This guide will walk you through the process of enabling and disabling two factor authentication for managed users within your Atlassian Cloud organization.
If you are looking for the ability to enable two factor authentication for unmanaged accounts, at the time of writing this article, Atlassian has not yet implemented this functionality, however it is currently in progress and you can track the work on that feature here: https://jira.atlassian.com/browse/ACCESS-102
For your convenience, there is a video version of this guide at the bottom of this article this will show you how to follow these steps. Also, each of the headings are hyperlinked to the specific time interval in the companion video where that topic is covered.
Before you begin, there are some things you will need or assumptions I will be making about what you have access to as a part of this tutorial. If you don’t have the ability to change or update something that is included in this guide you will either need to find someone that has the ability to perform certain steps or can give you the access you need to perform those steps.
You are going to need to be an Atlassian Organization Administrator for you Atlassian Cloud Organization.
You are going to need to have a subscription to Atlassian Access.
You will need to have managed users as a part of your Atlassian Cloud Organization.
In order to modify managed users, you will need to have already verified your domain and claimed your domain accounts. (Follow this guide if you haven’t completed that step yet)
If you haven’t already setup different authentication policies (you need Atlassian Access in order to get to this feature) you are going to want to create a new policy that has the “two-step verification“ toggle set from Optional → Required.
you will need to get to the Atlassian Organization Admin page, which you can do by navigating to https://admin.atlassian.com, then selecting the Organization you wish to manage.
Next, you will want to navigate to the Security → Authentication policies menu options
If you don’t already have a security policy with “two-step verification“ set to Required, click Add Policy (otherwise skip to #5 )
In the popup, enter a name for the policy (use something that will make sense later like “Enforce 2FA“), then click the “Add“ button.
In the policy screen make sure to change the “require two-step verification“ radio button to “Required“. The, click the “Update“ button.
Change to the “Members“ tab and click the “Add members“ button.
In the popup, you can either add individual users (up to 20 at a time) or you can upload a *.csv file of email addressed (up to 1000 at a time), to add managed users to this policy.
Once you are done adding members, click the “Add members“ button.
Depending on how many users you added at once this could take a bit of time to update the policy. You will receive an email when the users have been successfully added to the policy.
To confirm this policy is now active, navigate to the Directory → Managed Accounts menu options.
Click on the “Show details“ link for a user that was added to the new policy, you should see a green, “Enabled“ next to the “Two-step verification” Security setting.
By default, Atlassian Access starts with an Authentication Policy called “Applies to all users“. Which has all security options either turned off or set to their lowest possible value. We can use this, or you can create an additional custom policy that with set the “two-step verification“ toggle from Required → Optional.
you will need to get to the Atlassian Organization Admin page, which you can do by navigating to https://admin.atlassian.com, then selecting the Organization you wish to manage.
Next, you will want to navigate to the Security → Authentication policies menu options
If you want to create a new security policy instead of using the default “Applies to all users“ policy follow the “Add policy“ steps from the Enabling Two Factor Authentication steps. Otherwise, continue to follow along.
Edit the default “Applies to all users“ policy (this assumes you have not altered this policy from it’s default state with “Two-step verification“ set to Optional).
Change to the “Members“ tab and click the “Add members“ button.
In the popup, you can either add individual users (up to 20 at a time) or you can upload a *.csv file of email addressed (up to 1000 at a time), to add managed users to this policy.
Once you are done adding members, click the “Add members“ button.
Alternatively, you can select the policy we created in the Enabling Two Factor Authentication section, and click on the “Members“ tab.
Click the “Change member’s policy“ link for the user you which to switch (this is only recommended if you have a small number of users to change).
In the popup, select the new desired policy and click the “Change“ button.
The user will have been move to the newly selected policy.
To confirm this policy is now active, navigate to the Directory → Managed Accounts menu options.
Click on the “Show details“ link for a user that was added to the new policy, you should see a red, “Not Enabled“ next to the “Two-step verification” Security setting.
Jimmy Seddon
Sr R&D Tools Administrator
Arctic Wolf
Waterloo, Ontario, Canada
180 accepted answers
3 comments