Restore Passwords To Recover Admin User Rights
As an administrator, you may find yourself locked out of Jira because:
- You've imported a site from Cloud, and it does not contain a system administrator account.
- You've forgotten the password to the administrator account, and don't have access to the email address associated with it.
- You're using an external directory or Jira for user management, have disabled the built in user management, and your external directory is not currently available.
- You need to make a change to the configuration of an external user directory in Jira while that directory is not available.
In any of these situations you can use recovery mode to restore administrator access to Jira.
Using JIRA 6.4 or earlier? You'll need to use the database method to recover your admin user rights. See the earlier documentation.
Use recovery mode to restore access
Recovery mode works by creating a virtual user directory with a temporary admin account (recovery_admin). You set the password for this admin account when applying the system property. Users can continue to log in and access Jira while it is in recovery mode.
To recover administrator user rights:
- Stop a Jira node.
Add the following startup parameter according to the steps from the Setting properties and options on startup KB article, based on the method that's being used to start Jira:
This is generally applied in the setenv.sh or setenv.bat file (depending on your operating system type) in the <jira_install>/bin directory. Note: <your-password> in the command above is used as a placeholder only. Please replace <your-password> with the password of your choice.
- Start your Jira node. You may need to start Jira manually with the start-jira.sh or start-jira.bin scripts in the <jira_install>/bin directory.
- In a multi-node Jira architecture, repeat steps 1-3 to enable recovery mode for each node as needed.
- Log into Jira with the username recovery_admin and the temporary password you specified in the system property.
- NOTE: In case you get "Invalid username or password" check the syntax from step 2, for example no space between two parameters or missing quotes.
- NOTE: When you have CROWD SSO enabled it may be needed to temporarily disable this to log in with recovery_admin. To leave only Jira Internal Directory authentication, please see: Disabling a Directory via the JIRA database
- NOTE: You will be presented with the Welcome screen to create or import new projects. Don't be alarmed - this does not indicate an empty instance.
- Reset the password for your existing admin account, or create a new account and add it to the appropriate administrator group.
- Confirm that you can successfully log in with your new account.
- Stop your Jira node.
- Remove the -Datlassian.recovery.password parameter.
- Start your Jira again normally.
- In a multi-node Jira architecture, repeat steps 7-9 for each node where recovery mode was enabled.
Good to know:
- In case it is not possible to edit groups or users, you will need to fix that; please refer to Cannot edit group memberships, as external user management is enabled, please contact your Jira administrators for more information.
- Remove the system property as soon as you have restored admin access.
- Don't leave Jira in recovery mode or use the recovery_admin account as a regular administrator account.
- Your temporary password should be unique. Don't use an existing password or the one you intend to use for your admin account.
- Be sure to confirm there are active users with the Jira System Administrators global permission, or else you won't be able to manage some system features in Jira.
- Be sure to set the password for your Jira Administrator user before you log out of the recovery_admin account:
Go to > User management > Users > click on the username > in the top right corner of the User's profile, click on the Action drop-down button, choose Set Password, type in a temporary password, and then again to confirm > Update. Once your Jira Administrator password has been set, you can log out of the recovery_admin account and back in with your Jira Administrator user.
- Any additional authentication methods like SAML SSO will not be available in recovery mode