How to set 2FA Timeout Value in the 2FA app

This article explains how to set 2FA Timeout Value in the 2FA app. You can configure the length of time that the application users 2FA session token is valid after which the system logs out inactive users. Valid timeout values range between 15 minutes and 48 hours. You can choose a shorter timeout period if you want to enforce stricter security.

Instructions

1. Log into the Bitbucket instance as an Administrator.
2. Click Cog wheel.
3. From the left sidebar, under the TWO FACTOR AUTHENTICATION (2FA) section, select General Settings
   
   
4. Select your preferred time as per your requirement from the available options in 2FA Timeout Value. In the below screenshot, 1 hour is selected for application users. It indicates that the 2FA session is valid for 1 hour and the user is logged out automatically after an hour.
   
   
5. If you are using Bitbucket v5.0 or later, you can set the server session timeout value in the bitbucket.properties file.

   1. To edit the bitbucket.properties file, go to the file: <bitbucket-home>/shared/bitbucket.properties and set the session.timeout value to 3600 as mentioned in the below example:

      server.session.timeout=3600

       For more details on the default session timeout, refer to the Atlassian documentation here.

   2. After making these changes, the Bitbucket server needs to be restarted.
6. If you are using the Bitbucket version lower than v5.0, you need to change the default (30 minutes) session timeout. 
   To change the default session timeout, you need to edit the web.xml file. You can find this file from this location: <Bitbucket Server installation directory>/conf/web.xml.