Atlassian JIRA and Confluence Two-Step Authentication and IP-SafeZone

12/13/2017 / 0 Comments

With SecSign ID you can protect all your logins with a secure Two-Factor Authentication based on a challenge response. The authentication offers the highest protection for the company data while being incredibly simple to use. The user simply needs to select the correct symbol on his device, it#s as easy as tat. No user name or password required.

While the SecSign ID two-factor authentication offers the highest level of security for your company logins, in some cases an additional two-step authentication may be required or desired. In that case the SecSign ID Two-Factor Authentication can be supplemented with a two-step authentication with a user name and password.

Try the authentication for free and see how easy it is to use! Questions? Please contact us for more information or a customized offer.


Content

  1. Setup for Two-Step Authentication and IP-SafeZone for Atlassian products
  2. What is Two-Step Authentication?
  3. What is IP-SafeZone?
  4. Learn more


The SecSign ID Atlassian Plugins can be integrated in just a few steps. For more information about the plugins and the integration please refer to the following pages.

Do you have any questions? Don’t hesitate to contact us.


Setup for Two-Step Authentication and IP-SafeZone for Atlassian products

To activate the additional features for Two-Step Authentication and IP-SafeZone, the SecSign ID Plugin for each service, for example JIRA or Confluence, need to be installed first. An overview of the available SecSign ID Plugins for Atlassian is available on the Atlassian overview page.
A detailed description of the setup for the individual settings is available on the corresponding Tutorial pages.

What is Two-Step Authentication?

The 2-step authentication option (2SA) allows for an increased security on top of the two-factor authentication. Once the option is activated the user is prompted to provide his Atlassian user name and password before the SecSign ID authentication is automatically initiated. The user receives a push notification on his device and approves the login via the SecSign ID app. He does not initiate the Two-Factor Authentication with the app individually, it is launched by the successful user name/password authentication.

If the user name and password authentication is successful, the user is then automatically promoted to complete the SecSign ID two-factor authentication.Only after both the user name and password and the two-factor authentication are successful the user is logged into the system.

For more information and a detailed description of the individual steps of the SecSign ID Two-Factor Authentication, head over to the Two-Factor Authentication overview page.

Managing the user

If you require Two-Step Authentication from your users you can simplify the process by matching their user name with their SecSign ID. That way they only need to remember one ID, for example their company Email address, making the authentication more convenient for them.

Specific rules for the enrollment of the user, for example predefined IDs, are available to our on-premise users. More information on the on-premise setup and options for the enrollment are available via the following links.
Do you need specific setup or do you have questions about our custom apps? Contact us for more information.

Is there a difference between 2SA and 2FA?!

While Two-Factor Authentication and Two-Step Authentication may look similar at a first glance, they do have important differences.

Both authentication procedures involve two factors that need to be fulfilled to securely authenticate the user. For classic 2SA, these factors include the user name and password (knowledge) and a code that is sent to the users account. While this login procedure involves two steps of authentication, it does not necessarily define as two-factor authentication because the second factor may be accessed without the actual possession of the device (for example phone). A true Two-Factor Authentication includes one factor of knowledge (for example the ID) and one factor of either possession (the mobile device) or biometric identification (fingerprint). While one-time-codes generally used for Two-Step Authentication may be intercepted by hackers, that is not possible with true Two-Factor Authentication.

The basic difference between both authentication services is the validity of the possession factor
If it is possible for a hacker to obtain the factor without being in the possession of the device (for example by mirroring the SIM card or knowledge of login data), it is not a true Two-Factor Authentication but a Two-Step Authentication. If it is impossible for the hacker to obtain the possession factor without being in the actual possession of the device (for example SecSign ID), it is a true Two-Factor Authentication.

SecSign ID offers a true Two-Factor Authentication, which can be supplemented with an additional 2SA for your convenience. For the 2FA login with the SecSign ID, the user needs to provide one factor of knowledge (his SecSign ID) and one factor of possession (his mobile device) or biometric identification (fingerprint or FaceID). The SecSign ID 2SA Atlassian extension adds the factor of a user name and password (additional factor of knowledge) to this authentication procedure.

More information about the difference between 2FA and 2SA are summarized on our blog.

What is IP-SafeZone?

While the SecSign ID two-factor authentication offers the highest level of security for your company logins, but a two-factor authentication may be unnecessary in some cases.

Most self-hosted (on-premise) Atlassian services like JIRA and Confluence are used in internal networks for internal access. The infrastructure in those cases is usually restrictive to outside access and access is only available to internally identified users. With the SecSign ID IP-SafeZone extension those users do not need to authenticate with an additional second factor. Only access via external logins need to authenticate with the additional second factor.

With the IP SafeZone Option a secure IP-Zone is defined. If an user is within this IP-Zone he does not need to authenticate via the two-factor authentication but with a less secure user name and password authentication. If the user is outside of that IP-Zone he needs to authenticate with the SecSign ID Two-Factor Authentication or, if activated, with the 2-step authentication.
The IP-Zone is defined as A.B.C.D – E.F.G.H format and includes all IPs within these boundaries. For example 192.168.0.255 – 192.168.1.2 includes 192.168.0.255192.168.1.0192.168.1.1192.168.1.2

Learn more

For detailed information on the setup of the Atlassian plugins please refer to the following pages.


Do NOT follow this link or you will be banned from the site!