JumpCloud Protect MFA prompt is not triggered in Jira
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When Jira is integrated with JumpCloud LDAP using JumpCloud's MFA for LDAP Applicationsfeature, the MFA prompt only appears in the JumpCloud Protect app on the first login attempt.
Subsequent login attempts succeed without a MFA prompt triggered, until some time passes (usually 15 minutes), or the user enters an incorrect password.
Environment
Jira Server/Data Center version 8.22.0 or above
or
Jira Server/Data Center LTS version 8.20.8 or above
and
Jira is configured to use JumpCloud LDAP server as a User Directory
and
JumpCloud is configured to use MFA for LDAP Applications
Cause
Since Jira version 8.22.0 and 8.20.8, LDAP logins are cached to improve performance.
JumpCloud's MFA for LDAP Applications feature uses only the LDAP login request to trigger MFA, not a more thorough implementation such as SAML or via a Jira plugin.
Therefore, JumpCloud never receives subsequent LDAP request during the cache period, and thus never triggers the MFA login prompt.
This change was implemented as part of JRASERVER-70468 - As a Jira Administrator I want to configure user accounts for integration jobs with low login overhead
Solution
Add the setting
-Dcom.atlassian.jira.user.crowd.service.authenticate.cache.minutes=0to set-env startup properties fileRestart the Jira service
Alternatively, you can integrate MFA with Jira using a different method, such as:
MiniOrange Plugin3rd Party
Re:Solution SAML SSO Plugin3rd Party
Was this helpful?