Step 3: Invite users to sign in

Once the SSO connection has been established, you can invite users to sign in to SonarQube Cloud with SSO by sending them the enterprise’s login URL.

Once you have verified the user groups in your enterprise (Step 1: Verify the user groups) and mapped properly the group attributes in your IdP (Step 2: Configure SSO), you can invite users to sign in to SonarQube Cloud with SSO. To do so, send them the login URL of your enterprise.

SonarQube Cloud uses the Service Provider (SP) initiated SSO (Idp-initiated SSO is not supported). It means that SSO users must go to the login page of SonarQube Cloud.

When users sign in with SSO for the first time, their SSO account is created in SonarQube Cloud and they have access to their organization(s) through the automatic group synchronization with the identity provider. They should:

Check that they have access to their organization(s) and can perform their tasks as before.
If using Personal Access Tokens (PAT): generate their analysis tokens with their SSO account. (They can still use their DevOps platform service (DOP) account tokens to execute analysis as long as their DOP account still exists). Note that from the Team plan, it's highly recommended to use Scoped Organization Tokens (SOT) instead of PATs.

To retrieve the login URL of your enterprise:

Retrieve your enterprise. See Managing your enterprise for more details.
Select Administration > Single Sign-On. The Single Sign-On page opens.
Select the copy tool at the right of the Log in URL field. You can now paste the copied URL to your invite message.

Step 1: Verify the user groups Step 2: Configure SSO Step 4: Terminate SSO setup Editing SSO configuration Deleting SSO configuration

PreviousSAML SSO with Entra ID NextStep 4: Terminate SSO setup

Last updated 5 days ago

Was this helpful?

Good afternoon

Related pages