This article describes some operational tasks administrators may perform after having configured multifactor authentication in their Atlassian application.
Multifactor enrolment reports are available by clicking Multifactor in the top-level menu, then Usage Report. The report shows when the user enrolled and when their verification factor was last used. It can be used to get an overview of how multifactor is adopted and used. It may help inform decisions about whether extra verification should made be optional or required. It also provides an overview of which verification methods users typically enrol with.
Recovery of locked-out accounts
Users should ideally enrol with more than one verification method. If users have not done this, then the loss of access to a single verification factor such as a security key may prevent them from logging in. This can also happen when users need to log on using a new device and can only verify using an old device they no longer have access to.
To assist users in this situation, administrators can use the User recovery page, available from the Multifactor top-level menu. First find the user you need to help, then click the Recover link on the user.
Sometimes users may have trouble verifying due to a temporary loss of verification factors. The user select 'Cannot verify?' and is presented with instructions on how to accept the verification on another device, and that an admin can help with the verification.
After an admin has confirmed the identity of the user that has trouble verifying, he can approve the pending verification.
Reset verification setup
The administrator may also completely reset a user's verification setup. This will allow the user to enrol new verification factors. Any trusted devices will also be removed from the user's account. To perform this revocation, click the Reset verification setup button. A confirmation dialog will appear: