License Vault Help

Configuring user authorization

To obtain licenses from License Vault, users need to log in through an authentication provider.

You can configure authentication and manage user accounts for License Vault in JetBrains Hub, the JetBrains authorization tool. A preconfigured cloud instance of JetBrains Hub is provided with each License Vault.

How to access the JetBrains Hub settings

You can reach the JetBrains Hub settings either of the following ways.

  1. Go to your License Vault settings page. If you don't know how to reach it, you can find the instructions here.

  2. Click the JetBrains Hub link at the bottom the settings page, under User access.

    Link to JetBrains Hub in the License Vault settings page in JetBrains Account
  3. Log in using your JetBrains Account or a different account that has administrator permissions for License Vault.

  1. Go to your License Vault and log in with administrator permissions.

  2. Go to Settings and click the JetBrains Hub link under User access.

    Link to JetBrains Hub in License Vault settings

You'll be redirected to the JetBrains Hub Dashboard. From this Dashboard you can access the Users, Groups, and Auth Modules settings.

The settings menu on the JetBrains Hub Dashboard

User groups in JetBrains Hub

Hub groups are collections of user accounts that share the same permissions. To view all groups, click the settings icon on the Hub Dashboard, and select Groups.

The list of groups configured in JetBrains Hub

Default groups

Your Hub comes with two default groups that are required to manage and authorize License Vault users.

License Server Administrators

This group contains all License Vault administrators. These users can administer both License Vault and the JetBrains Hub instance associated with it.

When you first set up License Vault, your account is automatically added to this group. You can then provide administrator privileges to other users by adding them to this group.

IDE Authorized

This group contains all users that are allowed to obtain licenses from License Vault.

You can add users to this group in two ways:

  • Manually. License Vault will deny access to authenticated users unless you manually add them to this group.

  • Automatically. If you want all authenticated users to automatically gain access to licenses, add this group to the Auto-join groups parameter when configuring a new authentication module.

Authentication modules in JetBrains Hub

The way your users log in to License Vault is determined by the authentication modules configured in JetBrains Hub.

Your Hub comes with two auth modules preconfigured, but you're free to add other modules to integrate License Vault in your existing infrastructure and allow your users to log in with the same credentials they use for other services within your company.

Check out the full list of supported authentication providers in the Hub documentation.

Default authentication modules

JetBrains Account auth module

JetBrains Account (JBA) is the default auth module that works out of the box. All your users have to do is register a JetBrains Account with an email address that belongs to your company's domain and log in with this account when activating a license.

Access to licenses is granted or denied based on the email domain. That's why it's important that users enter their work email address when registering the JetBrains Account. Before sharing the License Vault link with your users, make sure that you've configured user access and added all the domains used in your company to the domain list.

How to configure user access by the email domain

The easiest way to configure user access is to enter the email domains while setting up License Vault. To do so, follow the instructions in Getting started.

Once you complete the wizard, all users that log in via JBA with a work email address will be automatically added to the IDE Authorized group, which means they'll have access to licenses.

You can also revise these settings in JetBrains Hub after completing the setup. To do so, follow the steps below.

Configuring user access by email domain

  1. Go to your JetBrains Hub, click the settings icon, and select Auth Modules.

  2. In the list of Auth Modules, click JetBrains Account.

  3. In Additional Settings, set the User creation parameter to Enabled.

  4. Add all the email domains used in your company to the Restricted domains parameter. Access will only be granted to users who log in with an email address from one of the listed domains.

    Public email domains, like gmail.com, are not allowed for security reasons.

    The list of email domains added to the Restricted domains parameter
  5. Add the IDE Authorized group to the Auto-join groups parameter. This will allow all users authenticated via JBA to automatically gain access to licenses.

    The Auto-join group parameter

Hub Auth Module

Hub is the built-in auth module. It's disabled by default.

Enable it if you intend to use JetBrains Hub to create new License Vault users and store their credentials. The module allows your users to log in with these credentials. Refer to Hub documentation to learn more about creating and managing user accounts.

If your users will be logging in with JBA or other authentication providers, keep the Hub auth module disabled.

Configuring a new authentication module

To use another authentication provider established in your company, add it to JetBrains Hub. Check out the full list of supported providers in the Hub documentation.

To configure a new auth module, follow the steps below.

Configuring an authentication module

  1. Go to your JetBrains Hub, click the settings icon, and select Auth Modules.

  2. Click New module and select the authentication provider you want to use.

    New module menu with the list of available authentication providers
  3. Configure the common settings for your new auth module. Refer to this documentation page for instructions.

  4. Configure the settings specific to your selected auth module. Go to the list of auth modules, select your module, and follow the instructions.

  5. Add the the IDE Authorized group to the Auto-join groups parameter. This will allow all users authenticated via the new module to obtain licenses from License Vault.

  6. It's recommended to enable the Email auto-verification option, if it's available for your selected authentication provider. This will prevent account duplication in case the same user logs in via different auth modules.

    Auto-join groups parameter
  7. Once you've configured all the settings, enable your new module by clicking the Enable module button at the top of the settings page.

    The Enable module button
  8. (Optional) Once you've made sure that the newly added module works correctly, you might choose to disable other modules you don't want your users to log in with.

Last modified: 11 January 2023