Help

JetBrains Hub configuration

With License Vault, to obtain a license, an end-user needs to authorize through an authentication provider. License Vault uses JetBrains Hub as an authorization tool. JetBrains Hub is a web-based application for user authorization, Single sign-on, connecting servers, and other useful tools. For more info, see Introduction to Hub.

Default JetBrains Hub configuration comes with the JetBrains Account authentication module preconfigured to your License Vault. Here's the detailed info about the default Groups and Auth Modules in JetBrains Hub.

Default Groups in Hub

With JetBrains Hub you can aggregate users into Groups. Group is a collection of users accounts, and it lets you manage multiple accounts more efficiently. To find the full description, see Groups.

There are some default preconfigured groups in the JetBrains Hub associated with License Vault:

  • License Server Administrators is a group of the License Vault administrators. These users can configure JetBrains Hub and administer the License Vault.

  • IDE Authorized is a group that has access to JetBrains IDEs. Each Auth module you use should have this group set to Auto-join groups parameter. In this case, users authorized through the Auth module can access licenses.

Default Auth Modules in Hub

JetBrains Hub associated with your License Vault instance has two Auth Modules preconfigured. Auth Modules let users log in to Hub and connected services, including the License Vault with the credentials that are stored in the respective Auth Module service. For more information, see Auth Modules.

There are some default preconfigured Auth Modules in the JetBrains Hub associated with License Vault.

JetBrains Account Auth Module

JetBrains Account (JBA) is the JetBrains Account Auth module, which you can freely use as an authentication provider. In the JBA, access to licenses is defined by an email domain a user enters during the license activation.

If you’ve configured email domains during the setup, then users authorized with JBA are automatically added to the IDE Authorized group which means they have access to licenses. To see the list of email domains, you’ve configured during the setup, use the procedure below.

If you haven’t, you should configure the user access parameter yourself, which is Restricted domains. It’s a set of email domains which is allowed to authorize through the JBA Auth Module.

Configuring email domains

  1. Go to the JetBrains Hub associated with your License Vault instance. You can find the Hub link at License Vault dashboard | Settings.

  2. Go to Auth Modules from the Access Management section of the Administration menu.

  3. Select JetBrains Account.

  4. Set your company email domain to the Restricted domains parameter. Users should use this email domain to authorize via IDEs. Public email domains, like gmail.com, are not allowed due to security reasons.

  5. Allow users authorized through the JBA to use License Vault: set the IDE Authorized group to the Auto-join groups parameter.

You should not disable or delete the JBA Auth Module before you've configured any other authentication provider accepted within your company.

Hub Auth Module

Hub is a default Auth module. JetBrains Hub allows creating users via itself; the Hub Auth module is used to authorize users created this way. You must not disable or delete it, since it's also used for support purposes.

Configure new Auth Module

If you still need to use another authentication provider accepted within your company, the License Vault administrator can configure JetBrains Hub with any supported Auth module, see Auth Modules.

The following procedure shows a mechanism of configuring JetBrains Hub. When it's configured, an end-user can obtain a license with their credentials. For more info, see Activating license.

Configuring Auth Module

  1. If the License Vault is configured for your company, you have the link to the JetBrains Hub configuration page. To get the link, open the License Vault browser page and go to the Settings tab.

    Link to the JetBrains Hub
  2. Log in to the JetBrains Hub with administrator JetBrains Account credentials.

  3. Configure your JetBrains Hub with Common Settings for Auth Modules, where you can find detailed information could be applied to any Auth Module.

  4. Revise the full list of supported third-party providers and find configuration settings for Auth Module accepted within your company. For example, if you choose LDAP Module, go to LDAP Authentication Module. Follow the instructions for the chosen Auth Module and configure the JetBrains Hub.

  5. Allow users authorized through the configured Auth Module to use License Vault. Add the IDE Authorized group to the Auto-join groups parameter. See Hub Registration Settings.

    Auto-join groups parameter
  6. (Optional) Add more License Vault administrators if needed: add privileged users to the License Server administrators group.

Last modified: 21 June 2022