2 段階認証の強制
When you enforce two-step verification on users, you require them to enter a one-time passcode in addition to their password when they log in to Atlassian. This second step keeps their account secure if their password is compromised.
After you enforce two-step verification, we don’t log users out of their current sessions and we don’t email them to set up two-step verification. Instead, we prompt users to enable two-step verification for their Atlassian account the next time they log in. They can install an authentication app (such as Google Authenticator, Authy, or Duo) on their phone or receive a one-time passcode by text (SMS) message. They will use this one-time passcode to log in to Atlassian apps.
As an admin, you should enable two-step verification for your own account before you enforce it for all users. Manage two-step verification for your Atlassian account
Who can do this? |
Enforce two-step verification for managed accounts
You enforce two-step verification on your organization’s managed accounts through an authentication policy. You can set up multiple authentication policies to set different security levels for different subsets of users in your organization.
To enforce two-step verification for managed accounts:
移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。
[セキュリティ] > [認証ポリシー] の順に選択します。
Select Edit for the relevant policy.
In the Settings tab, select Mandatory for two-step verification.
SAML シングル サインオン
If you enforce single sign-on in your organization, you set up two-step verification in your identity provider, instead of through an authentication policy.
Enforce two-step verification for external users
You can require external users to verify their identity with a one-time passcode through your external user policy.
To require a one-time passcode for external users:
移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。
[セキュリティ] > [外部ユーザー] の順に選択します。
[外部ユーザー ポリシー] を選択します。
For Authorization method, select One-time passcode.
[アップデート] を選択します。
Make two-step verification optional
You can make two-step verification optional for some users, so they can choose to stop using it.
To make two-step verification optional for some managed accounts:
移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。
[セキュリティ] > [認証ポリシー] の順に選択します。
Select Edit for the policy that contains the managed accounts for whom two-step verification should be optional.
In the Settings tab, select Optional for two-step verification.
To make two-step verification optional for external users:
移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。
[セキュリティ] > [外部ユーザー] の順に選択します。
[外部ユーザー ポリシー] を選択します。
For Authorization method, select None.
[アップデート] を選択します。
You can only make two-step verification optional for all your external users or none of them. You can’t make it optional for some external users only.
Find managed accounts without two-step verification enabled
To find your managed accounts who don’t have two-step verification enabled:
移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。
[ディレクトリ] > [管理対象アカウント] の順に選択します。
Select All accounts filter.
[2 段階認証] で [無効] を選択します。
Troubleshoot two-step verification for managed accounts
A member of an authentication policy might not be able to log in with two-step verification if:
they’ve lost their phone
they don’t have a phone to download an authentication app or receive text messages
If the account has set up two-step verification:
移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。
[セキュリティ] > [認証ポリシー] の順に選択します。
Move the account to a policy where two-step verification is optional.
Navigate to the account’s profile in Directory > Managed accounts.
メンバーが 2 段階認証をリセットしてログインできるように [2 段階認証をリセット] を選択します。
Move the account back to their original policy.
If the account hasn’t set up two-step verification:
移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。
[セキュリティ] > [認証ポリシー] の順に選択します。
If two-step is required for the account, move them to a policy where two-step verification is optional. They can now log in with only a password.
Move the account back to their original policy to require two-step verification.
Use REST API tokens for scripts and services
If you enforce two-step verification, scripts and services won't be able to use a password for basic authentication against a REST API. We recommend that you use an API token instead. An organization admin can also exclude an account from two-step verification, as described above. Read more about API tokens
この内容はお役に立ちましたか?