 Tom here from Warrant Systems and Bitwarden has been my favorite password manager for a long time. And for those of you that follow the channel and know we merged with CNWR, it's now their favorite password manager too because we had to merge all the data in one place. But of course, passwords are pretty serious business. If you're thinking security first, you really have to think about how you manage credentials. Bitwarden is a excellent tool for doing it even when you have a organization. So I think it's good for individuals, but for an organization, they give you some really good tools to be able to manage larger numbers of employees, departments, groups of people, build policies and permissions to control all that data. And I want to talk about that because this was a little bit of confusion. I realized when people who are less familiar with Bitwarden start using it, they go, hey, what's a folder? What's the collection? And I want to go over some of that and talk about the tools that you can use as a business to delegate all these permissions across your organization. The Bitwarden documentation I think is really good, but I did a couple of graphics here to try to hopefully enlighten you a little bit of how this works and how the structure is tiered between the organization and the individuals that join that organization. The links to documentation you'll find down below if you're interested in self-hosting Bitwarden. That's also a video I did recently that's linked down below as well. So let's jump into the tutorial and kind of cover the differences between the org and the user and how those different volts are maintained and how we set the permissions. And we'll also go a little bit hands-on with this and cover exactly how to do it in practice. I'll show you some of the internal screens so you don't even have to sign up for a free Bitwarden account, which you can to try this out and set it up. Also of note, this is not sponsored or affiliated at all with Bitwarden other than my bias towards liking them. They didn't pay me to say nice things. Matter of fact, I pay for my enterprise level licenses that we buy at CNWR for the use of Bitwarden. So there's my biases is make sure they're disclosed that I'm a big fan of Bitwarden, but I'm not endorsed or paid by them. But maybe I should pick them up as a sponsor because I do know they sponsor YouTube channels. So hey, Bitwarden, you got my number. You got my email. All right, let's jump into this. Now the way Bitwarden organizes things is you start with as a user signing up your own personal vault. This vault is your vault is not shared with anyone else and it can't be shared with anyone else unless you're giving your password, which that would be a horrible idea. Inside your vault, you have folders and items. Items that are the actual data where the passwords or any credentials or any information you want securely stored are placed. Those items can be organized into folders or you can just, you know, have them all hodgepodge together in one giant list. But folders give you things like maybe you have a grouping of social media sites or different accounts you wanna log into. It just gives you an organization method but these items belong to you and cannot be shared outside of your personal vault and they're always referred to as a folder when they're in your personal vault and you cannot nest a folder within a folder so you can't create subfolders with the items. It's a folder and any number of items underneath that folder. When you join an organization, it is a separate vault altogether. So you have this personal vault right here that remains your personal vault but when you join an organization, the personal vault stays where it is and your organization has no access to it but you can migrate an item to a collection. Collections work extremely similar to folders but collections can be shared with others in the organization based on rules. So the items belong always to a collection. You have a default collection when you first build an organization and the default collection is just where everything lands. And when you take an item and use the side to move it to a collection that is the way they transfer over, it will inherit whatever permissions has been set for each collection. So if this collection here is an admin collection or this one's a sales collection, whatever that might be and you move one of your items there or you can create items under these organizational collections, they will inherit the permissions belonging to that collection. Now you can add groups to a collection or you can add a user to a collection. If you're a small organization putting users in there is pretty simple. You would say, I'm just gonna assign these five employees to this particular collection. When you become a larger organization, groups become handy because you may have a collection that's called sales and maybe you have a group that's called sales and you'll just assign the staff to that group and then they will inherit that group's permission to this particular collection. Now you can nest collections unlike folders. So the nesting also once again will share the permissions based on inheritance for each individual collection. So you can do a hierarchy and organize things to maybe a group where you have the tech group and then maybe there's subclasses under that tech group of different things you wanna share. And you don't have to have different permissions for each collection. You can just have them all be the same where the first one might be tech and then it's the tech collection for WordPress sites and a tech collection for other logins. And then you just say, well, everyone who's in the tech group gets to have this. Let's jump hands on now and show you exactly how this works. Now let's get hands on or Hans on because Hans at Detroit, your only company is a fictional company and a fictional user we set up to do these demos. And let's start by looking at the volts that Hans has access to. So all volts is gonna blend everything together. You can belong to more than one organization and right now we only have the Detroit Adrenaline Company but we could create more organizations if we needed to and have Hans be a member. But when you're doing this, you can see that the owner is going to be of this particular item is going to be owned by Detroit Adrenaline