Set idle session duration for external users

When you set idle session duration for external users, users of the external user policy are automatically logged out when they haven’t interacted with the app for the specified period of time. A session is considered idle when a user takes no action, including passive interactions such as an automatic page refresh. Setting idle session duration helps you enforce security requirements by ensuring inactive sessions don’t remain open.

You’re able to choose how frequently external users need to verify their identity to access app data in your organization. You can do this when you choose the length of a session. A session can be between 15 minutes and 30 days long. As an example if you select 30 days, the session expires after 30 days and the external user must verify their identity again.

We apply your update to session expiration setting when:

• An external user session expires.

• You reset user sessions.

• User logs out and logs back in before the session expires.

Before you begin

• When you set idle session duration in an external user policy, it only applies to your managed accounts. External user security settings are managed separately. Understand external user security.

• Idle session duration doesn't apply to mobile app sessions, but you can set session expiration. Set mobile app session expiration.

Set idle session duration in external user policy

The default setting for idle session duration is 30 days.

To update idle session duration:

1. Go to Atlassian Administration. Select your organization if you have more than one.

2. Select Security, then select User security, and then select External users.

3. Select Edit for the policy you want to modify.

4. On the Settings page, select length of time for Idle session duration.

When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.