Which of the atlassian products can lock account if the user attempted multiple login unsuccessfully

Like JIRA, What are the other Atlassian products that have the capability to lock the user account after unsuccessful login attempts

1 answer

1 vote

This can be difficult to answer.   All of these products can either manage users locally, or can connect to an external LDAP/AD directory, or both.   So failed login attempts for LDAP accounts could lockout the account in LDAP for any/all of these applications.   But to be clear, it's the LDAP instance that is actually locking that account.  Sure the login attempt might have come from JIRA, but when the accounts are LDAP accounts it is the LDAP instance that controls whether the account is active/inactive/lockedout.   Just wanted to make that distinction first.

However if you're only using the internal user directories of these applications (not for ldap accounts), then JIRA won't technically lock out an internal user account.  By default, after 3 failed attempts it simply requires a CAPTCHA be completed along with the correct password to login.  Not sure if this is a distinction you are concerned about or not, but JIRA won't technically lock out an account for failed login attempts, it just requires an addition captcha be completed at the time of login.

Crowd - can be configured to disable an account if failed login a certain number of times.  By default this setting as a value of 0 though which disables that feature, but this can be configured in Crowd.

The other complicating factor is that Crowd can be used as a means to handle authentication for (just about) all the other server versions of the Atlassian products.   So if you have configured those applications to use Crowd instead of their own user directories, it is possible.

Confluence, Fisheye/Crucible, Bitbucket server, Bamboo are all in the same league with JIRA.   They don't technically lockout internal users, but they all tend to have a captcha system.

Hipchat Server - can lockout accounts after failed login attempts.

Cloud offerings - can also lockout accounts for failed login attempts

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Julia Dillon
Posted Tuesday in Jira

Tell us how your team runs on Jira!

Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...

759 views 2 19
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you