Hi developer community,
We’ve just announced a two-step verification login for Data Center. Have a look at the corresponding changelog entry for more details.
UPDATE:
We have just released EAP for two-step-verification. Please check this changelog entry for more details.
In the meantime, should you have any inquiries, post them in the comment section below this article.
Hi,
Thank you for this heads-up. Have you got projections on how this will behave on instances using a third-party add-on for authentication? Our add-ons are reliant on the servlet filter chain and the host application login page behavior in order to extend it for the functionality we are adding to the login experience.
Will this be a configurable opt-in experience, or will it take over in a future release of Data Center platform version x?
Also, any more details about the EAP? Where will we get access to this?
Likewise impact on apps that support user “impersonation” by switching the logged in user at runtime (when requested by a system admin).
Shame there was no RFC for this.
For example, I as a vendor might want to force an additional 2FA check on security sensitive parts of my app. Coincidentally we were discussing implementing this minutes before this announcement.
We intend adding 2SV for some parts of the admin panel in the future version. We could possibly consider making this feature available also to marketplace partners.
Will this be a configurable opt-in experience, or will it take over in a future release of Data Center platform version x?
We aim to deliver it by next week. The announcement will be made through a new EAP changelog entry, along with a downloadable jar file.
This is the main goal of the POC EAP we are preparing. The POC only includes the basic mechanism and is not a final solution. We gather this feedback to guarantee that the ultimate solution does not disrupt the authentication-related plugins.
I’m wondering if this change has other changes to the fundamentals of auth in the platform.
Is this merely a new login page? Or has more changed behind the scenes.
We can just test with the jar when available.
It’s a new login page, however the change can affect plugins which depend on the current login page layout as well as plugins which intercept requests to the login page.
Dear developer community, the EAP for two-step verification is now available. We’ve updated the announcement.
Cool. Is it compatible with pre-platform 7?
Absolutely, the EAP does not require Platform 7 and should work with all Jira and Confluence versions compatible with the 4.3.x version line of Atlassian’s SSO plugin - that’d be Jira 9.13.x and Confluence 8.8.x. I have successfully tested the plugin against Jira 9.13.0 and Confluence 8.8.0. This is not an exhaustive version list as the plugin seemed to work with Jira 9.12.1 as well. I have also successfully tested it with Jira 10.0 EAP 02 but I would not be surprised if it didn’t work with future Platform 7 EAPs.