How can I add 2FA to Jira Server or Confluence Server?

Less and less companies are enforcing password expiration dates these days. Instead, 2FA is increasingly more popular. 

This is very easy to setup with Access if you’re on Cloud, but not obvious for on-prem.

There are basically two approaches that you can take if you want to add second factor authentication to Jira, Confluence, or any other Server / Data Center application:

1. Configure an MFA policy from your Identity Provider
2. Add a 2FA plugin from the Atlassian Marketplace

First option. When your IdP supports 2FA

If you’re already using a commercial Identity Provider, it will probably give you some options for Multi-Factor Authentication. Heck, you can even go passwordless these days with the right setup.

Passwords are just an authentication option in Okta's MFA policies

Step 1: Configure your Identity Provider.

Here are some useful links:

• Okta
• Azure AD
• OneLogin
• Google Cloud Identity

Step 2: Connect to Atlassian Apps via SAML

To add Atlassian apps into your IdP you will need to add a SAML SSO marketplace app. The the most widely installed and reviewed is resolution’s SAML SSO for Jira. (For full disclosure, resolution GmbH is my current employer)

Second option. When you don’t want to add the 2FA policy to your IdP

You can also configure 2FA by adding an app from the marketplace. This might be interesting if your company only uses one Atlassian product or if for some reason you don’t want to set up a company-wide setting in your IdP.

Note that, in this case, you will have to install one 2FA app per each Atlassian application.

There are many options in the marketplace. We have personally tested Syracom’s 2FA for Jira, and it’s compatible with our SSO app.