Start FreeLogin

SAML SSO with Entra ID

This page explains how to configure SAML SSO in your enterprise with Microsoft Entra ID while using SonarQube Cloud's setup assistant.

To set up SAML SSO with Microsoft Entra ID, first open the SSO setup assistant as described below:

  1. Retrieve your enterprise. See Managing your enterprise for more details.

  2. Select Administration > Single Sign-On. The Single Sign-On page opens.

  3. Select Open Configuration and then Get started. The setup assistant opens.

  4. Select Custom SAML.

  5. Follow the steps described below.

  • Group synchronization doesn’t work with Microsoft Entra ID’s nested groups.

  • Microsoft Entra ID’s SAML tokens have a limit regarding the number of groups a user can belong to (see the description of groups in the Claims in SAML Token table). In such cases, you might need to reduce the number of groups the user is in.

Step 1: Create the SonarQube Cloud application in Microsoft Entra ID

1. In Microsoft Entra ID, go to Applications > Enterprise applications > All applications.

2. Select New application and then Create your own application.

Make sure you choose Create your own application. Do not select the non-affiliated Sonarqube Microsoft Entra Gallery app, which contains configurations that may prevent proper integration.

3. Fill in the name and select the Integrate any other application you don’t find in the gallery option.

4. Select Create.

5. From the Manage section of the SonarQube Cloud application, go to Single sign-on > SAML.

6. In the Basic SAML Configuration section, select Edit, fill in the Identifier and the Reply URL fields as described below, and save.

Identifier and Reply URL fields
Field
Description

Identifier

Copy-paste the Service Provider Identity ID field value from the setup assistant.

Reply URL

Copy-paste the Single Sign-On URL field value from the setup assistant.

5. In the setup assistant, select Next to go to the step 2. Configure Connection.

Step 2: Configure the connection

  1. In your SonarQube Cloud application in Microsoft Entra ID, go to SAML Certificates. Copy the value of the App Federation Metadata Url field and paste it into the Metadata URL field in the Automatic tab of the setup assistant page.

  2. In the assistant, select Create Connection and Proceed. SonarQube Cloud is trying to connect to your Identity Provider. If the connection is established, the assistant moves to step 3. Attribute Mapping.

Step 3: Set up the attributes

1. In the Attributes & Claims section of your SonarQube Cloud application in Microsoft Entra ID, configure the attributes used by SonarQube Cloud as described below. To add an attribute, select Add new claim.

Attributes
Attribute name
Source attribute
Description

Mapping for name

Copy-paste from the assistant.

givenname or your own user name attribute

The full name of the user.

The default list of attributes includes givenname (last name) and surname (first name). If you prefer to show the full name, you must create a new claim in MS Entra ID.

Mapping for login

Copy-paste from the assistant.

userprincipalname

A unique name to identify the user in SonarQube Cloud.

Mapping for email

Copy-paste from the assistant.

mail

The email of the user.

2. Select Add a group claim, and configure the group attribute as described below. Once done, the option to add a group will be unavailable and the group attribute will be listed with the other attributes in the Add new claim tab.

Group attribute

The group attribute is used for automatic group synchronization.

Parameter or option
Value

Group Claims

Groups assigned to the application

Source attribute

Cloud-only group display names or (if using on-prem Active Directory for group synchronisation) sAMAccountName

Emit group name for cloud-only groups

• If using sAMAccountName: select the option

• Otherwise: ignore the option

Advanced options > Customize the name of the group claim > Name

groups (copy-paste from the setup assistant)

When you add your new group claims, they will appear on the Microsoft Azure Attributes & Claims page.

3. In the assistant, select Next to go to the step 4. Test SSO.

Step 4: Test SSO

Select the Test Connection button. The test is started and the results are displayed on the page as illustrated below.

Before you finish step 2 configuring your connection using SonarQube Cloud’s setup assistant, test and enable your configuration.

If the test was successful, select Done.

Related pages

PreviousSAML SSO with OktaNextStep 3: Invite users to sign in

Last updated

Was this helpful?