As I am planning my move from a self-hosted version to bitwarden.com, I am taking the opportunity to clean up a multi-year mess in how my family’s passwords are organized.
When I started to use Bitwarden, I did not really understand Organizations vs Collections – but after reading the docs and giving it a thought I belive the correct setup for my family will be: a Family account, one Organization (called Famille) and two collections within this organization (mom and dad and the whole zoo)
This is because I have a set of credentials I share with my wife, and another set I share with everyone.
Is this the right approach?
Also: what would be an example of a situation where a family account needs more organizations (as opposed to collections)
Yes, setting up multiple collections is the right approach.
If the other family members do not have access to the collection that you share with your wife, then they will also never see the name of that collection in their vault filters. Thus, feel free to name it something other than “mom and dad”…
The only two situations I can think of are:
Your family has more than 6 members.
Some family members want complete privacy for their shared credentials, and thus insist on being the owner/admin their own organization holding that subset of shared credentials (preventing you from viewing their vault contents via the Admin Console).
I went ahead and created a Family account, with the idea that if this does not work I will cancel. Spoiler: it worked great.
On Vaultwarden:
I exported, as an admin, the existing organizations as JSON files (together with their mess).
I then exported my own vault, as a user.
On bitwarden.eu:
created the collections I need. After some thinking and testing, I settled down for collections named after the family members (bob, alice, …). The sharing will be very flexible
there is no choice on the target organization
and then specific collections (singular or plural) can be added
imported the organizational data to existing collections. There was come cleaning up to do to move the logins between collections and tag them correctly. Fortunately not too much effort compared to what I expected (as I was walking for lunch, I started to devise a strategy to write an importer via the API…)
invited the family
One thing that is really annoying is that it is not possible for a Family plan to enforce 2FA. I will enforce it by the power of dictatorship but I really think this should be something available not only for enterprise users.
The transition was much easier than I anticipated.
A trial is something that Bitwarden absolutely supports. They will refund your money if you cancel within 30 days.
Do know that Bitwarden wants to dissuade small organizations from purchasing Family instead of Teams. Bringing enterprise “control” features to family is likely to be an uphill battle.
Welcome aboard, and thanks for letting all know your outcome! It is always heartwarming to hear the success stories.
Oh, I am done I imported the data, will whip my family into moving and we are good to go!
Ah, I did not think about that. Well that’s a shame – in my case I will as I mentioned force everyone there and they will not change that but it would be useful for families where the members are less disciplined.
Going for a self-hosted version while being the sole 24/7 IT support at home that can be hit by a meteorite (it’s always the bus!) was not serious. Some things are better left not self-hosted.
Probably you already thought of that, but just in case: If your family members have vault items in their own vault, those individual items weren’t part of the organizational export and have to be exported/imported separately, just as you did it with your own user vault.
Teams accounts don’t have access to policies, that is an exclusive benefit of enterprise accounts.
I agree with both arguments, it would be nice to be able to force 2SV for any organization member, but I see why it would be a selling point for enterprise accounts.
At least, in the members section of the organization admin console you will be able to check if anyone is not behaving.
Is this so? In the Free Organizations, there doesn’t seem to be any such indicator (2FA enabled) in the Members section of the AC — is it different in the Family plan?
I imported the data, will whip my family into moving and we are good to go!
.
