Does anybody know the story with confluence cloud login security? Is two factor authentication (2FA) natively supported yet? Otherwise any other more sophisticated login process than username/password? If not, does anybody know what the timeline is? When we first signed up for confluence years ago 2FA was listed as a "coming soon" feature... As far as I can tell (as of Jan 2017) it only seems to be possible through third party applications, so still unsupported natively, despite Confluence being the kind of high risk repository you would typically want well protected.
Hope I have this wrong and someone can educate me! Thanks.
This should be possible now, as SAML support has recently been introduced to Confluence Cloud https://confluence.atlassian.com/purchasing/saml-single-sign-on-for-atlassian-account-860002668.html
Two Factor Authentication can then be supported by using a third-party identity provider - e.g. Google, Azure Active Directory, Okta, etc.
I suppose it depends on what you mean by 2FA
Personal Username and Personal Password are two factors for granting access.
Presumably you want more?
What specifically do you want?:
Secret question? (mother's maiden name, name of first dog ...)
Physical key? (swipe card, USB FOB)
Steven is referring to the standard 2fa concept of "something you know" and "something you have", so along with your username and password (things you know), you also need a phone to which a passcode will be texted when you try to login (something you have).
As I mentioned above, currently this functionality is not natively available in Confluence, although there are 3rd party solutions as Steven and James have said.
You might find the comments from Atlassian on this ticket of interest: https://jira.atlassian.com/browse/ID-6213
Atlassian are moving to a "managed account" system as a first step towards doing other things, including - I believe - 2fa. You may also want to watch/vote for this ticket https://jira.atlassian.com/browse/JRA-20999 as a lot of Confluence users also have JIRA and run their user management through JIRA. If you do that then this ticket is of direct interest to you.
you can use the 2-factor-authentication add-on for Confluence by SecSign Inc:
Rather than using usb tokens you use your smartphone as the second token.
You will find more information about the confluence add-on and the login procedure at https://www.secsign.com/developers/atlassian/confluence-two-factor-authentication/
Besides the confluence add-on SecSign provides 2FA add-ons for JIRA and Crowd as well:
I hope all is well on your end.
There multiple 2FA plugins available for on the Atlassian Marketplace which supports 2FA for Confluence.
Here is one of the Atlassian's Top Vendor plugins that use Google Authentication to support 2FA for Confluence.
The plugin also provides the Security Question as a Backup method or as an emergency method. So, if the user doesn't have access to his phone, he can use it to get access to Confluence.
Also, it would be better if you can raise a support ticket to the vendor for faster resolution.
Again, if you are using the miniOrange, you can raise a ticket from the link given below. They will help you out to configure the plugin.
Thanks everyone for answering last week’s question. The winner of the random drawing from those who commented is: @LarryBrock I’ll contact you separately with your prize details. This wee...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events