Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

How to enforce Bitbucket 2FA without user log out?

Andrew Liew February 9, 2023

Hi,

I have enabled the 2FA in my personal setting, I have tested the 2FA working after I have logged out and login to Bitbucket.

 

Do I have to manually logout/login in order to use 2FA? 

 

Thanks,

Andrew

 

1 answer

1 accepted

0 votes
Answer accepted
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 12, 2023

G'day, @Andrew Liew 

Yes, you are required to log out and in again to use 2SV since the sessions do not expire when the user enables it by default.

Also, I believe there's no way to force users to logout from their accounts now.

However, there's a possible way to force users to enable 2SV by enabling the options in the workspace Premium settings. This will force users to enable their 2SV before accessing the workspace.

Let me know if you have any additional questions.

Cheers,
Syahrul

Andrew Liew February 13, 2023

Hi Syahrul. Thanks for your reply. 

I have enabled 2SV in my personal setting. I have also log out and tested the 2SV. It works only if I log out.

2faSetting.JPG

 

If I do not log out, the 2SV does not seem to matter. Only if I log out, 2SV UI would appear for the keys.

 

Cheers,

Andrew

Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 13, 2023

Hi @Andrew Liew 

Yes, that's the right behavior.

Once you turn on the 2SV in Bitbucket, you won't be forced to log out, but the next time you log in to Bitbucket, you'll require to enter the 2SV code as an additional login step.

Cheers,
Syahrul

Andrew Liew February 13, 2023

Hi Syahrul,

That's not true.

After I passed the 2SV once, then onwards, every time even after I restarted my machine and started the browser with my bitbucket bookmark, I can access Bitbucket without 2SV or login every day. There is no 2SV UI or login for the keys. I can access the Bitbucket many times without 2SV or login.

Cheers

Andrew

Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 13, 2023

Hi @Andrew Liew 

Just so we are on the same page, the login I mention earlier is when you are present with the option to enter your emails as the following screenshot:

Screenshot 2023-02-14 at 10.27.22 AM.png

This login wizard will then ask for the 2SV code before allowing you to log in. So if this is what you mention log in earlier, where you are not asked to enter your 2SV, then something is not right.

However, if it's not, or by login, you mean simply accessing the URL. Then it's expected behavior because when you log in to Bitbucket, we store a session cache that allows you to access Bitbucket without going through the login process. Once the session expires, you'll be asked to log in as shown in the screenshot above.

That said, I can see you are on the Premium plan, so if you wish to continue the conversation further I can create a support ticket on your behalf of you.

Cheers,
Syahrul

Andrew Liew February 14, 2023

Thanks, Syahrul for your information. I will inform my team with this info.

 

Cheers,

Andrew

Like Syahrul likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events