Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Authentication policy idle session duration question

Joe Rau
Joe Rau July 30, 2024

Hi community,

Wondering if anyone else has experienced a similar issue when updating idle session times. We are attempting to test idle session duration and we are not getting the desired result. We noticed in the Atlassian documentation (linked below) that it states the following -

"When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in."

Prior to resetting sessions for all users in the policy, we tested the following.

Test:

  1. Updated the idle session duration time to 15 minutes for the desired Auth policy.
  2. A manual log out from Jira was performed by a user (confirmed auth policy user).
  3. User then logged back in through SSO, opening Jira in a browser tab.
  4. One browser window was kept open, logged into Jira. The user moved to another open browser window (not Jira) and waited 20 minutes.

Result: After navigating back to Jira browser window, the session did not timeout or force a new login. They were able to navigate through all actions without being forced to log back in. Nothing changed.

Will the new idle session duration only go into effect when using the Reset Session button in the authentication policy? How would a manual logout be any different, the documentation states - "The new idle session duration will apply the next time a user logs in."

https://support.atlassian.com/security-and-access-policies/docs/update-idle-session-duration/

Thank you.

Answer
Watch
Like # people like this
460 views

1 answer

0 votes
Dave Rosenlund _Trundl_
Dave Rosenlund _Trundl_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 30, 2024

Welcome to the community, @Joe Rau  👋  And thank you for such a thorough explanation.

Was the "other browser window" a tab or a window in the same browser (e.g. Chrome) or was it another/different browser where this non-Jira window was opened?

I.e., if it was another window or tab in the same browser (e.g., Chrome) and not an incognito window, I believe the session may stay open (based purely on my past observation of my own work, not a test).

-dave

 

View More Comments
Joe Rau
Joe Rau July 30, 2024

Thank you, Dave. Same browser, different tab (Chrome). So, logged in through SSO, launched Atlassian tile which opened a new tab, verified account is logged in looking at an agent view in Jira, then clicked to a separate tab to let session sit idle.

Like Dave Rosenlund _Trundl_ likes this
Dave Rosenlund _Trundl_
Dave Rosenlund _Trundl_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 31, 2024

I could be wrong, but I believe that session will remain open as long as that Chrome browser is running even if you turn your attention to a different tab in the browser.

A better test, I think, would be to launch a different browser or app and not be active in Chrome at all.

Hope it helps, but if it doesn't,  I'll escalate this to Atlassian for them to have a look at this thread.

-dave

Like
Joe Rau
Joe Rau August 1, 2024

Thanks Dave. Same result when the activity occurs on a completely different browser/app.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events