The best 3 ways to add two-factor authentication (2FA) to Jira or Confluence

second factor security
Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on reddit
Reddit
Share on facebook
Facebook
Adding a second factor to authenticate into corporate applications is a best practice. Find out how to set it up with Jira and Confluence.

Table of Contents

2FA is the standard solution to the password problem

Let me remind you something, in case you’ve been living underground for the last 15 years.

Passwords suck.

They suck so much that we have written an entire white paper about them.

But there’s some things you can do. If you want to make sure that passwords are used properly in your organization, you must follow the following process:

  1. Set up a single-sign on solution to minimize the number of passwords
  2. Protect your most important applications with 2-factor authentication. At resolution, for example, we use a one-time code shared with us by the password manager.

Let’s assume for the sake of this article that your SSO solution is connected to Atlassian applications.

How do you go about adding 2FA?

Option 1: Atlassian Access (for Cloud)

2FA is one of the security features in Atlassian Access for cloud products

Adding 2FA to your Atlassian products when they’re on the cloud is a no-brainer: Atlassian Access provides that as one of its main features. You can read the full documentation here.

Option 2: Identity Provider & a SAML SSO plugin (for Server and Data Center)

If your Jira or Confluence instances are deployed on your own servers rather than on the cloud, Access will not be your solution. And there’s not a real alternative in terms of Atlassian products: Crowd doesn’t support 2FA.

However, most commercial Identity Providers do have quite sophisticated approaches to MFA, so you can easily define and enable your own authentication policy.

Scale of 7 authentication options from lower to higher identity assurance

Okta’s assurance scale of authentication options

For example:

It’s important to remember that none of these IdPs will be able to communicate with your Jira or Confluence Server applications unless you use SAML SSO apps. Once you do that, your Jira or Confluence will be able to start exchanging information about your users via SAML… and your MFA policies will apply to them.

Option 3: 2FA plugin for Jira or Confluence Server

Syracom's line of 2FA products for Atlassian apps
Syracom’s line of 2FA products for Atlassian apps

Another option is to add a plugin to your Atlassian stack that provides 2FA to a single Atlassian application, like a plugin for Jira or Confluence, either Server or Data Center. There are many options available in the Marketplace.

The most successful and better rated are:

All of these Marketplace apps are available both in Server and Data Center, and have hundreds of customers and high ratings. Some of them, like Syracom’s, are even compatible with the usage of resolution’s SAML SSO apps for authentication.

These 2FA plugins for Jira and Confluence on-prem seem like a good option when your current IdP doesn’t provide any type of Multi-Factor Authentication, when you only have one Atlassian application that you want to protect with MFA, or when you simply don’t have an SSO setup yet.

Conclusion: Choosing the 2FA for Jira or Confluence Server with the best usability

Every option we’ve laid out is technically feasible and will give you a second-factor layer to secure your Atlassian tools.

But which one’s best from a usability perspective? Did you guess right? It’s clearly Option 2.

If you want the second factor in front of your users as part of their SSO login, the only option is to enable 2FA from the Identity Provider,

Remember the industry standard: create a single sign-on experience with 2FA so your users’ single password is protected.

Consider doing this even if you’re on the Atlassian cloud. As soon as you start multiplying the 2FA barriers after logging to specific applications, your users will be annoyed. And some of them may start taking shortcuts.

Would you like to learn more?

If you want to keep reading about the best practices for Enterprise User Management with Atlassian on-premises applications and how resolution apps can help you set them up, have a look at our white paper. No email form required.

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on reddit
Reddit
Share on facebook
Facebook
SUBSCRIBE & FOLLOW
Get The Latest Updates
Subscribe To Our Newsletter
No spam, notifications only about new products, updates.
MOST POPULAR

Why still pay for Data Center SSO? Curated FAQs from over a dozen trainings

Over the last two months, our Co-CEO Christian Reichert went on a virtual tour to...

Read More

7 Benefits of Publishing HubSpot CRM Data in Confluence

HubSpot is a powerful source of information for the people who make decisions in your...

Read More

The 5 most exciting Confluence apps for marketing teams

There are many ways for Marketing teams to upgrade their Confluence experience and enjoy whiteboards,...

Read More

New User Sync integration with Linchpin User Profiles

Linchpin User Profiles are an essential piece of the Linchpin Intranet Suite, with hundreds and...

Read More
Categories
Tags
Read our recent posts
Hubspot CRM for Confluence macro
7 Benefits of Publishing HubSpot CRM Data in Confluence

HubSpot is a powerful source of information for the people who make decisions in your organization. But it’s not always...

Read More
The 5 most exciting Confluence apps for marketing teams

There are many ways for Marketing teams to upgrade their Confluence experience and enjoy whiteboards, calendars, planning, and budgets directly...

Read More
idp - usersync - linchpin
New User Sync integration with Linchpin User Profiles

Linchpin User Profiles are an essential piece of the Linchpin Intranet Suite, with hundreds and hundreds of Confluence customers. Adding...

Read More