How to Set Up Two-Factor Authentication (2FA) for Bamboo

The miniOrange Two-Factor Authentication (2FA) app is designed to help you enhance security for your Bamboo. In this comprehensive guide, we will navigate you through the step-by-step process of configuring 2FA for Bamboo. By the end of this walkthrough, you will have fortified your platform with an additional layer of security, safeguarding your registered end-users.

Try it for free

Video Setup Guide

Pre-requisites

To configure Two-Factor Authentication for Bamboo, you need the following items:

Bamboo should be installed and configured.
Admin credentials are set up in Bamboo.
Valid Bamboo Server.

Download and Installation

Navigate to the settings menu and Click Manage Apps.
Click Find new apps or Find new add-ons from the left-hand side of the page.
Locate mO Two-factor Authentication(2FA) for Bamboo, Bamboo 2FA via search.
Click Try free to begin a new trial or Buy now to purchase a license for mO Two-factor Authentication(2FA) for Bamboo.
Enter your information and click Generate license when redirected to MyAtlassian.
Click Apply license.

Two Factor Authentication (2FA) for Bamboo

1: Configuring miniOrange 2FA

Follow these steps to configure and enable the miniOrange 2FA app for your Bamboo users:

Choose 2FA Methods: The miniOrange 2FA add-on offers users a range of 2FA methods, including OTP, KBA, TOTP, and more, for authentication. You can enable the desired 2FA methods from the provided list during plugin configuration. To enable the chosen methods for your users, you just have to select the 2FA Method option and toggle it active.

Setup Two Factor (2FA / MFA)
Authentication for Bamboo using OTP, KBA, TOTP methods settings

Enable Backup Method:To ensure access during emergencies or when users cannot access their primary 2FA method, our app also provides you with a backup authentication method. You can choose any of the listed 2FA methods as your backup by selecting the Backup Method option and toggling it active.

Setup Two Factor (2FA / MFA)
Authentication for Confluence using OTP, KBA, TOTP methods settings

Select Users to Enforce 2FA: Once the required 2FA methods are enabled, select the users who will be required to use 2FA.
Use the Enable 2FA/MFA for All Users option to apply 2FA to all existing users and automatically enable it for newly created users.

You can customize the 2FA settings based on your requirements. Enable, disable, or skip 2FA for users or groups individually, in bulk, or based on their IP addresses.

Enable 2-Factor Authentication: Finally, enable 2FA for Bmaboo Server.

2: How the user can Configure the 2FA

Authentication Methods

Mobile Authenticator

Yubikey Hardware Token

OTP over Email

OTP over SMS

Duo Push Notification

WebAuthn

Security Questions

Out of Band Email

Backup Codes

3: Advanced Security Features

3.1 Brute Force Configuration

Brute Force Configuration helps restrict access to your Bamboo application after a specified number of invalid 2FA login attempts within a set period.
To enable this feature:

Check the Enable Brute Force Protection for Bamboo box.
Set the number of invalid login attempts that will trigger a lockout.
Define the duration for which the user will remain locked out and unable to access Bamboo.

3.2 Remember My Device

This feature allows users to skip the 2FA check when logging in from the same device.
To enable:

Check the Remember My Device box.
Enter the number of days for which the device will be remembered in the Expiry Time (in Days) field.
You also have the option to allow end users to change their respective expiry times.

3.3 One-Time 2FA Validation

This feature lets users skip 2FA in Crowd-connected applications after a successful 2FA validation any one Atlassian application.
To enable:

Toggle this feature to enable in the crowd connected applications where you want to bypass 2FA.
Users will need to validate 2FA in one application, and it will be skipped in other connected applications.

Note: This feature is only available if authentication is done via Crowd.

3.4 Skip 2FA for Bamboo SSO Users

This feature allows users to skip 2FA if they log in via Single Sign On (SSO) with any Identity Provider (IDP).
To enable this, admins need to:

Add the Single Sign-On URL for SAML.
Add the Callback URL for OAuth/OpenID from the SSO Provider.

3.5 Skip 2FA for Crowd SSO Users

This feature allows users to skip 2FA when logging in via SSO using the miniOrange Crowd SAML add-on and Bamboo Crowd connector.
To enable this, admins need to:

Add the Secret Key provided by the miniOrange Crowd add-on.
Add the Crowd SSO cookie name.

4: User Management

The miniOrange 2FA app has provisions for efficiently managing 2FA settings for individual users, multiple users, single groups, and multiple groups.
Let's take a look at how you can manage 2FA for your users and groups.

Enabling 2FA for Single Users:

Search for the user by their name in the search bar.
Next, select the desired action from the Action column.

Enabling 2FA for multiple Users:

Select the users from the list.
Choose the desired action from the Bulk 2FA Action drop-down menu.
Click Apply.

Enabling 2FA for All Users:

Go to the Bulk 2FA Action drop-down menu under the All Users section.
Select the required action.
Click Apply.

Enabling 2FA for Single Groups:

Search for the group by its name in the search bar.
Next, select the desired action from the Action column.

Enabling 2FA for Multiple Groups:

Select the groups from the list.
Choose the desired action from the Bulk 2FA Action drop-down menu.
Click Apply.

Enabling 2FA for All Groups:

Go to the Bulk 2FA Action drop-down menu under the All Groups section.
Select the required action.
Click Apply.

5: IP Restrictions

IP Whitelisting:

IP Whitelisting is a security feature that allows trusted users to log into Bamboo without 2FA. To enable IP Whitelisting, enter the trusted IP addresses in the Whitelist IP Address textbox and click Add.

IP Blocking:

IP Blocking is an access control mechanism that denies Bamboo access to specified IP addresses. Enter the IP addresses you want to block in the Blacklist IP Address textbox, and customize the message for blocked users in the Blocked User Message textbox. Click Save once you’re done to apply these settings.

6: Reconfigure 2FA

End-users can reconfigure their 2FA by navigating to User Profile → Two-factor Plugin Authentication, and accessing the Configure Two Factor (2FA) window. Once inside, they can click on Reset to reconfigure the 2FA method. Users can also configure additional 2FA methods from this window if they haven't done so previously.

Additional Resources

Did this page help you?