# Quickstart guide for Enterprises If you're setting up SonarQube Cloud on the Team plan, use the [Quickstart guide](/sonarqube-cloud/quickstart-guides/quickstart-guide.md). By completing this guide you will: 1. [Confirm your prerequisites](#confirm-your-prerequisites) 1. [Choose your hosted region](#choose-your-hosted-region) 2. [Prepare networking](#prepare-networking) 3. [Prepare software and build agents](#prepare-software-and-build-agents) 4. [Prepare authentication](#prepare-authentication) 5. [Review trust and compliance documentation](#review-trust-and-compliance-documentation) 2. [Create your SonarQube Cloud organizations](#create-your-sonarqube-cloud-organizations) 3. [Create your enterprise](#create-your-enterprise) 4. [Enable enterprise capabilities](#enable-enterprise-capabilities) 1. [Enable Advanced Security](#enable-advanced-security) 2. [Configure SAML SSO and provisioning](#configure-saml-sso-and-provisioning) 5. [Roll out SonarQube for IDE and AI tooling](#roll-out-sonarqube-for-ide-and-ai-tooling) 6. [Review trust and compliance resources](#review-trust-and-compliance-resources) ## At a glance | Area | What to do | | ------------------ | --------------------------------------------------------------------------------------------------- | | Region | Use the EU region by default, or complete the [US region](#us-region) prerequisites before rollout. | | Networking | Allow communication between SonarQube Cloud, DevOps platforms, CI runners, and IDEs. | | Software | Prepare Java 21, SonarScanners, stack-specific build tools, and any Azure or SCA dependencies. | | Authentication | Start with a DevOps administrator account and move to SSO after the enterprise exists. | | Organization model | Create one SonarQube Cloud organization per DevOps organization or workspace. | | Enterprise setup | Create the enterprise with your license key and attach the organization or organizations. | | Optional add-ons | Enable Advanced Security through the Sonar team, then configure SSO and provisioning if needed. | | Developer rollout | Install SonarQube for IDE and optionally the SonarQube MCP Server for AI-assisted workflows. | ## Confirm your prerequisites ### Choose your hosted region By default, SonarQube Cloud uses the EU region. #### US region If the US region is mandatory, contact the [Sales team](mailto:contact@sonarsource.com) before rollout so your domain can authenticate to the US region. After approval, follow the same process described in this guide, but replace `sonarcloud.io` with `sonarqube.us`. For details, see [Getting started in the US region](/sonarqube-cloud/getting-started/getting-started-in-us-region.md). ### Prepare networking SonarQube Cloud requires bidirectional communication between your DevOps platform, CI pipelines or runners, and developer IDEs. Before rollout: * Review the required URLs and IP addresses in [Networking requirements](/sonarqube-cloud/appendices/networking-requirements.md). * Allowlist the endpoints needed by SonarQube Cloud, your DevOps platform, your CI infrastructure, and developer workstations. * If you plan to restrict enterprise access with an IP allow list after SSO is enabled, include the IPs used by enterprise admins, developers, CI runners, and token-based integrations. See [IP allow lists](/sonarqube-cloud/administering-sonarcloud/enterprise-security/ip-allow-lists.md). ### Prepare software and build agents Make sure your build and analysis environment is ready before you onboard projects: * Ensure all build agents support Java 21. It is the recommended runtime for the latest SonarScanners. * Identify the scanner or scanners required by your primary technology stacks: * [SonarScanner for Maven](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-maven.md) * [SonarScanner for Gradle](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-gradle.md) * [SonarScanner CLI](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-cli.md) * [SonarScanner for .NET](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-dotnet/introduction.md) * [SonarScanner for NPM](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-npm.md) * [Introduction](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-npm/introduction.md) * [SonarScanner for Python](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-python.md) * [Sonar's Build Wrapper](/sonarqube-cloud/analyzing-source-code/languages/c-family/prerequisites.md) or analyzing C/C++/Objective-C code * Verify the supporting build tools on your agents: * [JavaScript/TypeScript/CSS](/sonarqube-cloud/analyzing-source-code/languages/javascript-typescript-css.md#nodejs) for JavaScript and TypeScript analysis * [SonarScanner for Maven](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-maven.md) or [SonarScanner for Gradle](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-gradle.md) for Java builds * [Installing the scanner](/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-dotnet/installing.md) for C# analysis * If you use Azure DevOps Pipelines, install the [SonarQube extension for Azure DevOps](https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarcloud). * If you plan to use Advanced Security, review [Analyzing projects for dependencies (SCA)](/sonarqube-cloud/advanced-security/analyzing-projects-for-dependencies-sca.md) to confirm any additional build tool, lockfile, or package manager requirements. ### Prepare authentication The DevOps administrator who performs the setup should sign in with an administrator account from the chosen DevOps platform: GitHub, Azure DevOps, GitLab, or Bitbucket Cloud. Before rollout: * Confirm that the account can administer the DevOps organization or workspace you plan to import. * If needed, install the SonarQube Cloud marketplace application or grant the required access described in [Default authentication through DevOps platform](/sonarqube-cloud/administering-sonarcloud/about-sonarqube-cloud-solution/user-management/devops-platform-authentication.md). * Plan to configure [Setting up SSO](/sonarqube-cloud/getting-started-with-enterprise/setting-up-sso.md) after the enterprise is created. Enterprise users still start by signing up with their DevOps platform account. ## Create your SonarQube Cloud organizations SonarQube Cloud uses a one-to-one model: one SonarQube Cloud organization is bound to one DevOps organization