Configuring user authorization
All users who want to obtain licenses from License Vault need to log in through an authentication provider. You can configure authentication providers and manage user accounts for License Vault in JetBrains Hub, the JetBrains authorization tool.
A preconfigured cloud instance of JetBrains Hub is provided with each License Vault.
There are two main areas that you need to set up in JetBrains Hub to let your users successfully get licenses from License Vault:
Select and set up an authentication module. Auth modules allow users to log in and obtain licenses from License Vault. Each License Vault comes with a pre-configured
JetBrains Account (JBA)
authentication module that works out of the box. You can continue using it or set up a new one.Ensure all users are in the correct user groups in JetBrains Hub. Groups define which users are allowed to get licenses from License Vault. All groups necessary for user authentication are pre-configured in your JetBrains Hub instance. You need to make sure these groups remain unchanged. And if you set up a new authentication module, ensure that all new License Vault users are added to the correct groups.
Access the JetBrains Hub settings
Use either of the following ways to open the JetBrains Hub settings.
Log in to your JetBrains account with organization administrator privileges.
Go to your License Vault settings page. If you don't know how to reach it, you can find the instructions here.
Click the "JetBrains Hub" link at the bottom of the settings page, under User access to licenses.
On the page that opens, log in using your JetBrains Account or a different account that has administrator permissions for License Vault.
Go to your License Vault and log in with administrator permissions.
Select Settings in the menu on the left and click the JetBrains Hub link under User access.
You'll be redirected to the JetBrains Hub Dashboard. From this Dashboard you can access the Users, Groups, and Auth Modules settings.
User groups in JetBrains Hub
Your JetBrains Hub comes with two default groups: License Server Administrators
and IDE Authorized
. These groups are required to manage and authorize License Vault users.
To view the groups in JetBrains Hub:
Open the JetBrains Hub settings.
Click the settings icon in the upper-right corner and select Groups.
- License Server Administrators
This group contains all License Vault administrators. These users can administer both License Vault and the JetBrains Hub instance associated with it.
When you first set up License Vault, your account is automatically added to this group. You can then provide administrator privileges to other users by adding them to this group.
This group contains all users that are allowed to obtain licenses from License Vault.
You can add users to this group in two ways:
Manually. License Vault will deny access to authenticated users unless you manually add them to this group.
Automatically. If you want all authenticated users to automatically gain access to licenses, add this group to the
Auto-join groups
parameter when configuring a new authentication module.
Configure authentication modules in JetBrains Hub
The way your users log in to License Vault is determined by the authentication modules configured in JetBrains Hub.
Your Hub comes with two auth modules preconfigured. But you're free to add other modules to integrate License Vault in your existing infrastructure and allow your users to log in with the same credentials they use for other services within your company.
JetBrains Hub supports such popular auth modules as Amazon, Google, Okta, SAML 2.0, and others. For the full list of supported authentication providers, refer to the JetBrains Hub documentation.
Default authentication modules
JetBrains Account auth module
JetBrains Account (JBA)
is the default auth module that works out of the box. All your users have to do is register a JetBrains Account with an email address that belongs to your company's domain and log in with this account when activating a license.
Access to licenses is granted or denied based on the email domain. That's why it's important that users enter their work email address when registering the JetBrains Account. Before sharing the License Vault link with your users, make sure that you've configured user access and added all the domains used in your company to the domain list.
How to configure user access by the email domain
The easiest way to configure user access is to enter the email domains while setting up License Vault. To do so, follow the instructions in Getting started.
Once you complete the wizard, all users that log in via JBA
with a work email address will be automatically added to the IDE Authorized
group, which means they'll have access to licenses.
You can also revise these settings in JetBrains Hub after completing the setup. To do so, follow the steps below.
Configuring user access by email domain
Go to your JetBrains Hub, click the settings icon in the upper-right corner, and select Auth Modules.
In the list of auth modules, click JetBrains Account.
In Additional Settings, set the User creation parameter to
Enabled
.Add all the email domains used in your company to the Restricted domains and emails parameter. Access will only be granted to users who log in with an email address from one of the listed domains.
Public email domains, like
gmail.com
, are not allowed for security reasons.Add the
IDE Authorized
group to theAuto-join groups
parameter. This will allow all users authenticated viaJBA
to automatically gain access to licenses.
Hub Auth Module
Hub
is the built-in authentication module in JetBrains Hub. It's disabled by default.
If you intend to use JetBrains Hub to create new License Vault users and store their credentials, you can use the Hub
module for that. The module allows your users to log in with JetBrains Hub credentials. Refer to Hub documentation to learn more about creating and managing user accounts.
If you enable the Hub
module, your users will see the login and password fields when logging in to License Vault.
Configuring a new authentication module
If the default authentication modules are not enough for your company, you can use another authentication provider established in your organization.
To configure a new auth module, follow the steps below.
Configuring an authentication module
Go to your JetBrains Hub, click the settings icon, and select Auth Modules.
Click New module and select the authentication provider you want to use.
Configure the settings specific to your selected auth module. You can find step-by-step instructions for each module in Hub documentation.
Configure the common settings for your new auth module. Refer to this documentation page for instructions.
Add the the
IDE Authorized
group to theAuto-join groups
parameter. This will allow all users authenticated via the new module to obtain licenses from License Vault. You can restrict access of certain users and groups later by configuring access rules.It's recommended to enable the
Email auto-verification
option, if it's available for your selected authentication provider. This will prevent account duplication in case the same user logs in via different auth modules.Once you've configured all the settings, enable your new module by clicking the Enable module button in the upper-right corner.
(Optional) Once you've made sure that the newly added module works correctly, you can disable other modules if they're not needed.