You need to be using a user directory that supports SSO in JIRA.
Atlassian's Crowd does that and is quite easy to set up with Atlassian products and most types of LDAP, but there are other options which do more.
Could you explain exactly what you are looking for from your "SSO" - is it just "log into JIRA or Confluence or Stash and not have to log into any other Atlassian application again" or more than that?
There's no way to stop users creating issues once a sprint starts, but if you just let them create issues in the project, they go into the backlog, not into the sprint, which is the right approach. Your users who can add to sprints can add the new ones and make the sprint scope change, but it is two steps.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot