Permanently Remove Access
Organization admins, owners, and some custom role members can remove members from an organization. Removing a member:
Eliminates their access to the organization and its data. Removed members need to re-join the organization to re-gain access.
Does not delete their Bitwarden account in most cases. Removed members are still able to access their personally-owned vault items unless you delete their account.
Is automatically done for organizations using directory sync if the Remove disabled users during sync option is turned on.
Remove members from an organization
To remove members from your organization:
In the Admin Console, go to Members.
Select the users you want to remove and select the Options icon.
Select Remove:
Remove members Select Remove members to confirm.
tip
If your organization has a claimed domain and the user's account email address matches your claimed domain, Remove is not listed. Instead, you can select Delete to delete the account permanently, effectively removing the user’s access to the organization:
Offline devices cache a read-only copy of data, including organization items. Some clients may retain access to this read-only data for a short time after a member is removed. If you anticipate malicious exploitation of this, update credentials the member had access to when you remove them from the organization.
warning
For member accounts that do not have master passwords as a result of SSO with trusted devices:
Removing them from your organization eliminates all access to their Bitwarden account unless they were previously assigned a master password using account recovery and they log in with that master password at least once before being removed.
These users will not be able to re-join your organization unless the above steps are taken before they are removed from the organization. If they aren't, each removed user will be required to delete their account and be issued a new invitation to create an account and join your organization.Revoking access to the organization, but not removing them from the organization, will still allow them to log in to Bitwarden and access only their individual vault.
What happens to removed members' data
Organizations own all collections. When you remove the only member with full Manage collection permission to a collection, owners and admins can grant a current member access to the collection.
Items saved in My Vault are owned by the individual user. When a member is removed from an organization, the user keeps all items in their My Vault.
In contrast, organizations using the Enforce organization ownership policy retain access to data when members are removed. This policy replaces the individually-owned My Vault with the organization-owned My items. When a member with data in My Items is removed, their My Items automatically converts into a collection named with the user's email address. Owners and admins can then assign access to the collection. After a current member is granted Manage collection permission, they can access, edit, and reassign items the same way as a standard Bitwarden collection.
warning
At this time, Bitwarden recommends only organizations that have not started onboarding members to turn on the Enforce organization data ownership policy.
If your organization activated the policy before version 2025.11.0, My items will be created for members confirmed since that release. Preexisting members will not have My items and can continue using their My vault. A future release will allow organizations that already began onboarding members and use individually-owned vaults to migrate all credentials to organization ownership.