You built a gorgeous internal portal in Backstage, but half your team still pings you for repo URLs or access rights. Meanwhile, JetBrains Space already knows who should see what. Why not let Space handle identity while Backstage runs the show front and center?
Backstage JetBrains Space is a natural pairing. Backstage gives developers a self‑service hub for catalogs, docs, and services. JetBrains Space carries your organization’s brain—users, roles, projects, automations, and packages. Together, they bring order to your internal sprawl and let developers move faster without constant permission checks or ticket chases.
Integrating them turns identity and automation into one workflow. Backstage connects to Space as an OpenID Connect (OIDC) provider. User sign‑in flows through Space, which returns verified identity claims and team memberships. Backstage can then map Space roles to access groups or plugin scopes. The result is a single central login that enforces the same policies your developers already follow in Space.
A quick mental model: JetBrains Space dictates who you are, Backstage decides what you can touch. Once hooked up, every action—deploying a service, editing docs, checking status—respects the same identity source. Fewer passwords, less drift, no rogue permissions floating around AWS IAM.
If your integration hiccups, start with token lifetimes and audience scopes. Most misfires come from mismatched OIDC audience fields or stale client secrets. Rotate them regularly and store credentials in a secure vault. When debugging user roles, inspect the JWT claims Space issues, then match them to Backstage’s RBAC configuration.
Key benefits of linking Backstage with JetBrains Space
- Unified identity across CI, code, and service catalogs
- Faster onboarding with no duplicate user mapping
- Role‑based access that travels across tools
- Secure, audit‑friendly automation using known identities
- Reduced context switching and fewer broken permissions
This link also improves developer velocity. Instead of chasing logins, new engineers walk into Backstage and instantly see their projects, pipelines, and repositories from Space. Access reviews become simple: compliance teams can trace actions to verified Space roles. It feels like the system finally knows who everyone is.
Platforms like hoop.dev turn those access rules into guardrails that enforce policy automatically. They check identity at every request, regardless of where the app runs. You define once, enforce everywhere, and stop worrying about one‑off tokens or untracked admin portals.
How do I connect Backstage to JetBrains Space?
Use Space as your OIDC provider. In Backstage’s configuration, set Space’s client ID, secret, and discovery URL. Map group claims to Backstage roles. Log in once through Space and the session carries across all Backstage plugins.
AI copilots can also benefit from this identity‑aware setup. When agents suggest builds or deploy commands, they inherit Space permissions automatically. No shadow access, no leaked tokens in chat prompts. Policy stays consistent even when humans and AIs share the same pipeline.
Unifying Backstage and JetBrains Space is less about plumbing and more about trust. You remove friction, strengthen audits, and make every developer’s life a touch calmer.
See an Environment Agnostic Identity-Aware Proxy in action with hoop.dev. Deploy it, connect your identity provider, and watch it protect your endpoints everywhere—live in minutes.