IP-Based access rules on 2FA to secure Atlassian Apps

Business Challenge

Enterprises must protect their Jira and Confluence environments from unauthorized access while ensuring a seamless experience for trusted users. Without intelligent authentication controls, internal users face unnecessary friction, while external threats remain a risk.

To strike the right balance, organizations need a robust 2FA solution that can:

• Intelligently bypass 2FA for internal users accessing from pre-approved IP ranges, reducing login disruptions.
• Enforce strict 2FA for external access, preventing unauthorized entry and credential-based attacks.
• Enhance security without compromising productivity, ensuring a smooth authentication experience for trusted employees.

Solution Overview

To address these challenges, a location-aware 2FA solution was implemented to balance strong security enforcement with a seamless user experience for Jira and Confluence users.

Key features of the solution included:

• CIDR-Based Trusted IP Management to intelligently bypass 2FA for internal users
• Enforced 2FA for External Access to prevent unauthorized logins
• Frictionless Authentication Experience for trusted users within corporate networks

This approach ensured adaptive authentication based on user location—enhancing security while minimizing login disruptions for internal teams.

How It Works

1. CIDR-Based Trusted IP Management

• Admins configure trusted internal networks using CIDR notation.
• Users accessing from these IPs bypass 2FA automatically, creating a smooth and secure login experience.

2. Enforced 2FA for External Access

• Any login attempt outside the defined trusted IP range requires >mandatory 2FA authentication.
• Prevents unauthorized access while ensuring security for external users.

3. Seamless User Experience

• Internal users enjoy uninterrupted authentication from corporate networks. .
• Eliminates repeated 2FA prompts, enhancing efficiency and productivity.