{"_id":"56fb86c70023171700b95fee","version":{"_id":"55edea207145f717001ac12f","project":"55edea207145f717001ac12c","__v":11,"createdAt":"2015-09-07T19:48:48.670Z","releaseDate":"2015-09-07T19:48:48.670Z","categories":["55edea217145f717001ac130","55ffa8038c0c9d0d00dcac72","55ffbaa48c0c9d0d00dcac88","55ffbd3e8c0c9d0d00dcac8b","55ffbee40e2b090d00863393","55ffc4306932a00d00ba7a85","55ffc66bfeaf310d007dd6c8","55ffc9c2feaf310d007dd6d1","55ffceca0e2b090d008633b2","560111b06811d00d00ceb34e","560262e74f15002100ee4445"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"project":"55edea207145f717001ac12c","category":{"_id":"560111b06811d00d00ceb34e","pages":["56011249f01fb90d00d4bf70","56013a3e6811d00d00ceb381"],"version":"55edea207145f717001ac12f","__v":2,"project":"55edea207145f717001ac12c","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-22T08:30:40.352Z","from_sync":false,"order":9999,"slug":"plugins","title":"Plugins"},"user":"55ede9ed1452cd0d009e5e6b","__v":23,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-03-30T07:56:55.851Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":true,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":999,"body":"# Rublon Two Factor Authentication (2FA) for Atlassian products\n\n* * *\n\n## Introduction\n\n### About the Two Factor Authentication\n\nTwo-factor authentication is a technology that allows identification of users involving two different components. We can split those components into two groups: \"something that the user knows\" and \"something that the user possesses\". It greatly improves the security because having access to only one of the factors is not enough to authenticate the user. The best example of everyday use are credit cards where you need the physical card (something that the user possesses) and PIN code (something that the user knows) to use it. Even if you have your card stolen from you, a thief is not too likely to know the PIN and therefore can't use your money. To improve security even further physical characteristic of the user (fingerprint, eye iris, voice) can be used as one of the factors. \n\n### About the Rublon\n\nRublon is a two-factor authentication solution that provides 2 types of second factor authentication. The first one is authentication via mobile phone by scanning QR code. Opposite to many similar solutions Rublon doesn't require entering one-time password generated and sent to your mobile phone. Rublon mobile application automatically connects to Rublon and authenticates the user based on the scanned QR code. The second option is authentication via e-mail address. It's less secure but is usable for users who for various reasons can't or don't want to authenticate with their mobile phones. In this case an e-mail is sent to the user and in up to 15 minutes the user needs to confirm their identity by clicking the verification link. Rublon also allows to add the device you're currently logging in with to trusted devices list and  in future proceed with verification without scanning QR code or clicking the verification link. It's useful for people who are the only users of Atlassian products on the particular device and don't want to perform additional steps while logging in.\n\n### About the plugin\n\nRublon Two Factor Authentication for Atlassian products is a plugin that provides the second factor of authentication often described as \"something that the user posseses\". In this case it is a mobile phone, which you use to scan a QR code. After scanning Rublon checks if the user used the correct device. If device matches to the one stored in database, the user is getting authenticated. The first factor (something that the user knows) is handled by Seraph Authenticator (default authenticator for Atlassian products). The second factor is provided by custom filter, called just after the original Atlassian products security filter. All communication between client and server in Atlassian products goes through it. If the user is remembered with a cookie, the first factor is being skipped, user is getting authenticated with the cookie and redirected to Rublon where the second factor authentication process is being held. In case of potential problems you can disable the filter usage by editing a few lines of the configuration file, therefore the plugin will not prevent the admininstrator from logging in and uninstalling it.\n\n## Supported Atlassian products\n\n* JIRA\n* Confluence\n* Bamboo\n\n## First steps\n\nTo start using the Rublon Two Factor Authentication plugin for Atlassian product you should:\n\n* Install the Rublon mobile app on your smartphone, create a new account and confirm your e-mail address.\n* Visit the Rublon Developer Area at [developers.rublon.com](developers.rublon.com) and log in by clicking the \"Developer Dashboard\" button, and scanning the QR code that will appear using the Rublon mobile app.\n* Go to the \"Add website\" form (Dashboard -> Add website) and fill in the required fields.\n* Copy the provided system token and secret key, which will be used to identify the integrated system and verify the authenticity and integrity of the messages exchanged with Rublon API (you will need it later while configuring your Atlassian product).\n\n## Installation\n\nClick on the cog in upper right corner and select Add-ons. Choose Find new add-ons. Type \"Rublon\" in search area and find Rublon Two Factor Authentication (2FA) plugin on the list. Select \"Install\" button.\nYou should install *twofactorauth-x.x.x.jar* (where *x.x.x* is a version number, for instance *1.0.0*) via Add-ons management system in Atlassian product. Click on the cog in the upper right corner and select Add-ons.\nChoose Manage add-ons and select Upload add-on. Browse to proper directory and select *twofactorauth-x.x.x.jar*\n\n## Configuration\n\nYou can configure your Rublon Two-Factor Authentication plugin using configuration page. In order to do it you need to visit Manage Add-ons section, find Rublon plugin on the list and press the \"Configure\" button. On the page you will be asked to enter Secret Key and System Token, values you generated earlier in Rublon Developer Area. After entering proper values you have to select \"Rublon Two-Factor Authentication\" and press the \"Save\" button.\n\n## Disabling the plugin\n\nYou can deactivate Rublon Two-Factor Authentication in plugin configuration page (see Configuration paragraph) by selecting \"Default Authentication\" instead of \"Rublon Two-Factor Authentication\". \n\n## Useful links\n\n* [Rublon.com](https://rublon.com/)\n* [Rublon support](https://rublon.freshdesk.com/)\n* [Rublon Developer Area](https://developers.rublon.com/)\n* [Rublon Documentation](https://rublon.readme.io/)","excerpt":"","slug":"jira","type":"basic","title":"Atlassian products"}

