Multi-factor authentication

Multi-Factor Authentication (MFA) verifies a user’s identity by requiring multiple credentials. In addition to username and password, MFA requires additional credentials, such as a code from the user’s smartphone, or a fingerprint.
23/10/2019 - sso, saml, mfa

MFA provide enhanced security to your systems. Traditional usernames and passwords can be stolen, and they are vulnerable to brute force attacks. MFA creates additional layers of security to help increase the confidence that the user requesting access is actually who they claim to be.

Examples of Multi-Factor Authentication include authentication through:

  • Codes generated by smartphone apps
  • Badges, USB devices, or other physical devices
  • Fingerprints
  • Codes sent through SMS or email
  • Facial recognition

Set up MFA for Atlassian

Kantega SSO Enterprise allow you to setup MFA and protect against unauthorized access to Jira, Confluence, Bitbucket, Bamboo and FeCro (server and data center). It is the resposibility of the identity provider (ex. AzureAD, AD FS, Okta, GSuite, and many more) to request and verify user credentials and do the actual MFA. But at the same time, it is important that backdoors to traditional login mechanism in the Atlassian systems are closed. You typically do not want to find and use traditional and less secure login mechanisms when stronger authentication should be enforced.

alt text

The screenshot above shows how you easily can disable tradional login dialogs and also disable all basic auth requests at the server level. The first toggle allow you to remove username and password fields from login pages, avoiding users to authenticate through the standard login forms. The second toggle increases security further by denying API request to be authenticated by BasicAuth.

You might also like

2 Step Login

Redirect to specific SAML identity providers based on email domain, user directory or group memberships.
10/09/2019 - sso, saml

Login to Atlassian without passwords

Nobody likes passwords. They are inconvenient, expensive and noisy friction in our workday. With Kerberos you can remove this friction and automatically authenticate users accessing Atlassian applications.
16/08/2019 - sso, kerberos