04vl2 (04vl2) asked a question.
Confluence API with MFA
Hi,
We have integrated Okta with Confluence with desktop single sign on and MFA using entrust. Using SAML 2.0.
Using a browser:
- When accessing the confluence site through the browser we get the MFA prompt where we need to enter the token.
- If we access an api end point through the browser we are able tp get a response back with no data since we have not authenticated. If we proceed with step 1 again and enter the token followed by step 2 we get the required data back.
Using an Automation script:
If we access the same api end point through a script by passing our basic authentication through the header, we are able to get the required content from the API without any need for MFA. Is this behavior correct ?
It seems that the confluence.jar file that we got from the okta configuration that we added to the confluence filesystem bypasses the MFA in some way.
Regards,
Avinash
Hello Avinash,
Using an Automation script with basic authentication (not using SAML 2.0) , Okta won't intervene because only through SAML Confluence will recognise the integration and the user will hit the App-Level Policy/Rule (or evaluation of Sign On Policy) to prompt for MFA.
When using a browser, due to the SAML 2.0 integration, the user will be redirected to Okta(if he/she doesn't have an active session with Okta) and after authentication, the Appl-Level Policy/Rule (or evaluation of Sign On Policy) will prompt for MFA.
This is Expected behaviour.
If your configuration is more granular than this and my answer didn't provide enough details, feel free to open a case and my colleagues will assist you with further clarifications.
Bogdan Radu
Technical Support Engineer
Okta Global Customer Care