How Novomatic Enabled Centralized Multi-Factor Authentication Across Atlassian Tools with miniOrange
Novomatic AG, one of the largest international producers and operators of gaming technologies, needed a secure and seamless Multi-Factor Authentication (MFA) solution across its suite of Atlassian tools. With user identities centrally managed via Atlassian Crowd, Novomatic sought to enforce high-security standards, without sacrificing usability. miniOrange delivered a flexible and unified MFA solution that empowered their security teams, streamlined authentication workflows, and enhanced platform-wide protection.
Business Challenge
Novomatic faced the complex task of unifying MFA across multiple Atlassian tools while preserving a seamless user experience.
Centralized MFA Without Compromise
With a large workforce accessing internal systems daily, Novomatic required a robust and unified Multi-Factor Authentication (MFA) framework across all Crowd-connected Atlassian applications, including Jira, Confluence, and Bitbucket.
Their goals were:
- To enforce consistent MFA policies across multiple platforms without duplicating login efforts
- To enable role-based access control for specialized teams managing security configurations
- To support multiple YubiKeys per user for backup and accessibility
- To maintain session synchronization and security while minimizing user friction
However, managing centralized authentication through Crowd posed challenges, especially in synchronizing secure sessions across applications and supporting delegated access controls without elevating user permissions.
How miniOrange Helped
By enabling single-session MFA, role-based access control, and support for multiple YubiKeys per user, miniOrange empowered Novomatic to scale security without disrupting workflows.
Unified Security, Granular Control
miniOrange provided a modular, enterprise-grade MFA solution designed specifically for Crowd and its connected Atlassian applications. The solution included:
Session-Based MFA Synchronization
Using miniOrange’s secure session framework, users authenticate once per session, enabling access to all Crowd-connected applications without repeated MFA prompts. Sessions are securely scoped to the browser, ensuring protection against session hijacking.
Role-Based Access Control (RBAC)
Specialized teams were granted access to specific MFA configuration interfaces based on group membership:
- View-only or edit-level permissions were assigned without giving admin rights
- Security teams could oversee login activity, audit logs, and configure global 2FA settings, without elevated access
Multiple YubiKey Support
The system allowed each user to register and authenticate with multiple YubiKeys, offering backup options in case of key loss or failure. Users could seamlessly switch between YubiKeys, ensuring continuous access without IT dependency.
Success Outcome: High-Security MFA Without User Friction
By centralizing miniOrange’s MFA add-on at the Crowd level and extending it across connected applications, miniOrange delivered a solution that provided both security and ease of use. Novomatic’s security teams gained precise control over authentication policies, while end-users experienced smoother login flows with fewer interruptions.
Results & Business Impact
- Single MFA Session: Users could log in once to access Jira, Confluence, Bitbucket, and more, without repeated 2FA prompts.
- Delegated Access Control: Teams outside the admin group could securely manage configurations and monitor activity.
- Improved Resilience: Multiple YubiKey support allowed users to maintain access even when one key was unavailable.
- Secure Session Management: Browser-bound sessions ensured secure MFA coverage across all platforms.
- Better User Experience: Reduced login fatigue, leading to higher compliance and productivity.
About Novomatic AG
Headquartered in Austria, Novomatic AG is a leading global supplier of gaming technologies and operator solutions. With operations in over 50 countries, Novomatic integrates cutting-edge technologies with a strong focus on compliance, player protection, and enterprise security. Their commitment to innovation extends into every aspect of their digital infrastructure, including access management and authentication.