With Microsoft Entra ID
This page explains how to edit the SAML SSO configuration you established in SonarQube Cloud with Microsoft Entra ID while using the old method (without the SSO setup assistant).
This page explains the steps necessary to set up SAML SSO with Microsoft Entra ID. You only need this information for modifying SSO configurations not established with the SSO setup assistant but implemented using the older method.
Step 1: Create the SonarQube Cloud application
1. In Microsoft Entra ID, go to Applications > Enterprise applications > All applications.
2. Select New application and then Create your own application.
Make sure you choose "Create your own application". Do not select the non-affiliated "Sonarqube" Microsoft Entra Gallery app, which contains configurations that may prevent proper integration.
3. Fill in the name and select the Integrate any other application you don’t find in the gallery option.
4. Select Create.
Step 2: Configure the SonarQube Cloud application
1. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Single sign-on > SAML.
2. In the Basic SAML Configuration section, select Edit, fill in the Identifier and the Reply URL fields as described below, and save.
3. In the Attributes & Claims section, configure the attributes used by SonarQube Cloud as described below. To add an attribute, select Add new claim.
Attributes
login
A unique name to identify the user in SonarQube Cloud.
userprincipalname
name
The full name of the user.
The default list of attributes includes givenname (last name) and surname (first name). If you prefer to show the full name, you must create a new claim in MS Entra ID.
givenname or your own user name attribute
The email of the user.
mail
4. Select Add a group claim, and configure the group attribute as described below. Once done, the option to add a group will be unavailable and the group attribute will be listed with the other attributes in the Add new claim tab.
Group synchronization doesn’t work with Microsoft Entra ID’s nested groups.
Microsoft Entra ID’s SAML tokens have a limit regarding the number of groups a user can belong to (see the description of groups in the Claims in SAML Token table). In such cases, you might need to reduce the number of groups the user is in.
5. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Users and groups.
6. Select Add user/group to assign groups to the application.
7. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Properties.
8. Set the Visible to users? option to No. (This is because SonarQube Cloud doesn’t support IdP-initiated SSO).
Step 3: Configure SAML SSO in SonarQube Cloud
You must be the administrator of the enterprise in SonarQube Cloud.
Proceed as follows:
Retrieve your enterprise. See Managing your enterprise for more details.
Select Administration > SAML Single Sign On (SSO). The SAML SSO page opens.
On the page, navigate to step 3 of the SAML configuration section.
In Microsoft Entra ID, from the Manage section of the SonarQube Cloud application, go to Single sign-on > SAML.
Copy the Login URL value in the Set up <SonarQubeCloudApplication> section to SonarQube Cloud’s Login URL field.
In the SAML certificates section, download Certificate (Base64) and upload it to SonarQube Cloud’s X.509 Certificate field by selecting the Choose file button.
In the Attributes & Claims section, select Edit to open the Attributes & Claims page. On this page:
Copy the Claim name (URL-type value) of the attribute used for Name to the SonarQube Cloud’s User Name Attribute.
Copy the Claim name (URL-type value) of the attribute used for Login to the SonarQube Cloud’s User Login Attribute.
Copy the Claim name (URL-type value) of the attribute used for Email to the SonarQube Cloud’s User Email Attribute.
For the attibutes used for Name, Login, and Email, see 3. in Step 2: Configure the SonarQube Cloud application above.
Related pages
Last updated
Was this helpful?