User Guide for 2FA

Two Factor Authentication(2FA) is an extra step added to your log-in process. It enhances your security by one level and protects your Jira account from cyber criminals.

Two factor authentication uses two factors to verify your identity and to confirm that you are who you claim to be. It uses a combination of something you know and something you have. So here the 1st factor of authentication is your usual Jira login with username and password, it is something you know. The 2nd factor will verify something that only you have, like your mobile phone, your email account, a hardware token given to you by your company, etc.

The add-on verifies this 2nd factor. The most commonly used 2FA methods are Mobile Authenticator(TOTP), Hardware Token(Yubikey), OTP over Email, Security Questions, Backup code. So a time sensitive security code is sent to the user using any of these ways so that the user can securely log into Jira.

In this guide we will go through how to get started with 2FA.

How to Configure Mobile Authenticator(TOTP):

Download authenticator app:

  • For using the mobile authenticator 2FA methods, you will need an Authenticator app on your mobile or any device to scan the QR code. Google Authenticator is the most popular authenticator app. (Here are the links for Google authenticator app: Google play, App store)
  • You can use other apps like Microsoft Authenticator, Authy, Duo , LastPass, FreeOTP, Symantec VIP, etc.
  • Contact your administrator if you are not sure about which authenticator application to download.

    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
    Note: The Mobile authenticator(TOTP) 2FA method is a time based authentication method so make sure that your device is in sync with the Network time. (On Android device, enable 'Automatic Date and time' and on iOS device, turn on 'Set Automatically' option in the date and time settings)

    Scan the QR code:

  • Open your authenticator app on your mobile/device and click on Scan a QR code.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • If your device asks you to allow Authenticator to take pictures and record video, press Allow. This is required to scan the barcode using your phone's camera.
  • Then scan the QR code given on the login page by placing the QR code within red lines.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods

    Verification code generated on the mobile:

  • When you scan the QR code, the Authenticator app will generate a verification code. The code is valid for only a certain time and once the code expires, you will see a new code.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Copy that code and enter it in the Enter OTP field on the Jira Login page. Then Click on the Validate button.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods

How to Configure Backup Codes:

  • Once you have configured the primary 2FA method then you will get redirected to Backup codes configuration page. On this screen you will see 15 unique backup/recovery codes.
  • In future, in case if you lose your phone, then you can use these recovery codes to gain access to your account again.
  • Click on the Download Codes button and click on Continue. Then store the downloaded file with backup codes at a secure location.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Each backup codes can used only once. If you have used many backup codes then, if you want, you can download a new set of backup codes as well. For this, log into your account and go to the Two Factor Configuration page on your profile.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Then click on show details for Backup codes and you will see this popup. Click on Change Backup Codes button and Download the codes again.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods

Hardware Token(Yubikey):

How to Configure Hardware Token(Yubikey)

    After you log in using the first factor i.e Jira username and password, you will be asked to configure the hardware token given to you by your company. To configure the hardware token as a 2FA method, follow these steps:

  • Insert the token given to you into a USB port.
  • After inserting the token correctly, click on Configure U2F to start configuring it.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Wait until the token starts blinking, then press the button on the token to successfully register the token.

How to Validate Hardware Token(Yubikey)

    Once the configuration is completed successfully, you will be asked to verify your identity by validating your configured hardware token during every login attempt.
    On successful login, you will be prompted to validate your configured hardware token. Follow these steps to validate your token:

  • Insert your configured token into a USB port.
  • After inserting the token correctly, click on Validate U2F.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Wait until the token starts blinking, then press the button on the token to successfully validate the token.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
    Note: This authentication method is based on the principle of public-key cryptography. Most of the hardware tokens use physical touch on the hardware device as a secret key, so during authentication make sure that you use the same finger to press the button you used while configuring the token.
  • Once the hardware token is validated, you will be granted access to your Jira account.

Web Authentication as a 2FA method:

How to Configure Web Authentication

    Web Authentication provides stronger authentication by allowing users to make a choice of authenticators like security keys, system PINs or built-in platform biometric authenticators such as fingerprint, iris scan, facial recognition etc. to protect their accounts.
    After you log in using the first factor i.e username and password, follow the below steps to configure Web Authentication as a 2FA method.

  • Click on Configure to start configuring it.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • You will be prompted to register either of your system authenticators like Hello PIN or Security Key or other biometric authenticators supported by your system.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
    Note: Windows Hello PIN won’t be promoted for configuration in Chrome/Edge browser’s incognito window. However, after successful registration, one can use an incognito window to authenticate and log in successfully.
  • If you want to register with another supported authenticator, simply click on Cancel to navigate to the next authenticator.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Upon completing the registration of the system authenticator, you have successfully configured Web Authentication as a 2FA method.

    • How to Validate Web Authentication

      Once the configuration is completed successfully, you will be asked to verify your identity by validating your registered system authenticator during every login attempt.
      Follow the below steps to validate your system authenticator after successfully validating your local credentials i.e username and password:

      Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
    • Enter valid system credentials for the registered authenticator.
    • For e.g enter a valid Windows Hello PIN or rightly validate the security key/fingerprint etc.
      • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
    • Once authentication is successful, you will be granted access to the application.

Reconfigure/Clear/Register another system authenticator

    If you wish to modify or change your registered system authenticator, follow the steps given below :

  • Navigate to the User Profile and click on Two Factor Authentication. Under Web Authentication, click on Edit.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Click on Register New Credentials to register a different system authenticator.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods

OTP Over SMS:

How to Configure OTP Over SMS

    In this method, you need to verify your identity by entering the OTP which you will receive via SMS on your mobile.
    After you log in using the first factor i.e username and password, follow the below steps to configure OTP over SMS as a 2FA method.

  • Enter a valid country code and mobile number and click on Send OTP.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Enter the OTP received on your mobile phone in the Enter OTP field.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods
  • Validating the received OTP successfully completes the configuration process.

How to Validate OTP Over SMS

    Once your 2FA configuration is completed successfully, whenever you try to log in again, an OTP will be sent to your registered mobile number to verify your identity.
    Enter the OTP sent to your configured mobile to get access to your account.

  • Enter a valid country code and mobile number and click on Send OTP.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods

Duo Push Notification:

How to configure Duo Push Notification

    Duo Push Notification as a 2FA method provides an additional layer of security by allowing users to APPROVE or DENY an authentication request received on their registered device.
    After you log in using the first factor i.e username and password, follow the below steps to configure Duo Push Notification as a 2FA method.

  • To enable Push Notifications as your 2FA method, you will need the Duo Mobile app installed on your device. (Here is the link for the Duo Mobile app: Google play, App store)
  • Hit the ‘Click Here’ link to register the device on which you wish to receive the Push Notification (eg. Mobile phone, Tablet etc).
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods

How to Validate Duo Push Notification

    2FA configuration is a one-time process and once it is completed successfully, whenever you try to log in again, you need to APPROVE the authentication request received on your registered device.

  • Click on Send Me Push Notification button and APPROVE the received request to authenticate your identity.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods

Reconfigure 2FA

  • To reconfigure/reset 2FA, navigate to the User Profile and click on Two-factor Authentication.
  • Here, you will see all the 2FA methods that the admin has enabled for you and also the ones which you have configured. Along with this, you can view the devices which are remembered which will skip 2FA the next time you log in using them.
  • Click on the Reset button to reconfigure specific 2FA methods. You can also configure additionally enabled 2FA methods from here if they are not previously configured.
    • Setup Two Factor (2FA / MFA) Authentication for Confluence using OTP, KBA, TOTP methods


Free Trial

If you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.