Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1128

When an Atlassian account is synced via provisioning or enforced MFA/2FA is configured, the "Deactivate two-factor authentication" button disappears

XMLWordPrintable

      Thanks everyone for watching and commenting on this ticket.

      As part of an initiative to consolidate feature requests/suggestions to gather centralized feedback, improving the popularity of the existing ones, we are closing this ticket as duplicate as there is an older ticket related to this same difficulty:

      As always, thank you for the opportunity to improve our products, Feel free to bring additional feedback via existing suggestions!

      João N.,
      Atlassian Team

      Issue Summary

      • Sometimes, it's necessary for an organization admin to deactivate two-factor authentication on a specific Atlassian account
      • Normally, an organization admin can navigate to Directory > Managed accounts > [User's profile] and then click "Deactivate two-factor verification"
      • When enforced 2FA/MFA is enabled on an authentication policy, the "Deactivate two-factor verification" disappears

      10/Feb/2022 — This issue is now happening to the non provisioned users as well, This was not the case when this bug was raised we used to get "Disable" button on browsing user account on Manage Account. On account page the status shows "Not Enabled" for two factor authentication.

      Steps to Reproduce

      1. Enforce 2FA on the organization's managed accounts - or configure SCIM/provisioning
      2. Enrol an Atlassian account/device to 2FA
      3. Try to deactivate 2FA for a specific user within the UI

      *10/Feb/2022 —
      *

      1. Pick any of your managed account which is not provisioned.
      2. Enable two factor authentication on that
      3. Setup the 2FA on the user account post login to that account.
      4. Once done, move the user to a new Authentication Policy(create a new one if there is only one) and keep Two Factor Authentication as "Optional"
      5. Go to Directory> Managed Account > Search for the user > The value in front of
        Two-step verification comes up as "NOT ENABLED", there is no "Disable 2FA" option.
      6. Now, move to Governator and search for this user account from "Atlassian Account" tab.
      7. Scroll to the bottom of the result page and section MFA Enabled comes up as True.

      Expected Results

      • The "Deactivate two-factor verification" button should be available.

      *10/Feb/2022 —
      *
      The "Disable 2FA" option must be there and this was not the case when this bug was raised, as you can see from the screenshot attached in the beginning the non-provisioned account has this "Disable" option available. It is a very basic functionality and due to this ongoing bug and now the new user face so many issue as they fail to login to their environment.

      With a provisioned account Without a provisioned account

      Actual Results

      • The "Disable two-factor verification" button is hidden and it is not possible to deactivate 2FA

      Workaround

        1. Screenshot 2021-09-15 at 11.37.24.png
          236 kB
          Derrick Nguyen
        2. Screenshot 2021-09-15 at 11.48.51.png
          253 kB
          Derrick Nguyen
        3. Screenshot 2022-02-10 at 5.15.39 PM.png
          303 kB
          Himanshu Jadon

            [ACCESS-1128] When an Atlassian account is synced via provisioning or enforced MFA/2FA is configured, the "Deactivate two-factor authentication" button disappears

            There are no comments yet on this issue.

              bmagro Ben Magro (Inactive)
              dnguyen4 Derrick Nguyen
              Affected customers:
              0 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: