You need to be using a user directory that supports SSO in JIRA.
Atlassian's Crowd does that and is quite easy to set up with Atlassian products and most types of LDAP, but there are other options which do more.
Could you explain exactly what you are looking for from your "SSO" - is it just "log into JIRA or Confluence or Stash and not have to log into any other Atlassian application again" or more than that?
There's no way to stop users creating issues once a sprint starts, but if you just let them create issues in the project, they go into the backlog, not into the sprint, which is the right approach. Your users who can add to sprints can add the new ones and make the sprint scope change, but it is two steps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.