With Microsoft Entra ID

This page explains how to edit the SAML SSO configuration you established in SonarQube Cloud with Microsoft Entra ID while using the old method (without the SSO setup assistant).

This page explains the steps necessary to set up SAML SSO with Microsoft Entra ID. You only need this information for modifying SSO configurations not established with the SSO setup assistant but implemented using the older method.

To leverage the benefits of the new SSO setup assistant, you may delete your existing configuration and create a new one.

Step 1: Create the SonarQube Cloud application

1. In Microsoft Entra ID, go to Applications > Enterprise applications > All applications.

2. Select New application and then Create your own application.

3. Fill in the name and select the Integrate any other application you don’t find in the gallery option.

4. Select Create.

Step 2: Configure the SonarQube Cloud application

1. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Single sign-on > SAML.

2. In the Basic SAML Configuration section, select Edit, fill in the Identifier and the Reply URL fields as described below, and save.

Identifier and Reply URL fields
Field
Description

Identifier

Copy-paste the SP Identity ID field from the SonarQube Cloud UI. To do so:

1. Retrieve your SonarQube Cloud enterprise.

2. Select Administration > SAML Single Sign On (SSO).

3. Select the copy tool at the far right of the SP Identity ID field.

4. Paste the field value in Microsoft Entra ID.

Reply URL

Copy-paste the SSO URL field from the SonarQube Cloud UI. Proceed as explained for the SP Identity ID field above.

3. In the Attributes & Claims section, configure the attributes used by SonarQube Cloud as described below. To add an attribute, select Add new claim.

Attributes
Attribute used by SonarQube Cloud
Description
Attribute in Microsoft Entra ID

login

A unique name to identify the user in SonarQube Cloud.

userprincipalname

name

The full name of the user.

The default list of attributes includes givenname (last name) and surname (first name). If you prefer to show the full name, you must create a new claim in MS Entra ID.

givenname or your own user name attribute

email

The email of the user.

mail

When you add your new attributes, they will appear on the Microsoft Azure Attributes & Claims page.

4. Select Add a group claim, and configure the group attribute as described below. Once done, the option to add a group will be unavailable and the group attribute will be listed with the other attributes in the Add new claim tab.

Group attribute

The group attribute is used for automatic group synchronization.

Parameter or option
Value

Group Claims

Groups assigned to the application

Source attribute

Cloud-only group display names or (if using on-prem Active Directory for group synchronisation) sAMAccountName

Emit group name for cloud-only groups

• If using sAMAccountName: select the option

• Otherwise: ignore the option

5. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Users and groups.

6. Select Add user/group to assign groups to the application.

7. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Properties.

8. Set the Visible to users? option to No. (This is because SonarQube Cloud doesn’t support IdP-initiated SSO).

Step 3: Configure SAML SSO in SonarQube Cloud

You must be the administrator of the enterprise in SonarQube Cloud.

Proceed as follows:

  1. Retrieve your enterprise. See Managing your enterprise for more details.

  2. Select Administration > SAML Single Sign On (SSO). The SAML SSO page opens.

  3. On the page, navigate to step 3 of the SAML configuration section.

  4. In Microsoft Entra ID, from the Manage section of the SonarQube Cloud application, go to Single sign-on > SAML.

  5. Copy the Login URL value in the Set up <SonarQubeCloudApplication> section to SonarQube Cloud’s Login URL field.

  6. In the SAML certificates section, download Certificate (Base64) and upload it to SonarQube Cloud’s X.509 Certificate field by selecting the Choose file button.

  7. In the Attributes & Claims section, select Edit to open the Attributes & Claims page. On this page:

    • Copy the Claim name (URL-type value) of the attribute used for Name to the SonarQube Cloud’s User Name Attribute.

    • Copy the Claim name (URL-type value) of the attribute used for Login to the SonarQube Cloud’s User Login Attribute.

    • Copy the Claim name (URL-type value) of the attribute used for Email to the SonarQube Cloud’s User Email Attribute.

      For the attibutes used for Name, Login, and Email, see 3. in Step 2: Configure the SonarQube Cloud application above.

Last updated

Was this helpful?