Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Using SSO but organization requires two-step authentication

Sean Holmesby
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 6, 2026

Hi all,
I have my company account which has the internal SSO provider. However I'm consulting for an organization who have added me, but they have the org settings to require accounts to have two-step authentication.
My SSO provider DOES use 2FA when I login.

Anyway, I login, and get a page that says I need to Enable two-step verification.
So I go through the process to add it to my account... grab the code and enter it, but it says the code is wrong.
I've let it refresh, and double checked the code, but it still won't be accepted.

Is there something that's wrong with my account? Or anything I can get the IT admin to do (other than turn off two-step auth for all)?

Thanks

3 answers

0 votes
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 7, 2026

Hello @Sean Holmesby 

Are you able to provide a screenshot of the 2FA screen — even the one that says the code is wrong?

If another organisation adds you to their site — you are an external user from their perspective. The only authentication policy in THEIR org that may be applied to you that requires 2FA is the External User Policy. This is applied AFTER you've authenticated to Atlassian Cloud in general via your own IdP and your own IdP's 2FA. 

The External User Policy only has two possible 2FA settings — email one-time password or SSO via IdP (THEIR IdP not yours): https://support.atlassian.com/security-and-access-policies/docs/available-external-user-security-settings/

Since you are saying you are presented with a request to enrol in 2FA — this sounds like the IdP option, not the Atlassian one. This is what I want to confirm with a screenshot.

If the screens are in fact Atlassian – this is unexpected and is probably worthy raising with support.atlassian.com 

0 votes
Brita Moorus
Community Champion
July 7, 2026

Hi, @Sean Holmesby  👋

This may depend on which security policy is actually being applied to your account.

MFA in your own SSO/identity provider is not always the same thing as Atlassian account two-step verification. If SAML SSO is enforced for managed accounts, two-step verification is usually handled in the identity provider rather than through Atlassian’s authentication policy.

Atlassian’s docs mention that:

Atlassian also has a troubleshooting page for two-step verification login issues here:
https://support.atlassian.com/atlassian-account/docs/login-issues-related-to-two-step-verification/

What I’d ask the consulting org admin to check:

  • whether you are treated as a managed account or an external user in their Atlassian organization
  • which authentication or external user security policy applies to you
  • whether you are expected to authenticate through their IdP/SSO or via email one-time passcode
  • whether Atlassian account-level two-step verification is actually being required, or whether the message is coming from a different verification flow

Hope this helps! 💙

Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 7, 2026

@Brita Moorus 

The external user policy doesn't support authenticating with an Authenticator – only SSO via an IdP or an email one-time code: https://support.atlassian.com/security-and-access-policies/docs/available-external-user-security-settings/

The way this is described it sounds like that other organisation is using their own IdP so the issue is there not in Atlassian at all.

Brita Moorus
Community Champion
July 7, 2026

Thanks @Ed Letifov _TechTime - New Zealand_ - good catch! 🙌

So in Sean’s case, I'd separate this into two possibilities:

  • If the consulting organization is using an external user security policy, their admin should check whether the user is expected to authenticate via their IdP/SSO or email one-time passcode.
  • If it is being asked to set up Atlassian account two-step verification with an authenticator app then that sounds more related to Atlassian account/managed account 2SV rather than the external user policy flow.

Either way, the best next step is probably for the consulting org admin to check which policy is actually being applied to their account, because the error page wording may not make that very obvious from the user side.

Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 7, 2026

Yeah @Brita Moorus but the "Atlassian account / managed account 2SV" will not apply to @Sean Holmesby account in somebody else's org — his account is already claimed by HIS org, and his own org's IdP (with 2FA) applies to that.

And the email one wouldn't require one to enrol in 2FA.

So it's either that other org's IdP problem or something very wrong with Sean's Atlassian account indeed.

Like: was the email invited to the other org ACTUALLY the same? Was there a request to set password? (the wouldn't be one if it's the same Atlassian account)

Like Brita Moorus likes this
Brita Moorus
Community Champion
July 7, 2026

Thanks, that makes sense, and thanks for clarifying 💙

I was mixing in the broader Atlassian account two-step verification flow too much. If their account is already managed by his own org then the consulting org’s policy should apply to him as an external user only.

So yes, a screenshot would probably be the best next step to confirm whether they are seeing Atlassian’s screen or the consulting org’s IdP screen. If it is really Atlassian asking for authenticator-based two-step verification, then that sounds like something Atlassian should check on their end.

Sean Holmesby
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 7, 2026

Thanks for your responses.

The two-step verification page appears to me to be an Atlassian 2FA page.

BitBucket 2FA notification.pngBitBucket 2FA page.png

Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 8, 2026

@Sean Holmesby 

1) OK so this is Bitbucket Cloud 2FA, which is separate from Atlassian Cloud organisation setup / Guard. Probably a legacy Bitbucket instance and/or hasn't been integrated with Atlassian Cloud organisation properly.

2) If the code is not being accepted back in that very page – that's a problem worthy raising with Atlassian. No need to talk about your IdP, your 2FA, etc. — this is just a problem with Bitbucket 2FA

3) You may want to delete the images you've posted or at least redact them — as they show your email address AND the TOTP key

Like # people like this
Sean Holmesby
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 8, 2026

@Ed Letifov _TechTime - New Zealand_ Thanks. I've updated the images. I will chase this up with Atlassian.

Like Brita Moorus likes this
0 votes
Viswanathan Ramachandran
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 7, 2026

hi @Sean Holmesby 

Interesting one. 

A few questions that might help narrow this down:

  • Is your Atlassian account managed by your employer (via Atlassian Guard), or are you just using your company’s SSO to authenticate?
  • When you see Enable two-step verification, is it asking you to enable Atlassian account 2SV, rather than relying on your IdP’s MFA? Those are separate controls.
  • Which authenticator app are you using, and is your device’s date/time set to automatic? Time sync issues are a common cause of invalid TOTP codes.
  • Have you tried a newly generated code after waiting for the previous one to expire?

For the organization’s admin, I’d ask them to verify:

  • Whether your account is subject to an authentication policy requiring Atlassian 2SV in addition to SSO.
  • Whether your account is being treated as a managed or unmanaged account.
  • Whether there are any authentication policy conflicts affecting your account.

That should help determine whether this is a policy/configuration issue or a problem with the 2SV setup itself.

 

And if you have sorted or solved this, please share the knowledge and spread the word. 

 

Sean Holmesby
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 7, 2026

Thanks for your response. Here are my answers to your questions.
 - I use my company SSO to authenticate. Not through Atlassian Guard.
 - I believe it's Atlassian account 2FA being asked for. Screenshot below.
 - I've tried Authy once, and Authenticator... both on iPhone. Yes time is auto synced also.
 - Yes, tried the newly generated code as well.

Thanks for the advice, I'll check in with the org admin on my account details.

Here is the screenshots of the 2FA requirement.
Thanks

BitBucket 2FA notification.pngBitBucket 2FA page.png

Viswanathan Ramachandran
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 9, 2026

Have you had chance to see the issue is? Curious to know 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events