Start FreeLog in
SonarQube Cloud | Administering SonarQube Cloud | Managing the user accounts | Setting up Single Sign-On | Step 2: Configure SSO | SAML SSO with Okta

Configuring SAML SSO with Okta

On this page

To set up SAML SSO with Okta, first open the SSO setup assistant as described below:

  1. In SonarQube Cloud, retrieve your enterprise.
  2. Select Administration > Single Sign-On. The Single Sign-On page opens.
  3. Select Open Configuration and then Get Started. The setup assistant opens.
  4. Select Custom SAML. Follow the steps described below.

Step 1: Create the SonarQube Cloud application in Okta

1. In Okta, under Applications, select Create App Integration.

2. In the Sign-in Method dialog, select SAML 2.0.

3. Select Create.

4. Fill in the fields and options as described in the table below.

StepField or optionDescription
General settingsApplication label

SonarQube Cloud application name. 

Example: SonarQube Cloud.


Do not display application icon to usersSelect this option. (This is because SonarQube Cloud doesn't support IdP-initiated SSO).
SAML settingsSingle sign on URLCopy-paste the Single Sign-On URL field value from the setup assistant. 

Audience URI (SP Entity ID)Copy-paste the Service Provider Identity ID field value from the setup assistant.

ResponseSelect Signed.

Assertion SignatureSelect Signed.

Signature AlgorithmSelect RSA-SHA256.
SAML settings: Advanced settings
If you want to enable assertion encryption, expand Show Advanced Settings 

Assertion EncryptionSelect Encrypted.

Encryption AlgorithmSelect AES256-GCM for high security.

Key Transport Algorithm Select RSA-OAEP.

Encryption CertificateThe public X.509 certificate used by the identity provider to authenticate SAML messages.

5. In the Feedback dialog, select Finish to confirm the creation of the SonarQube Cloud application.

 6. In the setup assistant, select Next to go to the step 2. Configure Connection.

Step 2: Configure the connection

  1. In Okta's SonarQube Cloud application, go to Sign On > Settings > Sign on methods. Copy the value of the Metadata URL field and paste it to the Metadata URL field in the Automatic tab of the setup assistant page.
  2. In the assistant, select Create Connection and Proceed. SonarQube Cloud is trying to connect to your Identity Provider. If the connection is established, the assistant moves to step 3. Attribute Mapping.

Step 3: Set up the attributes

  1. In Okta's SonarQube Cloud application, go to Sign On and select Edit in the SAML Attributes section.
  2. Add three attribute mappings as described in the table below. 
  3. In Group Attribute Statements, enter the values for the groups attribute as described in the table below.
  4. In the assistant, select Next to go to the step 4. Test SSO.

Attribute nameName formatValueFilter
Mapping for nameCopy-paste from the assistant.Unspecifieduser.displayName
Mapping for loginCopy-paste from the assistant.Unspecifieduser.login
Mapping for emailCopy-paste from the assistant.Unspecifieduser.email
Mapping for groupsCopy-paste from the assistant.Unspecified
Select Matches regex and set the value to .*.

Step 4: Test SSO

Select the Test Connection button. The test is started and the results are displayed on the page as illustrated below.

If the test was successful, select Done


Was this page helpful?

© 2008-2025 SonarSource SA. All rights reserved.

Creative Commons License