Does anybody know the story with confluence cloud login security? Is two factor authentication (2FA) natively supported yet? Otherwise any other more sophisticated login process than username/password? If not, does anybody know what the timeline is? When we first signed up for confluence years ago 2FA was listed as a "coming soon" feature... As far as I can tell (as of Jan 2017) it only seems to be possible through third party applications, so still unsupported natively, despite Confluence being the kind of high risk repository you would typically want well protected.
Hope I have this wrong and someone can educate me! Thanks.
This should be possible now, as SAML support has recently been introduced to Confluence Cloud https://confluence.atlassian.com/purchasing/saml-single-sign-on-for-atlassian-account-860002668.html
Two Factor Authentication can then be supported by using a third-party identity provider - e.g. Google, Azure Active Directory, Okta, etc.
I suppose it depends on what you mean by 2FA
Personal Username and Personal Password are two factors for granting access.
Presumably you want more?
What specifically do you want?:
Secret question? (mother's maiden name, name of first dog ...)
Physical key? (swipe card, USB FOB)
Steven is referring to the standard 2fa concept of "something you know" and "something you have", so along with your username and password (things you know), you also need a phone to which a passcode will be texted when you try to login (something you have).
As I mentioned above, currently this functionality is not natively available in Confluence, although there are 3rd party solutions as Steven and James have said.
You might find the comments from Atlassian on this ticket of interest: https://jira.atlassian.com/browse/ID-6213
Atlassian are moving to a "managed account" system as a first step towards doing other things, including - I believe - 2fa. You may also want to watch/vote for this ticket https://jira.atlassian.com/browse/JRA-20999 as a lot of Confluence users also have JIRA and run their user management through JIRA. If you do that then this ticket is of direct interest to you.
you can use the 2-factor-authentication add-on for Confluence by SecSign Inc:
Rather than using usb tokens you use your smartphone as the second token.
You will find more information about the confluence add-on and the login procedure at https://www.secsign.com/developers/atlassian/confluence-two-factor-authentication/
Besides the confluence add-on SecSign provides 2FA add-ons for JIRA and Crowd as well:
Hi my Community friends! For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs