Hi.
Is there any possibilities to disable ForgotUserDetails.jspa? So users can't use this link and can't do any get request or reset their password.
Best wishes
Magnus Tamm
Hi Magnus,
If you have user management done outside Jira (ie Crowd / Active Directory / LDAP) then you can turn on 'External User Management' in Jira's 'General Configuration' settings. This will disable the Forgot your password link on the login page.
KB for configuring Jira General Configuration options - https://confluence.atlassian.com/adminjiraserver073/configuring-jira-application-options-861253962.html
Alternatively, if your Jira instance sits behind a reverse proxy, you can block the /secure/ForgotLogindetails.jspa page directly at the reverse proxy level.
If you don't have a reverse proxy, you can try blocking it directly at Tomcat level. You can follow this KB to test this out - https://confluence.atlassian.com/kb/how-to-block-access-to-a-specific-url-at-tomcat-966668691.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.