Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

User API doesnt return mfa status for the user

Vinod
Vinod November 25, 2019

Dear team,

we were using the below API to know if the user has enabled mfa or not using the flag mfa.read. 

Although the swager.json says we can use the handler mfa.read to get the information, 

the API always gave error.

{
    "key": "resourceNotFound",
    "context": "GET /users/{account_id}/manage/mfa.read does not exist in the Swagger for this application",
    "errorKey": "resource-not-found",
    "errorDetail": "GET /users/{account_id}/manage/mfa.read does not exist in the Swagger for this application",
    "traceDetail": {
        "traceId": "91264013c1cd0d73",
        "spanId": "6bcd049c99276774",
        "parentSpanId": "c670299230ef6a26"
    }
}

The below documentation does say that the information can be obtained for the same.

https://developer.atlassian.com/cloud/admin/user-management/rest/#api-users-account-id-manage-get

I have raised a ticket for the same which is below

JST-532526 User API for MFA.read gives error

Can somebody help to shed some light for the issue that we are encountering.

Answer
Watch
Like Be the first to like this
729 views

1 answer

1 vote
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 12, 2019

Hello @Vinod ,

The User Management REST API endpoint you are calling is working as expected. However, you are passing the parameter in a wrong way and that's why it is failing for you.

As written in the documentation, you have to pass (append to the URL) the query parameter privileges followed by a comma separated list of values, while you are adding the value mfa.read to the URL itself (instead of passing it as a parameter).

 

So, to summarize, the right/expected format is: 

While you are calling:

 

In order to have the REST API call working, you have to replace {account_id} (or <ACCOUNT_ID> in my example) with the real account id of the users you want to get the data from.

 

I can confirm that the REST API works as expected if the correct endpoint is provided (replace <API-KEY> with the api_key you generate in admin.atlassian.com for your organization and <ACCOUNT_ID> with the account_id of the user you want to get the information:

curl -H 'Authorization: Bearer <API_KEY>' -H 'Accept: application/json' -X GET https://api.atlassian.com/users/<ACCOUNT_ID>/manage?privileges=mfa.read

 
{"mfa.read":{"allowed":true}}

 

For further details on this, please review:

 

 

Cheers,
Dario

View More Comments
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 12, 2019

Also, just FYI, I have created a Documentation request to have the parameters added to the list of the accepted values:

Cheers,
Dario

Like
Vinod
Vinod December 18, 2019

@Dario B thanks a lot for the answer. I am still having issue in identifying if an user has enabled MFA or not. 

Like
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 19, 2019

Hi @Vinod , 

I made some more tests and I can confirm that the endpoint is always returning "allowed":true regardless MFA is enabled or not for the user/organization.

I have created below bug request to have this issue fixed: 

Please vote for the above bug ticket and set yourself as a watcher so that you will be notified in case of any update/progress. The bug will be addressed according to the Atlassian Cloud bug fixing policy.

 

Cheers,
Dario

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events