how to enable two factor authentication for confluence v4.1.6

Eda Prasad April 6, 2017

I am planning to set up two-factor authentication to my confluence(wiki) application the version which we are using now. confluence 4.1.6

 Is it possible to enable the two-factor authentication for v4.1.6? If not which version supports the two-factor authentication? We are using a server-based application not cloud.

So please guide me on this.

 

 

4 answers

2 votes
Anton Storozhuk April 24, 2019

Hi @Eda Prasad 

 

There's a 2FA plugin for Confluence available: https://marketplace.atlassian.com/apps/1220359/2fa-u2f-secure-login-for-confluence?hosting=server&tab=overview

 

Please note that this app has Data Center edition.

0 votes
Titus
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 30, 2017

You can use the 2 factor authentication add-on for Confluence by SecSign Inc:

https://marketplace.atlassian.com/plugins/com.secsign.secsignid/server/overview

Rather than using usb tokens you use your smartphone as the second token.

 

You will find more information about the confluence add-on and the login procedure at https://www.secsign.com/developers/atlassian/confluence-two-factor-authentication/

 

Besides the confluence add-on SecSign provides 2FA add-ons for JIRA and Crowd as well:

SecSign 2FA add-on for Crowd

SecSign 2FA add-on for JIRA

0 votes
Alexander Kueken April 11, 2017

Hi Eda,

Sorry, I didn't saw your question earlier. I am one of the product managers for the Secure Login. Sadly we can not fulfill your wish and support Confluence 4.1 with our plugin. Not only I am not sure if the plugin would be compatible with the old SDK version, we could also run into problems with old Java versions and other dependencies.

If you are concerned about security and I think you are, if you think about using 2FA for your installation, I really suggest you upgrade to a newer version of confluence first. Confluence 4.1 is over five years old now, and I am sure from security and stability perspective you really would get a benefit from the upgrade, even if I know such an upgrade is not trivial.

If you are going to upgrade and you are still interested in our plugin or you have questions, please fell free to reach out to me.

Regards,
Alexander

Prasad Andrews July 24, 2017

@Alexander Kueken

Hi Alex,


I have successfully upgraded my confluence from v4.1.6 to v6.2.2
And I have installed your plugin Secure Login in the test environment.
It looks good.
But here the issue is We have people without smartphones who need access and we need a solution that is not dependent on smartphones.
So we are looking for OTP.Could you please help me on this?
Is it possible to use OTP with your secure login plugin?


Regards,
Eda

Alexander Kueken July 25, 2017

Dear Andy

Besides the usage of an authenticator app on a smartphone, there are two alternatives, which work together with Secure Login.

First is the Yubikey. It is a special USB hardware token, which supports the TOTP protocol, used by our plugin. For more information about this alternative, please take a look at your blog post "Using Secure Login with Yubikey". You can find the article here:

Another alternative is "Authy Desktop". Authy is a well-known authenticator on mobile devices. But they offer a desktop version as well. Sadly the usage is limited the Google Chrome Browser because it is a Chrome plugin. More information you can find on the Authy Website or the Google Chrome Store.

With kind regards,
Alexander

Prasad Andrews July 26, 2017

So again do we need to pay anything for Yubikey?

I have installed the yubikey software but when I open its showing no yubikey detected.

 

Please find the below snap shot:

Yubikey.PNG

 

 

Alexander Kueken July 26, 2017

The Yubikey itself is a piece of hardware you have to buy separately. That device will be your second factor. The software you installed is just the UI to communicate with the device. So for every of your users, which does not have a smart phone, you need one Yubikey device. 

In larger amounts, you can buy them from the manufacturer Yubico himself. In smaller quantities, you can get them from retailers, like Amazon.

Regards,
Alexander

0 votes
Panos
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 7, 2017

 

Did you even bother to google it before asking?

First non ad hit from google returns this https://marketplace.atlassian.com/plugins/de.syracom.confluence.plugins.securelogin/server/overview which is supported by atlassian and for versions Confluence Server 5.6.5 - 6.1.1 

Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 7, 2017

Well, specifically Eda is asking for a solution for Confluence 4.1.6, not 5.6.5 ... which is probably why she asked the question here.

Panos
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 7, 2017

I understand that i am a bit aggressive and apologize for that. But to the question "If not which version supports the two-factor authentication?" the answer is 5.6.5-6.1.1 which is found just by googling. 

Eda Prasad April 11, 2017

Hi Panos,

 

I know that the two-factor authentication will work on confluence 5.6.5-6.1.1. But am asking about the v4.1.6 because am using v4.1.6

So please let me know is it possible to set up the two-factor authentication for wiki v4.1.6?

Panos
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 11, 2017

Hi Eda,

I have this repo https://github.com/chmod/auth0-confluence with auth0 2FA. You can fork it and try make it work in 4.1.6

Otherwise, my suggestion would be to update your old confluence.

Eda Prasad April 11, 2017

Hi Panos,

Thank you, I will try in a Test environment.

If possible please let me know the process that how to implement this repo with auth0 2FA.

We are planning to upgrade the version but before that will try in the current version.

Regards, Eda

Prasad Andrews July 25, 2017

Hi @Panos

I have successfully upgraded confluence to v6.2.2.
We are looking for 2FA for confluence actually I have installed secure login and SecSign ID plugins in my test environment it works good but those plugins will work with Smartphones.

But here the issue is We have people without smartphones who need access and we need a solution that is not dependent on smartphones.
So we are looking for OTP(One Time Password).Could you please suggest me on this?
Could you please suggest me the plugin related to OTP?

Regards,

Eda

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events