We're improving your authentication settings

Control over your authentication settings is important to keeping your company's data secure. We’re rolling out authentication policies to make configuring authentication easier and more flexible for you.

We’ve heard your feedback and the challenges you’ve had:

  • You’ve only been able to use the same authentication settings across all users in an organization

  • You haven’t been able to test a configuration before rolling it out to an entire organization

We’ve created authentication policies to address your authentication needs.

Roll out date for authentication policies

Starting from the week of March 15, 2021, we’re rolling out authentication policies. When your authentication policies are ready to use, you’ll find them in your organization under Security. Your previous authentication settings will appear in the default authentication policy. If you excluded users previously from two-step verification, we'll create an additional policy for them.

The rollout will have no impact on your existing settings. We’ll keep your previous settings. This change to how you configure authentication will not affect your end-users.

Detailed changes you need to be aware of:

Your authentication tasks

Current settings

New settings

How you find and manage your settings

We had settings on different pages in Security> Authentication:

  • SAML single sign-on
  • Password management
  • Two-step verification
  • Session duration

We’ve bundled most settings into what we call authentication policies onto one page, Security> Authentication policies:

  • SAML or G Suite single sign-on
  • Two-step verification
  • Password requirements
  • Idle session duration

We applied all settings to all your managed accounts

You apply settings to a subset of managed accounts

We had password management on the password management page

You manage passwords on the authentication policies page in password requirements

We had password reset on the password management page

You reset password on its own page

How you configure your authentication settings

We had the same authentication settings for all users

You create multiple authentication policies with different settings for subsets of users

You added a SAML configuration and enforced single sign-on at the same time

You add a SAML configuration and then enforce single sign-on in a policy when ready

How you test settings

You configured settings without being able to test them

You configure and test settings on a subset of users before releasing them to the whole company

How you notify users when you change settings

We emailed users when you require two-step verification

We don’t email users when you update two-step verification or any other settings.

We recommend you notify your users when ready

How you troubleshoot when users can't log in with two-step verification

You excluded users from two-step verification to disable it for them

You move the user to an authentication policy with two-step verification as optional and then you disable it for them

Learn more about authentication policies


You need Atlassian Access to use multiple authentication policies

Your organization comes with one default authentication policy. If you need multiple authentication policies, you have to subscribe to Atlassian Access.

What you get with Atlassian Access:

  • Multiple authentication policies (one default authentication policy included)

  • Single sign-on configuration with SAML or G Suite

  • Required two-step verification

  • Password requirement settings

  • Idle session duration settings

What you get without Atlassian Access:

  • One default authentication policy

  • Password requirement settings

  • Idle session duration settings

Learn more about Atlassian Access

Powered by Confluence and Scroll Viewport.