It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage
Highlighted

2FA for Jira: U2F & TOTP Edited

You may discuss "2FA for Jira: U2F & TOTP" app here.

6 comments

Will this plug-in work if we are using Crowd as a user directory?

Hi @Brian Tullio Yes, our app supports Crowd. 

I see you have a plug-in for Confluence also but not Bitbucket.

Are there plans to accommodate Bitbucket?

@Brian Tullio Bitbucket natively support U2F devices (https://bitbucket.org/blog/universal-2nd-factor), so there's no need in additional plugin

As far as I can tell, this only applies to Bitbucket cloud.

U2F for server has been a requested feature since 2015 but has received no love.

https://jira.atlassian.com/browse/BSERV-7815?focusedCommentId=999206&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel

@Anton_Storozhuk Any thought on my last post? I can see that other vendors offer Bitbucket plugins.

I like yours since it works very well, but would prefer to go with the same vendor cross our Jira/Confluence/Bitbucket installation.

Hi @Brian Tullio We started to work on Bitbucket 2FA plugin. The functionality will be exactly the same as Jira & Confluence versions. I'll keep you posted. Thanks!

@Anton_Storozhuk Fantastic! I would like to work this into my IT schedule, any ETA? I would be happy to be a part of testing once you have something working, even if it is beta.

@Brian Tullio ETA for beta is around 4-5 weeks. I've scheduled a contact with you already. Thanks for letting me know that you're ready to be a part of testing.

Hi @Brian Tullio we've finished to work on Bitbucket 2FA app and submitted it to Atlassian Marketplace. I'll let you know when the app is reviewed and available to download.

@Anton_Storozhuk - that's great news, thanks!

Hi @Brian Tullio our Bitbucket Server 2FA solution is finally arrived: https://marketplace.atlassian.com/apps/1220942/2fa-for-bitbucket-u2f-totp?hosting=server&tab=overview please try it our and share your feedback with me.

 

Thanks,

Anton.

Hi @Anton_Storozhuk 

I downloaded the add-on and everything installed fine.

However, when attempting to setup the 2FA for my own account, I get a 500 error.

I get the QR code screen, and scan it with the Google Authenticator. It does not ask me for the secret key, it just adds the account immediately.

Then, Google Authenticator gives me a 6 digit code. But, when I put that code into the 2FA screen on Bitbucket, it gives me the 500 error. It looks like it's trying to access this page - plugins/servlet/authplugin/tfaconfiguration?wrongcode=true

 

I tried it a bunch of times, and made sure the code was correct.

@Brian Tullio thanks for being so fast! Contacting you to get more details on this...

Issue has been resolved.

May I know how to fix this issue?

 

Then, Google Authenticator gives me a 6 digit code. But, when I put that code into the 2FA screen on Bitbucket, it gives me the 500 error. It looks like it's trying to access this page - plugins/servlet/authplugin/tfaconfiguration?wrongcode=true

 

We're trying this addon and some user report the same issue.

 

Thanks

Hello @franky064991 ,

Since we use the Time-based One-Time Password algorithm (TOTP) there is an assumption that the time on the phone may be unsynchronised.
Could you please make sure that the time synchronized (accurate to the minute and second) with your Bitbucket instance and mentioned phone?


Please let us know if this helped.

Otherwise could you please send us the log files from your Bitbucket instance  to support@alpha-serve.com ?

 

Thank you.

Like Anton_Storozhuk likes this

Hello @franky064991 ,

Are you still experiencing the same issue?

Please let me know. 

Regards,

Liubov

Hi Liubov,

 

Problem solved, thx for the suggestion.

Like Anton_Storozhuk likes this

When adding a U2F key, the plugin almost immediately opens a Chrome dialog to insert and tap the key before I have a chance to type a name for it. Then, the plugin complains that I have not given it a name and repeats the process. The only workaround I have found is to type a name in notepad, copy it, and then paste it into the form before the dialog appears. If I press cancel in the dialog, it reports an error and returns to the 2FA configuration page.

Hey @Colin_King

What device are you using?

Hi, I am using Chrome 76 in a Windows 10 desktop. I just installed the plugin and was trying it with the default settings.

@Colin_King thanks for the info. What type of U2F hardware key you were trying to add?

Yubikey 5 NFC and Yubikey Security Key. I was able to get them both working using the workaround.

@Colin_King Both HW keys are used in our regular regression testing. I'll pass this to our QA dept and come back to you when I know more. Can you please share your contact info with me? Please email me at a.storozhuk@alpha-serve.com. Thanks, Anton.

@Colin_King we've released app update v.3.1.5 which should fix the issue. Could you please update your instance and recheck? Thanks, Anton.

Is there a way to connect the app with a DUO account?

Hello @Beth Starr ,

Now you can use Duo Mobile app as a TOTP code generator for third-party accounts. 

We're considering adding support for connecting 2FA for Jira: U2F & TOTP plugin to a Duo account. We let you know the details as soon as they are available. 

Regards,

Liubov

Hello,

Is it possible with your plugin to enable 2FA on the user level?
Also, what mobile 2FA apps are supported by it?

Regards,

Tamas Juhasz

Hello @Tamas_Juhasz ,

Thank you for your question.

After the plugin was installed on your instance by admin (currently we have 2FA plugins for Jira, Confluence, Bitbucket, Crowd and Bamboo; Crucible and FishEye are coming soon) users can enable 2FA on the user level.

Plugins work with mobile applications based on the RFC 6238 standard that generate tokens, such as: Google Authenticator, Microsoft Authenticator, 2STP, OTP Auth, Authy and others.

Please let me know if you have any questions.

Regards,

Liubov

Hello,

 

is there a roadmap for Safari support for U2F devices like Yubikey? Safari DOES support that now, but I still get a "your current browser doesn't support adding security keys" error from 2FA for Jira.

 

Thanks,

Florian

Have a look at https://marketplace.atlassian.com/vendors/1216264/polarnight

A brand new security add-on with a lot of features, including 2FA.

Thanks @Lars Olav Velle _Polar SSO_, there we have the slight problem that Amazon as our potential SSO provider also still doesn't support U2F devices in Safari :)

Hello @Florian Prabst  ,

We're going to release an update in a week or two. I'll let you know about the release.

Regards,

Liubov

Comment

Log in or Sign up to comment
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you