Registering SonarCloud in Okta
This page explains how to register SonarCloud in Okta. This is the first step of SAML SSO setup with Okta. For an overview of the complete setup, see Transitioning your enterprise to SAML SSO.
Step 1: Create the SonarCloud application
1. In Okta, under Applications, select Create App Integration.
2. In the Sign-in Method dialog, select SAML 2.0.
3. Select Create.
4. Fill in the fields and options as described below in the various steps.
Steps' fields and options
| Step | Field or option | Description |
|---|---|---|
| General settings | Application label | SonarCloud application name. Example: SonarCloud. |
| Do not display application icon to users | Select this option. (This is because SonarCloud doesn't support IdP-initiated SSO). | |
| SAML settings | Single sign on URL | Copy-paste the SSO URL field from the SonarCloud UI. To do so:
|
| Audience URI (SP Entity ID) | Copy-paste the SP Identity ID field from the SonarCloud UI. Proceed as explained for the SSO URL field above. | |
| Response | Select Signed. | |
| Assertion Signature | Select Signed. | |
| Signature Algorithm | Select RSA-SHA256. | |
| SAML settings: Advanced settings | If you want to enable assertion encryption, expand Show Advanced Settings | |
| Assertion Encryption | Select Encrypted. | |
| Encryption Algorithm | Select AES256-GCM for high security. | |
| Key Transport Algorithm | Select RSA-OAEP. | |
| Encryption Certificate | The public X.509 certificate used by the identity provider to authenticate SAML messages. |
5. Under Attribute Statements, add three attribute mappings as described below.
Attribute statements mappings
| Mapping for name | Mapping for login | Mapping for email (optional) | |
|---|---|---|---|
| Name | name | login | |
| Name format | Unspecified | Unspecified | Unspecified |
| Value | user.firstName | user.login | user.email |
6. Under Group Attribute Statements, enter the values as described below.
Group attribute statements values
| Group Attribute Statements | |
|---|---|
| Name | groups |
| Name format | Unspecified |
| Filter | Choose Matches regex and set the value to .*. |
7. In the Feedback dialog, select Finish to confirm the creation of the SonarCloud application.
Step 2: Set up the group synchronization
In Okta:
- Go to the Assignments tab of the SonarCloud application and assign the user groups to the SonarCloud application.
- Enable the group synchronization in the SonarCloud application:
- Go to SAML > Provisioning.
- In the SAML group attribute field, enter
groups(Name value of the Group Attribute Statements)
Retrieving the SAML SSO information of the application
To retrieve the information required when configuring SAML SSO in SonarCloud (second step of the SAML SSO setup):
- In Okta, go to the Sign On tab of the SonarCloud application.
- Next to the SAML Signing Certificates subsection, select the View SAML setup instructions button.
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
