Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-30236

Force password reset for all users

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Administrators should have an easy way to force users to change passwords in bulk format in emergencies.

      Has this been discussed as a possible feature?
      Are there drawbacks to having a mass password reset force in administration?

      Would setting password expiration to 1 (day) expire all passwords in 24 hours? Is there a way this can be immediately enforced on all users without manually manipulating the database?

      This is a result of the security vulnerability notification of 8.5.2013. Customers desire a way to force all users to change passwords. This specific case prompted by a Confluence instance backed by crowd. Setting the requiresPasswordChange field to true in the database for all confluence directory users does not prompt Confluence users to change their password on login. It shows failed authentication error.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              rgoodwin Ryan Goodwin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: