Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

2FA Atlassian Access External Users

Mike Bell
Mike Bell
Contributor
March 4, 2024

Within Atlassian Access I have all of my users setup via OKTA. However there are some "external" users that are not managed via OKTA. 

In Security -> External Users -> External User Policy the "Two-factor verification" setting has no options to set. 

How do I setup 2FA for external user accounts?

Thanks,

 

Mike

Answer
Watch
Like Be the first to like this
737 views

2 answers

1 accepted

0 votes
Answer accepted
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 4, 2024

Hi @Mike Bell 

You can just enable this. The users will need an authentication app on their mobile.

The accounts are still Atlassian accounts.

See also; manage-two-step-verification-for-your-atlassian-account 

View More Comments
Mike Bell
Mike Bell
Contributor
March 4, 2024

Hi @Marc - Devoteam 

Correct me if I'm wrong, but I believe that you are referring to an authentication policy where I can enable and disable 2FA. What I am referring to is an "External User Policy" under Security -> External Users. There does not seem to be any option for 2FA settings. The external users are not managed accounts. If there is a way that I could use an authentication policy instead, it would be great, but I don't think that I can.

EUP.png

Thanks,

 

Mike

Like Marc - Devoteam likes this
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 5, 2024

Hi @Mike Bell 

No there is no option for 2FA based on external users in that specific policy.

But if the users are in your org (they have an account), you can also create a specific authentication policy and add only those users, then you can enable 2FA.

 

Like
Mike Bell
Mike Bell
Contributor
March 6, 2024

Hi @Marc - Devoteam 

Thank you for your help with this question. I am going to call this a big fat fail for Atlassian. How could putting 2FA on less secure accounts (accounts that I have no real management over) be an afterthought or not an option at all.

90% of my accounts are managed by OKTA (safe and secure), but the other accounts that I cannot control are not able to be properly secured.... Wow!

Again, thanks for your help. I appreciate it.

Mike

Like
Reply
0 votes
Philip Schlesinger
Philip Schlesinger July 25, 2024

Q to @Marc - Devoteam :

 

Does this ability to force external users -- that is, users with email address from un-managed domains for our Atlassian org -- to verify their identity with an extra step at a set frequency -- come with Atlassian Guard Standard?

 

EUP.png

View More Comments
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 26, 2024

Hi @Philip Schlesinger 

Yes, this is a default setting within Atlassian Guard

Like Philip Schlesinger likes this
William Crighton
William Crighton
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 13, 2024

I don't believe this is true - Authentication Policies only apply to managed accounts which excludes all external accounts.

Maybe I'm missing something but I cannot add any external users to an Authentication Policy. And it's only in authentication policies that you can enforce the two-step verification.

The two-factor verification is not the same, and all these external users will still appear on the insights page as "Two-step verification not enabled"

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events