for the client’s who they manage.

Of course, none of this is meant to be a safeguard against employees who just write a password down. That is simply theft. I think the best product will have a User Experience that is organized for these tasks and just plain useful.

Now this topic for me can quickly become a discussion of innovation (It’s just fragg’n software after all). I can imagine a wish list,

  • password audit (we’re managing passwords our clients setup, and sometimes they are very bad) to encourage better password usage
  • innovative way to help the client reset the password and update the record themselves!
  • innovative way for a browser extension to not reveal the password to employees at all
  • innovative way to reset all passwords for a given client–even if it’s just a wizard which helps you keep track of the process of resetting.

I suppose it comes down to how easy/difficult it is to manage multiple accounts in BW. I presume the browser extension is logged into a single account and you’d have to log out of the work one and into your personal one (and vice versa) several times a day.

If that could be avoided then having separate accounts would be great.

Ahh! The browser plugin. Thanks for that clarification. At work I’m we all copy and paste from our current solution (because we never save passwords to the browser) that it never occurred to me. If I access any personal websites on work computers, then it’s once or twice a month to pay my mobile bill or buy something online I must have right away (haha). And frankly, the IT person has anytime remote access to the computer I use. I wouldn’t setup a work computer to use personal BW account. Maybe that’s me. Maybe it’s my employer’s culture. Maybe it’s my mobile phone which has access to everything I would want anyway.

My home computer is another story. I have my system user login. At that point all of my passwords are stored in the browser, except for the most sensitive (IE. banking) which paranoia says I should always enter manually and never save anywhere except the one trusted manager (EG. BW).

I’m not against the scenario you imagine–far from it.
If the browser plugin implemented one of my key wish items, namely obfuscated login and passwords, then I would certainly see the need to implement it at work.

And if BW had an innovative software UE, which understood the different relationships of employee web access to employer’s computer which is prolly snooping on my activity, then I could consider using both together on work machine. And if they implemented a UE with something like 2FA, so I believe my information is secure no matter where I accidentally “misplace my keys” then I’m sold.

I guess I just want software innovation and great UE–is that so much to ask?