Control access to your private content

The option to require two-step verification is a Premium feature for Bitbucket Cloud, but it’s available for free to all users for a limited time (two-step verification itself remains a Standard feature available to all users).

In the near future you'll be able to choose to upgrade to a premium plan and continue to use this feature. If you choose not to upgrade at that time, we'll disable this setting and other users will no longer require two-step verification to access your content.

Learn more about Bitbucket Premium.

When administering repositories or other content, you give users permission to see, update, and administer that content. The Access controls page adds another level of control, giving you the option to make sure they meet certain requirements before accessing those pages.

Requiring two-step verification

You can require that the users to which you give access are only able to view or interact with that content if they've enabled two-step verification. If they haven't enabled two-step verification, users with access will see a message that prompts them to enable it. In addition to being unable to see this content in Bitbucket, users won't be able to clone, push, or pull a private repository either.

You can require two-step verification for content related to your individual account or content related to your team:

  • For your personal account—The setting applies to users with access to any private content in your personal repositories.
  • For your team—The setting applies to users with admin access to your team and access to any of your team's private content.

Here's a breakdown of the content that your users with access won't be able to see if you require them to have two-step verification.

Bitbucket content Public or private? 2SV required?
Repositories Public No
Private Yes


Public (in a public repository)


Private (in a public repository) Yes
Public (in a private repository) Yes
Private (in a private repository) Yes
Team snippets Public


Private Yes
Team admin pages Yes

* Wikis can be made public/private independently of their parent repository's privacy setting.

To require two-step verification for access to private repositories you own or private content in your public repositories:

  1. From your avatar in the top-right, click Bitbucket settings.
  2. Under Access management, click the Access controls link in the left pane.
  3. Select the Require two-step verification option.
  4. Click Update to save your changes.

To require two-step verification for access to your team's private repositories, private content in your team's public repositories, or pages only team admins see:

  1. Select your team from the Teams drop-down at the top of the screen.
  2. Click Manage team to open your team settings.
  3. Under Access management, click the Access controls link in the left pane.
  4. Select the Require two-step verification option.
  5. Click Update to save your changes.

If you want to disable two-step verification on your account, you must deselect the Require two-step verification option first.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport