Hi Atlassian Community,
We are trying to enable the "Advanced Password Policy for JIRA" plugin in our environment, which has not been in use for some time. However, we are encountering an issue where the configured password policy does not appear to be enforced.
Actions Taken:
Created a test user with a test email address.
Configured a password policy with the following details:
Password length: 8–32 characters.
Account lockout settings: Enabled.
Password expiration settings: Enabled.
Assigned the policy to a specific user group and added the test user to that group.
Updated the test user's account status to Inactive, Locked, and Expired under User Management.
Issues Observed:
The policy is not being enforced. For example:
Users can set a password shorter than the minimum length (e.g., a 1-character password). Users can reuse their previous passwords.
Users can log in even when their account status is set to Locked or Expired.
It seems that the configurations under the password policy are not active or being applied properly.
Request for Help:
Could you please advise if this issue could be caused by a misconfiguration or if it might be a problem with the plugin itself? Any troubleshooting steps or guidance would be greatly appreciated.
supplement: we are using jira server version.
Thank you!
