What's New !!

Pricing Offers

We are happy to announce special offers for miniOrange Atlassian SSO, 2FA, REST API, User Sync and Group Sync Apps.

View Offers Now

Contact Info

For any query, product related information or any help , contact us now. You can also raise a ticket with our support.

 

Contact Us Now

Two Factor Authentication (2FA) Crowd

Crowd Two Factor Authentication (2FA/MFA) gives the ability to enable 2FA/MFA for Crowd which adds a security layer on top of user login. Crowd Servers are compatible with all Authenticator Apps including Microsoft Authenticator and Google Authenticator. Here we will go through a guide to configure the miniOrange Crowd 2FA/Crowd MFA app. By the end of this guide, Crowd users should be able to perform Two Factor Authentication (2FA) on top of user login


You can refer the steps to configure any Two Factor Authentication (2FA) method with the Crowd from the video or documentation given below

Pre-requisites

To configure Crowd Two Factor Authentication, you need the following items:

  • Crowd should be installed and configured (supported version Crowd Server 3.7.0 and above).
  • Admin credentials are set up in Crowd.
  • Valid Crowd Server Licence.

Download And Installation



  • Log into your Crowd instance as an admin.
  • Navigate to the settings menu and Click Manage Apps.
  • Click Find new apps or Find new add-ons from the left-hand side of the page.
  • Locate mO Crowd Two Factor Authentication (2FA) | Crowd 2FA via search.
  • Click Configure to get into and configure the plugin.
    Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA

1: Setup miniOrange 2-Factor Authentication

  • The miniOrange 2FA addon offers a variety of 2FA methods. Navigate to Two Factor Settings tab. Choose the desired 2FA methods from the provided list and enable them for your users.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd Two Factor Settings Tab
  • Enable Backup Method: In case of emrgency login or when the user is not able to access their primary 2FA method, they can login using the Backup method. You may enable any of the below 2FA methods as your backup method.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd Two Factor Settings Tab
  • Enable 2-Factor Authentication for Crowd: For Enabling 2FA for users click on 'Enable the 2 Factor Authentication' for Crowd users & click on Save.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd Enable 2FA
  • Enforce 2-Factor Authentication for users: For enabling 2FA for users, navigate to 'User Management' tab, where you can see the list of all the active users, and all the 2FA operations that can be performed on these active users.

    Note: 2FA for all the users is disabled by default, you may enable 2FA for users individually / in bulk / in groups.

    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd User Managment Tab

2: How the user can Configure the 2FA

  • Welcome Message for users: The following screen will be shown to users after enabling 2FA for a particular user & to configure Two Factor authentication methods, the user needs to click the Next button.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA Welcome Message
  • Configure the Mobile Authenticator app: Once the user clicks Next, the Mobile Authenticator setup screen will be shown. Where the user needs to scan the QR code or use the Secret Key and then enter the 6 digit OTP generated on mobile app.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA Configure Mobile Auth
  • Configure the Yubikey Hardware Token app: Prior to Yubikey Hardware Token configuration SSL needs to be set up on the Crowd instance. The below screen will be shown at the time of configuring Yubikey Hardware Token as a 2FA method. On this page the user needs to follow the steps shown in page.
    • Setup Two Factor (2FA / MFA) Authentication for Jira using Yubikey Hardware Token, U2F, Hardware Token methods mobile authentication
  • Configure the OTP Over Email: The below screen will be shown at the time of configuring OTP Over Email as a 2FA method where the user needs to provide the OTP which is sent on his email address.
    • Setup Two Factor (2FA / MFA) Authentication for Jira using OTP, KBA, TOTP methods otp over email configure
  • Configure the Security Question: The below screen will be shown at the time of configuring Security Question as a 2FA method where the user needs to configure the Security Questions based on his knowledge. User can configure Security Question as a Primary as well as Backup method to login into Crowd.
    • Setup Two Factor (2FA / MFA) Authentication for Crowd using OTP, KBA, TOTP methods KBA
  • Configure the OTP Over SMS: In this method, users need to verify their identity by entering the OTP they receive via SMS on their registered mobile number.
    In order to use OTP over SMS as a 2FA method, an SMS gateway needs to be configured. You can either go with the miniOrange SMS Gateway or use your own Custom Gateway for sending OTPs. Refer to this document to configure the gateway.

    The below screen will be displayed to the end-user while configuring OTP Over SMS, where the user first needs to enter their mobile number and then validate the OTP which is sent to his/her mobile number.
    • Setup Two Factor (2FA / MFA) Authentication for Jira using OTP, KBA, TOTP methods otp over email configure
  • Configure Duo Push Notification : In this method, the user needs to APPROVE the authentication request received on their registered device to verify their identity.

    In order to enable Duo Push Notification as a 2FA method for all users, the Crowd admin needs to integrate Crowd with Duo. For integration, the admin needs to create an application in Duo and copy the Integration key, Secret key and API hostname from Duo and paste it accordingly under the Duo Push Notification Settings in the Advanced Settings section of the 2FA addon in Crowd.

