Start FreeLog in
SonarCloud | Administering your SonarCloud | Managing your user accounts | User management concepts | SAML SSO user accounts

SAML SSO user accounts

On this page

With the Enterprise plan, you can transition from the DevOps platform authentication mode to Single Sign On (SSO) with any identity provider (IdP) that supports SAML. SonarCloud uses the Service Provider (SP) initiated SAML. 

With SSO you benefit from:

  • Increased security and a single source of truth for user authentication.
  • Automatic group synchronization.

SAML SSO is set up for a given enterprise (see Setting up your enterprise). At SSO login time, users select the enterprise they want to access.

Just-In-Time provisioning

When a user signs up with SonarCloud with SSO for the first time, their SAML SSO user account is automatically created in SonarCloud.

Automatic group synchronization

Groups are used in SonarCloud to manage the user permissions.

With the automatic group synchronization:

  • A SAML SSO user in SonarCloud is automatically added to an organization's group within the enterprise if the user is a member of a group with the same name in the IdP. (The check is case-sensitive and excludes the organization’s default Members group.)
  • The SAML SSO users added to a SonarCloud user group become members of the respective organization.

Limitations

In a SAML-SSO-enabled enterprise:

  • For data protection reasons, SAML SSO users cannot be added to organizations outside of their enterprise. 
  • The GitHub member synchronization is disabled on any organization of the enterprise.
  • Currently, a SAML SSO user cannot bind a SonarCloud organization to its corresponding DevOps platform (DOP) organization. (They must use their DOP account to perform the binding.)

Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License