Configuring SAML SSO with Okta
To set up SAML SSO with Okta, first open the SSO setup assistant as described below:
- In SonarQube Cloud, retrieve your enterprise.
- Select Administration > Single Sign-On. The Single Sign-On page opens.
- Select Open Configuration and then Get Started. The setup assistant opens.
- Select Custom SAML. Follow the steps described below.
Step 1: Create the SonarQube Cloud application in Okta
1. In Okta, under Applications, select Create App Integration.
2. In the Sign-in Method dialog, select SAML 2.0.
3. Select Create.
4. Fill in the fields and options as described in the table below.
| Step | Field or option | Description |
|---|---|---|
| General settings | Application label | SonarQube Cloud application name. Example: SonarQube Cloud. |
| Do not display application icon to users | Select this option. (This is because SonarQube Cloud doesn't support IdP-initiated SSO). | |
| SAML settings | Single sign on URL | Copy-paste the Single Sign-On URL field value from the setup assistant. |
| Audience URI (SP Entity ID) | Copy-paste the Service Provider Identity ID field value from the setup assistant. | |
| Response | Select Signed. | |
| Assertion Signature | Select Signed. | |
| Signature Algorithm | Select RSA-SHA256. | |
| SAML settings: Advanced settings | If you want to enable assertion encryption, expand Show Advanced Settings | |
| Assertion Encryption | Select Encrypted. | |
| Encryption Algorithm | Select AES256-GCM for high security. | |
| Key Transport Algorithm | Select RSA-OAEP. | |
| Encryption Certificate | The public X.509 certificate used by the identity provider to authenticate SAML messages. |
5. In the Feedback dialog, select Finish to confirm the creation of the SonarQube Cloud application.
6. In the setup assistant, select Next to go to the step 2. Configure Connection.
Step 2: Configure the connection
- In Okta's SonarQube Cloud application, go to Sign On > Settings > Sign on methods. Copy the value of the Metadata URL field and paste it to the Metadata URL field in the Automatic tab of the setup assistant page.
- In the assistant, select Create Connection and Proceed. SonarQube Cloud is trying to connect to your Identity Provider. If the connection is established, the assistant moves to step 3. Attribute Mapping.
Step 3: Set up the attributes
- In Okta's SonarQube Cloud application, go to Sign On and select Edit in the SAML Attributes section.
- Add three attribute mappings as described in the table below.
- In Group Attribute Statements, enter the values for the groups attribute as described in the table below.
- In the assistant, select Next to go to the step 4. Test SSO.
| Attribute name | Name format | Value | Filter | |
|---|---|---|---|---|
| Mapping for name | Copy-paste from the assistant. | Unspecified | user.displayName | |
| Mapping for login | Copy-paste from the assistant. | Unspecified | user.login | |
| Mapping for email | Copy-paste from the assistant. | Unspecified | user.email | |
| Mapping for groups | Copy-paste from the assistant. | Unspecified | Select Matches regex and set the value to .*. |
Step 4: Test SSO
Select the Test Connection button. The test is started and the results are displayed on the page as illustrated below.
If the test was successful, select Enable Connection.
Related pages
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved.
