Uploaded image for project: 'Identity'
  1. Identity
  2. ID-8681

Allow the two-step verification(2SV)/MFA prompt to be bypassed or deactivated for performance monitoring use cases

XMLWordPrintable

    • 7

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      As per current design, when a user logs to their Atlassian account with an Atlassian account password - there is a prompt that asks the end user if they'd like to enable two-step verification(2SV) also known as multi-factor authentication(MFA). The end user will need to either enable 2SV or click "Continue without two-step verification".

      • The two-step verification(2SV) or MFA prompt is snoozed for 7 days if the end user selects the "Continue without two-step verification" option
      • Also, if the end user has logged in via a third-party account or enforced SSO, then the prompt to configure 2SV does not appear

      With this in mind, there are some use cases where customers use accounts for testing and monitoring purposes. An example use case would be SolarWinds Web Performance Monitor(WPM) which is a tool to simulate user actions to monitor performance and behavior by replaying actions within a web browser - https://www.youtube.com/watch?v=Mz92l2mAvA4&t=69s. The 2SV/MFA prompt is breaking the testing flow as manual interaction is required to proceed with the login process.

      No Atlassian API endpoints are involved in this use case. Social/third-party log in services such as Google cannot be used because they are reported to not allow automated interactive logins.

      Suggested Solution

      • Define a "service account" role that is allowed to bypass the 2SV/MFA prompt. However, at the time of writing(July 2024), Atlassian does not support the use of bot or service accounts
      • Add a "deactivate" 2SV option to the authentication policy settings: Available authentication policy settings for your organizations which allows admins to deactivate("block") 2SV for Atlassian accounts who are a member of that particular policy

      Why this is important

      For many customers it is important to actively monitor their apps/services to ensure that their end users have the most reliable service possible and be informed of any potential issues. Some solutions automate login flows which will now break if there is a prompt that requires manual interaction from the end user. There should be a way to bypass the 2SV/MFA prompt as an additional login step is a blocker for specific use cases such as the one mentioned above.

      Workaround

      Manually accept the prompt every 7 days.

       

       

              Unassigned Unassigned
              b4cf4c1f7d69 Jasmine
              Votes:
              38 Vote for this issue
              Watchers:
              25 Start watching this issue

                Created:
                Updated: