Uploaded image for project: 'Atlassian Access'
  1. Atlassian Access
  2. ACCESS-797

Ability to see which users do not have 2FA enabled in an organization

    XMLWordPrintable

Details

    • 26
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Problem Definition

      • Ability to see which users do not have 2FA enabled in an organization
      • An organization could be forcing all of their managed accounts to use SSO but they may have external accounts accessing their products that they cannot manage, and it would be helpful to know which of these accounts are not using 2FA

      Why this is important

      The customer wants to audit and inform users to enable 2FA if excluded in an organization

      Workaround

      This data is viewable in the Managed accounts export (does not work for external accounts)

      Potential Solutions:

      • The Insights page under Security->Insights has a section at the bottom that details Two-step verification coverage
        It shows the number of accounts using/not using each security type. For example it shows how many accounts Log in without two-step verification. However, it only shows the number of accounts and doesn't show who those accounts actually are.
      • Make 2FA status available in account profile page
      • Add filter to managed accounts page
      • Allow a way to export external accounts not using 2FA

      Attachments

        Issue Links

          Activity

            People

              njayasankar@atlassian.com Narmada Jayasankar
              rdey@atlassian.com Ratnarup
              Votes:
              72 Vote for this issue
              Watchers:
              54 Start watching this issue

              Dates

                Created:
                Updated: