Start FreeLog in
SonarQube Cloud | Administering SonarQube Cloud | Managing the user accounts | Setting up Single Sign-On | Step 2: Configure SSO | SAML SSO with Entra ID

Configuring SAML SSO with Microsoft Entra ID

On this page

To set up SAML SSO with Microsoft Entra ID, first open the SSO setup assistant as described below:

  1. In SonarQube Cloud, retrieve your enterprise.
  2. Select Administration > Single Sign-On. The Single Sign-On page opens.
  3. Select Open Configuration and then Get started. The setup assistant opens.
  4. Select Custom SAML
  5. Follow the steps described below.

Step 1: Create the SonarQube Cloud application in Microsoft Entra ID

1.  In Microsoft Entra ID, go to Applications > Enterprise applications > All applications.

2. Select New application and then Create your own application.

3. Fill in the name and select the Integrate any other application you don't find in the gallery option.

4. Select Create.

5. From the Manage section of the SonarQube Cloud application, go to Single sign-on > SAML.

6. In the Basic SAML Configuration section, select Edit, fill in the Identifier and the Reply URL fields as described below, and save.

Identifier and Reply URL fields
FieldDescription
IdentifierCopy-paste the Service Provider Identity ID field value from the setup assistant.
Reply URLCopy-paste the Single Sign-On URL field value from the setup assistant. 

5. In the setup assistant, select Next to go to the step 2. Configure Connection.

Step 2: Configure the connection

  1. In your SonarQube Cloud application in Microsoft Entra ID, go to SAML Certificates. Copy the value of the App Federation Metadata Url field and paste it into the Metadata URL field in the Automatic tab of the setup assistant page. 
  2. In the assistant, select Create Connection and Proceed. SonarQube Cloud is trying to connect to your Identity Provider. If the connection is established, the assistant moves to step 3. Attribute Mapping.

Step 3: Set up the attributes

1. In the Attributes & Claims section of your SonarQube Cloud application in Microsoft Entra ID, configure the attributes used by SonarQube Cloud as described below. To add an attribute, select Add new claim

Attributes

Attribute nameSource attributeDescription
Mapping for nameCopy-paste from the assistant.givenname or your own user name attribute

The full name of the user.

The default list of attributes includes givenname (last name) and surname (first name). If you prefer to show the full name, you must create a new claim in MS Entra ID.

Mapping for loginCopy-paste from the assistant.userprincipalnameA unique name to identify the user in SonarQube Cloud. 
Mapping for emailCopy-paste from the assistant.mailThe email of the user.

2. Select Add a group claim, and configure the group attribute as described below. Once done, the option to add a group will be unavailable and the group attribute will be listed with the other attributes in the Add new claim tab.

Group attribute

The group attribute is used for automatic group synchronization.

Parameter or optionValue
Group ClaimsGroups assigned to the application
Source attributeCloud-only group display names or (if using on-prem Active Directory for group synchronisation) sAMAccountName
Emit group name for cloud-only groups
  • If using sAMAccountName: select the option
  • Otherwise: ignore the option
Advanced options > Customize the name of the group claim > Namegroups (copy-paste from the setup assistant)

3. In the assistant, select Next to go to the step 4. Test SSO.

Step 4: Test SSO

Select the Test Connection button. The test is started and the results are displayed on the page as illustrated below.

If the test was successful, select Done


Was this page helpful?

© 2008-2025 SonarSource SA. All rights reserved.

Creative Commons License