Jenkins Two Factor Authentication

Pre-requisites

To integrate your Identity Provider (IDP) with Jenkins, you need the following items:

• Jenkins should be installed and configured.
• Jenkins Server is https enabled (optional).
• Admin credentials are set up in Jenkins.
• To enable OTP over email , mailer plugin should be installed - Jenkins Mailer Plugins

Download And Installation

• Login to your Jenkins Admin Account.

• Go to Manage Jenkins option from the left pane, and open Manage Plugins tab.

• Search for 2FA in the available tab.

• Download and install with a restart.

Step 1.Configure SMTP Server in Jenkins - ( Mandatory for OTP over Email)

If you have already configured a SMTP server in your Jenkins, you may proceed to the next step. However, if you haven't done so, then it is essential to complete this step for using OTP over Email authentication method.

Setting up an SMTP server will allow you to send emails for authentication. Follow the step-by-step guide below to set up your SMTP server:

• Access your Jenkins dashboard and navigate to the Manage Jenkins page.
• Under System Configuration section, locate and select System.
• In the Configure System page, scroll down to the Email Notification section, positioned at the bottom.
• Within this section, you can configure SMTP Server settings. Enter the name of the server, then click on the Advanced button to expand more options.


• Proceed by enabling the Use SMTP Authentication option, and then provide Username and Password details. Additionally, input the designated port number into the provided SMTP Port input field.
• If you want to test the SMTP server connection, enable Test configuration by sending test email then enter the email address and click on Test Configuration.
• Once all necessary configurations have been completed, ensure to click on the Save button.

Step 2.Enable 2FA Authentication Methods

• Access the Manage Jenkins page within your Jenkins dashboard.
• Navigate to the Security section and locate the 2FA Global Configurations option.
• Click on 2FA Global Configurations to access the configuration settings.

In the 2FA Global Configurations page, you will find the following authentication methods available:

1. Security Questions: This method prompts users to provide answers to specific security questions during the authentication process.
2. OTP over Email: This method utilizes One-Time Passwords sent via email for authentication purposes.

To enable 2FA authentication, proceed as follows:

1. Check the Enable 2FA checkbox to activate the 2FA feature in Jenkins.
Note: Once "Enable 2FA" is activated, along with any authentication method, 2FA will be enabled for all users, including administrators. Please ensure you have completed admin configuration beforehand saving to prevent instance lockout.
2. Choose between the available authentication methods: Security Questions or OTP over Email.

NOTE: To enable OTP over email authentication, provide a sender email address for sending OTP emails and save the configuration.

Step 3.Configure Authentication Methods on User Login

Once 2FA authentication methods are enabled, users will be prompted to configure their preferred 2FA method during login. They can configure the methods either during login or by accessing the 2FA Configuration page from their Profile page within the Dashboard.

1. Configuring OTP Over Email -
1. The authentication methods can be configured either during the login process or by visiting the 2FA Configuration page within the profile dashboard.
2. To complete the verification process, click on the Send OTP button to receive a One-Time Password (OTP). Enter the received OTP and click on the Validate button to authenticate and proceed further.


2. Configuring Security Questions -
1. The authentication methods can be configured either during the login process or by visiting the 2FA Configuration page within the profile dashboard.
2. In the configuration page, select your preferred question from the options provided for the first and second security questions. Enter the corresponding answers for the first two questions.
3. In the third place, you have the option to create a custom question and provide its answer.
4. Once you have entered the necessary information, click on the "Save" button to save your configured security questions.

By completing both of the above steps, your security questions and OTP over email will be successfully set up and saved for future use.

Step 4.Reset 2FA Authentication Methods

To reset the configured authentication methods, please follow these instructions:

1. Click on your profile name located in the top navigation bar.
2. From the options displayed, select 2FA Configuration in the left sidebar.
3. In the 2FA Configuration page you will find the authentication methods along with their respective configuration statuses.
4. To reset an authentication method, click on the Reset button associated with the authentication method.
5. After resetting, the method will be available for re-configuration on this page.

By following these instructions, you will be able to reset and reconfigure the authentication methods through the 2FA Configuration page accessible from your profile dashboard.

Additional Resources

• Jenkins Crowd Connector
• What is SAML? (SSO)
• SonarQube Single Sign On (SSO)