It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Disable / block ForgotUserDetails.jspa

Hi.

Is there any possibilities to disable ForgotUserDetails.jspa? So users can't use this link and can't do any get request or reset their password. 

 

Best wishes

Magnus Tamm

 

1 answer

1 accepted

0 votes
Answer accepted

Hi Magnus,

If you have user management done outside Jira (ie Crowd / Active Directory / LDAP) then you can turn on 'External User Management' in Jira's 'General Configuration' settings. This will disable the Forgot your password link on the login page.

KB for configuring Jira General Configuration options - https://confluence.atlassian.com/adminjiraserver073/configuring-jira-application-options-861253962.html

Alternatively, if your Jira instance sits behind a reverse proxy, you can block the /secure/ForgotLogindetails.jspa page directly at the reverse proxy level.

If you don't have a reverse proxy, you can try blocking it directly at Tomcat level. You can follow this KB to test this out - https://confluence.atlassian.com/kb/how-to-block-access-to-a-specific-url-at-tomcat-966668691.html

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Demo Den Ep. 7: New Jira Cloud Reports

Learn how to use two new reports for next-gen projects in Jira Cloud:  Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...

314 views 1 3
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you