Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,552,107
Community Members
 
Community Events
184
Community Groups

Use MFA without purchasing Atlassian Access

Jackie hardy
Jackie hardy Oct 13, 2021

According to the documentation, the first step to enable MFA is to verify the domain. I have been told that the provided snippet text to add to the DNS host of the domains to verify is not a proper DNS entry. Tech team does not want to verify the entire domain but a set of users and then apply MFA. Our tech team has already applied SSO without using Atlassian Access.  Is it possible to verify a subset of users and not the entire domain?

 

Answer
Watch
Like Be the first to like this
703 views

1 answer

1 accepted

1 vote
Answer accepted
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 14, 2021

Hello @Jackie hardy,

Thank you for reaching out to Atlassian Community!

When it comes to domain verification and claiming accounts, all people from the claimed domain will be notified and the accounts will be managed by the Org administrator. It’s not possible to claim and manage specific accounts.

When you claim accounts, we let users know with the domain that your organization manages their account when they go to their profile.

As part of the domain verification process, you need to claim all the accounts on your domain. Because anyone on your domain can create an Atlassian account, more users than you expect may have an Atlassian account with your domain. If you want to view all the accounts on your domain, you can export and preview a list of users whose accounts you’ll be claiming.

Regarding MFA, users can enable two-step verification directly on their profile, but once the account is managed, it’s possible to enforce 2FA for everyone, but it’s necessary to subscribe to Atlassian access:

Kind regards,
Angélica

View More Comments
Jackie hardy
Jackie hardy Oct 15, 2021 • edited

Thank you @Angélica Luz Our security team is asking the following questions pertaining to Jira. Can Jira .....

1. Perform MFA natively post-auth based on individual account(s) or a group of accounts
2. Have multiple IdPs configured so you can point a group of users to another SecureAuth endpoint enabled for MFA

 

Are you able to answer item 2? I believe you have answered item 1. Also, MFA can only happen after a domain has been verified?

Thank you

Like
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 15, 2021

Hi Jackie,

Yes, there is no native functionality to enable MFA in Jira, it’s necessary Atlassian access for that.

Regarding your second question, it’s only possible to configure SAML with one IdP.

There are feature requests suggesting improvements for that:

Also, MFA can only happen after a domain has been verified?

Yes, it’s necessary to verify the domain to use Authentication policies.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

See all events