Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,456,252
Community Members
 
Community Events
176
Community Groups

How do the 2FA processes for Atlassian Products and Bitbucket interact together

We current use the following Atlassian products:

  • Confluence
  • Jira Service Management
  • Bitbucket

We have the 2FA enabled via Atlassian and that covers all the Atlassian tools listed above. So if I want to log into any of those services, I need to provide a 2FA code. This 2FA is handled at the admin level (which makes it relatively easy to manage when someone loses a phone, etc.).

However, there is also the option to enable 2FA at a user level in Bitbucket. And this is enforced when setting up a new Bitbucket account. I'm assuming the reason for this is that the Atlassian 2FA is applied to all users with the relevant email domain.

This introduces a problem because the Bitbucket 2FA is not managed at an admin level and it is completely unrealistic to expect non-IT users to understand the importance of recovery codes, etc. So if they lose a phone and don't have recovery codes they are completely locked out of their Bitbucket account.

The workaround we have come up with is:

  1. Setup the account in Atlassian. 2FA is enforced at an admin level
  2. The user must set up 2FA when the connect to Atlassian
  3. The user must set up 2FA when they set up their Bitbucket account using the appropriate domain.
  4. We ask the user to disable the 2FA for Bitbucket ASAP. They must do that themselves because each user is the admin of their Bitbucket account.

With this approach, if anyone wants to connect to Confluence, JSM or Bitbucket, they must first provide the 2FA for Atlassian. There is no requirement however to provide a 2FA code specifically for Bitbucket.

The question is whether there is a better approach than what I have described above? Is it possible to remove step 3 and 4 from the above process?

1 answer

1 accepted

0 votes
Answer accepted

Hi @Gerard McHale,

This doesn't sound like expected behavior, I don't think that we have a feature that enforces users to enable Bitbucket 2FA on sign-up. Enforcing 2FA for users from your verified domains in http://admin.atlassian.com/ should only affect the Atlassian account 2FA.

The premium plan in Bitbucket Cloud has a feature to Require two-step verification, however, this is not enforced on signup. Enabling this setting for a workspace will make the workspace content inaccessible to users that have been granted access but have no 2FA enabled on the Bitbucket account. Users will see a message informing them that they need to enable Bitbucket 2FA in order to access this content (this is not going to be enforced on sign-up).

When you have a new user joining and creating a new Bitbucket Cloud account, I would suggest asking them to create a screencast that shows the process they follow on their browser when they try to create a new Bitbucket account, up until they get asked to enable Bitbucket 2FA. Then, create a ticket with the support team and provide this screencast, so we can see what is happening and further investigate. You can create a ticket via https://support.atlassian.com/contact/#/, in "What can we help you with?" select "Technical issues and bugs" and then Bitbucket Cloud as product.

If you have any questions, please feel free to let me know.

Kind regards,
Theodora

Hi @Theodora Boudale. Thank you for your response on this. I have tested this some more and it turns out that I was incorrect about the automatic requirement for 2FA to be enabled.

What was happening was that I was inviting users to join a user group within a workspace that required 2FA. That was what triggered user requirement to enable the 2FA.

I'm happy for this ticket to be closed.

Hi Gerard,

Thank you for the update. If you need anything further, please feel free to reach out.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS

Atlassian Community Events