Two Factor Authentication (2FA/MFA) for Atlassian Applications
What is Two Factor Authentication / Multi Factor Authentication (2FA/MFA)?
Two-Factor Authentication or 2FA is a security process in which for authentication two sets of information are required i.e something you know along with something you have for example you have your login credentials such as username and password along with an OTP or a Security token which you have. 2FA/MFA adds an additional layer of security to the authentication process which makes it harder for attackers to get into someone’s device or someone’s online account.
How Two Factor Authentication (2FA) solves username and password problems?
Authentication methods such as username and password were a wonderful and secure way of authentication in the ’90s but unfortunately we don’t live in the ’90s anymore. At present times we all use a variety of Atlassian products such as Jira, Confluence, Bitbucket, Crowd, etc each for a different purpose. Protecting these Atlassian applications with just a username and password is not enough as these can be bypassed very easily these days by hackers.
Therefore adding an extra layer of authentication such as Two-factor Authentication(2FA) makes our application much more secure compared to just having a username and password as users not only need to know their username and password, but also a generated single-use code that is either shown in their security token or sent as a text message to a mobile phone.
Authentication using username and password -
Authentication using username and password with Two Factor Authentication(2FA/MFA) -
Best ways to Secure Atlassian Tools using Two Factor Authentication (2FA)
1. SSO + 2FA (2FA on top of SSO)
What is SSO?
SSO is an acronym that stands for Single Sign-On (SSO). SSO is an essential element of an efficient security program. Single Sign-On (SSO)is an authentication process that allows a user to login into several software systems using a single set of credentials i.e user id and password, for example, if you are using different Atlassian servers or Atlassian data centers such as Jira, Confluence, Bitbucket, Bamboo, etc then for each Atlassian application instead of using a different set of login credentials you can use the single credentials to access Atlassian applications (Jira, Confluence, Bitbucket, Bamboo, Crowd). Therefore for making authentication simple and less time-consuming Single Sign On(SSO) can be used.
How Single Sign On(SSO) and Two Factor Authentication (2FA) work together?
Authentication methods such as Single Sign On(SSO) make login easier for us. But many times it is seen that people use only a single set of credentials for multiple applications and that too saves those credentials online. Human flaws such as these can cause severe data loss. To overcome such flaws, Two Factor Authentication(2FA) can be implemented along with SSO which will add an extra layer of security for data protection.
There are few ways through which Two Factor Authentication (2FA) and Single Sign On (SSO) can be implemented together :
- When your Identity Provider(IdP) or Identity Access Management(IAM) supports 2FA.
- When you use some add-on present in the Atlassian marketplace(In case, when Identity Provider(IdP) does not support Two Factor Authentication(2FA).
List of Identity Providers (IDPs) that support Two Factor Authentication(2FA)by default -
If you are currently using a commercial Identity Service, you will be offered several choices for Two Factor Authentication/Multi-Factor Authentication. There are a lot of ways through which one can go passwordless these days.
These are names of a few IdP that provideTwo Factor Authentication(2FA) along with SSO:
- miniOrange
- Okta
- One Login
- Azure AD
- AuthO
- Google Cloud Identity
2. Dedicated Two Factor Authentication (2FA) for Atlassian Tools applications
There are several add-ons available on the Atlassian marketplace which provide dedicated 2FA plugins for Atlassian Products such as Jira, Confluence, Bitbucket, Bamboo, Crowd, etc. Here is a list of a few Two Factor Authentication(2FA) add-ons that are most successful and have the highest rating
- Two Factor Authentication(2FA) by miniOrange
- Secure Login (2FA) by syracom AG
- 2FA for Jira: U2F & TOTP by Alpha Serve
- Two-Factor Authentication/2FA by SecSign Technologies
Benefits of miniOrange Two Factor Authentication(2FA)?
miniOrange Two-Factor Authentication (2FA) application ensures the right set of eyes have access to your sensitive information sitting on-premise. Among all the plugins present in Atlassian Marketplace which provide 2FA, Two Factor Authentication(2FA) by miniOrange provides a wide range of authentication features with customizable features, one of which is customizable 2FA on top of SSO.
2FA add-ons provided by miniOrange for Server as well as Atlassian Data Center are highly appreciated and recommended by customers. miniOrange provides 24/7 high-quality support with affordable pricing for all its products.
