> For the complete documentation index, see [llms.txt](https://docs.sonarsource.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/complete-setup.md).

# Invite users to sign in

After configuring Single Sign-On (SSO), complete your setup by verifying your domain, configuring your recovery account, setting up one-click access, and inviting users to sign in. Domain verification can be done during SSO setup or after it's already configured.

After configuring Single Sign-On (SSO), set up one-click access, invite users to sign in, and finalize your SSO setup.

{% hint style="warning" %}
If you don't use SCIM provisioning, create or verify first the user groups in SonarQube Cloud if not already done. See [Before setting up SSO and provisioning](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/before-you-start.md#managing-groups-in-sonarqube-cloud-if-using-jit-provisioning).
{% endhint %}

## Step 1: Configure one-click access

SonarQube Cloud uses the Service Provider (SP) initiated SSO (**IdP-initiated SSO is not supported** except through the Okta dashboard if you set up SSO through the Okta Express Configuration). It means that SSO users must go to the login page of SonarQube Cloud.

{% hint style="info" %}
Make sure to [verify your company's email domain](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/verify-domain.md) to avoid one-time email verification during SSO login.
{% endhint %}

If you want to use a shortcut link to access the SSO login, use `https://sonarcloud.io/login/sso?enterprise_key=<enterprise_key>`. You can copy this link directly from SonarQube Cloud as follows:

1. Retrieve your enterprise. See [Retrieving and viewing your enterprise](/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise.md) for more details.
2. Go to **Administration** > **SSO & Provisioning**.
3. Expand the **Single sign-on** section and select **Copy link** in front of the **Configure one-click access** field.

## Step 2: Invite users to sign in

You can now invite users to sign in to SonarQube Cloud with SSO. To do so, send them the login URL of your enterprise.

To retrieve the login URL of your enterprise:

1. Retrieve your enterprise. See [Retrieving and viewing your enterprise](/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise.md) for more details.
2. Go to **Administration** > **SSO & Provisioning**.
3. Expand the **Single sign-on & Domain verification** section and select **Copy link** in front of the **Invite users to sign in** field. You can now paste the copied URL to your invite message.

<figure><img src="/files/g4osmkAfx58B3gEAhGUe" alt="Select Copy link."><figcaption></figcaption></figure>

4. Users should check that they have access to their organization(s) in SonarQube Cloud. If they used the DevOps platform service authentication before, they should check that:
   * They can perform their tasks as before.
   * If using Personal Access Tokens (PAT): They can generate their analysis tokens with their SSO account. (They can still use their DevOps platform service (DOP) account tokens to execute analysis as long as their DOP account still exists). Note that from the Team plan, it's highly recommended to use Scoped Organization Tokens (SOT) instead of PATs.

## Step 3: Terminate

1. Sign in to SonarQube Cloud with your DevOps Platform (DOP) account and grant your SSO account the Administer Enterprise permissions. See [Managing the enterprise-related permissions](/sonarqube-cloud/administering-sonarcloud/managing-enterprise/managing-the-enterprise-related-permissions.md) for more details.
2. If you transitioned from a DevOps platform authentication service to SSO, you can remove the end users’ DOP accounts from the SonarQube Cloud organizations (see [Adding organization members](/sonarqube-cloud/administering-sonarcloud/managing-organization/users-and-permissions/organization-members.md)) and these users can delete their DOP account within SonarQube Cloud (see [Deleting your account](/sonarqube-cloud/managing-your-account/deleting.md)).

{% hint style="warning" %}
We recommend that you keep at least one or a few admin or service user accounts in the DevOps Platform. This is especially crucial if you use Bitbucket Cloud, as you are currently unable to link a SonarQube Cloud organization with a Bitbucket Cloud workspace using an SSO account.
{% endhint %}

3. Sign in to SonarQube Cloud with SSO and configure your recovery account for your enterprise. See [Recovery account for SSO](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/recovery-account.md) for more details.

{% hint style="warning" %}
This step is strongly advised for all enterprise administrators in order to be able to recover access to your enterprise in case SSO login becomes unavailable.
{% endhint %}

## Related pages

* [Before setting up SSO and provisioning](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/before-you-start.md)
* [Set up SSO](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/set-up-sso.md)
* [Set up SCIM](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/set-up-scim.md)
* [Domain verification](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/verify-domain.md)
* [Recovery account for SSO](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/recovery-account.md)
* [Editing or deleting SSO configuration](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/edit-or-delete-sso-setup.md)
* [Troubleshooting SSO and provisioning](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/troubleshooting.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/complete-setup.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.