License Vault Help

Configuring user authorization

All users who want to obtain licenses from License Vault need to log in through an authentication provider. You can configure authentication providers and manage user accounts for License Vault in JetBrains Hub, the JetBrains authorization tool.

A preconfigured cloud instance of JetBrains Hub is provided with each License Vault.

There are two main areas that you need to set up in JetBrains Hub to let your users successfully get licenses from License Vault:

  1. Select and set up an authentication module. Auth modules allow users to log in and obtain licenses from License Vault. Each License Vault comes with a pre-configured JetBrains Account (JBA) authentication module that works out of the box. You can continue using it or set up a new one.

  2. Ensure all users are in the correct user groups in JetBrains Hub. Groups define which users are allowed to get licenses from License Vault. All groups necessary for user authentication are pre-configured in your JetBrains Hub instance. You need to make sure these groups remain unchanged. And if you set up a new authentication module, ensure that all new License Vault users are added to the correct groups.

Access the JetBrains Hub settings

Use either of the following ways to open the JetBrains Hub settings.

  1. Log in to your JetBrains account with organization administrator privileges.

  2. Go to your License Vault settings page. If you don't know how to reach it, you can find the instructions here.

  3. Click the "JetBrains Hub" link at the bottom of the settings page, under User access to licenses.

    Link to JetBrains Hub in the License Vault settings page in JetBrains Account
  4. On the page that opens, log in using your JetBrains Account or a different account that has administrator permissions for License Vault.

  1. Go to your License Vault and log in with administrator permissions.

  2. Select Settings in the menu on the left and click the JetBrains Hub link under User access.

    The link to JetBrains Hub in the License Vault settings

You'll be redirected to the JetBrains Hub Dashboard. From this Dashboard you can access the Users, Groups, and Auth Modules settings.

The settings menu on the JetBrains Hub Dashboard

User groups in JetBrains Hub

Your JetBrains Hub comes with two default groups: License Server Administrators and IDE Authorized. These groups are required to manage and authorize License Vault users.

To view the groups in JetBrains Hub:

  1. Open the JetBrains Hub settings.

  2. Click the settings icon in the upper-right corner and select Groups.

The list of user groups configured in JetBrains Hub
License Server Administrators

This group contains all License Vault administrators. These users can administer both License Vault and the JetBrains Hub instance associated with it.

When you first set up License Vault, your account is automatically added to this group. You can then provide administrator privileges to other users by adding them to this group.

IDE Authorized

This group contains all users that are allowed to obtain licenses from License Vault.

You can add users to this group in two ways:

  • Manually. License Vault will deny access to authenticated users unless you manually add them to this group.

  • Automatically. If you want all authenticated users to automatically gain access to licenses, add this group to the Auto-join groups parameter when configuring a new authentication module.

Configure authentication modules in JetBrains Hub

The way your users log in to License Vault is determined by the authentication modules configured in JetBrains Hub.

Your Hub comes with two auth modules preconfigured. But you're free to add other modules to integrate License Vault in your existing infrastructure and allow your users to log in with the same credentials they use for other services within your company.

JetBrains Hub supports such popular auth modules as Amazon, Google, Okta, SAML 2.0, and others. For the full list of supported authentication providers, refer to the JetBrains Hub documentation.

Default authentication modules

JetBrains Account auth module

JetBrains Account (JBA) is the default auth module that works out of the box. All your users have to do is register a JetBrains Account with an email address that belongs to your company's domain and log in with this account when activating a license.

Access to licenses is granted or denied based on the email domain. That's why it's important that users enter their work email address when registering the JetBrains Account. Before sharing the License Vault link with your users, make sure that you've configured user access and added all the domains used in your company to the domain list.

How to configure user access by the email domain

The easiest way to configure user access is to enter the email domains while setting up License Vault. To do so, follow the instructions in Getting started.

Once you complete the wizard, all users that log in via JBA with a work email address will be automatically added to the IDE Authorized group, which means they'll have access to licenses.

You can also revise these settings in JetBrains Hub after completing the setup. To do so, follow the steps below.

Configuring user access by email domain

  1. Go to your JetBrains Hub, click the settings icon in the upper-right corner, and select Auth Modules.

  2. In the list of auth modules, click JetBrains Account.

  3. In Additional Settings, set the User creation parameter to Enabled.

  4. Add all the email domains used in your company to the Restricted domains and emails parameter. Access will only be granted to users who log in with an email address from one of the listed domains.

    Public email domains, like, are not allowed for security reasons.

    The list of email domains added to the Restricted domains parameter
  5. Add the IDE Authorized group to the Auto-join groups parameter. This will allow all users authenticated via JBA to automatically gain access to licenses.

    The Auto-join groups parameter

Hub Auth Module

Hub is the built-in authentication module in JetBrains Hub. It's disabled by default.

If you intend to use JetBrains Hub to create new License Vault users and store their credentials, you can use the Hub module for that. The module allows your users to log in with JetBrains Hub credentials. Refer to Hub documentation to learn more about creating and managing user accounts.

If you enable the Hub module, your users will see the login and password fields when logging in to License Vault.

Login window with Hub auth module enabled

Configuring a new authentication module

If the default authentication modules are not enough for your company, you can use another authentication provider established in your organization.

To configure a new auth module, follow the steps below.

Configuring an authentication module

  1. Go to your JetBrains Hub, click the settings icon, and select Auth Modules.

  2. Click New module and select the authentication provider you want to use.

    The 'New module' menu with the list of available authentication providers
  3. Configure the settings specific to your selected auth module. You can find step-by-step instructions for each module in Hub documentation.

  4. Configure the common settings for your new auth module. Refer to this documentation page for instructions.

  5. Add the the IDE Authorized group to the Auto-join groups parameter. This will allow all users authenticated via the new module to obtain licenses from License Vault. You can restrict access of certain users and groups later by configuring access rules.

  6. It's recommended to enable the Email auto-verification option, if it's available for your selected authentication provider. This will prevent account duplication in case the same user logs in via different auth modules.

    The 'Email auto-verification' setting
  7. Once you've configured all the settings, enable your new module by clicking the Enable module button in the upper-right corner.

    The 'Enable module' button
  8. (Optional) Once you've made sure that the newly added module works correctly, you can disable other modules if they're not needed.

Last modified: 02 February 2024