Atlassian products


# Rublon Two Factor Authentication (2FA) for Atlassian products * * * ## Introduction ### About the Two Factor Authentication Two-factor authentication is a technology that allows identification of users involving two different components. We can split those components into two groups: "something that the user knows" and "something that the user possesses". It greatly improves the security because having access to only one of the factors is not enough to authenticate the user. The best example of everyday use are credit cards where you need the physical card (something that the user possesses) and PIN code (something that the user knows) to use it. Even if you have your card stolen from you, a thief is not too likely to know the PIN and therefore can't use your money. To improve security even further physical characteristic of the user (fingerprint, eye iris, voice) can be used as one of the factors. ### About the Rublon Rublon is a two-factor authentication solution that provides 2 types of second factor authentication. The first one is authentication via mobile phone by scanning QR code. Opposite to many similar solutions Rublon doesn't require entering one-time password generated and sent to your mobile phone. Rublon mobile application automatically connects to Rublon and authenticates the user based on the scanned QR code. The second option is authentication via e-mail address. It's less secure but is usable for users who for various reasons can't or don't want to authenticate with their mobile phones. In this case an e-mail is sent to the user and in up to 15 minutes the user needs to confirm their identity by clicking the verification link. Rublon also allows to add the device you're currently logging in with to trusted devices list and in future proceed with verification without scanning QR code or clicking the verification link. It's useful for people who are the only users of Atlassian products on the particular device and don't want to perform additional steps while logging in. ### About the plugin Rublon Two Factor Authentication for Atlassian products is a plugin that provides the second factor of authentication often described as "something that the user posseses". In this case it is a mobile phone, which you use to scan a QR code. After scanning Rublon checks if the user used the correct device. If device matches to the one stored in database, the user is getting authenticated. The first factor (something that the user knows) is handled by Seraph Authenticator (default authenticator for Atlassian products). The second factor is provided by custom filter, called just after the original Atlassian products security filter. All communication between client and server in Atlassian products goes through it. If the user is remembered with a cookie, the first factor is being skipped, user is getting authenticated with the cookie and redirected to Rublon where the second factor authentication process is being held. In case of potential problems you can disable the filter usage by editing a few lines of the configuration file, therefore the plugin will not prevent the admininstrator from logging in and uninstalling it. ## Supported Atlassian products * JIRA * Confluence * Bamboo ## First steps To start using the Rublon Two Factor Authentication plugin for Atlassian product you should: * Install the Rublon mobile app on your smartphone, create a new account and confirm your e-mail address. * Visit the Rublon Developer Area at [developers.rublon.com](developers.rublon.com) and log in by clicking the "Developer Dashboard" button, and scanning the QR code that will appear using the Rublon mobile app. * Go to the "Add website" form (Dashboard -> Add website) and fill in the required fields. * Copy the provided system token and secret key, which will be used to identify the integrated system and verify the authenticity and integrity of the messages exchanged with Rublon API (you will need it later while configuring your Atlassian product). ## Installation Click on the cog in upper right corner and select Add-ons. Choose Find new add-ons. Type "Rublon" in search area and find Rublon Two Factor Authentication (2FA) plugin on the list. Select "Install" button. You should install *twofactorauth-x.x.x.jar* (where *x.x.x* is a version number, for instance *1.0.0*) via Add-ons management system in Atlassian product. Click on the cog in the upper right corner and select Add-ons. Choose Manage add-ons and select Upload add-on. Browse to proper directory and select *twofactorauth-x.x.x.jar* ## Configuration You can configure your Rublon Two-Factor Authentication plugin using configuration page. In order to do it you need to visit Manage Add-ons section, find Rublon plugin on the list and press the "Configure" button. On the page you will be asked to enter Secret Key and System Token, values you generated earlier in Rublon Developer Area. After entering proper values you have to select "Rublon Two-Factor Authentication" and press the "Save" button. ## Disabling the plugin You can deactivate Rublon Two-Factor Authentication in plugin configuration page (see Configuration paragraph) by selecting "Default Authentication" instead of "Rublon Two-Factor Authentication". ## Useful links * [Rublon.com](https://rublon.com/) * [Rublon support](https://rublon.freshdesk.com/) * [Rublon Developer Area](https://developers.rublon.com/) * [Rublon Documentation](https://rublon.readme.io/)