With the Okta Express Configuration, you can set up SSO in your SonarQube Cloud enterprise with just a few clicks.
This feature is available in the Enterprise plan.
You must be an admin of your SonarQube Cloud enterprise and Okta administrator within your Okta tenant.
SP-initiated SSO (Single Sign-On)
IdP-initiated SSO (through Okta dashboard)
Just-In-Time provisioning
In the Okta Admin Console, go to Applications > Applications.
Select Browse App Catalog.
Search for SonarQube and select SonarQube Cloud.
Select Add Integration.
On the General Settings page, enter a label for the integration, for example, SonarQube Cloud.
Select Done.
In Okta, go to the Sign On tab of your SonarQube Cloud integration and select Express Configure SSO & UL.
You are prompted for your Sonar Express Configuration ID.
Enter your Sonar Express Configuration ID, in the following format org-<enterprise-uuid> . You can retrieve the ID from SonarQube Cloud:
In SonarQube Cloud, retrieve your enterprise.
Go to Administration > SSO & Provisioning. The SSO & Provisioning page opens.
Expand the Single sign-on section and select Okta Express Configuration.
Copy the Sonar Express Configuration ID and paste it into the Sonar Express Configuration ID window. Select Continue.
SonarQube Cloud authentication page opens with options to login. Make sure you login using the DevOps platform that is linked to your SonarQube Cloud enterprise admin account.
Authorize the app as a SonarQube Cloud enterprise administrator. This creates a SSO connection in your SonarQube Cloud enterprise.
Review the permissions requested and select Accept to authorize the connection. Once authorization is complete, you are redirected back to Okta. The SSO and Universal Logout configuration is applied automatically. See the Universal Logout section for more information.
In Okta, go to the Sign On tab of your SonarQube Cloud integration.
In Settings > Sign on methods, select the link Configure profile mapping.
Close the dialog to open the Profile Editor page.
Select the Add Attribute button. The Add Attribute dialog opens.
In the dialog, set the following parameters:
Data type: Select string array
Display name: Enter Groups
Variable name: Enter userGroups
Enum: not selected
Attribute required: Select Yes
Attribute type: Select Group
Group Priority: Select Use Group Priority
Select Save. The group's attribute is added.
Select the Mappings button. The User Profile Mappings dialog opens.
Select the tab Okta User to <SonarQube Cloud integration>.
Enter the following expression:
user.getGroups({'group.profile.name': '.*'}).![name]To preview the attribute for your application enter the Okta user name in the preview textbox. The preview shows groups that the user belongs to in Okta.
Click Exit Preview.
Select Save Mappings and then Apply updates.
As the assigned test user, sign into the Okta dashboard.
Select the SonarQube Cloud app tile. The name of the app is what you have configured for its label in Add the SonarQube Cloud integration in Okta.
Verify that you are signed in to SonarQube Cloud without being prompted for additional credentials.
Navigate to your SonarQube Cloud login page.
Select the SSO option.
Enter the enterprise key.
Verify that you are redirected to Okta for authentication and then signed into SonarQube Cloud.
You have to set up SCIM provisioning from the SonarQube Cloud assistant. See Set up SCIM for details.
See Complete SSO setup for more information.
The Universal Logout is not supported by the SonarQube Cloud app in Okta. However, SonarQube Cloud will disconnect your session as follows:
The session closes after 90 days, if the user is active.
The session closes after 24 hours, if the user is idle.
Last updated
Was this helpful?
Was this helpful?