or workspace. If you need to connect multiple DevOps platforms or multiple organizations, create a separate SonarQube Cloud organization for each one. For background, see [Binding with the DevOps platform](/sonarqube-cloud/administering-sonarcloud/about-sonarqube-cloud-solution/resources-structure/binding-with-dop.md) and [Organization](/sonarqube-cloud/administering-sonarcloud/about-sonarqube-cloud-solution/resources-structure/organization.md). When you create an organization that will be added to an enterprise, select the Free plan during the organization import flow. The organization will move to the Enterprise plan when you add it to the enterprise. Use the import path that matches your DevOps platform: * [Importing GitHub organization](/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-github-organization.md): grant the SonarQube Cloud application access to the organization. * [Importing Bitbucket workspace](/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-bitbucket-workspace.md): grant the SonarQube Cloud application access to the workspace. * [Importing GitLab group](/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-gitlab-group.md): create and provide a Personal Access Token from an owner or dedicated technical account. * [Importing Azure DevOps organization](/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-azure-devops-organization.md): create and provide a Personal Access Token from an administrator or dedicated technical account. ## Create your enterprise Once at least one SonarQube Cloud organization exists, create the enterprise: 1. In SonarQube Cloud, select the **+** menu in the top-right corner. 2. Select **Create new enterprise**. 3. Enter the license key provided by Sonar. 4. Enter the enterprise name and enterprise key. 5. Select the organization or organizations you want to include. 6. Create the enterprise. For the full workflow, see [Setting up your enterprise](/sonarqube-cloud/getting-started-with-enterprise/setting-up-your-enterprise.md#create-enterprise). After creation, review [Managing the enterprise-related permissions](/sonarqube-cloud/administering-sonarcloud/managing-enterprise/managing-the-enterprise-related-permissions.md) and make sure the right users can administer the enterprise and create portfolios. ## Enable enterprise capabilities ### Enable Advanced Security Advanced Security is enabled by the Sonar team. To request it: 1. Open the enterprise in SonarQube Cloud. 2. Copy the enterprise ID from the browser URL, for example `https://sonarcloud.io/enterprise/`. 3. Provide that ID to your Sonar contact or Sonar team. 4. Wait for confirmation that Advanced Security has been enabled. Once enabled, use [Analyzing projects for dependencies (SCA)](/sonarqube-cloud/advanced-security/analyzing-projects-for-dependencies-sca.md) to configure dependency analysis. ### Configure SAML SSO and provisioning After the enterprise exists, you can transition from DevOps-platform authentication to SAML SSO. Use this rollout order: 1. Review [Setting up SSO](/sonarqube-cloud/getting-started-with-enterprise/setting-up-sso.md) for the enterprise-level flow. 2. Configure SAML in [Set up SSO](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/set-up-sso.md). 3. Decide whether you will provision users with [Set up SCIM](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/set-up-scim.md) or [Broken mention](broken://pages/0KDlu2S8Ligmfz5d8rxm). 4. Map IdP groups to SonarQube Cloud organizations with [Broken mention](broken://pages/Punb7eOsRMMsoiftVJee). 5. Complete the setup with [Complete SSO setup](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/complete-setup.md). 6. Verify the resulting organization access with [Managing user groups](/sonarqube-cloud/administering-sonarcloud/managing-organization/users-and-permissions/user-groups.md), [Setting your project's permissions](/sonarqube-cloud/managing-your-projects/administering-your-projects/setting-permissions.md), and [Using permission templates](/sonarqube-cloud/administering-sonarcloud/managing-organization/manage-org-projects/manage-project-permissions/templates.md). If you're rolling out SSO with Okta, Microsoft Entra ID, or another SAML-compatible identity provider, the SSO assistant guides you through the provider-specific configuration. ## Roll out SonarQube for IDE and AI tooling Make sure developers can reach `sonarcloud.io` or `sonarqube.us`, depending on your hosted region. For local analysis and issue remediation, install SonarQube for IDE in the supported IDEs and bind projects with [SonarQube for IDE](/sonarqube-cloud/analyzing-source-code/connected-mode.md). Connected mode lets SonarQube for IDE use the quality profiles, rule selections, file exclusions, and issue states configured in SonarQube Cloud. * [VS Code](https://docs.sonarsource.com/sonarqube-for-vs-code/) * [IntelliJ](https://docs.sonarsource.com/sonarqube-for-intellij/) * [Visual Studio](https://docs.sonarsource.com/sonarqube-for-visual-studio/) * [Eclipse](https://docs.sonarsource.com/sonarqube-for-eclipse/) If your organization manages VS Code extensions through a [VS Code Private Marketplace](https://code.visualstudio.com/blogs/2025/11/18/PrivateMarketplace), make SonarQube for VS Code available through that private catalog before onboarding developers. Developers in managed environments may not be able to install the extension from the public Visual Studio Marketplace. If your teams use AI-assisted development, you can also roll out the [Broken mention](broken://pages/ihYiNZvJQv7d8WYW3W84): * Use SonarQube Cloud's embedded MCP server for the simplest setup. * Run a local MCP server via Docker when you need local filesystem access, Context Augmentation, or Agentic Analysis tooling. * If you use the US region, review the US-specific MCP configuration notes on the MCP server page before rollout. ## Review trust and compliance resources Review the [Trust Center](https://trust.sonarsource.com/) for security attestations and SaaS security documentation. For ongoing enterprise administration after setup, the [Getting started with Enterprise](/sonarqube-cloud/getting-started-with-enterprise.md) section is the best next stop. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-cloud/quickstart-guides/quickstart-guide-enterprises.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.