# Step 3: Map your groups to organizations

Only groups that are both assigned to the SonarQube Cloud application in your identity provider and manually mapped to SonarQube Cloud organizations will be provisioned by SCIM. The following applies:

* The same group can be mapped to several organizations.
* You can update the group mapping anytime. 

{% hint style="info" %}
Upon completion of this step, the groups will be created within your SonarQube Cloud organizations. Should a group with an identical name already exist, the members specified in your identity provider will be added to the existing group and any existing SSO member will be overwritten by the new member list. See also [#special-case-of-existing-groups-with-non-sso-users](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/about/scim#special-case-of-existing-groups-with-non-sso-users "mention").
{% endhint %}

## Mapping all groups to all organizations

You can map all groups to all organizations in one click. If necessary, you can then refine the mapping as explained below in [#defining-a-custom-mapping](#defining-a-custom-mapping "mention").  

Proceed as follows:

1. Make sure the user groups are assigned to the SonarQube Cloud application in your identity provider. 
2. Retrieve your enterprise. For more information, see [retrieving-and-viewing-your-enterprise](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise "mention"). 
3. Go to **Administration** > **SSO & Provisioning**.

<figure><img src="broken-reference" alt="Select the Map Groups button."><figcaption></figcaption></figure>

4. In **Provisioning (SCIM)**, select the **Map groups** button. The button is only available if you have set up SSO and provisioning properly.\
   The **Group mapping** page opens.

<figure><img src="broken-reference" alt="Select the Map all button."><figcaption></figcaption></figure>

5. In the top right corner, select the **Map all** button. A confirmation dialog opens.
6. Confirm. The mapping is started and may take several minutes. Don’t leave the page as long as the mapping is in progress.\
   Once the mapping is complete, a **Mapping complete** dialog is displayed.
7. Close the dialog. All groups are mapped to all organizations.&#x20;

## Defining a custom mapping

1. Make sure the user groups are assigned to the SonarQube Cloud application in your identity provider.&#x20;
2. Retrieve your enterprise. For more information, see [retrieving-and-viewing-your-enterprise](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise "mention").&#x20;
3. Go to **Administration** > **SSO & Provisioning**.
4. In **Map IdP groups to organizations**, select the **Map groups** button. The button is only available if you have set up SSO and provisioning properly.\
   The **Group mapping** page opens.
5. In the **SonarQube Organizations** panel (a), select the organization you want to map.
6. In the **Map IdP groups to \<organization>** table (b), select the groups you want to map to your organization. You can filter the groups by using the **Search IdP groups** field. Toggle the selection of all groups by clicking the checkbox next to **Group** in the table header.
7. Select **Save changes** (c). A confirmation dialog opens.

<figure><img src="broken-reference" alt="Select an organization. Then select the groups to be mapped to the organization. Save."><figcaption></figcaption></figure>

8. Confirm the mapping. The mapping is started and may take several minutes. Don’t leave the page as long as the mapping is in progress.\
   Once the mapping is complete, a **Mapping complete** dialog is displayed.

<figure><img src="broken-reference" alt="The SCIM group mapping is in progress. Don&#x27;t leave the page."><figcaption></figcaption></figure>

9. Close the dialog and proceed the same way for each organization.

## Related pages <a href="#related-pages" id="related-pages"></a>

* [saml-sso](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/setup/saml-sso "mention")
* [scim](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/setup/scim "mention")
* [complete-setup](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/setup/complete-setup "mention")
* [update](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/update "mention")
* [edit-or-delete-sso-setup](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/edit-or-delete-sso-setup "mention")
* [troubleshooting](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/troubleshooting "mention")