Registering SonarQube Cloud in Okta
This page explains how to register SonarQube Cloud in Okta. This is the first step of SAML SSO setup with Okta. For an overview of the complete setup, see Transitioning your enterprise to SAML SSO.
Step 1: Create the SonarQube Cloud application
1. In Okta, under Applications, select Create App Integration.
2. In the Sign-in Method dialog, select SAML 2.0.
3. Select Create.
4. Fill in the fields and options as described below in the various steps.
Steps' fields and options
| Step | Field or option | Description |
|---|---|---|
| General settings | Application label | SonarQube Cloud application name. Example: SonarQube Cloud. |
| Do not display application icon to users | Select this option. (This is because SonarQube Cloud doesn't support IdP-initiated SSO). | |
| SAML settings | Single sign on URL | Copy-paste the SSO URL field from the SonarQube Cloud UI. To do so:
|
| Audience URI (SP Entity ID) | Copy-paste the SP Identity ID field from the SonarQube Cloud UI. Proceed as explained for the SSO URL field above. | |
| Response | Select Signed. | |
| Assertion Signature | Select Signed. | |
| Signature Algorithm | Select RSA-SHA256. | |
| SAML settings: Advanced settings | If you want to enable assertion encryption, expand Show Advanced Settings | |
| Assertion Encryption | Select Encrypted. | |
| Encryption Algorithm | Select AES256-GCM for high security. | |
| Key Transport Algorithm | Select RSA-OAEP. | |
| Encryption Certificate | The public X.509 certificate used by the identity provider to authenticate SAML messages. |
5. Under Attribute Statements, add three attribute mappings as described below.
Attribute statements mappings
| Mapping for name | Mapping for login | Mapping for email (optional) | |
|---|---|---|---|
| Name | name | login | |
| Name format | Unspecified | Unspecified | Unspecified |
| Value | user.firstName | user.login | user.email |
6. Under Group Attribute Statements, enter the values as described below.
Group attribute statements values
| Group Attribute Statements | |
|---|---|
| Name | groups |
| Name format | Unspecified |
| Filter | Choose Matches regex and set the value to .*. |
7. In the Feedback dialog, select Finish to confirm the creation of the SonarQube Cloud application.
Step 2: Set up the group synchronization
In Okta:
- Go to the Assignments tab of the SonarQube Cloud application and assign the user groups to the SonarQube Cloud application.
- Enable the group synchronization in the SonarQube Cloud application:
- Go to SAML > Provisioning.
- In the SAML group attribute field, enter
groups(Name value of the Group Attribute Statements)
Retrieving the SAML SSO information of the application
When configuring SAML SSO in SonarQube Cloud (second step of the SAML SSO setup) you will need to retrieve values from Okta to set them in SonarQube Cloud. To retrieve the SAML SSO information in Okta:
- In Okta, go to the Sign On tab of the SonarQube Cloud application.
- Next to the SAML Signing Certificates subsection, select the View SAML setup instructions button.
- Copy the Identity Provider Single Sign-On URL value to SonarQube Cloud’s Login URL field
- In X.509 Certificate, download the certificate and upload it to SonarQube Cloud’s X.509 certificate field
- Ensure User Name, User Login, and User Email Attributes are set to their desired values.
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
