JetBrains Hub configuration
With License Vault, to obtain a license, an end-user needs to authorize through an authentication provider. License Vault uses JetBrains Hub as an authorization tool. JetBrains Hub is a web-based application for user authorization, Single sign-on, connecting servers, and other useful tools. For more info, see Introduction to Hub.
Default JetBrains Hub configuration comes with the JetBrains Account authentication module preconfigured to your License Vault. Here's the detailed info about the default Groups and Auth Modules in JetBrains Hub.
Default Groups in Hub
With JetBrains Hub you can aggregate users into Groups. Group is a collection of users accounts, and it lets you manage multiple accounts more efficiently. To find the full description, see Groups.
There are some default preconfigured groups in the JetBrains Hub associated with License Vault:
License Server Administratorsis a group of the License Vault administrators. These users can configure JetBrains Hub and administer the License Vault.
IDE Authorizedis a group that has access to JetBrains IDEs. Each Auth module you use should have this group set to
Auto-join groupsparameter. In this case, users authorized through the Auth module can access licenses.
Default Auth Modules in Hub
JetBrains Hub associated with your License Vault instance has two Auth Modules preconfigured. Auth Modules let users log in to Hub and connected services, including the License Vault with the credentials that are stored in the respective Auth Module service. For more information, see Auth Modules.
There are some default preconfigured Auth Modules in the JetBrains Hub associated with License Vault.
JetBrains Account Auth Module
JetBrains Account (JBA) is the JetBrains Account Auth module, which you can freely use as an authentication provider. In the JBA, access to licenses is defined by an email domain a user enters during the license activation.
If you’ve configured email domains during the setup, then users authorized with
JBA are automatically added to the
IDE Authorized group which means they have access to licenses. To see the list of email domains, you’ve configured during the setup, use the procedure below.
If you haven’t, you should configure the user access parameter yourself, which is
Restricted domains. It’s a set of email domains which is allowed to authorize through the
JBA Auth Module.
Configuring email domains
Go to the JetBrains Hub associated with your License Vault instance. You can find the Hub link at License Vault dashboard | Settings.
Go to Auth Modules from the Access Management section of the Administration menu.
Select JetBrains Account.
Set your company email domain to the
Restricted domainsparameter. Users should use this email domain to authorize via IDEs. Public email domains, like
gmail.com, are not allowed due to security reasons.
Allow users authorized through the JBA to use License Vault: set the
IDE Authorizedgroup to the
You should not disable or delete the JBA Auth Module before you've configured any other authentication provider accepted within your company.
Hub Auth Module
Hub is a default Auth module. JetBrains Hub allows creating users via itself; the Hub Auth module is used to authorize users created this way. You must not disable or delete it, since it's also used for support purposes.
Configure new Auth Module
If you still need to use another authentication provider accepted within your company, the License Vault administrator can configure JetBrains Hub with any supported Auth module, see Auth Modules.
The following procedure shows a mechanism of configuring JetBrains Hub. When it's configured, an end-user can obtain a license with their credentials. For more info, see Activating license.
Configuring Auth Module
If the License Vault is configured for your company, you have the link to the JetBrains Hub configuration page. To get the link, open the License Vault browser page and go to the Settings tab.
Log in to the JetBrains Hub with administrator JetBrains Account credentials.
Configure your JetBrains Hub with Common Settings for Auth Modules, where you can find detailed information could be applied to any Auth Module.
Revise the full list of supported third-party providers and find configuration settings for Auth Module accepted within your company. For example, if you choose LDAP Module, go to LDAP Authentication Module. Follow the instructions for the chosen Auth Module and configure the JetBrains Hub.
Allow users authorized through the configured Auth Module to use License Vault. Add the
IDE Authorizedgroup to the
Auto-join groupsparameter. See Hub Registration Settings.
(Optional) Add more License Vault administrators if needed: add privileged users to the
License Server administratorsgroup.