Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Not a bug
Priority: Medium
Component/s: API keys / authentication, Directory - Manage product access
Labels:
None

Support reference count:
10
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Cloud bug fix policy

Description

Issue Summary

According to the documentation for the https://api.atlassian.com/users/{account_id}/manage UM REST API endpoint, the response should include information about MFA settings for the user:

mfa.read: read the current MFA enrollment state for the user

mfa.unenroll: unenroll the user from MFA

However this is not working. Indeed:

Calling https://api.atlassian.com/users/{account_id}/manage does not include above properties in the response

Calling https://api.atlassian.com/users/{account_id}/manage?privileges=mfa.read (or mfa.unenroll) always returns "allowed":true, whether you have MFA enabled or not:

curl -H 'Authorization: Bearer <API_KEY>' -H 'Accept: application/json' -X GET https://api.atlassian.com/users/<ACCOUNT_ID>/manage?privileges=mfa.read

{"mfa.read":{"allowed":true}}

Steps to Reproduce

Being an Organization administrator, go to admin.atlassian.com and Create an API KEY
Use the api key to authorize a REST API call against the endpoint https://api.atlassian.com/users/{account_id}/manage (replace account_id with the account-id of a managed account)

Expected Results

Among the other properties, also mfa.read and mfa.unenroll are returned.

Actual Results

Everything is returned, but mfa.read and mfa.unenroll

Also:

Calling: https://api.atlassian.com/users/{account_id}/manage?privileges=mfa.read or https://api.atlassian.com/users/{account_id}/manage?privileges=mfa.unenroll always returns "allowed":true regardless MFA being enabled or not.
```
curl -H 'Authorization: Bearer sDXXXXXXXXXXXXaa' -H 'Accept: application/json' -X GET https://api.atlassian.com/users/5acbXXXXXXXXXXXXede/manage?privileges=mfa.read,mfa.unenroll

{"mfa.read":{"allowed":true}}
```

Calling https://api.atlassian.com/users/{account_id}/manage?privileges=mfa.read,mfa.unenroll returns empty response:

curl -H 'Authorization: Bearer sDXXXXXXXXXXXXaa' -H 'Accept: application/json' -X GET https://api.atlassian.com/users/5acbXXXXXXXXXXXXede/manage?privileges=mfa.read,mfa.unenroll

{}

Workaround

No workaround available at the moment.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

POSTMAN.jpg
71 kB
24/Jan/2020 11:32 AM
Screenshot 2020-12-14 at 2.24.43 PM.png
135 kB
14/Dec/2020 8:55 AM

Issue Links

relates to

ID-7278 Missing information about mfa.read and mfa.unenroll parameters in the 'GET User Management Permissions' REST API endpoint documentation

Closed

PIK-1019 Loading...

Activity

People

Assignee:: Aneita

Reporter:: Dario B

Votes:: 3 Vote for this issue

Watchers:: 16 Start watching this issue

Dates

Created:: 19/Dec/2019 12:02 PM

Updated:: 14/Sep/2021 3:32 AM

Resolved:: 14/Sep/2021 3:32 AM