We have an organization, a verified domain, and claimed accounts.
We'd also want to invite users from outside of our organization (domain) to access and be part of our Confluence Cloud instance.
As we'd like access to our data to be as secure as possible, is there a way to enforce them to have 2FA enabled?
- Something like.. if this user doesn't have 2FA enabled AND isn't logged with OAuth(Google, AD, etc), don't allow them to access our instance.
Welcome to the Community!
I'm pretty sure that that only way to enforce 2FA would be to create "contractor" accounts in your organization. I don't think Access allows to to control anything with accounts outside your organization.
I hope that helps answer your question.
Thank you for your quick response.
You're right. Documentation says it's not possible, only for managed accounts (with verified domains).
I'm thinking it still might be useful to do a check for users that are invited via email or already have an Atlassian account.
A check that tells me if the user has 2FA enabled. I can then choose not to allow access to my Confluence instance unless they do.
Sharing my Conf instance is compromised if they have an easy to guess pass and no 2FA.
Thoughts? Do you know if something of the sort might be in Atlassian's pipeline?
We're currently planning to implement visibility into which users on your site have enabled 2FA relatively soon (ACCESS-797). We do have a plan for supporting actual enforcement of mandatory 2FA on external accounts; however this is going to take quite a bit longer. Follow ACCESS-102 for that one.
Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events