User's Guide
- Daniel Wester (Unlicensed)
Two Factor Authentication(2FA) is a second layer of security for your account. By utilizing applications such as Google Authenticator (available in the configuration screen) you'll be prompted to enter in a 2FA Code each time that you log into the system.
Setting up of 2 Factor Authentication
Installation of the 2FA application
The first step of configuration 2FA is to download a compatible 2FA Application on your mobile device. Two Factor Authentication will provide you with a list of possible application that can be used (this list can be customized by your administrator). Once installed, move to the next step.
Scan the QR Code
At the next step you'll be prompted to use the application to scan the QR code shown on the screen through your device. If you're doing this on a mobile device you may also click on the QR Code to configure the application that way. In addition to this, if your application supports it, you can just enter in the code directly. Once this has been done, move onto the next step.
Recovery Codes
If the administrator allows it you can save off the Recovery codes and store them in a safe place in case you lose your device with 2FA. This feature may be disabled by the administrator as necessary. A recovery code can only be used once.
Verification
Finally, in order to verify that the account is properly configured, enter in the current code shown on your 2FA application into the Verification box and click "Verify".
You're done and secured!! From this point as you access protected content, after you enter in your username and password you will be prompted with a 2FA screen. Use the code shown on your 2FA mobile/application to gain access.
Logging in with 2 Factor Authentication
Securing Git Repositories BITBUCKET
For Bitbucket Server, the administrator may enable a feature that will require a user to have enabled a 2FA session in order to interact with the Bitbucket Server through the Git protocol.
Configuration
If the administrator has enabled "Restrict Git repository activities" in the global settings and allows the repository administrator to enable 2FA verification for Git, the screen to the right is shown to the repository administrator:
However, the global administrator may choose to enforce 2FA on all git operations at which point the screen will not be available to the repository administrator.
Accessing secured repositories
If 2FA is required for Git repositories a Git interaction with the server will be disabled and a user that is not logged in with 2FA will see the following message:
The end user can then log into the web interface and will be presented with the screen to the right. Once they select "verify", they'll be able to continue with their Git operation.
User Configuration
Menu bar
When a user is not logged into a 2FA session, the menu bar is shown with an unlocked padlock (see right). This changes to a locked padlock. The unlocked padlock will take the user to the configuration/login screens. The locked padlock takes you to the 2FA area of the "Manage your account".
Account not yet set up.
If your account is not set up with 2FA, a screen such as the one to the right is shown. Clicking on the button will take you through the 2FA configuration screens.
Managing your 2FA account
But going to the "Manage your account" either through the padlock in the menubar or through the user profile you are shown the screen to the right.
If you're not in a 2FA session, you can click to enter one through this screen. If you're in a secured session, you may chose to leave it (this does not log you out).
If your administrator has enabled the feature, you can enforce that your account always uses 2FA regardless of the content rules set in place by the local administrator.
From this page you can also remove the 2FA configuration for your account.
