Setting up SAML SSO with Microsoft Entra ID (old method)

Step 1: Create the SonarQube Cloud application

1. In Microsoft Entra ID, go to Applications > Enterprise applications > All applications.

2. Select New application and then Create your own application.

Make sure you choose “Create your own application”. Do not select the non-affiliated “Sonarqube” Microsoft Entra Gallery app, which contains configurations that may prevent proper integration.

3. Fill in the name and select the Integrate any other application you don't find in the gallery option.

4. Select Create.

Step 2: Configure the SonarQube Cloud application

1. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Single sign-on > SAML.

2. In the Basic SAML Configuration section, select Edit, fill in the Identifier and the Reply URL fields as described below, and save.

Identifier and Reply URL fields

Field	Description
Identifier	Copy-paste the SP Identity ID field from the SonarQube Cloud UI. To do so: Retrieve your SonarQube Cloud enterprise. Select Administration > SAML Single Sign On (SSO). Select the copy tool at the far right of the SP Identity ID field. Paste the field value in Microsoft Entra ID.
Reply URL	Copy-paste the SSO URL field from the SonarQube Cloud UI. Proceed as explained for the SP Identity ID field above.

Field

Description

Identifier

Copy-paste the SP Identity ID field from the SonarQube Cloud UI. To do so:

Retrieve your SonarQube Cloud enterprise.
Select Administration > SAML Single Sign On (SSO).
Select the copy tool at the far right of the SP Identity ID field.
Paste the field value in Microsoft Entra ID.

Reply URL

Copy-paste the SSO URL field from the SonarQube Cloud UI. Proceed as explained for the SP Identity ID field above.

3. In the Attributes & Claims section, configure the attributes used by SonarQube Cloud as described below. To add an attribute, select Add new claim.

Attributes

Attribute used by SonarQube Cloud Description Attribute in Microsoft Entra ID

name

Attribute used by SonarQube Cloud	Description	Attribute in Microsoft Entra ID
login	A unique name to identify the user in SonarQube Cloud.	`userprincipalname`
name	The full name of the user. The default list of attributes includes `givenname` (last name) and `surname` (first name). If you prefer to show the full name, you must create a new claim in MS Entra ID.	`givenname` or your own user name attribute
email	The email of the user.	`mail`

The full name of the user.

The default list of attributes includes givenname (last name) and surname (first name). If you prefer to show the full name, you must create a new claim in MS Entra ID.

givenname or your own user name attribute

email The email of the user. mail

4. Select Add a group claim, and configure the group attribute as described below. Once done, the option to add a group will be unavailable and the group attribute will be listed with the other attributes in the Add new claim tab.

Group attribute

The group attribute is used for automatic group synchronization.

Parameter or option	Value
Group Claims	Groups assigned to the application
Source attribute	Cloud-only group display names or (if using on-prem Active Directory for group synchronisation) sAMAccountName
Emit group name for cloud-only groups	If using sAMAccountName: select the option Otherwise: ignore the option

Microsoft Entra ID SAML tokens have a limit regarding the number of groups a user can belong to (see the description of groups in the Claims in SAML Token table). In such cases, you might need to reduce the number of groups the user is in.

5. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Users and groups.

6. Select Add user/group to assign groups to the application.

7. From the Manage section of the SonarQube Cloud application in Microsoft Entra ID, go to Properties.

8. Set the Visible to users? option to No. (This is because SonarQube Cloud doesn't support IdP-initiated SSO).

Step 3: Configure SAML SSO in SonarQube Cloud

You must be the administrator of the enterprise in SonarQube Cloud.

Proceed as follows:

In SonarQube Cloud, retrieve your enterprise.
Select Administration > SAML Single Sign On (SSO). The SAML SSO page opens.
On the page, navigate to step 3 of the SAML configuration section.
In Microsoft Entra ID, from the Manage section of the SonarQube Cloud application, go to Single sign-on > SAML.
Copy the Login URL value in the Set up <SonarQubeCloudApplication> section to SonarQube Cloud’s Login URL field.
In the SAML certificates section, download Certificate (Base64) and upload it to SonarQube Cloud’s X.509 Certificate field by selecting the Choose file button.
In the Attributes & Claims section, select Edit to open the Attributes & Claims page. On this page:
- Copy the Claim name (URL-type value) of the attribute used for Name to the SonarQube Cloud's User Name Attribute.
- Copy the Claim name (URL-type value) of the attribute used for Login to the SonarQube Cloud's User Login Attribute.
- Copy the Claim name (URL-type value) of the attribute used for Email to the SonarQube Cloud's User Email Attribute.
  
  For the attibutes used for Name, Login, and Email, see 3. in Step 2: Configure the SonarQube Cloud application above.

Was this page helpful?

Setting up SAML SSO with Microsoft Entra ID (old method)

On this page

.css-215hmj{position:relative;--tw-text-opacity:1;color:rgb(0 0 0 / var(--tw-text-opacity, 1));}Step 1: Create the SonarQube Cloud application.css-abpesc{width:2rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-abpesc:hover{fill:#290042;}

Step 2: Configure the SonarQube Cloud application

Step 3: Configure SAML SSO in SonarQube Cloud

Related pages

Step 1: Create the SonarQube Cloud application