# Quickstart guide for Enterprises If you're setting up SonarQube Cloud on the Team plan, use the [quickstart-guide](https://docs.sonarsource.com/sonarqube-cloud/quickstart-guides/quickstart-guide "mention"). By completing this guide you will: 1. [Confirm your prerequisites](#confirm-your-prerequisites) 1. [Choose your hosted region](#choose-your-hosted-region) 2. [Prepare networking](#prepare-networking) 3. [Prepare software and build agents](#prepare-software-and-build-agents) 4. [Prepare authentication](#prepare-authentication) 5. [Review trust and compliance documentation](#review-trust-and-compliance-documentation) 2. [Create your SonarQube Cloud organizations](#create-your-sonarqube-cloud-organizations) 3. [Create your enterprise](#create-your-enterprise) 4. [Enable enterprise capabilities](#enable-enterprise-capabilities) 1. [Enable Advanced Security](#enable-advanced-security) 2. [Configure SAML SSO and provisioning](#configure-saml-sso-and-provisioning) 5. [Roll out SonarQube for IDE and AI tooling](#roll-out-sonarqube-for-ide-and-ai-tooling) 6. [Review trust and compliance resources](#review-trust-and-compliance-resources) ## At a glance | Area | What to do | | ------------------ | --------------------------------------------------------------------------------------------------- | | Region | Use the EU region by default, or complete the [US region](#us-region) prerequisites before rollout. | | Networking | Allow communication between SonarQube Cloud, DevOps platforms, CI runners, and IDEs. | | Software | Prepare Java 21, SonarScanners, stack-specific build tools, and any Azure or SCA dependencies. | | Authentication | Start with a DevOps administrator account and move to SSO after the enterprise exists. | | Organization model | Create one SonarQube Cloud organization per DevOps organization or workspace. | | Enterprise setup | Create the enterprise with your license key and attach the organization or organizations. | | Optional add-ons | Enable Advanced Security through the Sonar team, then configure SSO and provisioning if needed. | | Developer rollout | Install SonarQube for IDE and optionally the SonarQube MCP Server for AI-assisted workflows. | ## Confirm your prerequisites ### Choose your hosted region By default, SonarQube Cloud uses the EU region. #### US region If the US region is mandatory, contact the [Sales team](mailto:contact@sonarsource.com) before rollout so your domain can authenticate to the US region. After approval, follow the same process described in this guide, but replace `sonarcloud.io` with `sonarqube.us`. For details, see [getting-started-in-us-region](https://docs.sonarsource.com/sonarqube-cloud/getting-started/getting-started-in-us-region "mention"). ### Prepare networking SonarQube Cloud requires bidirectional communication between your DevOps platform, CI pipelines or runners, and developer IDEs. Before rollout: * Review the required URLs and IP addresses in [networking-requirements](https://docs.sonarsource.com/sonarqube-cloud/appendices/networking-requirements "mention"). * Allowlist the endpoints needed by SonarQube Cloud, your DevOps platform, your CI infrastructure, and developer workstations. * If you plan to restrict enterprise access with an IP allow list after SSO is enabled, include the IPs used by enterprise admins, developers, CI runners, and token-based integrations. See [ip-allow-lists](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/ip-allow-lists "mention"). ### Prepare software and build agents Make sure your build and analysis environment is ready before you onboard projects: * Ensure all build agents support Java 21. It is the recommended runtime for the latest SonarScanners. * Identify the scanner or scanners required by your primary technology stacks: * [sonarscanner-for-maven](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-maven "mention") * [sonarscanner-for-gradle](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-gradle "mention") * [sonarscanner-cli](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-cli "mention") * [SonarScanner for .NET](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-dotnet/introduction) * [SonarScanner for NPM](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-npm) * [introduction](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-npm/introduction "mention") * [sonarscanner-for-python](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-python "mention") * [Sonar's Build Wrapper](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/languages/c-family/prerequisites) or analyzing C/C++/Objective-C code * Verify the supporting build tools on your agents: * [#nodejs](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/languages/javascript-typescript-css#nodejs "mention") for JavaScript and TypeScript analysis * [sonarscanner-for-maven](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-maven "mention") or [sonarscanner-for-gradle](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-gradle "mention") for Java builds * [installing](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-dotnet/installing "mention") for C# analysis * If you use Azure DevOps Pipelines, install the [SonarQube extension for Azure DevOps](https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarcloud). * If you plan to use Advanced Security, review [analyzing-projects-for-dependencies-sca](https://docs.sonarsource.com/sonarqube-cloud/advanced-security/analyzing-projects-for-dependencies-sca "mention") to confirm any additional build tool, lockfile, or package manager requirements. ### Prepare authentication The DevOps administrator who performs the setup should sign in with an administrator account from the chosen DevOps platform: GitHub, Azure DevOps, GitLab, or Bitbucket Cloud. Before rollout: * Confirm that the account can administer the DevOps organization or workspace you plan to import. * If needed, install the SonarQube Cloud marketplace application or grant the required access described in [devops-platform-authentication](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/about-sonarqube-cloud-solution/user-management/devops-platform-authentication "mention"). * Plan to configure [setting-up-sso](https://docs.sonarsource.com/sonarqube-cloud/getting-started-with-enterprise/setting-up-sso "mention") after the enterprise is created. Enterprise users still start by signing up