Start FreeLogin

SAML SSO with Okta

This page explains how to setup SAML SSO with Okta and SonarQube Cloud's SSO setup assistant.

To set up SAML SSO with Okta, first open the SSO setup assistant as described below:

  1. Retrieve your enterprise. See Managing your enterprise for more details.

  2. Select Administration > Single Sign-On. The Single Sign-On page opens.

  3. Select Open Configuration and then Get Started. The setup assistant opens.

  4. Select Custom SAML. Follow the steps described below.

Step 1: Create the SonarQube Cloud application in Okta

1. In Okta, under Applications, select Create App Integration.

2. In the Sign-in Method dialog, select SAML 2.0.

3. Select Create.

4. Fill in the fields and options as described in the table below.

Step

Field or option

Description

General settings

Application label

SonarQube Cloud application name.

Example**: SonarQube Cloud**.

Do not display application icon to users

Select this option. (This is because SonarQube Cloud doesn’t support IdP-initiated SSO).

SAML settings

Single sign on URL

Copy-paste the Single Sign-On URL field value from the setup assistant.

Audience URI (SP Entity ID)

Copy-paste the Service Provider Identity ID field value from the setup assistant.

Response

Select Signed.

Assertion Signature

Select Signed.

Signature Algorithm

Select RSA-SHA256.

SAML settings: Advanced settings

If you want to enable assertion encryption, expand Show Advanced Settings

Assertion Encryption

Select Encrypted.

Encryption Algorithm

Select AES256-GCM for high security.

Key Transport Algorithm

Select RSA-OAEP.

Encryption Certificate

The public X.509 certificate used by the identity provider to authenticate SAML messages.

5. In the Feedback dialog, select Finish to confirm the creation of the SonarQube Cloud application.

6. In the setup assistant, select Next to go to the step 2. Configure Connection.

Step 2: Configure the connection

  1. In Okta’s SonarQube Cloud application, go to Sign On > Settings > Sign on methods. Copy the value of the Metadata URL field and paste it to the Metadata URL field in the Automatic tab of the setup assistant page.

  2. In the assistant, select Create Connection and Proceed. SonarQube Cloud is trying to connect to your Identity Provider. If the connection is established, the assistant moves to step 3. Attribute Mapping.

Step 3: Set up the attributes

  1. In Okta’s SonarQube Cloud application, go to Sign On and select Edit in the SAML Attributes section.

  2. Add three attribute mappings as described in the table below.

  3. In Group Attribute Statements, enter the values for the groups attribute as described in the table below.

  4. In the assistant, select Next to go to the step 4. Test SSO.

Attribute name

Name format

Value

Filter

Mapping for name

Copy-paste from the assistant.

Unspecified

user.displayName

Mapping for login

Copy-paste from the assistant.

Unspecified

user.login

Mapping for email

Copy-paste from the assistant.

Unspecified

user.email

Mapping for groups

Copy-paste from the assistant.

Unspecified

Select Matches regex and set the value to .*.

The name and group attribute statements your define in Step 3 are visible here.

Step 4: Test SSO

Select the Test Connection button. The test is started and the results are displayed on the page as illustrated below.

Before you finish step 2 configuring your connection using SonarQube Cloud’s setup assistant, test and enable your configuration.

If the test was successful, select Done.

Related pages

PreviousIntroductionNextSAML SSO with Entra ID

Last updated

Was this helpful?