Start FreeLog in
SonarQube Cloud | Administering SonarQube Cloud | Managing the user accounts | Setting up Single Sign-On | Step 1: Verify the user groups

Step 1: Verify the user groups of the enterprise's organizations

On this page

Before configuring Single Sign-On, you must ensure that the automatic group synchronization can take place properly. To do so, verify that:

  • The user groups defined in your IdP service exist in the relevant organizations of your SonarQube Cloud enterprise (i.e. a group with the same (context-sensitive) name exists in the relevant organization(s)).
  • The user groups in SonarQube Cloud have the correct permissions. 

To manage the user groups in SonarQube Cloud, see Managing the user groups in your organization.

In Okta

The automatic group synchronization of a group applies if the group in Okta and the corresponding group in the SonarQube Cloud organization have the same (case-sensitive) name. Note that the default SonarQube Cloud's Members group is excluded from the synchronization.

The figure below shows on the left groups defined in Okta and on the right the corresponding groups defined in SonarQube Cloud in two different organizations (OrgA and OrgB). In this example, the SSO users belonging to ENT_ORGA_ADMINS will be automatically added to the corresponding EN_ORG_ADMINS group in SonarQube Cloud. it means that they will have access to OrgA with the permissions defined in SonarQube Cloud.

In Microsoft Entra ID

The automatic group synchronization of a group applies if the group in Microsoft Entra ID and the corresponding group in the SonarQube Cloud organization have the same (case-sensitive) name. Note that the default SonarQube Cloud's Members group is excluded from the synchronization.

The figure below shows on the left groups defined in Microsoft Entra ID and on the right the corresponding groups defined in SonarQube Cloud in two different organizations (Docs-Team and claudiasonarova 2023). In this example, the SSO users belonging to Communications will be automatically added to the corresponding Communications group in SonarQube Cloud. it means that they will have access to the Docs-Team organization with the permissions defined in SonarQube Cloud.


Was this page helpful?

© 2008-2025 SonarSource SA. All rights reserved.

Creative Commons License