How To: Atlassian Access - Enable & Disable Two Factor Authentication for Managed Users

This guide will walk you through the process of enabling and disabling two factor authentication for managed users within your Atlassian Cloud organization.

If you are looking for the ability to enable two factor authentication for unmanaged accounts, at the time of writing this article, Atlassian has not yet implemented this functionality, however it is currently in progress and you can track the work on that feature here: https://jira.atlassian.com/browse/ACCESS-102

For your convenience, there is a video version of this guide at the bottom of this article this will show you how to follow these steps. Also, each of the headings are hyperlinked to the specific time interval in the companion video where that topic is covered.

Before you begin, there are some things you will need or assumptions I will be making about what you have access to as a part of this tutorial. If you don’t have the ability to change or update something that is included in this guide you will either need to find someone that has the ability to perform certain steps or can give you the access you need to perform those steps.

Prerequisites:

  • You are going to need to be an Atlassian Organization Administrator for you Atlassian Cloud Organization.

  • You are going to need to have a subscription to Atlassian Access.

  • You will need to have managed users as a part of your Atlassian Cloud Organization.

  • In order to modify managed users, you will need to have already verified your domain and claimed your domain accounts. (Follow this guide if you haven’t completed that step yet)

Enabling Two Factor Authentication for Managed Accounts:

If you haven’t already setup different authentication policies (you need Atlassian Access in order to get to this feature) you are going to want to create a new policy that has the “two-step verification“ toggle set from Optional → Required.

How do you accomplish this?

  1. you will need to get to the Atlassian Organization Admin page, which you can do by navigating to https://admin.atlassian.com, then selecting the Organization you wish to manage.

  2. Next, you will want to navigate to the Security → Authentication policies menu options
    2FA_SecurityPoliciesScreen.JPG

  3. If you don’t already have a security policy with “two-step verification“ set to Required, click Add Policy (otherwise skip to #5 )

  4. In the popup, enter a name for the policy (use something that will make sense later like “Enforce 2FA“), then click the “Add“ button.
    2FA_AddPolicyPopup.JPG

  5. In the policy screen make sure to change the “require two-step verification“ radio button to “Required“. The, click the “Update“ button.
    2FA_Enforce2FA.JPG

  6. Change to the “Members“ tab and click the “Add members“ button.

  7. In the popup, you can either add individual users (up to 20 at a time) or you can upload a *.csv file of email addressed (up to 1000 at a time), to add managed users to this policy.
    2FA_AddMembers.JPG

  8. Once you are done adding members, click the “Add members“ button.

  9. Depending on how many users you added at once this could take a bit of time to update the policy. You will receive an email when the users have been successfully added to the policy.

  10. To confirm this policy is now active, navigate to the Directory → Managed Accounts menu options.

  11. Click on the “Show details“ link for a user that was added to the new policy, you should see a green, “Enabled“ next to the “Two-step verification” Security setting.
    2FA_MemberView_Enabled.JPG

Disabling Two Factor Authentication of Managed Accounts:

By default, Atlassian Access starts with an Authentication Policy called “Applies to all users“. Which has all security options either turned off or set to their lowest possible value. We can use this, or you can create an additional custom policy that with set the “two-step verification“ toggle from Required → Optional.

How do you accomplish this?

  1. you will need to get to the Atlassian Organization Admin page, which you can do by navigating to https://admin.atlassian.com, then selecting the Organization you wish to manage.

  2. Next, you will want to navigate to the Security → Authentication policies menu options
    2FA_SecurityPoliciesScreen.JPG

  3. If you want to create a new security policy instead of using the default “Applies to all users“ policy follow the “Add policy“ steps from the Enabling Two Factor Authentication steps. Otherwise, continue to follow along.

  4. Edit the default “Applies to all users“ policy (this assumes you have not altered this policy from it’s default state with “Two-step verification“ set to Optional).

  5. Change to the “Members“ tab and click the “Add members“ button.

  6. In the popup, you can either add individual users (up to 20 at a time) or you can upload a *.csv file of email addressed (up to 1000 at a time), to add managed users to this policy.
    2FA_AddMembers.JPG

  7. Once you are done adding members, click the “Add members“ button.

  8. Alternatively, you can select the policy we created in the Enabling Two Factor Authentication section, and click on the “Members“ tab.

  9. Click the “Change member’s policy“ link for the user you which to switch (this is only recommended if you have a small number of users to change).
    2FA_ChangeMemberPolicy.JPG

  10. In the popup, select the new desired policy and click the “Change“ button.
    2FA_ChangePolicyPopup.JPG

  11. The user will have been move to the newly selected policy.

  12. To confirm this policy is now active, navigate to the Directory → Managed Accounts menu options.

  13. Click on the “Show details“ link for a user that was added to the new policy, you should see a red, “Not Enabled“ next to the “Two-step verification” Security setting.
    2FA_MemberView_NotEnabled.JPG

3 comments

Bill Goetz
Contributor
February 22, 2022

Great article and video @Jimmy Seddon

Thank you!

Like Jimmy Seddon likes this
Andy Gladstone
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 22, 2022

Great content. Thanks for the video and companion article.

Sjaa
Contributor
January 11, 2024

At the pointy end of our migration and this information was a great help.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events