Start FreeLog in
SonarCloud | Administering your SonarCloud | Managing your user accounts | Setting up SAML Single Sign On | Registering SonarCloud in IdP | Okta

Registering SonarCloud in Okta

On this page

This page explains how to register SonarCloud in Okta. This is the first step of SAML SSO setup with Okta. For an overview of the complete setup, see Transitioning your enterprise to SAML SSO.

Step 1: Create the SonarCloud application

1. In Okta, under Applications, select Create App Integration.

2. In the Sign-in Method dialog, select SAML 2.0.

3. Select Create.

4. Fill in the fields and options as described below in the various steps.

Steps' fields and options
StepField or optionDescription
General settingsApplication label

SonarCloud application name. 

Example: SonarCloud.


Do not display application icon to usersSelect this option. (This is because SonarCloud doesn't support IdP-initiated SSO).
SAML settingsSingle sign on URL

Copy-paste the SSO URL field from the SonarCloud UI. To do so:

  1. Retrieve your SonarCloud enterprise.
  2. Select Administration > SAML Single Sign On (SSO).
  3. Select the copy tool at the far right of the SSO URL field.
  4. Paste the field value in Okta.

Audience URI (SP Entity ID)Copy-paste the SP Identity ID field from the SonarCloud UI. Proceed as explained for the SSO URL field above.

ResponseSelect Signed.

Assertion SignatureSelect Signed.

Signature AlgorithmSelect RSA-SHA256.
SAML settings: Advanced settings
If you want to enable assertion encryption, expand Show Advanced Settings 

Assertion EncryptionSelect Encrypted.

Encryption AlgorithmSelect AES256-GCM for high security.

Key Transport Algorithm Select RSA-OAEP.

Encryption CertificateThe public X.509 certificate used by the identity provider to authenticate SAML messages.

5. Under Attribute Statements, add three attribute mappings as described below.

Attribute statements mappings

Mapping for nameMapping for loginMapping for email (optional)
Namenameloginemail
Name formatUnspecifiedUnspecifiedUnspecified
Valueuser.firstNameuser.loginuser.email

6. Under Group Attribute Statements, enter the values as described below.

Group attribute statements values

Group Attribute Statements
Namegroups
Name formatUnspecified
FilterChoose Matches regex and set the value to .*.

7. In the Feedback dialog, select Finish to confirm the creation of the SonarCloud application.

Step 2: Set up the group synchronization

In Okta:

  1. Go to the Assignments tab of the SonarCloud application and assign the user groups to the SonarCloud application. 
  2. Enable the group synchronization in the SonarCloud application: 
    • Go to SAML > Provisioning.
    • In the SAML group attribute field, enter groups (Name value of the Group Attribute Statements)

Retrieving the SAML SSO information of the application

To retrieve the information required when configuring SAML SSO in SonarCloud (second step of the SAML SSO setup):

  1. In Okta, go to the Sign On tab of the SonarCloud application.
  2. Next to the SAML Signing Certificates subsection, select the View SAML setup instructions button.

Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License