how to enable two factor authentication for confluence v4.1.6

I am planning to set up two-factor authentication to my confluence(wiki) application the version which we are using now. confluence 4.1.6

 Is it possible to enable the two-factor authentication for v4.1.6? If not which version supports the two-factor authentication? We are using a server-based application not cloud.

So please guide me on this.

 

 

3 answers

This widget could not be displayed.

 

Did you even bother to google it before asking?

First non ad hit from google returns this https://marketplace.atlassian.com/plugins/de.syracom.confluence.plugins.securelogin/server/overview which is supported by atlassian and for versions Confluence Server 5.6.5 - 6.1.1 

Davin Studer Community Champion Apr 07, 2017

Well, specifically Eda is asking for a solution for Confluence 4.1.6, not 5.6.5 ... which is probably why she asked the question here.

I understand that i am a bit aggressive and apologize for that. But to the question "If not which version supports the two-factor authentication?" the answer is 5.6.5-6.1.1 which is found just by googling. 

Hi Panos,

 

I know that the two-factor authentication will work on confluence 5.6.5-6.1.1. But am asking about the v4.1.6 because am using v4.1.6

So please let me know is it possible to set up the two-factor authentication for wiki v4.1.6?

Hi Eda,

I have this repo https://github.com/chmod/auth0-confluence with auth0 2FA. You can fork it and try make it work in 4.1.6

Otherwise, my suggestion would be to update your old confluence.

Hi Panos,

Thank you, I will try in a Test environment.

If possible please let me know the process that how to implement this repo with auth0 2FA.

We are planning to upgrade the version but before that will try in the current version.

Regards, Eda

Hi @Panos

I have successfully upgraded confluence to v6.2.2.
We are looking for 2FA for confluence actually I have installed secure login and SecSign ID plugins in my test environment it works good but those plugins will work with Smartphones.

But here the issue is We have people without smartphones who need access and we need a solution that is not dependent on smartphones.
So we are looking for OTP(One Time Password).Could you please suggest me on this?
Could you please suggest me the plugin related to OTP?

Regards,

Eda

This widget could not be displayed.

Hi Eda,

Sorry, I didn't saw your question earlier. I am one of the product managers for the Secure Login. Sadly we can not fulfill your wish and support Confluence 4.1 with our plugin. Not only I am not sure if the plugin would be compatible with the old SDK version, we could also run into problems with old Java versions and other dependencies.

If you are concerned about security and I think you are, if you think about using 2FA for your installation, I really suggest you upgrade to a newer version of confluence first. Confluence 4.1 is over five years old now, and I am sure from security and stability perspective you really would get a benefit from the upgrade, even if I know such an upgrade is not trivial.

If you are going to upgrade and you are still interested in our plugin or you have questions, please fell free to reach out to me.

Regards,
Alexander

@Alexander Kueken

Hi Alex,


I have successfully upgraded my confluence from v4.1.6 to v6.2.2
And I have installed your plugin Secure Login in the test environment.
It looks good.
But here the issue is We have people without smartphones who need access and we need a solution that is not dependent on smartphones.
So we are looking for OTP.Could you please help me on this?
Is it possible to use OTP with your secure login plugin?


Regards,
Eda

Dear Andy

Besides the usage of an authenticator app on a smartphone, there are two alternatives, which work together with Secure Login.

First is the Yubikey. It is a special USB hardware token, which supports the TOTP protocol, used by our plugin. For more information about this alternative, please take a look at your blog post "Using Secure Login with Yubikey". You can find the article here:

Another alternative is "Authy Desktop". Authy is a well-known authenticator on mobile devices. But they offer a desktop version as well. Sadly the usage is limited the Google Chrome Browser because it is a Chrome plugin. More information you can find on the Authy Website or the Google Chrome Store.

With kind regards,
Alexander

So again do we need to pay anything for Yubikey?

I have installed the yubikey software but when I open its showing no yubikey detected.

 

Please find the below snap shot:

Yubikey.PNG

 

 

The Yubikey itself is a piece of hardware you have to buy separately. That device will be your second factor. The software you installed is just the UI to communicate with the device. So for every of your users, which does not have a smart phone, you need one Yubikey device. 

In larger amounts, you can buy them from the manufacturer Yubico himself. In smaller quantities, you can get them from retailers, like Amazon.

Regards,
Alexander

This widget could not be displayed.

You can use the 2 factor authentication add-on for Confluence by SecSign Inc:

https://marketplace.atlassian.com/plugins/com.secsign.secsignid/server/overview

Rather than using usb tokens you use your smartphone as the second token.

 

You will find more information about the confluence add-on and the login procedure at https://www.secsign.com/developers/atlassian/confluence-two-factor-authentication/

 

Besides the confluence add-on SecSign provides 2FA add-ons for JIRA and Crowd as well:

SecSign 2FA add-on for Crowd

SecSign 2FA add-on for JIRA

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Published Jul 30, 2018 in Confluence

How Manon Soubies-Camy uses Confluence + Trello to organize webinar notes and her knitting stash

@Manon Soubies-Camy is an engineer who has been an avid Atlassian user since 2014. She helps companies of all sizes transform the way they work with the Atlassian stack, including Jira and Confl...

854 views 8 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you