Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,555,632
Community Members
 
Community Events
184
Community Groups

Can you enforce 2FA for non-managed invited users?

Edited
Andrei
Andrei Mar 26, 2020

We have an organization, a verified domain, and claimed accounts. 

We'd also want to invite users from outside of our organization (domain) to access and be part of our Confluence Cloud instance. 

As we'd like access to our data to be as secure as possible, is there a way to enforce them to have 2FA enabled?

- Something like.. if this user doesn't have 2FA enabled AND isn't logged with OAuth(Google, AD, etc), don't allow them to access our instance.

Answer
Watch
Like Marek Machul likes this
1500 views

2 answers

1 accepted

3 votes
Answer accepted
Jimmy Seddon
Jimmy Seddon
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Mar 26, 2020

Hi @Andrei,

Welcome to the Community!

I'm pretty sure that that only way to enforce 2FA would be to create "contractor" accounts in your organization.  I don't think Access allows to to control anything with accounts outside your organization.

I hope that helps answer your question.

-Jimmy

View More Comments
Andrei
Andrei Mar 27, 2020

Hi @Jimmy Seddon 

Thank you for your quick response. 

You're right. Documentation says it's not possible, only for managed accounts (with verified domains).

I'm thinking it still might be useful to do a check for users that are invited via email or already have an Atlassian account.

A check that tells me if the user has 2FA enabled. I can then choose not to allow access to my Confluence instance unless they do.

Sharing my Conf instance is compromised if they have an easy to guess pass and no 2FA.

Thoughts? Do you know if something of the sort might be in Atlassian's pipeline?

 

Andrei.

Like
Jimmy Seddon
Jimmy Seddon
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Mar 27, 2020

Hi @Andrei,

Looks like it's something that has been reported at the very least:
https://jira.atlassian.com/browse/ACCESS-797

I'd recommend commenting on that issue with your specific use case details, and voting for and watching that issue for updates.

-Jimmy

Like Andrei likes this
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Mar 27, 2020

We're currently planning to implement visibility into which users on your site have enabled 2FA relatively soon (ACCESS-797). We do have a plan for supporting actual enforcement of mandatory 2FA on external accounts; however this is going to take quite a bit longer. Follow ACCESS-102 for that one.

Thanks!

Dave 

Like # people like this
Andrei
Andrei Mar 30, 2020

That's great news! I'll follow both of them. As soon as it gets done, I'll get customers back on board to Access...

Like
Reply
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events