Auth Modules

Available Actions

The following actions are available on the Auth Modules page:

JetBrains Account Authentication

When you first access Hub, the JetBrains Account authentication module is already preconfigured and active. This authentication module is used to verify the identity of the administrator who provided credentials when starting a new IDE Services Cloud instance.

If you don't want to configure single sign-on using accounts from a third-party authentication service, you can continue using the JetBrains Account authentication module. Your users can register a JetBrains Account with an email address that belongs to your company's domain and log in with this account when connecting to IDE Services.

Third-party Authentication Providers

In addition to the built-in authentication service provided out of the box, Hub lets you connect to one or more third-party authentication services.

One of the advantages of third-party authentication is that it leverages accounts for services that may already be in use by your organization. By allowing users to sign in with a single set of credentials across multiple applications, they are less likely to experience the frustration that comes with remembering multiple usernames and passwords.

Hub provides pre-configured authentication modules for services that work with various protocols like OAuth 2.0, SAML, LDAP, and OpenID. It also provides generic modules for each protocol that you can use to let users log in to Hub with accounts from other third-party services. To learn how to set up an authentication module for a specific service provider, select a topic from this section in the documentation.

Default Authentication

Hub lets you designate a specific authentication module as the system default. When used, unauthenticated users who open a URL that belongs to Hub or a connected service are automatically redirected to the default authentication provider, skipping the standard Hub login page. Once authenticated, users are redirected to the originally requested page.

Users who are already authenticated in the default authentication service can navigate directly to the target page.

In situations where there are problems with the default authentication service, users are redirected to an error page. This page contains a link that lets users try using another login option to access Hub. When clicked, users are directed to the Hub login page. Here, they can select any available authentication providers to log in.

Use this feature when you want users to log in with accounts from a specific identity provider while still providing secondary login options when there's an outage or another connection problem.

If none of the available authentication modules are designated as the default, unauthenticated users are always directed to the Hub login page. The same is true when the built-in Hub authentication module is set as the default.

Two-factor Authentication

Two-factor authentication (2FA) is a security mechanism that enhances the protection of user accounts by requiring two distinct forms of verification before granting access. Users can set up 2FA for their own accounts at any time. This requires that they verify their identity using a second factor when they log in with their Hub account credentials.

If you're working with the Hub authentication module and want to require 2FA, you can configure this requirement at the group level. For example, if you want to require that everyone in your organization adds 2FA to their Hub account, you can configure this requirement for the All Users group. To learn more about this feature, see Require Two-factor Authentication.

If you're working with authentication modules supported by third-party services, the configuration and enrolment in two-factor authentication is also managed in the external service, not Hub.