Set idle session duration for external users
Who can do this? |
When you set idle session duration for external users, users of the external user policy are automatically logged out when they haven’t interacted with the app for the specified period of time. A session is considered idle when a user takes no action, including passive interactions such as an automatic page refresh. Setting idle session duration helps you enforce security requirements by ensuring inactive sessions don’t remain open.
You can control how long external users can be idle before they must re-verify their identity to access app data in your organization. This is managed by setting the idle session duration. Idle session duration is different from session expiration, which controls the maximum possible length of a session regardless of activity. For more information on session expiration, see Update session expiration for external users | Atlassian Support.
You can set the idle session duration between 15 minutes and 30 days, or leave it empty to disable idle session enforcement. For example, if you set the idle session duration to 15 minutes, the session will expire after 15 minutes of inactivity. If the user performs any activity, the session is extended for another 15 minutes, up to the maximum allowed by the session expiration setting.
Your changes to the idle session duration take effect when:
An external user session expires.
You reset user sessions.
A user logs out and logs back in before the session expires.
Idle session duration and mobile app sessions
Idle session duration doesn't apply to mobile app sessions, but you can set session expiration. Set mobile app session expiration.
Set idle session duration in external user policy
The default setting for idle session duration is 30 days.
To update idle session duration:
Go to Atlassian Administration. Select your organization if you have more than one.
Select Security, then select User security, and then select External users.
Select Edit for the policy you want to modify.
On the Settings page, select length of time for Idle session duration.
When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.
If you don’t have an Atlassian Guard Standard subscription, you can only set the idle session duration in a single external user policy that applies to all users. To create and use multiple external user policies — for example, to set different idle session durations for different groups — you need an Atlassian Guard Standard subscription.
Was this helpful?