Environment
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
-
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
-
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
-
CloudBees Jenkins Enterprise
-
CloudBees Jenkins Enterprise - Managed controller
-
CloudBees Jenkins Enterprise - Operations center
Resolution
CloudBees' approach to Multi Factor Authentication (MFA) and to One Time Password (OTP) is to recommend Jenkins administrator to secure their Jenkins infrastructure with Single Sign On solution.
Organizations who want MFA or OTP usually implement it
-
either using an external service such as Google Auth or GitHub Auth
-
or as part of a corporate security project with the deployment of an enterprise authentication service usually coupled with an SSO platform
You can integrate with SSO service through SAML, OpenID or Oauth. It is also very common to integrate a SSO reverse proxy.
Notice that MFA is implemented outside of Jenkins and Jenkins' role is to integrate with such a service.