Collection management beta

Collections gather together logins, notes, cards, and identities for secure sharing from an organization. Think of collections as organization-equivalents to folders, with a few key differences:

• Organization users control access to organization-owned items by assigning users or groups to collections.

• Organization-owned items must be included in at least one collection.

Collection management settings can be customized to best fit the needs of your organization. Specifically, there are two options located on the Settings > Organization info screen which you can use:

Owners and admins can manage all collections and items

This option will dictate whether users with the owner or admin role are provided management permissions to all collections within your organization. This option is suited for you if, for example, your IT team requires access to all vault items associated with your organization. If turned on, management permissions will allow owners and admins to:

• Add, edit, or remove vault items from a collection.

• Add or remove users or groups from a collection.

Limit collection creation and deletion to owners and admins

This option will dictate whether users with the user role are provided with the ability to create or delete collections for themselves and their teams. This option is suited to you if, for example, you want owners and admins to create your organization's collections infrastructure on behalf of your users.

Both options off

With both options turned off, your individual users and teams must be responsible for the creation and management of their own collections and will be using credentials that owners and admins will not have access to.

Consider this scenario for the most principle-of-least-privilege experience and if your owner and admin accounts will be used primarily for organization configuration (e.g. policies) and user management (e.g. setting up SCIM or inviting users manually).

Only 'Owners and admins can manage all collections and items' on

With only this option turned on, your individual users and teams can create and manage their own collections however owners and admins will automatically gain access to them and can opt to create or manage collections on users' behalf when appropriate.

Consider this scenario if your owner and admin team requires predictable access to all vault items associated with your organization for regular auditing or management, but wants to provide users with the flexibility to create collections for themselves and their teams.

Only 'Limit collection creation and deletion to owners and admins' on

With only this option turned on, your owners and admins will be required to create your organization's collections infrastructure on behalf of your users but can also assign individual users to manage the items and people in those collections once created.

Consider this scenario if your owner and admin team requires that shared data be kept within a discrete set of known collections, but doesn't want access to the credentials themselves.

Both options on

With both options turned on, your owners and admins must be responsible for the creation and management of collections on behalf of your users.

Consider this scenario if your owner and admin team requires strict control over the shared credentials used within your organization.