• Products
  • Documentation
  • Resources

Edit authentication settings and members

Available authentication policy settings for your organizations

With authentication policies, you configure settings for different sets of users. These sets of users come from your managed accounts. When you test settings on a small set of users, you reduce the risk of rolling out an error to your entire organization.

You need a subscription with Atlassian Access to create more than one authentication policy and apply single sign-on (SSO) and two-step verification to an authentication policy. The settings you can configure through authentication policies are:

Setting

Description

Requires Access

Single sign-on through SAML or Google Workspace

Enforce members to log in to Atlassian products with your identity provider.

Two-step verification

Require members to set up and use a second step when logging in.

 

Make it optional to set up and use a second step when logging in.

 

Password requirements

Choose minimum strength for user passwords.

 

Choose when a password expires.

 

Idle session duration

Choose how long members can be idle before we log them out.

 

Add settings to your authentication policies

Single sign-on (SSO)

SSO allows your users to log in using your organization's identity provider to access all your Atlassian cloud products. Create one authentication policy to test an SSO configuration on a few accounts before turning it on for your whole organization.

Set up SSO for SAML or Google Workspace

When you select SAML SSO, you’re redirected from the authentication policy to the SAML SSO configuration page. Learn how to configure SAML SSO.

When you select Google Workspace, you’re redirected from the authentication policy to the Google Workspace setup page. Learn how to set up Google Workspace

Once you’re done configuring SAML SSO or Google Workspace SSO, you need to enable SSO in the policy.

To enable SSO:

  1. Navigate to Authentication Policies at admin.atlassian.com.

  2. Select Edit for the policy you want to enable.

  3. Select Enforce single sign-on to enable it.

Warning: What happens if you enforce SSO on users who are not in an identity provider?
If you enable SSO login on users who are not in the identity provider, the users can’t log in to Atlassian products. Create another policy for these users that does not enable SSO to login.

Enforce two-step verification

Two-step verification adds a second login step. The second step keeps the user accounts secure even if the password is compromised. When account logins are secure, your organization's products and resources are safer.

You can require members to set up and use a second step when logging in or make it optional.

If you enable SSO, you can only set up two-step verification in your identity provider and not your authentication policy. Learn more.

Password requirements

You can choose the minimum strength that all passwords must comply with. By default, passwords do not expire. However, you can set an expiration period by defining the number of days for password expiration. 

If you enable SSO, you can only set up password requirements in your identity provider and not your authentication policy. Learn more.

Idle session duration

Idle session duration is the amount of time a member stays logged in before we log them out, and they have to log back in. Learn more.

Add members to your authentication policies

Members come from your managed accounts, and you add them to different policies. Enter members individually or in bulk to your authentication policy.

To enter members individually:

  1. Navigate to Security > Authentication Policies at admin.atlassian.com.

  2. Select Edit.

  3. Select Members tab > Add members.

  4. Enter a user name or email address (only up to 20 users).

  5. Select Add.

To enter members in bulk:

  1. Navigate to Security > Authentication Policies at admin.atlassian.com.

  2. Select Edit.

  3. Select Members tab > Add members.

  4. Select Bulk entry > Select Upload to add CSV file (only up to 1000 emails from your managed accounts are allowed).

  5. Select Add.

We’ll notify you with an email when your bulk member update is complete. You can view your audit logs to check which members were added or could not be added. Learn more about audit logs.

Change policy for members

You may need to move members from one policy to another policy. You can move individual members by going to Change member’s policy or Add members. You can only move members in bulk by using Add members.

To change the policy for individual members:

  1. Navigate to Security > Authentication Policies at admin.atlassian.com.

  2. Select Edit for the policy the member belongs to.

  3. Select Members tab > Change member’s policy.

  4. Choose a different policy for this member.

You can move members from one policy in a directory to a policy in a different directory. Learn more about directories

To change more than one member’s policy:

  1. Navigate to Security > Authentication Policies at admin.atlassian.com.

  2. Select Edit for the policy to move members to.

  3. Select Members tab > Add members.

  4. Select Bulk entry > Select Upload to add CSV file (only up to 1000 emails from your managed accounts are allowed).

  5. Select Add.

We'll add members to the new policy and apply the change next time the member logs in.

A member can only be in one policy at a time.

Export members from an authentication policy

You can export a list of all your members in an authentication policy to a CSV file.

  1. Log in to admin.atlassian.com > Security > Authentication Policies.

  2. Select a policy > Members.

  3. Select Export members to a CSV file.

We’ll send you an email with a link to download the CSV file. It may take a while if you have a large number of member accounts. The download link in the email expires in 24 hours. Anyone with the link can download the CSV file.

Member details in your CSV file

This is the information included in the CSV file for each member of an authentication policy.

Member information

Authentication settings

Product details

Name

SAML single sign-on (if member logs in with SAML single sign-on)

Bitbucket, Confluence, Jira Work Management, Jira Service Management, Jira Software, OpsGenie, StatusPage, Trello (listed with the sites they use to access products)

Email

Two-step verification enabled (if two-step verification is enabled for members)

Last active time (the date the user was last active)

Password requirements (password strength and expiration)

Status  (active or deactivated)

Idle session duration (length of time members can be inactive before we log them out)

Billable (members who count towards your Atlassian Access bill)

Policy name (name of the authentication policy)

Policy type (billable or nonbillable)

 

 

 

 

 

 

Additional Help