Company. The some other website is owned by me and I'm logged in as Hans. Some website is owned by me and then these other test items are owned by Detroit Adrenaline Company. I can filter by clicking on that organization that will bring me right to those things owned. Now there's no way to move these to another vault other than the vault that they belong to which is Detroit Loading Company's collections. So they can be migrated right now it's under the vault collection. Let's say we wanna assign this to be in tech things. And by the way, you can have them in more than one. So you have a more than one relationship where you can say this item belongs to these and then the permissions we sent on any of those collections will allow people to access it. So you can have a single item to be viewed by multiple people as needed. So that one now belongs to more than one collection. Now if we go all the way back over here to my vault though how do we get something into a collection that Hans has personally? Well that's where we're gonna take this website or maybe we'll take some other website and this website should be a resource. Now this is a one way operation so if we go and move this to an organization we can say, all right, we're gonna move it to the accounting department. And hit save. Now it's saved. Now there's no way to move that back. It now belongs to and is inherited all the permissions of the accounting. So if we go over here to organizations and let's say look at some of the groups in here we have accounting and we have the group that sales and accounting belongs to the default collection which is the first one that gets made. Everything falls in there by default if you create no other collections. Then we have tech things and it belongs to the tech group. Now if we go and click on access you can see the tech group can view it. We can actually set it so we can can view except passwords. You have granular permissions for each group that you build and of course you can add users and you can mix and match that. So we can actually remove tech or if we had more users add other users or even add other groups. So we could go in here and say maybe we want sales to also have this permission of can view in here but we'll take it away. Go ahead and hit save on there. As far as the groups go this is where you build the groups it's pretty straightforward that we can edit the members of the groups and say well we only have one person in here which is Hans. So there's not any other people to add but you'd be able to pull down your list and add these people to the groups and then you can decide and grant and change permissions. You can also grant access to all current and future collections. So there's ways to really get granular with this and set policies and controls around it. So as you push these people to the different groups that you want them to belong to then you can simply take one user and add them to that group and then all the permissions that you took the time to set up that belong to all the collections would just kind of follow. Now something of note when you're inside of an organizational vault and we're looking at any of the items within there you have reporting and event logs that go with any one of these items to know who viewed it, who edited it and it will go down the list and give you each user. So that is something you're not gonna see as an organization, as a business managing organization you don't see what the individual users did within their own vaults but you will see what they did and how they managed any credentials that were managed within the main organization vault. And this can also be looked at in group right here under the event log itself you can go through here and see all the different changes that were made. This is the way that you keep all your credentials in an organization that you need shared among the users and keep an eye on what's been viewed what's been looked at on there and of course you can export these logs and parse them out in different ways as you see fit. Now something worth noting that I'm not gonna get too deep into because this is in the documentation and well documented within Bitwarden is the policies setting for an organization. When you set up an organization you can force certain policies make sure no one belongs to the organization without a two step login, master password complexity requirements force master password, reset members, passwords, password generator, single sign on, et cetera and including removing an individual's vault. This may be something you want to do where you force everyone to keep everything within the organization's vault and not have their vault this comes down to your personal preferences of how you want to do this. There's another if you're publicly exposing this as self-hosted or if you're letting Bitwarden host it you do have the ability to control their send and send options. Bitwarden send is a really cool feature that allows you to send and set expiring links so you can send confidential information put a password on that link and send it to people that don't even have a Bitwarden login but you may or may not want some of those features then this is where you can get some of that more granular control you can even force them to only be allowed to belong to a single organization such as yours as opposed to letting a user belong to multiple. Now going through the merger and putting all the passwords in one place and then building out all the policies and structure and making sure all the employees have good credential management and we understand the policies as they're applied and the rules for who has access to what I found this pretty intuitive in Bitwarden but I wanted to make this video to clarify some of how that works and for those of you that are kind of on the fence of whether or not Bitwarden would be a good fit for your organization, I say yes but hey, if you disagree with me, love to hear from you leave some comments down below if you like Bitwarden, you don't like Bitwarden if you use it in your organization or if you've had any scalability problems with it so I'm always curious. Nonetheless, love hearing from you if you wanna see more content from this channel like and subscribe and then hit me up in the forums if you wanna talk more in-depth about this or other topics that I talk about on the channel and thanks.