    The below screen will be displayed to the end-user while configuring Duo Push Notification, where the user first needs to register the device on which they wish to receive Push Notification and then APPROVE the authentication request received on their device

    Setup Two Factor (2FA / MFA) Authentication for Jira using OTP, KBA, TOTP methods otp over email configure
  • Configure Web Authentication as a 2FA method: Configuring Web Authentication as a 2FA method allows users to use their system's built-in authenticators like Windows Hello PIN, Apple’s Touch ID, FaceId or any other biometric authenticators as a Second factor to login into their Atlassian account.
    Your Atlassian instance should be configured with Secure Context(HTTPS) if you wish to use Web Authentication.

    The below screen will be shown to the end-user while configuring Web Authentication as a 2FA method. Users need to register their system authenticators like Windows Hello PIN, Apple’s touch Id or other biometric authenticators supported with their Atlassian instance in order to use them for validation during 2FA.
    • Setup Two Factor (2FA / MFA) Authentication for Jira using OTP, KBA, TOTP methods backup code
    Windows Hello PIN won’t be promoted for configuration in Chrome/Edge browser’s incognito window. However, after successful registration, one can use an incognito window to authenticate and log in successfully.

  • Configure the Backup Code as Backup Method: If the Backup Code is activated as a Backup Method, the user will see the screen below where the user will see the list of one-time passcode.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA Backup Code

3: Additional Features

  • Brute Force Configuration: It is used for restricting the access to your Crowd Application based on the number of Invalid Login Attempts for the specified period of time. For enabling Brute Force Configuration, click on the 'Enable Brute Force Protection for Crowd' checkbox, then select the number of invalid login attempts after which user will lock, and the time for which the user will be in a locked state and won't get access to Crowd application
    • Setup Two Factor (2FA / MFA) Authentication for Crowd using OTP, KBA, TOTP methods brute force authentication
  • Mobile Authenticator Settings: Customized label can be given to the Authenticator app. Enter the 'Name' for your authenticator app in the text box.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA Mobile Authenticator Settings

4: User Management

  • 2FA for Single User: Enter the name of the user in the Search Bar for whom you want to perform the operation and hit the search button, the user with that name will appear. And then in the Action column, select the required Action.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA For Single User
  • 2FA for Multiple Users: Select the users, in the Bulk 2FA Action drop-down list select the action you want to perform. And then hit Apply Button.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA For Multiple Users
  • 2FA for All Users: In Bulk 2FA Action drop-down list under All users Section select necessary Action and hit Apply Button.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA For All Users
  • 2FA for Single Group : Enter the name of the group in the Search Bar for which you want to perform the operation and hit the search button, the group with that name will appear. And then in the Action column, select the required Action.
    • Setup Two Factor (2FA / MFA) Authentication for Crowd using OTP, KBA, TOTP methods enable single group
  • 2FA for Multiple Groups : Select the Groups, in the Bulk 2FA Action drop-down list select the action you want to perform. And then hit Apply Button.
    • Setup Two Factor (2FA / MFA) Authentication for Crowd using OTP, KBA, TOTP methods enable multiple group
  • 2FA for All Groups : In Bulk 2FA Action Dropdown list under All groups Section select necessary Action and hit Apply Button.
    • Setup Two Factor (2FA / MFA) Authentication for Crowd using OTP, KBA, TOTP methods enable all group

5: IP Restrictions

  • IP Whitelisting: It is a security feature that is often used for trusted users who can directly log into Crowd without asking for 2FA. Enter the IP address and click save for enabling the IP whitelisting
    • Setup Two Factor (2FA / MFA) Authentication for Crowd using OTP, KBA, TOTP methods IP whitelisting
  • IP Blocking: It is a basic access control mechanism that blocks access to Crowd Application based on the IP address. It will deny access for those IPs which are listed here. Enter the IP address in the text box for IP blocking. The message for blocked users can be customized, enter the message in the 'Blocked User Message' text box present in the Look and Feel tab and click on the Save button.
    • Setup Two Factor (2FA / MFA) Authentication for Crowd using OTP, KBA, TOTP methods IP blocking

6: Reconfigure 2FA

  • Reconfigure 2FA: The end-users can reconfigure their 2FA on their own by navigating to Top Navigation Bar, click on Two-factor Authentication, you can see the Configure Two Factor(2FA) window, now click on Reset button to Reconfigure the users 2FA method. The user can also configure additional 2FA methods from here, if they are not previously configured.
    • Setup Two Factor Authentication (2FA / MFA) for Crowd using OTP, Mobile Authenticator, KBA, TOTP methods, Backup Method, MFA and OTP over Email/SMS. Provides Additional Security Layer. Crowd 2FA Reconfigure 2FA

Recommended Add-Ons

Crowd SAML SSO

Enabling SAML SSO allows users to login to Crowd using Identity provider credentials.

Know More

Bulk User for Crowd

It allows to efficiently manage users in crowd and deactivate inactivate users.

Know More

Bamboo Crowd Connectors

It allows to efficiently manage users in crowd and deactivate inactivate users.

Know More


Free Trial

If you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.