circle-exclamation
We've updated our static IP addresses. GitHub Enterprise users should update their allowlists.
chevron-right
search
Start FreeLogin

About SCIM provisioning

If Single Sign-On (SSO) is used in your SonarQube Cloud enterprise for user authentication, you can set up SCIM to automate provisioning.

SCIM provisioning is a beta feature, subject to the terms herearrow-up-right.

SCIM provisioning is the automated process that creates, synchronizes, and deletes users and associated data across multiple systems. Based on standardized protocols for data exchange, it ensures consistency in user identities between your identity provider and SonarQube Cloud.

SCIM provisioning is supported with any identity provider.

hashtag
Supported provisioning operations

Currently, only the following operations are supported: a user is removed from the identity provider or their account is deactivated. These operations enforce a user deprovisioning in SonarQube Cloud as follows:

  • All the user’s active sessions are revoked.

  • The user’s SonarQube Cloud’s SSO account is deleted.

  • The user’s personal access tokens are revoked.

circle-info

Automatic group provisioning is enabled through the SSO’s automatic group synchronization.

hashtag
SCIM provisioning flow

The SCIM provisioning flow with SonarQube Cloud is as follows:

  1. The admin performs a provisioning operation in their identity provider, e.g. the admin deletes a user.

  2. The identity provider sends a SCIM request to SonarQube Cloud.

  3. SonarQube Cloud interprets the request, e.g. SonarQube Cloud de-provisions the user.

When an admin deletes a user in their identity provider, the identity provider sends a SCIM request to SonarQube Cloud that deprovisions the user.

hashtag
Related pages

PreviousSCIM provisioningNextSetting up SCIM provisioning

Last updated

Was this helpful?