Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

What is the password policy of Atlassian Cloud service fi a organization is not configured?

Scott Weber
Scott Weber Jul 20, 2018

If an organization does not configure an organization for Atlassian Access, what would the requirements be for users utilizing the system? I'm looking for the following:

Password character requirements

Password reset requirements

Password expiration timeframe

Ability to have forced resets at next login

Answer
Watch
Like Be the first to like this
5372 views

3 answers

1 accepted

1 vote
Answer accepted
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jul 23, 2018

Hi Scott,

By default, we require all Atlassian account passwords to be a minimum of 8 characters. We do not enforce any other requirements around resets or expiration without an Atlassian Access subscription.

Hope this helps.

Dave

View More Comments
fahad.h
fahad.h Feb 27, 2019

Hey Dave,

 

Without setting up Atlassian Access, will it be possible for an admin to modify the password policy or atleast set it up.

 

Regards,

Fahad H.

Like
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Feb 27, 2019

Hi @fahad.h

Currently Atlassian Access is required to set up any kind of password policy. As a site administrator, you can prompt individual users to reset their password from the user's page, but you cannot set a password policy until you have verified your domain and configured Atlassian Access.

One option would be to verify your domain, start an Atlassian Access trial, set up a password policy, and then trigger a password reset for all your users. This would force all users to set new strong passwords. Then you could let the Atlassian Access trial expire. Obviously users could then reset their passwords again but it would increase your organizations general password quality as a one-off step.

Regards,

Dave

Like
Reply
3 votes
Giuliano C_
Giuliano C_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 22, 2019

Hello everyone,

For all the users searching for this information, since October from this year, it is no longer necessary to purchase Atlassian Access in order to set a password policy. As long as you have a verified domain you are free to do so.

More information can be found n our Atlassian Cloud changes the blog from October.

Wish You the Best,
Giuliano de Campos
Atlassian Team

View More Comments
Sam Neilson
Sam Neilson Apr 09, 2020

Thanks Giuliano!

Like
Like
Reply
1 vote
Patrick Dunnigan
Patrick Dunnigan Sep 13, 2022

Password policy is the lowest bar of security, you should make it available without verifying the domain. This should be a no brainer.

View More Comments
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Sep 14, 2022

Domain verification is the process we use for an organization or company administrator to determine which users are internal to the organization, versus external collaborators. Since a user can use the same Atlassian account across multiple Jira or Confluence sites, it would be quite complex of the administrators of different sites tried to impose different password policies on the same user (considering the premise of a single account is that they only have to log in once).

We are developing a solution for customers to enforce an added security layer for external accounts that have access to their content based on one-time passwords. See https://www.atlassian.com/roadmap/cloud??&p=b8d50209-93

While we don't currently enforce password strength requirements on all Atlassian accounts globally beyond a character minimum, we run a rigorous security program across our products and operations: https://www.atlassian.com/trust/security/security-practices

Like
Andrew Clements
Andrew Clements Oct 17, 2022

If you are with a very large organisation, claiming a domain is next to impossible, and hence it is not possible to enforce enterprise level password policies. Would be nice to be able set a password policy at an (Atlassian) organisation level. In our case, we would not have any kind of external user.

Like
Warren Kent
Warren Kent Apr 11, 2023

agreed - we have sister companies that all use the same domain, however have their own instances of applications that they use (JIRA being one of them). This makes it that we cannot use the same domain name for verification. What should be done instead (based on customer needs) is an option to set authentication policy as a whole on your JIRA instance, like it was done in JIRA Server.

Like
Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events