Hi
I'm looking at creating a password change form for a low-security subset of our users. I appreciate that Jira is not designed to handle password resets, but I believe that my planned implementation will mitigate most risks, and that this would have a net benefit to the users involved.
At the moment, Jira Forms supports regex patterns , but not the following functions;
Please can these be implemented ASAP?
Context for this request;
We have several thousand students, with accounts on multiple systems. We have API access to all of these systems, so have the ability to set the password on all. A script can easily read the password from a Jira ticket, replace the user entered Jira password field with another value, and then proceed to update all required system passwords with the collected value. All of this can happen within seconds of ticket creation.
You can try this plugin: https://marketplace.atlassian.com/apps/1212681/secure-fields-data-security-privacy?hosting=cloud&tab=overview as Atlassian won't implement it as stated here: https://jira.atlassian.com/browse/JSDCLOUD-204
Regards,
Fabian
Hi @Fabian Lim
For 14000 students, that would get pricey :(
I did see that response from 8 years ago. Hopefully they'll reconsider....
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Shaun Neighbour Remember, you only pay for the agents or JSW users. Requestors from the JSM portal are not counted. Unless the 14000 students are consuming JSW licenses...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks. That plugin doesn't seem to add a password input field, that would hide the password as it was entered....
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I agreed with @Fabian Lim suggestion. To supplement his statements, I would highly recommend that you try alternative route on achieving your goal. Using Form to capture user's password is highly in-secure and not a proper way to handle user account pwd.
User password is unique at the account level and not at the application level. However application does validate user's account to give he/she access to the application.
In your env (company), there should be one single system that manages accounts and you should not rely on JSM to maintain the user account/pwd because this is not thing JSM was designed.
Best, Joseph Chung Yin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.