Multi-factor Authentication

Issue

Integrate Jenkins with MFA (Multi-factor authentication)

Environment

CloudBees CI (CloudBees Core)
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
CloudBees Jenkins Enterprise
CloudBees Jenkins Enterprise - Managed controller
CloudBees Jenkins Enterprise - Operations center
Jenkins LTS

Resolution

CloudBees' approach to Multi Factor Authentication (MFA) and to One Time Password (OTP) is to recommend Jenkins administrator to secure their Jenkins infrastructure with Single Sign On solution.

Organizations who want MFA or OTP usually implement it

either using an external service such as Google Auth or GitHub Auth
or as part of a corporate security project with the deployment of an enterprise authentication service usually coupled with an SSO platform

You can integrate with SSO service through SAML, OpenID or Oauth. It is also very common to integrate a SSO reverse proxy.

Notice that MFA is implemented outside of Jenkins and Jenkins' role is to integrate with such a service.

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.