SSO authentication

With the Enterprise plan, you can transition your SonarCloud users to Single Sign On (SSO) with any SAML identity provider (IdP).

The SonarQube Cloud Enterprise plan supports a transition from the DevOps platform authentication mode to Single Sign On (SSO) with any identity provider (IdP) that supports SAML. SonarQube Cloud uses the Service Provider (SP) initiated SSO. See the Introduction to Enterprise plans for more information about these and other supported features.

With SSO you benefit from:

Increased security and a single source of truth for user authentication.
Automatic group synchronization.
Just-in-Time user provisioning; when a users sign up with SonarQube Cloud with SSO for the first time, their SSO user account is automatically created in SonarQube Cloud.

SSO is set up for a given enterprise, see Setting up your enterprise for more details. At SSO login time, users select the enterprise they want to access.

When creating a new user login, SonarQube Cloud systematically adds a random suffix to the login name to manage user misidentification risk.

When setting up API-based automations related to users, don’t use the login field to retrieve a user. Use the email field instead.

Limitations

In an SSO-enabled enterprise:

SSO users cannot be added to organizations outside of their enterprise.
The GitHub member synchronization is disabled on any organization of the enterprise.
Currently, an SSO user cannot bind a SonarQube Cloud organization to its corresponding Bitbucket Cloud workspace. They must use their DevOps platform (DOP) account to perform the binding.

Introduction to Setting up SSO authentication
Administering your users

PreviousDevOps platform authentication NextGitHub member synchronization

Last updated 17 days ago

Was this helpful?

User login format

Limitations

Related pages