Update idle session duration
Who can do this? |
When you set idle session duration in an authentication policy, members of that policy are automatically logged out when they haven’t interacted with the app for the specified period of time. A session is considered idle when a user takes no action, including passive interactions such as an automatic page refresh. Setting idle session duration helps you enforce security requirements by ensuring inactive sessions don’t remain open.
Understand authentication policies
Before you begin
To update idle session duration, you need verify at least one domain. When you verify a domain, all the Atlassian accounts that use email addresses from that domain become managed by your organization. Verify a domain to manage accounts
When you set idle session duration in an authentication policy, it only applies to your managed accounts. External user security settings are managed separately. Understand external user security
Idle session duration doesn't apply to mobile app sessions, but you can set session expiration. Set mobile app session expiration
Set idle session duration in an authentication policy
The default setting for idle session duration is 30 days.
To update idle session duration:
Go to Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > Authentication policies.
Select Edit for the policy you want to modify.
On the Settings page, select length of time for Idle session duration.
When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.
If you don’t have an Atlassian Guard Standard subscription, you can only set the idle session duration in a single authentication policy that applies to all users. To create and use multiple authentication policies — for example, to set different idle session durations for different groups — you need an Atlassian Guard Standard subscription.
Was this helpful?