According to the documentation, the first step to enable MFA is to verify the domain. I have been told that the provided snippet text to add to the DNS host of the domains to verify is not a proper DNS entry. Tech team does not want to verify the entire domain but a set of users and then apply MFA. Our tech team has already applied SSO without using Atlassian Access. Is it possible to verify a subset of users and not the entire domain?
Hello @Jackie hardy,
Thank you for reaching out to Atlassian Community!
When it comes to domain verification and claiming accounts, all people from the claimed domain will be notified and the accounts will be managed by the Org administrator. It’s not possible to claim and manage specific accounts.
When you claim accounts, we let users know with the domain that your organization manages their account when they go to their profile.
As part of the domain verification process, you need to claim all the accounts on your domain. Because anyone on your domain can create an Atlassian account, more users than you expect may have an Atlassian account with your domain. If you want to view all the accounts on your domain, you can export and preview a list of users whose accounts you’ll be claiming.
Regarding MFA, users can enable two-step verification directly on their profile, but once the account is managed, it’s possible to enforce 2FA for everyone, but it’s necessary to subscribe to Atlassian access:
Thank you @Angélica Luz Our security team is asking the following questions pertaining to Jira. Can Jira .....
1. Perform MFA natively post-auth based on individual account(s) or a group of accounts
2. Have multiple IdPs configured so you can point a group of users to another SecureAuth endpoint enabled for MFA
Are you able to answer item 2? I believe you have answered item 1. Also, MFA can only happen after a domain has been verified?
Yes, there is no native functionality to enable MFA in Jira, it’s necessary Atlassian access for that.
Regarding your second question, it’s only possible to configure SAML with one IdP.
There are feature requests suggesting improvements for that:
Also, MFA can only happen after a domain has been verified?
Yes, it’s necessary to verify the domain to use Authentication policies.
Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events