Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Service Desk not working with Office 365 with 2FA enabled

Phil Burke
Phil Burke November 30, 2020

Hi and apologies if this is a duplicate post; in fact I would be surprised if it isn't however after many hours of googling over several days I cannot find a solution to what I thought would be a very common and simple issue.

 

Service desk works fine with O365 IMAPS - config below

Email - full email address

Password - password

Mail server - outlook.office365.com

Protocol - IMAPS

Port - 993

 

However when I enforce 2fa it stops working - no great surprise there, however I cannot see any way of providing Jira with the 2fa password and any other options to get past this.

 

Any advice would be much appreciated.

Answer
Watch
Like Be the first to like this
1619 views

2 answers

0 votes
Pravesh Mathema
Pravesh Mathema October 23, 2021

I have same issue. created app password for O365 but also not working.

View More Comments
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 25, 2021

Hi @Pravesh Mathema ,

For JSM Cloud as this question was originally asked, you'll now want to use OAuth, as described in Switch your Microsoft and Google email accounts to OAuth . If you're using a different product or deployment type, let me know and I can point you in the right direction.

Cheers,
Daniel | Atlassian Support

Like
Pravesh Mathema
Pravesh Mathema September 24, 2022

I am using self hosted Jira Service desk. still no luck.

Like
Reply
0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 2, 2020

Hi Phil, welcome to the Community and thanks for reaching out!

When 2FA is enabled for Office 365, you'll need to issue an app password for Jira to connect to the mailbox. This is a separate password from what you'd use for the account, and allows Jira (or another application) to bypass 2FA. You enter this in the standard password field in the application (and you don't enter the normal account password anymore).

The Microsoft documentation for using app passwords is available here - and although it's at the top of the document, I want to call out here as well that app passwords need to be enabled for your organization by an Azure/Office365 admin, or you won't see the options mentioned in the rest of the documentation that allow you to create a new one.

Cheers,
Daniel

View More Comments
Phil Burke
Phil Burke December 2, 2020

Hi Daniel and thanks for the response. Have turned 2fa back on this morning but it takes a while before I can test it. A little confused though because if there is only 1 password, then it is not 2fa... 2fa by definition is 2 methods of authentication.

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 3, 2020

That's a correct assessment! This is partially why Microsoft requires you to enable app passwords separately before they can be created.

The app passwords are randomly generated, and long - so they:

  1. Aren't likely to be brute-forced
  2. Won't be re-used across other sites like a user password might be (a security risk if someone is able to get the password table from a less secure site where the password was reused)

From the standpoint of "how would an application interact with 2FA" - there are some pitfalls. For common second factors:

  • Hardware tokens: there's no way to plug a security device into a cloud-hosted application
  • Push notifications: you probably don't want to be clicking "approve" on your phone every 60 seconds while Jira is checking mail
  • SMS / 6 digit one-time-passcodes - if these don't expire every 60 seconds and instead have an indefinite life, they're no different than a password

As a future state, I would lean toward OAuth for mail authentication rather than basic auth with a username/password. We're still adding OAuth as an authentication mechanism for mail in Jira Service Management Cloud, but you can follow along with the progress here: JRACLOUD-72590 

Like
Phil Burke
Phil Burke December 10, 2020

Hi Dan, sorry for the late reply and thank you for all your help so far. I've had to remove 2FA for the moment as I can't seem to get it working. After your above explanation, I have done the following:

Turned 2fa back on in O365 portal - without any changes in Jira it continued to work for several hours before any issues - I'm assuming it takes time to populate various servers with the change ?

Created a password for Jira.

Successfully connected service desk with this password.

Tickets could be received but replies were no longer getting back to the reporter. I will try again when I have the time for the service desk to be 'down' for a day as I'm sure it must be something simple. Doesn't make sense that it could receive but not send.

I am adding the email as 'custom' because if I try and add 'Microsoft' account, it defaults to my own email address and I cannot for the life of me find a way to change to my support@ email.

Like
Phil Burke
Phil Burke December 11, 2020

Strike that, after trying to do this many many times when over the first month or so of having an account without success, it suddenly now lets me choose another of my o365 accounts....  I'm not crazy my mother had me tested.

Like Daniel Eads likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events