robotsnoindex

If you recently noticed a change in your authentication settings
Beginning the week of March 15th, we started migrating password management and other settings to your new authentication policies. Learn about what's changed

A user’s session duration is the amount of time the user stays logged in before logging them out, and they have to log back in. A session is idle when users don’t interact with the product during that period of time. Interactions can be active (a user clicks a button) or passive (an open page auto-refreshes).

Before you can update the session duration, verify one or more domains. When you verify a domain, all the Atlassian accounts that use email addresses from the domain become managed by your organization. Learn about verifying a domain for your organization

Set idle session duration with Authentication policies

If you don’t subscribe to Atlassian Access, you set idle session duration in one authentication policy for all users. You need a subscription to Atlassian Access to take advantage of multiple authentication policies for a subset of users.

Authentication policies give you the flexibility to configure multiple security levels for different user sets within your organization. Authentication policies also reduce risk by giving you the ability to test different configurations for subsets of users before rolling them out to your whole company.

To select an idle session duration from an authentication policy:

  1. Navigate to Authentication policies at admin.atlassian.com.

  2. Select Edit for the policy you want to modify.

  3. On the Settings page, select length of time for Idle Session Duration.

When you save changes to the session duration, users don’t get logged out of their accounts. The new idle session duration will apply the next time a user logs in.

The amount of time it takes for users to get logged out varies by the Atlassian cloud product. If you don’t set idle session duration, here’s the default durations for each product:

Product

Session duration

Jira

30 days after being idle. Or you can update the Idle session duration (see below) for managed accounts.

Confluence

30 days after being idle. Or you can update the Idle session duration (see below) for managed accounts.

Bitbucket

30 days after being idle. Or you can update the Idle session duration (see below) for managed accounts.

Trello

(Without an Atlassian account) None. Users stay logged in until they log out.

(With an Atlassian account) 30 days after being idle. Or you can update the Idle session duration (see below) for managed accounts.

Statuspage

3 days after being idle.

Opsgenie

4 hours after logging in. If users select Remember me when they log in, they’re session duration will be 14 days + 4 hours after logging in.


You can specify the idle session duration for users' login to Jira and Confluence. When you set idle session duration in an authentication policy, it only applies to your managed accounts. The setting doesn't apply to:

  • Accounts your organization doesn’t manage

  • Mobile sessions