Jenkins Two Factor Authentication

Two-Factor Authentication for Jenkins Plugin adds a layer of security to Jenkins authentication by requiring users to provide a second factor of authentication along with their username and password. It enhances the overall security of your Jenkins environment. Additionally, this plugin does not require you to extend the security realm, making it easier to implement and use.

Pre-requisites

To integrate 2FA with Jenkins, you need the following items:

  • Jenkins should be installed and configured.
  • Jenkins Server is https enabled (optional).
  • Admin credentials are set up in Jenkins.
  • To enable OTP over email , mailer plugin should be installed - Jenkins Mailer Plugins
Note: If you don't find what you are looking for or need any help, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.

Download And Installation


  • Login to your Jenkins Admin Account.
    • SSO SAML Jenkins single sign on manage jenkins, Jenkins SAML SSO
  • Go to Manage Jenkins option from the left pane, and open Manage Plugins tab.
    • SSO SAML Jenkins single sign onmanage plugins, Jenkins SAML SSO
  • Search for 2FA in the available tab.
    • SSO SAML Jenkins single sign onupload plugin, Jenkins SAML SSO
  • Download and install with a restart.
    • SSO SAML Jenkins single sign on install plugins, Jenkins SAML SSO

SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login, Enable 2FA Authentication Methods


  • Access the Manage Jenkins page within your Jenkins dashboard.
  • Navigate to the Security section and locate the 2FA Global Configurations option.
  • Click on 2FA Global Configurations to access the configuration settings.

In the 2FA Global Configurations page, you will find the following authentication methods available:


  1. Security Questions: This method prompts users to provide answers to specific security questions during the authentication process.
  2. OTP over Email: This method utilizes One-Time Passwords sent via email for authentication purposes.

To enable 2FA authentication, proceed as follows:


  1. Choose between the available authentication methods: Security Questions or OTP over Email.
NOTE: To enable OTP over email authentication, please configure SMTP Server in Jenkins and provide a sender email address for sending OTP on emails and save the configuration.

If you have already configured a SMTP server in your Jenkins, you may proceed to the next step. However, if you haven't done so, then it is essential to complete this step for using OTP over Email authentication method.

Setting up an SMTP server will allow you to send emails for authentication. The following steps will help you set up your SMTP server:


SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login,  Configure SMTP Server in Jenkins

  • Access your Jenkins dashboard and navigate to the Manage Jenkins page.
  • Under System Configuration section, locate and select System.
  • In the Configure System page, scroll down to the Email Notification section, positioned at the bottom.
  • Within this section, you can configure SMTP Server settings. Enter the name of the server, then click on the Advanced button to expand more options.

    • miniOrange Jenkins 2fa SMTP Server Configuration
  • Proceed by enabling the Use SMTP Authentication option, and then provide Username and Password details. Additionally, input the designated port number into the provided SMTP Port input field.
  • If you want to test the SMTP server connection, enable Test configuration by sending test email then enter the email address and click on Test Configuration.
  • Once all necessary configurations have been completed, ensure to click on the Save button.

  1. 2. Check the Enable 2FA for all users checkbox to activate the 2FA feature in Jenkins.
    2. Note: Once "Enable 2FA for all users" is activated, along with any authentication method, 2FA will be enabled for all users, including administrators. Please ensure you have completed admin configuration beforehand saving to prevent instance lockout.
miniOrange Jenkins 2fa Enable Authentication methods

SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login, Configure Authentication Methods on User Login

Once 2FA authentication methods are enabled, users will be prompted to configure their preferred 2FA method during login. They can configure the methods either during login or by accessing the 2FA Configuration page from their Profile page within the Dashboard.

miniOrange Jenkins 2fa Configure Authentication Methods
  1. Configuring OTP Over Email -
    1. The authentication methods can be configured either during the login process or by visiting the 2FA Configuration page within the profile dashboard.
    2. To complete the verification process, click on the Send OTP button to receive a One-Time Password (OTP). Enter the received OTP and click on the Validate button to authenticate and proceed further.

      3. miniOrange Jenkins 2fa OTP Over Email Configuration
  2. Configuring Security Questions -
    1. The authentication methods can be configured either during the login process or by visiting the 2FA Configuration page within the profile dashboard.
    2. In the configuration page, select your preferred question from the options provided for the first and second security questions. Enter the corresponding answers for the first two questions.
    3. In the third place, you have the option to create a custom question and provide its answer.
    4. Once you have entered the necessary information, click on the "Save" button to save your configured security questions.

By completing both of the above steps, your security questions and OTP over email will be successfully set up and saved for future use.

miniOrange Jenkins 2fa Security Questions Configuration

SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login, Reset 2FA Authentication Methods

To reset the configured authentication methods, please follow these instructions:

  1. Click on your profile name located in the top navigation bar.
  2. From the options displayed, select 2FA Configuration in the left sidebar.
  3. In the 2FA Configuration page you will find the authentication methods along with their respective configuration statuses.
  4. To reset an authentication method, click on the Reset button associated with the authentication method.
  5. After resetting, the method will be available for re-configuration on this page.

By following these instructions, you will be able to reset and reconfigure the authentication methods through the 2FA Configuration page accessible from your profile dashboard.

miniOrange Jenkins 2fa Reset Authentication Methods


Free Trial

If you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.