Start FreeLogin

Importing Azure DevOps organization

This page helps you understand how to import your Azure DevOps organization into SonarQube Cloud and explains prerequisites and key procedures.

When you import an Azure DevOps organization to SonarQube Cloud, the corresponding Organization is created in SonarQube Cloud and is bound to the DevOps platform organization. Each SonarQube Cloud organization corresponds one-to-one with an Azure DevOps organization. See Binding with the DevOps platform for more information.

SonarQube Cloud does not support linking an organization to more than one DevOps platform. If you want to link to more than one, you will need to create a separate organization to link to each DevOps platform.

The user account you used for the import is automatically assigned to the organization’s owners group which grants you administration rights on the organization. See User group concept for more details.

You cannot unbind nor change the binding of an organization bound on Azure DevOps.

Prerequisites

You must be an administrator of the Azure DevOps organization.

In SonarQube Cloud, each organization is assigned a subscription plan. Before importing your organization, choose the subscription plan suited to your needs. See Subscription plans for more information. In particular, determine the number of Lines of Code (LOC) you need. See LOC-based pricing for more details.

Step 1: Create a PAT on the Azure organization

SonarQube Cloud uses an Azure DevOps user account to import your Azure DevOps organization and repositories. You must provide a Personal Access Token (PAT) from this account. The PAT will be stored in the respective SonarQube Cloud organization. We highly recommend that you use a dedicated technical user account in Azure DevOps.

Be aware of the following PAT failure points:

  • Azure PATs require an expiration date. Check the Microsoft documentation for details when creating your PAT.

  • Azure requires that a user log in every 30 days, or it automatically kills a PAT; this action may cause your related pipeline to fail. Here is an Azure Q&A on this topic.

Creating a technical user account

We highly recommend that you use a dedicated technical user account in Azure DevOps to manage the integration with SonarQube.

  • Do not set the technical user’s account with a Stakeholder access type. Use the Basic access type instead. (Users with the Stakeholder access type can have problems finding their repos when trying to analyze projects.)

  • We recommend that you add the account to the Contributors security group.

See the Azure documentation for more information about access levels.

Generating your Azure PAT

1. Log in to Azure DevOps with the technical user account created before.

2. Go to your Azure DevOps organization User settings > Personal access tokens and select + New token.

3. On the next page, under Scopes, make sure that you specify at least the scope Code > Read & write.

4. Click Create to generate the token.

5. When the personal access token is displayed, copy it (you will have to paste it to SonarQube’s configuration record as described below).

  • If you create a project manually, you can set the Azure PAT at the project level but this is not recommended. You should create a bound organization and make sure that the PAT is entered only at the organization level, not at the project level. The project-level field should be left blank.

  • If you need to change the PAT stored in the SonarQube Cloud organization, see Changing organization settings for more information.

Step 2: Import your Azure organization

To import your Azure organization to SonarQube Cloud:

  1. Log in to SonarQube Cloud with your Azure DevOps account. If you’re a member of an enterprise, you may use any of your DevOps Platform accounts or your SSO account. In that case, see Using multiple accounts for important insights.

  2. At the top right of the SonarQube Cloud interface, select the ✚ (plus) menu and select Create new organization. The Create an organization page opens.

  3. Under Import from a DevOps platform, select the Azure DevOps button.

  4. Follow the instructions.

  5. Paste the PAT you created in Step 1 to Personal Access Token,.

  6. Select Continue.

  7. In Import organization details, SonarQube Cloud suggests a Name and Key for your SonarQube Cloud organization. The key is unique across all organizations within SonarQube Cloud. You can accept the suggestion or change it manually. The interface will prevent you from changing it to an already existing key.

  8. Select Add additional info to add:

    • An avatar: a small image representing the organization and displayed on the UI near the organization name.

    • A description of the organization.

    • A URL: the URL of the homepage of the organization displayed on the UI.

  9. In Choose a plan, select the subscription plan for your organization. See Subscription plans for more details.

  10. If you selected a paid plan, select the number of Lines of Code (LOC) for your plan and follow the instructions to enter your billing and payment information.

  11. Select Create Organization. The organization is created and opened in SonarQube Cloud.

If the import fails because the organization already exists in SonarQube Cloud and you’ve lost administrator access to this organization, send a request to [email protected] with all the necessary details.

Related pages

PreviousImporting GitLab groupNextCreating organization manually

Last updated

Was this helpful?