Top features of 2FA Add-on (Jira 2FA, Confluence 2FA, Bitbucket 2FA, Bamboo 2FA, Crowd 2FA) -
- Secure 2FA Authentication - miniOrange Atlassian 2FA plugin supports multiple authentication methods such as Google Authenticator, OTP Over Email, Hardware Token and many more.
- Multi-Language Support through Customizable Templates - Users can customise a variety of templates depending upon their need and requirements.
- Inline Registration - Notify users to secure their Atlassian account by prompting 2FA configuration setup during user enrollment.
- Customizable 2FA on top of SSO - Users can now decide if they want Two Factor Authentication (2FA) authentication on top of SSO or if they want to skip it with our customizable feature.
- Protection against Brute Force Attack.
Benefits of using dedicated Two Factor Authentication (2FA) plugin -
- Compatibility - miniOrange 2FA add-on is compatible with Jira, Confluence, Bitbucket, and Bamboo Server as well as Data Center versions. 2FA for Crowd will be released soon.
- Risk-Based Access - The 2FA plugin should be placed on top of the Atlassian Server or Atlassian Data Center which decides if a user can be authenticated without the need for two-factor when the user tries to log in from a trusted Device or location. This can be implemented through our adaptive authentication feature.
- User-Friendly - miniOrange Two Factor Authentication (2FA) plugins are easily deployable and can be configured easily. We also provide end to end configuration support for a new user.
- 24/7 high-quality support - We provide 24/7 high-quality support through call as well as through emails.
3. Login to Atlassian Applications -
There are several ways to access atlassian applications few of which are very common are listed below -
- Username & Password
- Single Sign-On(SSO)
- Two Factor Authentication(2FA)
Using just username and password is not a good option these days as they can be hacked by hackers so using SSO or 2FA along with it helps with the security perspective. Using miniOrange Identity Provider (IDP) can help solve this issue as miniOrange IDP provides SSO and along with it an inbuilt customizable Two Factor Authentication (2FA) feature which helps users to authenticate and gain access to the application.
a. What is miniOrange Identity Provider (IDP)?
miniOrange is an Identity and access management firm that provides a centralized platform with enhanced capabilities for access management and identity management which fits almost any use case and can integrate with any system. Employees, customers, and partners can seamlessly access and securely connect to their cloud, on-premise, mobile applications, SaaS and APIs.
b. Ways to integrate miniOrange Identity Provider (IDP) with Atlassian Applications (Jira, Confluence, Bitbucket, Bamboo, Crowd) -
- Single Sign On - Atlassian with its latest releases of Jira and Confluence provides applications for SSO by default. miniOrange being Identity Provider can easily be integrated with native SSO application of atlassian and users can access their Jira and Confluence instances through Single Sign On(SSO).
- Multi-factor Authentication - Secure user identity with password and an additional layer of authentication (e.g. OTP over SMS/Email/Push)
- User Provisioning - Automatic user provisioning, password management and scheduled synchronization of user-data across all directories.
c. Features of miniOrange Identity Provider (IDP) -
- Standard Protocols Support - We support single sign-on into all types of applications which support standard protocols like SAML, OAuth/OpenID, JWT.
- Cross Protocol Support - When a user sso into any app via miniOrange Identity Server, they receive an SSO session for all other apps that rely on miniOrange for login, regardless of protocol.
- Multiple Authentication Methods - We support 15+ authentication methods for Two Factor Authentication (2FA) along with Adaptive authentication based on device, location and time.
- Centralized Management - Providing a centralized location where IT can automatically manage identities, admin credentials, and secure users access, and where users can simply and securely access their apps.
d. Benefits of miniOrange Identity Provider (IDP) -
- Easy to use - You can configure SSO for any kind of apps whether it supports OAuth2/OpenID Connect/WS-FED or does not support any standard protocols. You can manage all this via admin dashboard.
- Flexible IDP - We have such a flexible IdP system where you can enable the SSO for the applications without moving the users from their existing user store.
- Support for customization - You can add 2-Factor, Adaptive Risk Authentication (based on device time and location), IP Restriction, and Social Login on top of Single Sign-On easily.
- Pricing - We provide the best price in the industry for Single Sign On (SSO) solution.
- High Quality Support - We provide world-class support and customers vouch for our support.