Administering your users

This article describes how to onboard, manage permissions and delete user accounts in SonarQube Cloud.

Onboarding users

Whether through a DevOps platform or an SSO identity provider, when users first sign up with SonarQube Cloud, their account is automatically created in SonarQube Cloud.

At login time, users are automatically added to organizations in the following cases:

With a DevOps platform (DOP) service, through the GitHub member synchronization. In this case, you cannot add DOP users manually.
In an SSO-enabled enterprise, through group synchronization wiht the identity provider. You cannot add SSO users manually.

Otherwise, you must manually add the DOP users to their organization, see Adding organization members for more information.

In an SSO-enabled enterprise, DOP users can be added manually to organizations.

Managing the user permissions

As an organization admin, you can set:

The organization-level permissions, see Adding organization members for more information.
The default project-level permissions, see Using permission templates for more information.

Viewing audit logs

This feature is available with the Enterprise license.

As an Enterprise admin, you can access audit logs through the Audit logs API. To authenticate to the Web API, see Web API.

Audit logs are retained for 180 days.

List of logged events

Event type

Description

For more details

authentication.user_login

An SSO user logs in to SonarQube Cloud.

authentication.user_logout

An SSO user logs out of SonarQube Cloud.

user.create

An SSO user account is created.

user.remove

An SSO user account is removed.

permission_template.create

An organization admin creates a permission template.

Using permission templates

permission_template.delete

An organization admin deletes a permission template.

Using permission templates

org.add_user

A user is added to an organization.

org.remove_user

A user is removed from an organization.

org.add_group

A group is created in the organization.

User group concept

org.remove_group

A group is removed from the organization.

User group concept

org.add_permission

An organization-related permission is added to a user or group.

Managing organization permissions #Permissions related to an organization

org.remove_permission

An organization-related permission is removed from a user or group.

Managing organization permissions #Permissions related to an organization

org.membersync_enabled

An organization admin enables the GitHub member synchronization.

GitHub member synchronization

org.membersync_disabled

An organization admin disables the GitHub member synchronization.

GitHub member synchronization

portfolio.add_permission

A portfolio admin adds a portfolio-related permission to a user or group.

Administering portfolios #Permissions

portfolio.remove_permission

A portfolio admin removes a portfolio-related permission from a user or group.

Administering portfolios #Permissions

project.apply_permission_template

A project admin applies a permission template to their project.

Setting user permissions #Updating or resetting the permissions of your project

project.add_permission

A project admin adds a project-related permission to a user or group.

Setting user permissions #Permissions related to a project

project.remove_permission

A project admin removes a project-related permission from a user or group.

Setting user permissions #Permissions related to a project

group.create

A group is created in an organization.

User group concept

group.remove

A group is removed from an organization.

User group concept

Deleting a DOP account

You can only delete your own account, see Deleting your account. If you want to delete another user’s DevOps platform (DOP) account:

If the GitHub member synchronization is used, remove the user from the GitHub organization.
Otherwise, remove the user’s DOP account from the SonarQube Cloud organizations they are a member of, see Adding organization members.

Deleting an SSO account

You can only delete your own account, see Deleting your accountfor more details.

To prevent an SSO user from logging in to your SonarQube Cloud organizations, remove their access rights from the identity provider.

Enabling/disabling the GitHub member synchronization

When you import a GitHub organization to SonarQube Cloud, GitHub member synchronization is enabled by default. If you disable it, members will no longer be added or removed automatically and membership in GitHub-based organizations must be managed manually, as it is with other repository platforms.

When you enable synchronization manually, members of the SonarQube Cloud organization who aren’t members of the corresponding GitHub organization will be removed from the organization.

To enable/disable the GitHub member synchronization for your organization:

Retrieve your organization. See Retrieving your organizations for more details.
Open the Members page.
Select Configure synchronization. The Members Management dialog opens.
Select the manual or automatic option and Save.

PreviousTroubleshooting SSO connection NextManaging Scoped Organization Tokens

Last updated 23 days ago

Was this helpful?