Hello!
I am the admin for my company's Jira instance and one of the members is unable to login. She says she's never enabled MFA for her account but now she jira asks her for the 6 digit code to login. Her account is the only in the entire company (200+) where this is happening.
I tried to suspend access to her account and reenable it, removed her as an user and invited her back.
Has this happened to anyone before? Can I (or her) disable MFA on her account?
Hi there! That is quite strange indeed. As a short answer, you can go into Atlassian Guard (formerly, Atlassian Access, in the admin settings) and adjust the authentication policies. You can create a new one that does not require it and scope that user to it.
Depending if you have SSO and 2FA set up through another provider it may be tricky. I would definitely also recommend if you are the Jira admin to open up a ticket with Atlassian support about this.
Thank you Harrison. Raised a ticket with support.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
And if we don't have Atlassian Guard? Is opening a ticket with Atlassian support our only option?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nevermind. I just went to the user's account and clicked "Reset two-step verification".
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alex,
What steps did you follow? For me, it only shows suspending or removing the user.
Can you share with me the steps to reset the MFA?
Thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We cannot see the "Reset two-step verification" either in the user's profile. How do we get there?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have the same issue and from what I understand, I can neither disable MFA for my user or prevent the less tech-savvy ones from signing up to it and then loosing their authenticator option. I'm still trying to figure out how they were able to activate MFA without noticing it in the first place. Does anyone know wether or not using an atlassian mobile app facilitates MFA somehow? Because that would explain, in my use case, how some of my users were able to activate MFA inadvertantly and now be unable to access their authenticator method, and of course also not their recovery code, effectivly locking them out of all Atlassian products for ~24h, since admins can't seem to be able to reset MFA or account access.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Michel, I think you're on to something. I added Jira on my iPad last weekend and logged in. Now I'm locked out of my account due to active 2FA without ever having it set up. And I'm really, really familiar with Jira. Now I'm waiting 24 hours for a recovery link not being able to do my job supporting Jira users because our other org admin is unable to reset the MFA for my account (no option to do so). What a mess.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.