Start a Client Organization

This article will walk you through the creation of a client organization and outline a typical setup procedure for getting started administering a customer's organization.

To create a client organization you must be a Provider admin:

1. Open the Provider Portal using the product switcher:

   

2. Navigate to the  Clients tab of the Provider Portal and select the  Add new organization button:

   

3. On the New client organization screen

   • Select whether to create a Teams or Enterprise organization.

   • Enter an Organization name, Client owner email, and Seats.
     
     The amount of available unassigned seats, that is seats that you have paid for but aren't utilizing, will be shown on this screen. Should you go above this number, a number of additional seats purchased will be shown. Learn more.

     note

     An invitation will automatically be sent to the Client owner email to join the organization as an owner.

4. Once you are happy with the organization, select Add organization.

Once created, navigating to the client organization from the Provider Portal will bring you to the organization vault, from which you can fully complete initial setup and engage in ongoing administration:

With your newly-created client organization, you are ready to start building the perfect solution for your customer. Exact setup will be different for each client organization depending on your customers' needs, but typically will involve the following steps:

1. Create collections. A good first step is to create a set of collections, which provide an organizing structure for the vault items you will add to the vault in the next step.

   Common collections patterns include Collections by Department (for example, users in the client's Marketing Team are assigned to a Marketing collection) or Collections by Function (such as users from the client's Marketing Team are assigned to a Social Media collection):

   

2. Import data. Once the structure of how you will store vault items is in place, you can begin importing data to the organization.

   note

   Note that, as a provider user, you will not be able to directly view, create, or manage individual items.

3. Configure enterprise policies. Before beginning the user management portion of setup, configure enterprise policies in order to set rules-of-use for things such as master password complexity, use of two-step login, and admin password reset.

   note

   Enterprise Policies are only available to Enterprise organizations.

4. Setup login with SSO. If your customer uses single sign-on (SSO) to authenticate with other applications, connect Bitwarden with their IdP to allow authentication with Bitwarden using end-users' SSO credentials.

5. Create user groups. For Teams and Enterprise organizations, create a set of groups for scalable permissions assignment. When you start adding users, add them to groups to have each user automatically inherit the group's configured permissions (such as access to specific collections).

   One common group-collection pattern is to create Groups by Department and Collections by Function, for example:

   

6. Start inviting users. Now that the infrastructure for the secure and scalable sharing of credentials is in place for your client, you can begin inviting users to the organization. To ensure the security of the organization, Bitwarden applies a three-step process for onboarding new users, Invite → Accept → Confirm.

   tip

   If your customer uses directory service or IdP (active directory, an LDAP, Okta, and more), use SCIM or Directory Connector to automatically sync organization users from the source directory and automatically issue invitations.