Confluence Android Mobile App Limitation
-
When using the Confluence Data Center mobile app for Android (tested version 3.5.0 and above), the 2FA challenge (TOTP) is not triggered.
-
This issue occurs due to mobile app behavior - Confluence Data Center blocks the display of the 2FA form for mobile clients.
-
Impact: Users can access Confluence from the Android mobile app without a 2FA prompt.
-
Workaround: To prevent mobile access that bypasses 2FA, enable the REST API restriction option in the 2FA Configuration.
-
-
Note: Jira mobile apps (Android/iOS) and Confluence iOS mobile apps correctly enforce the 2FA challenge.