Help Center

Cloud setup checklist

With cloud hosting, Bitwarden manages the infrastructure, security, and operational responsibilities. Use this checklist to understand the organizational and user management requirements for cloud deployments.

Pre-deployment planning

  • Determine cloud server region (US, EU)

  • Choose authentication strategy (Email or SSO via identity provider)

  • Select encryption type (Master Password or Trusted Device)

  • Define user provisioning approach (Manual, Directory Connector, SCIM, Just-in-Time SSO)

  • Define vault ownership strategy (Individual vaults vs. Organization-only)

  • Identify user groups for rollout phases

Support links:

Stakeholder selections

Select key roles:

  • Project lead

  • Identity provider admin

  • Executive sponsor

  • Security and compliance admin

  • Support/help desk admin

  • Device management admin (for client deployment)

  • Business continuity admin

  • Directory/user management admin

Security and compliance decisions

  • Determine cloud server region (US, EU)

  • Choose authentication strategy (Email or SSO via identity provider)

  • Select encryption type (Master Password or Trusted Device)

  • Define user provisioning approach (Manual, Directory Connector, SCIM, Just-in-Time SSO)

  • Define vault ownership strategy (Individual vaults vs. Organization-only)

  • Identify user groups for rollout phases

Support links:

Organizational build-out and configuration

  • Identify Organization Owner(s) (recommend two for redundancy)

  • Add additional administrators to the organization

  • Configure enterprise policies (before user invitation)

  • Select collection management settings

  • Create collections for administrators and users to share

  • Create groups for managing users

  • Assign collections to groups

  • Test 'Read Only' and 'Hide Password' options

  • Add test items to collections

Support links:

User provisioning and directory integration

  • Enable SCIM provisioning in admin console

  • Configure identity provider

  • Map user attributes and group memberships

  • Test SCIM synchronization

  • Download and install directory connector

  • Configure sync filters, user/group mappings

Support links:

Deployment and go-live preparation

  • Complete final security review and sign off from stakeholders

  • Set up production monitoring and alerting systems

  • Coordinate with network and security teams for go-live

Monitoring

  • Monitor system performance and adoption metrics

  • Conduct post-implementation review with stakeholders

  • Plan ongoing maintenance and update procedures

  • Document lessons learned and process improvements

  • Schedule regular security audits and policy reviews

Support links:

Change management and training

  • Develop communication plan for organization

  • Create timeline for rollout announcements and milestones

  • Prepare exec updates on security benefits and ROI

  • Schedule admin and end-user training

  • Plan ongoing communication and feedback channels

  • Set up support processes and escalation procedures