-
Suggestion
-
Resolution: Fixed
-
None
-
37
-
Suggestion
As per Session duration management - Atlassian Documentation, Accounts on Mobile apps will not be affected.
It would be good to include the mobile app platform's idle Session Duration to be managed by the Organization admin.
- mentioned in
-
Page Failed to load
[ACCESS-816] Allow Session Duration for Mobile apps to be managed by Organization admins
@Minh, please see my feedback to @Derrick on https://support.atlassian.com/requests/JST-977790 as this is relevant to that issue
The lack of the session time out is causing a severe security risk. I don't think user expectation is relevant in this case. Every company has its own security policies and staying logged in is out of the question, especially on mobile devices. This is the weakest link in your security policy as per website you can enforce session time out and with that a new login including MFA. Please get this on your backlog soon and fix it.
We can now vote for this issue again so I encourage everyone to ask as many colleague's to vote.
Totally unacceptable that you are leaving a known vulnerability as "won't" fix. This results in the org being unable to terminate access to users with mobile app access. Has the Atlassian Security team signed off on this decision?
It is very disappointing that this issue has been closed as won't do.
One of the benefits of Cloud products is mobile access. From an IT security perspective, the Idle Session Duration NEEDS to be controlled by the organizations admins.
Hi everyone,
We have released the feature which enable the org admins to manage the session duration for mobile apps .
More here - https://support.atlassian.com/security-and-access-policies/docs/set-mobile-app-session-expiration/