Listing ALL users with 2FA

Rodrigo De Oliveira
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 25, 2022

Hi,

For my audit I need to list all users with MFA/2FA. Is there any possibility in the plan? I only need this function, so it doesn't made sense to change plans.

Can someone help me?

Regards,

1 answer

0 votes
Bharath Kumar
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2024

Hey Rodrigo,
Not sure if this helps now, but hope it does for anyone viewing in future

YOu can check the documentation: https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/#Find-the-accounts-without-two-step-verification-enabled.

Process of elimination should help determine the ones with MFA

 

Paul Burville April 29, 2024

Really? you are expecting customers of a paid platform to use process of elimination to find user without MFA enabled? I understand that being able to enforce it might be a premium feature (even though it shouldnt)

Surely this is basic security 101 for an online platform, along with some other basic security features that seem to be lacking?

I dont think having security as a premium feature is really the way to go as this a basic necessity these days. and in the event a customer account is breached it will be Atlassian's name on the media posts and the shrugging of shoulders and a response saying should or paid us more money I dont think sounds very responsible.

Security should be for all versions (perhaps not free versions) and then enhance them with some extra levels but to restrict basic level security for all but the big spenders seems wrong, even MS offer the basic tiers a decent security suite

Bharath Kumar
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 6, 2024

Hey @Paul Burville,
Apologies if my above statement has caused any confusion. In my above statement, I meant the "process of elimination" only entails a filter to be selected, which can be used once the export has been done. Please see the available process below. 

Find the accounts without two-step verification enabled

You can see a list of all accounts from your verified domains that don't yet have two-step verification enabled:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Directory > Managed accounts.

  3. Select All accounts dropdown.

  4. Under Two-step verification, select Not enabled.

We’ll provide a list of Atlassian accounts that are managed in your organization without two-step verification enabled. 

Alternatively, you can also reach out to Atlassian Support if you wish to get help. .

The MFA facility can be used by any user for their Atlassian account at no cost irrespective of the plan. However, as an organization admin, if you'd like to require all your users to enable two-step verification, you'll need an Atlassian Access (soon to be Atlassian Guard Standard) subscription. For such managed accounts, the domain has to be verified. 

I hope this clears any confusion. 
Doc: https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/

Paul Burville May 7, 2024

Hi Yes I understand what you meant, it just seems that for something so simple I don't see what this cant be an option of the user list in admin, rather than having to create an export and then filter it, which seem pretty clunky. As I said I don't think security management should be the reserve of a premium subscription, I understand a free account not getting it. 

Thanks for responding though appreciate it.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events