Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
A user's session duration is the amount of time they stay logged in before logging them out, and they have to log back in. A session is idle when users don't interact with the product during that period of time. Interactions can be active (a user clicks a button) or passive (an open page auto-refreshes).
Before you can update the session duration, verify one or more domains. When you verify a domain, all the Atlassian accounts that use email addresses from the domain become managed by your organization. Learn about verifying a domain for your organization
You set idle session duration in authentication policies. Authentication policies give you the flexibility to configure multiple security levels for different user sets within your organization. Authentication policies also reduce risk by giving you the ability to test different configurations for subsets of users before rolling them out to your whole company.
If you don't subscribe to Atlassian Guard Standard, you can set idle session duration in one authentication policy for all users. You need a subscription to Atlassian Guard Standard to take advantage of multiple authentication policies. Learn more about authentication policies
The idle session duration setting doesn't apply to:
Accounts your organization doesn't manage
Mobile sessions
When you set idle session duration in an authentication policy, it only applies to your managed accounts. If you don't set idle session duration, we set a default duration of 30 days in the authentication policy. This applies to all the users who have access to your Atlassian products.
To select an idle session duration from an authentication policy:
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Authentication policies.
Select Edit for the policy you want to modify.
On the Settings page, select length of time for Idle session duration.
When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.
When you reset sessions for an authentication policy, we log out all members from the policy in about ten minutes. We recommend letting your members know when you reset their sessions. Reset sessions only apply to web sessions but don’t apply to mobile sessions.
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Authentication policies.
Select Edit for the policy you want to modify.
On the Settings or Members page, select Reset sessions.
If you need to reset sessions for an external user policy go to reset sessions for external users
Was this helpful?