Business Challenge
Atlassian’s native authentication solution, Atlassian Guard, allows external customers to log in via SSO using SAML or opt for Two-Factor Authentication (2FA)—but not both to access the customer portal. This limitation poses a security challenge for organizations that require 2FA alongside SSO, as it becomes difficult to achieve when their Identity Provider does not support 2FA.
Without the ability to enforce MFA after SSO, organizations are forced to choose between user convenience and secure access—posing compliance risks and increasing vulnerability to unauthorized access. A flexible and secure approach is needed to integrate MFA with SSO, supporting multiple authentication protocols and user-friendly verification methods.
Solution Overview
Our solution overcomes this challenge by seamlessly integrating Multi-Factor Authentication (MFA) with SSO using our in-house Identity and Access Management (IAM) solution. This enables organizations to enforce MFA after successful SSO, enhancing security without compromising user experience.
Supported MFA Methods
Our solution offers flexibility by supporting multiple MFA methods, ensuring organizations can choose the most suitable authentication mechanism:
1. SMS-based OTP
2. Mobile Authenticator Apps (e.g., Microsoft Authenticator, Google Authenticator)
3. Push Notifications
4. Email-based OTP
5. Hardware Tokens (YubiKey)
How It Works
Our solution allows admins to configure IDP using our addon and integrate MFA enforcement using our IAM solution.
1: Configuring the Plugin in Jira/Confluence
- Admins configure their preferred IDP using our SAML/OAuth SSO for External Customers add-on.
- Users authenticate via their IDP using the configured SSO links.
2: Enable MFA Enforcement
- Admins configure an application in the IAM broker solution to set up MFA policy.
- Users are imported into the IAM solution, allowing MFA Policies to be applied.
3:User Authentication Process
- After successful SSO, users are prompted for MFA authentication.
- Once MFA verification is completed, users gain access to the customer portal.
Key Benefits
Secure, seamless logouts with less IT effort.
Enforce MFA for Extra Security
Strengthen authentication beyond standard SSO.
Supports SAML & OAuth/OIDC
Unlike Atlassian Guard, our solution supports both protocols.
Multiple IDP Configuration
Connect multiple IDPs for seamless authentication and without requiring Enterprise plan
Conclusion
With our SSO + MFA integration, organizations can ensure strong authentication for external customers accessing Jira Service Management. Whether you need OAuth-based SSO (links for OAuth use case document), multi-IDP support (links for multiple idp use case document), or MFA enforcement, our solution provides a secure, seamless, and highly configurable authentication experience.
