You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We current use the following Atlassian products:
We have the 2FA enabled via Atlassian and that covers all the Atlassian tools listed above. So if I want to log into any of those services, I need to provide a 2FA code. This 2FA is handled at the admin level (which makes it relatively easy to manage when someone loses a phone, etc.).
However, there is also the option to enable 2FA at a user level in Bitbucket. And this is enforced when setting up a new Bitbucket account. I'm assuming the reason for this is that the Atlassian 2FA is applied to all users with the relevant email domain.
This introduces a problem because the Bitbucket 2FA is not managed at an admin level and it is completely unrealistic to expect non-IT users to understand the importance of recovery codes, etc. So if they lose a phone and don't have recovery codes they are completely locked out of their Bitbucket account.
The workaround we have come up with is:
With this approach, if anyone wants to connect to Confluence, JSM or Bitbucket, they must first provide the 2FA for Atlassian. There is no requirement however to provide a 2FA code specifically for Bitbucket.
The question is whether there is a better approach than what I have described above? Is it possible to remove step 3 and 4 from the above process?
Hi @Gerard McHale,
This doesn't sound like expected behavior, I don't think that we have a feature that enforces users to enable Bitbucket 2FA on sign-up. Enforcing 2FA for users from your verified domains in http://admin.atlassian.com/ should only affect the Atlassian account 2FA.
The premium plan in Bitbucket Cloud has a feature to Require two-step verification, however, this is not enforced on signup. Enabling this setting for a workspace will make the workspace content inaccessible to users that have been granted access but have no 2FA enabled on the Bitbucket account. Users will see a message informing them that they need to enable Bitbucket 2FA in order to access this content (this is not going to be enforced on sign-up).
When you have a new user joining and creating a new Bitbucket Cloud account, I would suggest asking them to create a screencast that shows the process they follow on their browser when they try to create a new Bitbucket account, up until they get asked to enable Bitbucket 2FA. Then, create a ticket with the support team and provide this screencast, so we can see what is happening and further investigate. You can create a ticket via https://support.atlassian.com/contact/#/, in "What can we help you with?" select "Technical issues and bugs" and then Bitbucket Cloud as product.
If you have any questions, please feel free to let me know.
Hi @Theodora Boudale. Thank you for your response on this. I have tested this some more and it turns out that I was incorrect about the automatic requirement for 2FA to be enabled.
What was happening was that I was inviting users to join a user group within a workspace that required 2FA. That was what triggered user requirement to enable the 2FA.
I'm happy for this ticket to be closed.