How to Configure Authentication and Permissions in JetBrains Hub
JetBrains Hub serves as the central identity and access management system for your JetBrains team tools, including YouTrack and TeamCity. Properly configuring authentication and permissions ensures that your team has seamless access to their workspaces while keeping your company data secure.
This guide walks you through setting up authentication modules and managing user permissions in JetBrains Hub. 1. Setting Up Authentication Modules
Authentication modules define how users log into JetBrains Hub. You can use standard credentials, or connect external identity providers for Single Sign-On (SSO). Managing Built-in Credentials
By default, Hub uses a built-in module for local usernames and passwords.
Navigate to Administration > Auth Modules from the main menu.
Click on Hub (the default module) to configure password strength policies.
Set the minimum password length and require special characters or numbers to enforce security. Connecting External Identity Providers (SSO)
To enable SSO via providers like Google, GitHub, Microsoft, or an enterprise SAML/LDAP server: Go to Administration > Auth Modules.
Click New module and select your provider type (e.g., SAML 2.0, LDAP, Google).
Copy the Redirect URI provided by Hub and paste it into your identity provider’s developer console.
Input the Client ID and Client Secret (or Metadata URL for SAML) provided by your identity provider into Hub.
Enable the Create users automatically on first login option if you want Hub to provision accounts for new team members automatically. Click Save and toggle the module status to Enabled. 2. Managing Users and Groups
Managing permissions individually for every user is inefficient. Instead, use groups to scale your access control. Creating Groups Navigate to Administration > Groups.
Click New group and give it a descriptive name (e.g., Developers, Project Managers).
Open the newly created group and click the Users tab to add members manually, or set up automatic group mapping rules based on your external auth module attributes. 3. Configuring Roles and Permissions
Permissions in JetBrains Hub are bundled into Roles. A role is a collection of specific actions a user can perform, such as Read Issue, Create Project, or Manage Build Configurations. Understanding Role Types
Global Roles: Apply across the entire Hub installation (e.g., System Admin).
Project Roles: Apply only within specific projects (e.g., Developer or Project Admin). Creating a Custom Role
If the default roles do not fit your workflow, you can create custom ones: Go to Administration > Access Management > Roles. Click New role.
Select the services this role applies to (e.g., YouTrack, TeamCity, or Hub itself).
Check the boxes next to the specific permissions you want to grant. Click Save. 4. Granting Access (Assigning Roles)
Once your groups and roles are ready, you must connect them to your projects.
Go to Administration > Groups (or Users) and select the target group. Click on the Role Assignments tab. Click Grant role. Select the Role you want to assign from the dropdown menu. Choose the Scope: Select Global if the permissions should apply everywhere.
Select specific Projects if the permissions should be restricted to certain workspaces. Click Grant. 5. Best Practices for Hub Security
Enforce Two-Factor Authentication (2FA): If you use built-in Hub credentials, require all users to enable 2FA under their profile settings to prevent unauthorized access.
Follow the Principle of Least Privilege: Assign users the minimum level of access they need to complete their tasks. Rely heavily on project-scoped roles rather than global roles.
Audit regularly: Periodically check the License Management and Access Management dashboards to revoke access for inactive users and reclaim licenses.
To help tailor any further troubleshooting or advanced steps, let me know:
Which external identity provider (like Azure AD, Google, Okta) you plan to connect.
Which specific JetBrains tools (YouTrack, TeamCity) you are integrating with Hub.
If you need assistance setting up SSL/TLS certificates for secure connections.
Leave a Reply