miniOrange has provided a way for users to sign in to Jira by adding an additional security layer ie. Two Factor Authentication(2FA).
What is 2FA?
1. Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts because knowing the victim’s password alone is not enough to pass the authentication check.
2. Two-factor authentication has long been used to control access to sensitive systems and data, and online service providers are increasingly using 2FA to protect their users’ credentials from being used by hackers who have stolen a password database or used phishing campaigns to obtain user passwords.
For more please click here.
The feature provided by miniOrange Two Factor Authentication (2FA) for Jira
- Google Authenticator:- Google Authenticator generates 2-Step Verification codes on your phone.
- Security Question:- User can use Security Question as a backup method in case the user forgot or lost his phone.
- User Management:- Here admin can see the list of user who has configured 2FA successfully. Admin can also Reset 2FA for any user.
Configure miniOrange 2-Factor Plugin
1. Navigate to Two Factor Settings(2FA/TFA) tab.
2. Enable 2 Factor Authentication for All Jira users(Jira Software) & click on Save.
3. Admin can also enable the Security Question as Backup Method in case of an emergency login.
Working of miniOrange 2FA plugin
A. 2FA is not configured.
1. The following screen will be shown to users after activating the plugin where it tells the user about enabling 2FA.
2. Once the user clicks Next, the Google Authenticator setup screen will be shown.
3. Once Google Authenticator is configured successfully & the Backup method is activated, the user will see the screen below where the user needs to configure the Security Question based on his knowledge. If not then the user will get access to Jira.
4. The user will get access to Jira after saving the valid information.
B. 2FA is Configured & perform login
1. When 2FA is enabled and the user wants to access Jira, he will see the screen below where the user has to provide a valid Google Authenticator passcode.
2. In the case of an emergency, if the user has no access to his phone then the user can use the Forgot phone option. This option will be visible to the user only if Admin has enabled the Backup method during configuring the 2FA plugin. After clicking Forgot Your phone, the user will see the screen below where they need to provide correct answers to respective questions to access Jira.
Note:- Users need to notify the administrator if they have configured 2FA but unable to access Jira.
User Management tab
Here you can see the list of user who has configured 2FA successfully. You can also Reset 2FA for any user, for that you need to perform the below steps.
- Search user by username for which you want to reset 2FA.
- Click on the Reset 2FA link of the respective user.