It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Community
Products
Jira
Questions
Disable / block ForgotUserDetails.jspa

Disable / block ForgotUserDetails.jspa

Hi.

Is there any possibilities to disable ForgotUserDetails.jspa? So users can't use this link and can't do any get request or reset their password.

Best wishes

Magnus Tamm

1 answer

1 accepted

0 votes

Answer accepted

Hi Magnus,

If you have user management done outside Jira (ie Crowd / Active Directory / LDAP) then you can turn on 'External User Management' in Jira's 'General Configuration' settings. This will disable the Forgot your password link on the login page.

KB for configuring Jira General Configuration options - https://confluence.atlassian.com/adminjiraserver073/configuring-jira-application-options-861253962.html

Alternatively, if your Jira instance sits behind a reverse proxy, you can block the /secure/ForgotLogindetails.jspa page directly at the reverse proxy level.

If you don't have a reverse proxy, you can try blocking it directly at Tomcat level. You can follow this KB to test this out - https://confluence.atlassian.com/kb/how-to-block-access-to-a-specific-url-at-tomcat-966668691.html

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Suggest an answer

Jira

Products

Interests

Groups

Community resources

Support

It's not the same without you

Disable / block ForgotUserDetails.jspa

1 answer

1 accepted

Suggest an answer

TAGS

Community showcase

Community Events

Events near you

Ask a question

Start a discussion

Products

Interests

Groups

Community resources

Support

It's not the same without you

Disable / block ForgotUserDetails.jspa

1 answer

1 accepted

Suggest an answer

TAGS

Community showcase

Community Events

Events near you