The Bitwarden Blog

Bring complete reporting and centralized control to your organization vault

authored by:Ryan Luibrand
posted :
Stock image - laptops locks business security
  1. Blog
  2. Bring complete reporting and centralized control to your organization vault

Every item shared in Bitwarden is centrally owned by the organization, which provides advantages such as reporting, easy item management, and streamlined succession/offboarding of employees. Now, organizations can choose to institute this same level of ownership to unshared items as well, enabling full credential lifecycle management.

Learn more about how the Bitwarden vault architecture is beneficial for business >

New enterprise policy: Enforce organization ownership

Previously, when organizations wanted users to have a personal place to store unshared items they leveraged the use of the individual vault, which is private to the user. This allowed employees to quickly secure unshared items, but did not grant oversight through reporting tools or admin control when employees transitioned.

Now, the new Enforce organization ownership policy brings a simple, but major enhancement to centralized ownership. When it is turned on, users are given a My items location in place of the individual vault. Importantly, My items exists within the organization vault and is owned by the organization.

My items screenshot

My items can only be accessed by the user until they leave the organization, at which time admins gain control to recover and reassign items.

This update has many benefits to organizations, allowing for total control of every saved item and reporting insights across all employees.

NOTE: In this initial launch, Admins and Owners will be exempt from the Enforce organization data ownership policy. This will be addressed in a future release.

The advantages of centralized organization ownership

Having all items in a centralized vault that’s owned by the organization ensures no data loss, easy management, and full reporting on potential credential-related threats. Bitwarden is different from other password managers in that sharing was designed around the idea of a singular, centralized vault. Enforce organization ownership completes the credential lifecycle management vision by ensuring that every item created by employees in Bitwarden is in the purview of the organization.

Complete reporting

With every saved item owned by the organization, Bitwarden vault health reporting provides a complete view of all users’ credentials. While other solutions might provide a security score that is not actionable or means little, Bitwarden shows exactly what steps need to be made to correct security issues. The upcoming Access Intelligence suite of features works most effectively when it is applied across every stored credential, providing risk insights, automated alerting, and even initiating remediating workflows.

Additionally, the event log captures the viewing, updating, and use of items stored in a users’ My items with an anonymized identifier. When a user’s My items becomes available to admins, the identifier can be linked with the specific item, which helps with auditing access and any investigations.

Easier employee transitions/offboarding

With centralized ownership of items, when a user transitions or leaves the company and is offboarded, all of their items remain securely in the organization vault. Items that were shared remain shared. When using Enforce organization ownership, admins can access items that the user kept in My items for recovery and reassignment. This makes succession simple, avoids disruption for other teams, and vastly reduces admin overhead during offboarding processes.

Other solutions might require the use of a complicated account recovery process for admins to gain access to these unshared items. Succession is even more difficult for solutions where individual users retain ownership of items and they become unshared when their accounts are deleted.

Full credential lifecycle management 

The Bitwarden architecture and Enforce organization ownership policy brings security of credentials at every step of their existence for every user. From policies that manage how credentials are created, stored, and accessed, to everything else such as sharing, reporting, and succession.

credential lifecycle management  - Bitwarden enables full ownership of credentials, from creation to deletion

Oftentimes, companies seeking an enterprise password manager mistakenly scope out only the creation and storage phases of a credential. They quickly discover they need to extend their vision when they suddenly find that they cannot access a critical credential when an employee leaves the company or is unavailable. With Bitwarden, it’s easy to plan for all phases of the credential lifecycle.

Feature availability and guidance

The Enforce organization data ownership policy is available today to new Bitwarden enterprise cloud customers. Existing customers are recommended to wait for a full transition functionality to become available in a future release.

Existing customers that wish to give their users My items today may turn Enforce organization data ownership on (or toggle off/on) now. Guidance will need to be given to users for manually moving items to the new My items location.

NOTE: If you have previously turned on the Enforce organization data ownership policy (formerly Remove individual vault), new users will automatically receive My items, while existing users will see no change until a future update adds My items for them automatically.


With Enforce organization ownership, the gaps in credential governance close. Gain reporting across every stored item, easy succession and transitions, and a full audit trail for compliance requirements. See how centralized ownership transforms credential management and start a free 7-day trial of the Bitwarden enterprise plan or contact the Bitwarden sales team today!

もっと生産的に働き、保護を強化しましょう