DevOps platform authentication

By default, users can authenticate to SonarQube Cloud with their existing credentials on their DevOps platform service (DOP). No additional setup is required.

With the DevOps platform service authentication:

Just-in-Time user provisioning is used. When a user signs up with SonarQube Cloud for the first time through their DevOps platform (DOP), their DOP user account is automatically created in SonarQube Cloud.
The automatic member synchronization is supported with GitHub. See GitHub member synchronization for more information.

When creating a new user login, SonarQube Cloud systematically adds a random suffix to the login name to manage user misidentification risk.

When setting up API-based automations related to users, don’t use the login field to retrieve a user. Use the email field instead.

Technical details

Primary authentication on the system is available through the SonarQube Cloud GitHub application and OAuth authentication with Bitbucket Cloud, Microsoft Azure DevOps, and GitLab. As a consequence, users don’t have a password specific to SonarQube Cloud itself but are protected to the level provided by the code repository platform.

Azure DevOps service authentication

The following applies for Azure DevOps service authentication in SonarQube Cloud:

ID tokens are used.
Both personal and organizations accounts are supported (the multi-tenant endpoint is used).
The following permissions are required:
- On MS Graph: User.read / Delegated
- On AAD Graph: User.read / Delegated

Administering your users

PreviousAuthentication and provisioning NextSSO authentication

Last updated 7 days ago

Was this helpful?

User login format

Technical details

Azure DevOps service authentication

Related page