-
Suggestion
-
Resolution: Fixed
Hello,
It would be awesome if you could give users the option to protect their Bitbucket account by using a two-factor authentication system.
It would be epic if you used the Time-based One-time Password (TOTP) algorithm specified in RFC 6238(https://tools.ietf.org/html/rfc6238) so it would work with Google Authenticator app for just about every mobile platform.
Thanks for providing a great service!
Happy Holidays.
[BCLOUD-5811] Support two-factor authentication (BB-7016)
Attachment 1800647118-Screen%20Shot%202015-02-25%20at%2015.43.51.png has been added with description: Originally embedded in Bitbucket issue #5811 in site/master
Can I authenticate with other SAML providers with the on premise version Like Azure AD? We’re looking to run strictly over HTTPS with a more secure authentication. I also need to provide authentication to people that are not employees and because of contract I prefer not to have VPN as a requirement. We already own the on premise server but our scope has changed so perhaps you could tell me if there is an cost effective means to move to cloud by converting licenses?
James D. Moore
Enterprise Architect
[email signoff]
United States Golf Association
P.O. Box 708, 77 Liberty Corner Road
Far Hills, NJ 07931
(908) 326-1839
www.usga.org
This email may contain confidential or privileged information. If you are not the intended recipient, please delete it without disclosing it to anyone and notify us immediately.
You can find the open issue for Bitbucker Server under:
https://jira.atlassian.com/browse/BSERV-7815
2FA for Bitbucket Server is not a highly requested feature, likely because many companies run it behind a VPN already. Active Directory Authentication is already supported in the Server version.
Is multifactor Auth supported in the on Premise version? what about Active Directory Authentication can you combine the two on premise?
Hi @unusualbob
Double check that your phone's clock is synchronized. We don't allow as much wiggle room for inaccurate clocks as some others (like Google). While this puts us closer to the spec, it can certainly cause some unusual troubles for different users. The most common case we hear of is that iPhone clocks with some cell providers tend to be > 30 seconds fast. If that is the case for you, we'd reject your code consistently as it would be outside of our allowable time steps.
We're listening and evaluating all feedback from users to decide if we should adjust our allowances. If you'd like more private help, or you don't think that's the issue for you, come to support@bitbucket.org so we can help you further.
--Marcus
It appears that something is wrong. I have tried both scanning the QR and manually entering the 2 factor key into google authenticator, but bitbucket rejects the code presented as an "Invalid two-step verification code". I'm using 2 factor on 10+ accounts and have had no problems there, so I suspect that something is bugged on your side.
We are actively working on the integration with Atlassian ID, but I can't give you a timeline at this stage.
On a basic level, a user enters a password or a secret question into a text box on the access control panel. The system checks this against a pre-defined list of known authorized users. If the answer matches the required parameters, an access token is then generated, and the user is granted access to the requested information. The key advantages of using this form of platform two factor authentication https://www.protectimus.com/platform/ are that it is very easy to implement in various systems, and also requires minimal training for employees. It is also considerably cheaper compared to other forms of authorization, as the central database and servers for storing the tokens are not required.