Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can you enforce 2FA for non-managed invited users? Edited

We have an organization, a verified domain, and claimed accounts. 

We'd also want to invite users from outside of our organization (domain) to access and be part of our Confluence Cloud instance. 

As we'd like access to our data to be as secure as possible, is there a way to enforce them to have 2FA enabled?

- Something like.. if this user doesn't have 2FA enabled AND isn't logged with OAuth(Google, AD, etc), don't allow them to access our instance.

1 answer

1 accepted

3 votes
Answer accepted
Jimmy Seddon Community Leader Mar 26, 2020

Hi @Andrei,

Welcome to the Community!

I'm pretty sure that that only way to enforce 2FA would be to create "contractor" accounts in your organization.  I don't think Access allows to to control anything with accounts outside your organization.

I hope that helps answer your question.

-Jimmy

Hi @Jimmy Seddon 

Thank you for your quick response. 

You're right. Documentation says it's not possible, only for managed accounts (with verified domains).

I'm thinking it still might be useful to do a check for users that are invited via email or already have an Atlassian account.

A check that tells me if the user has 2FA enabled. I can then choose not to allow access to my Confluence instance unless they do.

Sharing my Conf instance is compromised if they have an easy to guess pass and no 2FA.

Thoughts? Do you know if something of the sort might be in Atlassian's pipeline?

 

Andrei.

Jimmy Seddon Community Leader Mar 27, 2020

Hi @Andrei,

Looks like it's something that has been reported at the very least:
https://jira.atlassian.com/browse/ACCESS-797

I'd recommend commenting on that issue with your specific use case details, and voting for and watching that issue for updates.

-Jimmy

Like Andrei likes this
Dave Meyer Atlassian Team Mar 27, 2020

We're currently planning to implement visibility into which users on your site have enabled 2FA relatively soon (ACCESS-797). We do have a plan for supporting actual enforcement of mandatory 2FA on external accounts; however this is going to take quite a bit longer. Follow ACCESS-102 for that one.

Thanks!

Dave 

Like # people like this

That's great news! I'll follow both of them. As soon as it gets done, I'll get customers back on board to Access...

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

1,087 views 2 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you