Skip to main content

Overview

Organizations enable teams to securely share vault items, manage users, and enforce security policies.

Get Organization

Retrieve organization details. 
GET /organizations/{id}
id
string
required
Organization ID

Response

id
string
required
Organization unique identifier
name
string
required
Organization name
businessName
string
Legal business name
billingEmail
string
required
Email for billing notifications
planType
number
required
Subscription plan type
seats
number
Number of user seats
maxCollections
number
Maximum collections allowed
useGroups
boolean
Groups feature enabled
useDirectory
boolean
Directory sync enabled
useEvents
boolean
Event logs enabled
useTotp
boolean
TOTP 2FA enabled
use2fa
boolean
Organization 2FA policy enabled
useApi
boolean
API access enabled
usePolicies
boolean
Policies feature enabled
useSso
boolean
SSO authentication enabled
useSecretsManager
boolean
Secrets Manager enabled

List User’s Organizations

Retrieve all organizations the authenticated user belongs to. 
GET /organizations

Response

Returns a list of organizations with the user’s role and permissions.

Create Organization

Create a new organization (Cloud only). 
POST /organizations
name
string
required
Organization name
businessName
string
Legal business name
billingEmail
string
required
Billing email address
planType
number
required
Plan type (0=Free, 1=FamiliesAnnually, etc.)
key
string
required
Encrypted organization key
keys
object
Organization key pair
collectionName
string
Initial collection name
This endpoint is only available on Bitwarden Cloud, not self-hosted instances.

Update Organization

Update organization information. 
PUT /organizations/{organizationId}
organizationId
string
required
Organization ID
name
string
required
Organization name
businessName
string
Legal business name
billingEmail
string
Billing email (requires subscription editing permission)
identifier
string
Organization identifier for SSO
Changing the billing email requires the EditSubscription permission.

Get Auto-Enroll Status

Check if organization has auto-enroll policy enabled. 
GET /organizations/{identifier}/auto-enroll-status
identifier
string
required
Organization identifier

Response

id
string
Organization ID
resetPasswordEnabled
boolean
Whether auto-enroll is enabled

Leave Organization

Remove yourself from an organization. 
POST /organizations/{id}/leave
id
string
required
Organization ID
You cannot leave an organization if:
  • You are the only owner
  • You use Key Connector SSO
  • Your account is claimed by the organization

Delete Organization

Permanently delete an organization. 
DELETE /organizations/{id}
id
string
required
Organization ID
secret
string
required
Master password hash for verification
This permanently deletes the organization and all associated data. This action cannot be undone.

Organization API Keys

Get API Key

Retrieve organization API key. 
POST /organizations/{id}/api-key
id
string
required
Organization ID
secret
string
required
Master password hash

Rotate API Key

Generate a new API key. 
POST /organizations/{id}/rotate-api-key
id
string
required
Organization ID
secret
string
required
Master password hash

License Management

Apply License

Apply or update organization license (Self-hosted only). 
POST /organizations/license
license
string
required
License file contents

Download License

Download organization license file. 
GET /organizations/{id}/license
id
string
required
Organization ID
installationId
string
required
Installation ID

Storage Management

Add Storage

Purchase additional storage for organization (Cloud only). 
POST /organizations/{id}/storage
id
string
required
Organization ID
storageGbAdjustment
number
required
GB to add (can be negative to reduce)

SSO Configuration

Delete SSO User

Remove SSO link for a user in the organization. 
DELETE /accounts/sso/{organizationId}
organizationId
string
required
Organization ID

Organization Types

User Roles

TypeValueDescription
Owner0Full administrative access
Admin1Administrative access (can be limited)
User2Standard user
Manager3Manage assigned collections
Custom4Custom permissions

Plan Types

TypeValueDescription
Free0Free organization (2 users)
FamiliesAnnually1Families plan
TeamsMonthly2Teams plan (monthly)
TeamsAnnually3Teams plan (annual)
EnterpriseMonthly4Enterprise (monthly)
EnterpriseAnnually5Enterprise (annual)

Permissions

Custom users can have granular permissions: 
{
  "accessEventLogs": false,
  "accessImportExport": false,
  "accessReports": false,
  "createNewCollections": false,
  "editAnyCollection": false,
  "deleteAnyCollection": false,
  "editAssignedCollections": true,
  "deleteAssignedCollections": false,
  "manageGroups": false,
  "managePolicies": false,
  "manageSso": false,
  "manageUsers": false,
  "manageResetPassword": false,
  "manageScim": false
}

Build docs developers (and LLMs) love

Get started for freeTalk to us