Which of the atlassian products can lock account if the user attempted multiple login unsuccessfully

Like JIRA, What are the other Atlassian products that have the capability to lock the user account after unsuccessful login attempts

1 answer

1 votes

This can be difficult to answer.   All of these products can either manage users locally, or can connect to an external LDAP/AD directory, or both.   So failed login attempts for LDAP accounts could lockout the account in LDAP for any/all of these applications.   But to be clear, it's the LDAP instance that is actually locking that account.  Sure the login attempt might have come from JIRA, but when the accounts are LDAP accounts it is the LDAP instance that controls whether the account is active/inactive/lockedout.   Just wanted to make that distinction first.

However if you're only using the internal user directories of these applications (not for ldap accounts), then JIRA won't technically lock out an internal user account.  By default, after 3 failed attempts it simply requires a CAPTCHA be completed along with the correct password to login.  Not sure if this is a distinction you are concerned about or not, but JIRA won't technically lock out an account for failed login attempts, it just requires an addition captcha be completed at the time of login.

Crowd - can be configured to disable an account if failed login a certain number of times.  By default this setting as a value of 0 though which disables that feature, but this can be configured in Crowd.

The other complicating factor is that Crowd can be used as a means to handle authentication for (just about) all the other server versions of the Atlassian products.   So if you have configured those applications to use Crowd instead of their own user directories, it is possible.

Confluence, Fisheye/Crucible, Bitbucket server, Bamboo are all in the same league with JIRA.   They don't technically lockout internal users, but they all tend to have a captcha system.

Hipchat Server - can lockout accounts after failed login attempts.

Cloud offerings - can also lockout accounts for failed login attempts

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,760 views 11 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot