Apple Watch

Owned by Lars Olav Velle (Unlicensed)
Last updated: Jul 16, 2020
2 min read

Overview

This article shows how two-factor enrolment works for an end user when registering an Apple Watch. We assume that the user is logging in to Jira with password authentication as the primary factor. Users logging in with SAML or Kerberos on other Atlassian applications can expect a very similar user experience.

The examples shown here assume that an administrator has already added a multifactor policy which requires that users enrol in extra verification. The details on how policies may be configured is out of scope for this article.

Note: Using an Apple Watch as extra verification requires Google Chrome version 84 or later. You can see a short video of how it works in the bottom of this article.

Enrolment

When MacOS users are required to enrol in extra verification, they will see a screen informing them that enrolment is required. Users get to choose which kind of second factor to register:

  • MacOS Touch ID, a platform authenticator in FIDO terminology
  • A security key, typically attached to their device via USB or NFC 
  • A legacy security key which does not support user verification with PIN codes
  • A one-time code app on their phone

The user selects to set up extra verification using Touch ID.

 

After selecting Touch ID, the standard MacOS approval dialog appears. 

The user then 'Double-Clicks' on the side of the watch to approve the registration:

Naming the registration

After registering the Apple Watch, the user is asked to give their registration a name. This makes it easier to remember which device was registered in the future.

Use case summary

The final step in the registration process lists the different ways the user may use Apple Watch as an additional verification factor:

Once this step is completed, the enrolment of the extra verification factor is complete, and the user can get back to work.

See how to register an Apple Watch

See how enrolment works from an end user perspective on a Mac with an Apple Watch.

Passwordless login using Apple Watch

See how to log into Jira using nothing but the Apple Watch.

See how to use the Apple Watch as extra verification

Next steps