Resolve Security Alert for Admin Login Without Two-Step Verification in Jira DC 10.x

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

A security alert

"Jira Platform Security alert for: admin user logged in without two-step verification"

is seen under Administration (⚙) > System > Security Alerts, even when two-step verification is not enabled.

Environment

Jira Data Center Version 10.x and higher

Solution

The security alert notification was introduced in Jira v10.0. It is created based on the user login and other alert types, but it does not verify whether the instance itself is two-step verification enabled.

To resolve this, switch back to the legacy login experience by setting the JVM system property -Datlassian.authentication.legacy.mode=true and restart Jira.

This will prevent you from receiving these security alerts and also disable any two-step verification option.

See Manage two-step verification for your Atlassian account for more details on the two-step verification login.

Steps

  • Stop Jira.

  • Edit the setenv.sh or setenv.bat file in the $JIRA_INSTALL/bin directory, depending on whether Jira is installed on Linux or Windows.

  • In that file, look for JVM_SUPPORT_RECOMMENDED_ARGS and modify it as follows:

    JVM_SUPPORT_RECOMMENDED_ARGS="-Datlassian.authentication.legacy.mode=true"

  • Start Jira.

  • Repeat this on all nodes.

Related Information

We have a suggestion request to have a Jira configuration menu that allows users to enable/disable alerts via UI: JRASERVER-78723 - Atlassian Security Monitoring and Alerts plugin Enabling/Disabling Alerts

Updated on June 3, 2025
Platform
Data Center only
Products
Jira Core Data Center
Jira Software Data Center
Jira Service Management Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community