Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Fixed
Component/s: Security - Session duration
Labels:
None

Support reference count:
61
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Problem
It's not possible to force users to log out in the Session duration tab on the admin page. The workaround is the Reset password feature in the Org > Security > Password management tab. That button has two different outcomes beyond ending the managed accounts' session depending on having SAML SSO or not:

Scenario 1: SAML SSO is enabled

The users will have their Atlassian Account session terminated and when they try to log in, they will be redirected to the Identity Provider authentication page. The users won't be asked to create a new password, nor receive any notification.

Scenario 2: SAML SSO is not enabled

The users will have their Atlassian Account session terminated and when they try to log in, after entering their current credentials, they will be prompt to create a new password. This new password must respect the Organization's [password policies].

Suggestion
Notify your users about when the logout will happen so they can avoid losing their current work. If you do changes to the session duration it might be worth it to let them know as well.

Attachments

Issue Links

is related to

ACCESS-1088 Enforce authentication policy changes immediately to members

Gathering Interest

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(3 mentioned in)

Activity

People

Assignee:: Narmada Jayasankar

Reporter:: Mauricio S (Atlassian)

Votes:: 83 Vote for this issue

Watchers:: 58 Start watching this issue

Dates

Created:: 28/Oct/2019 8:08 PM

Updated:: 10/Jan/2024 2:03 PM

Resolved:: 12/Oct/2023 8:44 PM