SonarQube Cloud | Administering SonarQube Cloud | Managing the user accounts | Authentication and provisioning | DevOps platform authentication

DevOps platform service authentication (DOP)

Just-in-Time user provisioning is used.
When a user signs up with SonarQube Cloud for the first time through their DevOps platform (DOP), their DOP user account is automatically created in SonarQube Cloud.
The automatic member synchronization is supported with GitHub. See GitHub member synchronization.

When creating a new user login, SonarQube Cloud systematically adds a random suffix to the login name to manage user misidentification risk.

When setting up API-based automations related to users, don't use the login field to retrieve a user. Use the email field instead.

Technical details

Primary authentication on the system is available through the SonarQube Cloud GitHub application and OAuth authentication with Bitbucket Cloud, Microsoft Azure DevOps, and GitLab. As a consequence, users don't have a password specific to SonarQube Cloud itself but are protected to the level provided by the code repository platform.

Azure DevOps service authentication

The following applies for Azure DevOps service authentication in SonarQube Cloud:

ID tokens are used.
Both personal and organizations accounts are supported (the multi-tenant endpoint is used).
The following permissions are required:
- On MS Graph: User.read / Delegated
- On AAD Graph: User.read / Delegated

Administering your users

Was this page helpful?

DevOps platform service authentication (DOP)

On this page

.css-215hmj{position:relative;--tw-text-opacity:1;color:rgb(0 0 0 / var(--tw-text-opacity, 1));}User login format.css-abpesc{width:2rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-abpesc:hover{fill:#290042;}

Technical details

Azure DevOps service authentication.css-p7dib0{width:1.75rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-p7dib0:hover{fill:#290042;}

Related pages

User login format

Azure DevOps service authentication