with their DevOps platform account. ## Create your SonarQube Cloud organizations SonarQube Cloud uses a one-to-one model: one SonarQube Cloud organization is bound to one DevOps organization or workspace. If you need to connect multiple DevOps platforms or multiple organizations, create a separate SonarQube Cloud organization for each one. For background, see [binding-with-dop](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/about-sonarqube-cloud-solution/resources-structure/binding-with-dop "mention") and [organization](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/about-sonarqube-cloud-solution/resources-structure/organization "mention"). When you create an organization that will be added to an enterprise, select the Free plan during the organization import flow. The organization will move to the Enterprise plan when you add it to the enterprise. Use the import path that matches your DevOps platform: * [importing-github-organization](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-github-organization "mention"): grant the SonarQube Cloud application access to the organization. * [importing-bitbucket-workspace](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-bitbucket-workspace "mention"): grant the SonarQube Cloud application access to the workspace. * [importing-gitlab-group](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-gitlab-group "mention"): create and provide a Personal Access Token from an owner or dedicated technical account. * [importing-azure-devops-organization](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-azure-devops-organization "mention"): create and provide a Personal Access Token from an administrator or dedicated technical account. ## Create your enterprise Once at least one SonarQube Cloud organization exists, create the enterprise: 1. In SonarQube Cloud, select the **+** menu in the top-right corner. 2. Select **Create new enterprise**. 3. Enter the license key provided by Sonar. 4. Enter the enterprise name and enterprise key. 5. Select the organization or organizations you want to include. 6. Create the enterprise. For the full workflow, see [#create-enterprise](https://docs.sonarsource.com/sonarqube-cloud/getting-started-with-enterprise/setting-up-your-enterprise#create-enterprise "mention"). After creation, review [managing-the-enterprise-related-permissions](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/managing-the-enterprise-related-permissions "mention") and make sure the right users can administer the enterprise and create portfolios. ## Enable enterprise capabilities ### Enable Advanced Security Advanced Security is enabled by the Sonar team. To request it: 1. Open the enterprise in SonarQube Cloud. 2. Copy the enterprise ID from the browser URL, for example `https://sonarcloud.io/enterprise/`. 3. Provide that ID to your Sonar contact or Sonar team. 4. Wait for confirmation that Advanced Security has been enabled. Once enabled, use [analyzing-projects-for-dependencies-sca](https://docs.sonarsource.com/sonarqube-cloud/advanced-security/analyzing-projects-for-dependencies-sca "mention") to configure dependency analysis. ### Configure SAML SSO and provisioning After the enterprise exists, you can transition from DevOps-platform authentication to SAML SSO. Use this rollout order: 1. Review [setting-up-sso](https://docs.sonarsource.com/sonarqube-cloud/getting-started-with-enterprise/setting-up-sso "mention") for the enterprise-level flow. 2. Configure SAML in [set-up-sso](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/set-up-sso "mention"). 3. Decide whether you will provision users with [set-up-scim](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/set-up-scim "mention") or [Broken link](https://docs.sonarsource.com/sonarqube-cloud/quickstart-guides/broken-reference "mention"). 4. Map IdP groups to SonarQube Cloud organizations with [Broken link](https://docs.sonarsource.com/sonarqube-cloud/quickstart-guides/broken-reference "mention"). 5. Complete the setup with [complete-setup](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/complete-setup "mention"). 6. Verify the resulting organization access with [user-groups](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/users-and-permissions/user-groups "mention"), [setting-permissions](https://docs.sonarsource.com/sonarqube-cloud/managing-your-projects/administering-your-projects/setting-permissions "mention"), and [templates](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/manage-org-projects/manage-project-permissions/templates "mention"). If you're rolling out SSO with Okta, Microsoft Entra ID, or another SAML-compatible identity provider, the SSO assistant guides you through the provider-specific configuration. ## Roll out SonarQube for IDE and AI tooling Make sure developers can reach `sonarcloud.io` or `sonarqube.us`, depending on your hosted region. For local analysis and issue remediation, install SonarQube for IDE in the supported IDEs: * [VS Code](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/6LPRABg3ubAJhpfR5K0Y/ "mention"), * [IntelliJ](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/NvI4wotPmITyM0mnsmtp/ "mention") * [Visual Studio](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/5CSDwdOaYoOAGYNiRqgl/ "mention") * [Eclipse](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/kadXEH8HkykK7lKaDvVq/ "mention") If your teams use AI-assisted development, you can also roll out the [sonarqube-mcp-server](https://docs.sonarsource.com/sonarqube-cloud/ai-capabilities/sonarqube-mcp-server "mention"): * Use SonarQube Cloud's embedded MCP server for the simplest setup. * Run a local MCP server via Docker when you need local filesystem access, Context Augmentation, or Agentic Analysis tooling. * If you use the US region, review the US-specific MCP configuration notes on the MCP server page before rollout. ## Review trust and compliance resources Review the [Trust Center](https://trust.sonarsource.com/) for security attestations and SaaS security documentation. For ongoing enterprise administration after setup, the [getting-started-with-enterprise](https://docs.sonarsource.com/sonarqube-cloud/getting-started-with-enterprise "mention") section is the best next stop. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-cloud/quickstart-guides/quickstart-guide-enterprises.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.