Community
Products
Jira
Questions
OKTA Jira portal backdoor into Jira via the portal bypasses MFA

OKTA Jira portal backdoor into Jira via the portal bypasses MFA

We have OKTA on Jira Server.

The MFA process works correctly. However we have found the following anomaly

Understanding that OKTA does not work on the Jira Service Desk Portal.

Logging into the portal and opening a ticket.

If the user has agent access, clicking on the ticket link in the portal will open up the ticket in Jira backend with no MFA process.

Has anyone encountered this ?

1 answer

0 votes

The process you are referring to, meaning clicking on the issue -> navigates to the agent's view, it's the normal behavior.

However I haven't try to login to portal as an agent and then clicking on the ticket to navigate me inside Jira (agent's view) without enforcing the 2FA.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

And @Sue Webber read this article which might help you https://confluence.atlassian.com/jirakb/bypassing-okta-to-allow-users-to-login-to-jira-locally-1168844223.html

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Hi Alex

So yes it is this scenario "However I haven't try to login to portal as an agent and then clicking on the ticket to navigate me inside Jira (agent's view) without enforcing the 2FA"

No 2FA is requested at this point and the agent view of the ticket is opened.

Opening up an additional tab to Jira backend instance then does not 2FA. You are literally in without 2FA.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

But the 2FA is imposed from OKTA, right?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Correct, But when going the route of customer portal direct to jira backend via a ticket link; it does not enforce 2FA. I am not sure where or what should be changed as OKTA cannot operate on the jira customer portal.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I'm not quite sure who is do blame for this. But you can raise a request on Atlassian and see what they'll tell you.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Thanks, yes we have logged a query with OKTA as well.

Agree, not sure if is in OKTA or in Jira where the problem lies.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Alex Koxaras _Relational_ likes this

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

SERVER

TAGS

Community showcase