Disable Local Login (Admin & Users) for Hipchat Server / Hipchat Data Center

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


  • The Hipchat Server / Data Center is configured using SAML identity provider such as Okta or OneLogin
  • The company policy is to not have any visibility of the local login page including admin and normal users
  • The goal of this KB to disable any possible access to the local login page through backend changes


These changes are not officially supported by the Atlassian Support team. So, please proceed with caution!

  1. Obtain root access

    sudo dont-blame-hipchat
  2. Make a copy of the routes.php file:

    cp /hipchat-scm/web/application/config/routes.php /hipchat-scm/web/application/config/routes.php.bak
  3. Using your prefered screen oriented text editor, edit the /hipchat-scm/web/application/config/routes.php file. For example:

    nano /hipchat-scm/web/application/config/routes.php
  4. Comment out the login_password and login_admin code section as per the following:

    // account
    $config['new_password/(\d+)/(.*)'] = 'users/new_password/$1/$2';
    $config['new_password/(.*)'] = 'users/new_password_legacy';
    $config['forgot_password'] = 'users/reset_password';
    $config['switch_account'] = 'users/switch_account';
    $config['sign_in'] = 'users/sign_in';
    $config['login'] = 'users/login';
    // $config['login_password'] = 'users/login_password';
    $config['login_select_auth'] = 'users/login_select_auth';
    $config['login_group'] = 'users/login_group';
    // $config['login_admin'] = 'users/login_admin';
    $config['login_admin_password'] = 'users/login_admin_password';
    $config['sign_out'] = 'users/sign_out';
  5. Save the file and verify that the pages are no longer accessible:

  6. Additionally, you can also alter the Admin Login link through /hipchat-scm/web/application/views/users/_below_signin.php

    cp /hipchat-scm/web/application/views/users/_below_signin.php /hipchat-scm/web/application/views/users/_below_signin.php.bak
     <?php if (isset($password_allowed) && !$password_allowed): ?>
            <a href="/login_admin<?= $link_params ?>" id="admin-login">Admin login</a>
      <?php endif ?>

    You can either remove the line completely or modify the href section to point to a different context path to point to redirect the user to a different location

Last modified on Nov 2, 2018

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.