Start FreeLog in
SonarCloud | Administering your SonarCloud | Managing your user accounts | Setting up SAML Single Sign On | Transitioning to SAML SSO

Was this page helpful?

Transitioning your enterprise to SAML SSO

On this page

With the enterprise plan, you can transition your enterprise to SAML SSO.

Proceed as follows: 

  1. Verify the user groups of the enterprise’s organizations to ensure proper user onboarding: see below.
  2. Register SonarCloud in the SAML identity provider.
  3. Configure SAML SSO for your enterprise in SonarCloud. This step must be performed by an enterprise admin. 
  4. Test the SSO connection.
  5. Send the SSO login URL to invite enterprise users to sign in to SonarCloud with SSO. Once they have signed in, their SAML SSO account is created in SonarCloud and they have access to their organization(s) through the automatic group synchronization with the identity provider. They should:
    • Check that they have access to their organization(s) and can perform their tasks as before. 
    • Generate their analysis tokens with their SAML SSO account. (They can still use their DevOps platform service (DOP) account tokens to execute analysis). 
  6. Sign up with SonarCloud by using the enterprise’s SSO log in URL. Your SAML SSO account is created. 
  7. Sign in to SonarCloud with your DOP account and grant your SAML SSO account the Administer Enterprise permission.
  8. Once the enterprise users have successfully transitioned to SAML SSO, you can remove their DOP accounts from the organizations and the users can delete their DOP account. We recommend that you don’t remove the admin DOP accounts since, with a SAML SSO account, you currently cannot bind a SonarCloud organization with the corresponding DOP organization. 

Verifying the user groups of the enterprise's organizations

To ensure that the automatic group synchronization can take place properly, verify that:

  • The user groups defined in your IdP service exist in the relevant organizations of your SonarCloud enterprise (i.e. a group with the same name exists in the relevant organization(s)).
  • The user groups in SonarCloud have the correct permissions. To manage the user groups in SonarCloud, see Managing the user groups in your organization.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License