Configuring user authorization
To obtain licenses from License Vault, users need to log in through an authentication provider.
You can configure authentication and manage user accounts for License Vault in JetBrains Hub, the JetBrains authorization tool. A preconfigured cloud instance of JetBrains Hub is provided with each License Vault.
How to access the JetBrains Hub settings
You can reach the JetBrains Hub settings either of the following ways.
Go to your License Vault settings page. If you don't know how to reach it, you can find the instructions here.
Click the JetBrains Hub link at the bottom the settings page, under User access.
Log in using your JetBrains Account or a different account that has administrator permissions for License Vault.
Go to your License Vault and log in with administrator permissions.
Go to Settings and click the JetBrains Hub link under User access.
You'll be redirected to the JetBrains Hub Dashboard. From this Dashboard you can access the Users, Groups, and Auth Modules settings.

User groups in JetBrains Hub
Hub groups are collections of user accounts that share the same permissions. To view all groups, click the settings icon on the Hub Dashboard, and select Groups.

Default groups
Your Hub comes with two default groups that are required to manage and authorize License Vault users.
License Server Administrators
This group contains all License Vault administrators. These users can administer both License Vault and the JetBrains Hub instance associated with it.
When you first set up License Vault, your account is automatically added to this group. You can then provide administrator privileges to other users by adding them to this group.
IDE Authorized
This group contains all users that are allowed to obtain licenses from License Vault.
You can add users to this group in two ways:
Manually. License Vault will deny access to authenticated users unless you manually add them to this group.
Automatically. If you want all authenticated users to automatically gain access to licenses, add this group to the
Auto-join groups
parameter when configuring a new authentication module.
Authentication modules in JetBrains Hub
The way your users log in to License Vault is determined by the authentication modules configured in JetBrains Hub.
Your Hub comes with two auth modules preconfigured, but you're free to add other modules to integrate License Vault in your existing infrastructure and allow your users to log in with the same credentials they use for other services within your company.
Check out the full list of supported authentication providers in the Hub documentation.
Default authentication modules
JetBrains Account auth module
JetBrains Account (JBA)
is the default auth module that works out of the box. All your users have to do is register a JetBrains Account with an email address that belongs to your company's domain and log in with this account when activating a license.
Access to licenses is granted or denied based on the email domain. That's why it's important that users enter their work email address when registering the JetBrains Account. Before sharing the License Vault link with your users, make sure that you've configured user access and added all the domains used in your company to the domain list.
How to configure user access by the email domain
The easiest way to configure user access is to enter the email domains while setting up License Vault. To do so, follow the instructions in Getting started.
Once you complete the wizard, all users that log in via JBA
with a work email address will be automatically added to the IDE Authorized
group, which means they'll have access to licenses.
You can also revise these settings in JetBrains Hub after completing the setup. To do so, follow the steps below.
Configuring user access by email domain
Go to your JetBrains Hub, click the settings icon, and select Auth Modules.
In the list of Auth Modules, click JetBrains Account.
In Additional Settings, set the User creation parameter to
Enabled
.Add all the email domains used in your company to the
Restricted domains
parameter. Access will only be granted to users who log in with an email address from one of the listed domains.Public email domains, like
gmail.com
, are not allowed for security reasons.Add the
IDE Authorized
group to theAuto-join groups
parameter. This will allow all users authenticated viaJBA
to automatically gain access to licenses.
Hub Auth Module
Hub
is the built-in auth module. It's disabled by default.
Enable it if you intend to use JetBrains Hub to create new License Vault users and store their credentials. The module allows your users to log in with these credentials. Refer to Hub documentation to learn more about creating and managing user accounts.
If your users will be logging in with JBA
or other authentication providers, keep the Hub
auth module disabled.
Configuring a new authentication module
To use another authentication provider established in your company, add it to JetBrains Hub. Check out the full list of supported providers in the Hub documentation.
To configure a new auth module, follow the steps below.
Configuring an authentication module
Go to your JetBrains Hub, click the settings icon, and select Auth Modules.
Click New module and select the authentication provider you want to use.
Configure the common settings for your new auth module. Refer to this documentation page for instructions.
Configure the settings specific to your selected auth module. Go to the list of auth modules, select your module, and follow the instructions.
Add the the
IDE Authorized
group to theAuto-join groups
parameter. This will allow all users authenticated via the new module to obtain licenses from License Vault.It's recommended to enable the
Email auto-verification
option, if it's available for your selected authentication provider. This will prevent account duplication in case the same user logs in via different auth modules.Once you've configured all the settings, enable your new module by clicking the Enable module button at the top of the settings page.
(Optional) Once you've made sure that the newly added module works correctly, you might choose to disable other modules you don't want your users to log in with.