2FA for Jira: U2F & TOTP

Hi @Brian Tullio Yes, our app supports Crowd. 

I see you have a plug-in for Confluence also but not Bitbucket.

Are there plans to accommodate Bitbucket?

@Brian Tullio Bitbucket natively support U2F devices (https://bitbucket.org/blog/universal-2nd-factor), so there's no need in additional plugin

As far as I can tell, this only applies to Bitbucket cloud.

U2F for server has been a requested feature since 2015 but has received no love.

https://jira.atlassian.com/browse/BSERV-7815?focusedCommentId=999206&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel

@Anton Storozhuk Any thought on my last post? I can see that other vendors offer Bitbucket plugins.

I like yours since it works very well, but would prefer to go with the same vendor cross our Jira/Confluence/Bitbucket installation.

Hi @Brian Tullio We started to work on Bitbucket 2FA plugin. The functionality will be exactly the same as Jira & Confluence versions. I'll keep you posted. Thanks!

@Anton Storozhuk Fantastic! I would like to work this into my IT schedule, any ETA? I would be happy to be a part of testing once you have something working, even if it is beta.

@Brian Tullio ETA for beta is around 4-5 weeks. I've scheduled a contact with you already. Thanks for letting me know that you're ready to be a part of testing.

Hi @Brian Tullio we've finished to work on Bitbucket 2FA app and submitted it to Atlassian Marketplace. I'll let you know when the app is reviewed and available to download.

@Anton Storozhuk - that's great news, thanks!

Hi @Brian Tullio our Bitbucket Server 2FA solution is finally arrived: https://marketplace.atlassian.com/apps/1220942/2fa-for-bitbucket-u2f-totp?hosting=server&tab=overview please try it our and share your feedback with me.

Thanks,

Anton.

Hi @Anton Storozhuk 

I downloaded the add-on and everything installed fine.

However, when attempting to setup the 2FA for my own account, I get a 500 error.

I get the QR code screen, and scan it with the Google Authenticator. It does not ask me for the secret key, it just adds the account immediately.

Then, Google Authenticator gives me a 6 digit code. But, when I put that code into the 2FA screen on Bitbucket, it gives me the 500 error. It looks like it's trying to access this page - plugins/servlet/authplugin/tfaconfiguration?wrongcode=true

I tried it a bunch of times, and made sure the code was correct.

@Brian Tullio thanks for being so fast! Contacting you to get more details on this...

Issue has been resolved.

May I know how to fix this issue?

Then, Google Authenticator gives me a 6 digit code. But, when I put that code into the 2FA screen on Bitbucket, it gives me the 500 error. It looks like it's trying to access this page - plugins/servlet/authplugin/tfaconfiguration?wrongcode=true

We're trying this addon and some user report the same issue.

Thanks

Hello @franky064991 ,

Since we use the Time-based One-Time Password algorithm (TOTP) there is an assumption that the time on the phone may be unsynchronised.
Could you please make sure that the time synchronized (accurate to the minute and second) with your Bitbucket instance and mentioned phone?

Please let us know if this helped.

Otherwise could you please send us the log files from your Bitbucket instance  to support@alpha-serve.com ?

Thank you.

Hello @franky064991 ,

Are you still experiencing the same issue?

Please let me know. 

Regards,

Liubov

Hi Liubov,

Problem solved, thx for the suggestion.

Hey @Colin King

What device are you using?

Hi, I am using Chrome 76 in a Windows 10 desktop. I just installed the plugin and was trying it with the default settings.

@Colin King thanks for the info. What type of U2F hardware key you were trying to add?

Yubikey 5 NFC and Yubikey Security Key. I was able to get them both working using the workaround.

@Colin King Both HW keys are used in our regular regression testing. I'll pass this to our QA dept and come back to you when I know more. Can you please share your contact info with me? Please email me at a.storozhuk@alpha-serve.com. Thanks, Anton.

@Colin King we've released app update v.3.1.5 which should fix the issue. Could you please update your instance and recheck? Thanks, Anton.

Hello @Beth Starr ,

Now you can use Duo Mobile app as a TOTP code generator for third-party accounts. 

We're considering adding support for connecting 2FA for Jira: U2F & TOTP plugin to a Duo account. We let you know the details as soon as they are available. 

Regards,

Liubov

Hello @Tamas Juhasz ,

Thank you for your question.

After the plugin was installed on your instance by admin (currently we have 2FA plugins for Jira, Confluence, Bitbucket, Crowd and Bamboo; Crucible and FishEye are coming soon) users can enable 2FA on the user level.

Plugins work with mobile applications based on the RFC 6238 standard that generate tokens, such as: Google Authenticator, Microsoft Authenticator, 2STP, OTP Auth, Authy and others.

Please let me know if you have any questions.

Regards,

Liubov

Have a look at https://marketplace.atlassian.com/vendors/1216264/polarnight

A brand new security add-on with a lot of features, including 2FA.

Thanks @Lars Olav Velle _Polar SSO_, there we have the slight problem that Amazon as our potential SSO provider also still doesn't support U2F devices in Safari :)

Thanks @Liubov Topchyi! 👍

Hi @Greg Lev 

It seems that you are looking to use 2FA for Crowd.

If yes then you can try our miniOrange Crowd 2FA Add-on on the Marketplace.

You can enable 2FA or MFA for individual users and let users configure 2FA during their first login. It also has the provision to enable 2FA for all existing and new users using Crowd 2FA.

Could you please let me know your use case in detail so that I can point you in the right direction?

You can reach out to me at support-atlassian@miniorange.atlassian.net to discuss this further.

Thanks,
Aditya Kekre

PS: I work for miniOrange, one of the top SSO vendors on Atlassian Marketplace.

Unfortunately, it does not support (officially) CROWD DataCenter.

Hi @Greg Lev 

We have submitted the add-on to the Atlassian team, to make it Datacenter compatible and currently it is under the approval process. Once it gets approved it will be reflected in your crowd instance and I will give you an update as well. 

In the meantime, you can continue to use the Server version of the add-on. It has been thoroughly tested on a Crowd DC instance with large datasets and it works fine.

If you have any further questions, please let me know. You can reach out to us at support-atlassian@miniorange.atlassian.net to discuss this further.

Thanks,
Aditya Kekre

Hi @Greg Lev 

As mentioned earlier we are happy to announce that the miniOrange Crowd 2FA Add-on is now Data Center compatible. 

You can enable 2FA or MFA for individual users and let users configure 2FA during their first login. It also has the provision to enable 2FA for all existing and new users using Crowd 2FA.

You can also contact us directly at atlassiansupport@xecurify.com to discuss this further.

Thanks,
Aditya Kekre