Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do the 2FA processes for Atlassian Products and Bitbucket interact together

Gerard McHale
Gerard McHale December 21, 2022

We current use the following Atlassian products:

  • Confluence
  • Jira Service Management
  • Bitbucket

We have the 2FA enabled via Atlassian and that covers all the Atlassian tools listed above. So if I want to log into any of those services, I need to provide a 2FA code. This 2FA is handled at the admin level (which makes it relatively easy to manage when someone loses a phone, etc.).

However, there is also the option to enable 2FA at a user level in Bitbucket. And this is enforced when setting up a new Bitbucket account. I'm assuming the reason for this is that the Atlassian 2FA is applied to all users with the relevant email domain.

This introduces a problem because the Bitbucket 2FA is not managed at an admin level and it is completely unrealistic to expect non-IT users to understand the importance of recovery codes, etc. So if they lose a phone and don't have recovery codes they are completely locked out of their Bitbucket account.

The workaround we have come up with is:

  1. Setup the account in Atlassian. 2FA is enforced at an admin level
  2. The user must set up 2FA when the connect to Atlassian
  3. The user must set up 2FA when they set up their Bitbucket account using the appropriate domain.
  4. We ask the user to disable the 2FA for Bitbucket ASAP. They must do that themselves because each user is the admin of their Bitbucket account.

With this approach, if anyone wants to connect to Confluence, JSM or Bitbucket, they must first provide the 2FA for Atlassian. There is no requirement however to provide a 2FA code specifically for Bitbucket.

The question is whether there is a better approach than what I have described above? Is it possible to remove step 3 and 4 from the above process?

Answer
Watch
Like Ulrich Kuhnhardt _IzymesCo_ likes this
533 views

1 answer

1 accepted

0 votes
Answer accepted
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 23, 2022

Hi @Gerard McHale,

This doesn't sound like expected behavior, I don't think that we have a feature that enforces users to enable Bitbucket 2FA on sign-up. Enforcing 2FA for users from your verified domains in http://admin.atlassian.com/ should only affect the Atlassian account 2FA.

The premium plan in Bitbucket Cloud has a feature to Require two-step verification, however, this is not enforced on signup. Enabling this setting for a workspace will make the workspace content inaccessible to users that have been granted access but have no 2FA enabled on the Bitbucket account. Users will see a message informing them that they need to enable Bitbucket 2FA in order to access this content (this is not going to be enforced on sign-up).

When you have a new user joining and creating a new Bitbucket Cloud account, I would suggest asking them to create a screencast that shows the process they follow on their browser when they try to create a new Bitbucket account, up until they get asked to enable Bitbucket 2FA. Then, create a ticket with the support team and provide this screencast, so we can see what is happening and further investigate. You can create a ticket via https://support.atlassian.com/contact/#/, in "What can we help you with?" select "Technical issues and bugs" and then Bitbucket Cloud as product.

If you have any questions, please feel free to let me know.

Kind regards,
Theodora

View More Comments
Gerard McHale
Gerard McHale January 9, 2023

Hi @Theodora Boudale. Thank you for your response on this. I have tested this some more and it turns out that I was incorrect about the automatic requirement for 2FA to be enabled.

What was happening was that I was inviting users to join a user group within a workspace that required 2FA. That was what triggered user requirement to enable the 2FA.

I'm happy for this ticket to be closed.

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 10, 2023

Hi Gerard,

Thank you for the update. If you need anything further, please feel free to reach out.

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.