# Managing JIT provisioning

You need the global Administer System permission in SonarQube Community Build to perform this setup.

## Setting up the group synchronization <a href="#group-synchronization" id="group-synchronization"></a>

You can enable the group synchronization. The group synchronization requires that you manually create the user groups in SonarQube Community Build: see below.

{% hint style="warning" %}
If you enable the group synchronization, you cannot manage group memberships manually and existing manually added group memberships of JIT-provisioned users are reset in SonarQube Community Build during synchronization.
{% endhint %}

1. Go to **Administration** > **Configuration** > **General Settings** > **Authentication** > **GitLab**.
2. Select or unselect the **Synchronize user groups** option.
3. Save.

<details>

<summary>Creating the user groups in SonarQube Community Build</summary>

To allow group synchronization, you must create in SonarQube Community Build a group for each GitLab group and subgroup you want to synchronize: see [user-groups](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/user-management/user-groups "mention").

You must name the SonarQube Community Build group according to the URL of the GitLab group or subgroup. Be aware that that name check is case-sensitive.

Examples:

* If the URL of the GitLab group is `https://gitlab.com/my-gitlab-group`, the name of the SonarQube Community Build group mus be `my-gitlab-group`.
* If the URL of the GitLab group is `https://gitlab.com/my-gitlab-group/sub-group`, the name of the SonarQube Community Build group must be `my-gitlab-group/sub-group.`

{% hint style="info" %}
To set the group permissions at the system level, see [user-permissions](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/user-management/user-permissions "mention").
{% endhint %}

</details>

## Blocking/Authorizing the sign-up of new users <a href="#sign-up-new-users" id="sign-up-new-users"></a>

You can block the signup of new users with SonarQube. This may be useful if you want to manage user provisioning through an API.

To block or authorize the sign-up of new users with SonarQube Community Build:

1. Go to **Administration** > **Configuration** > **General Settings** > **Authentication** > **GitLab**.
2. Unselect or select the **Allow new users to sign up** option.
3. Save.

{% hint style="info" %}
With SonarQube Server, you can restrict access to SonarQube by defining Allowed groups. For more information, see [feature-comparison-table](https://docs.sonarsource.com/sonarqube-community-build/feature-comparison-table "mention").
{% endhint %}

## Related pages <a href="#related-pages" id="related-pages"></a>

* [just-in-time](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/gitlab/provisioning-modes/just-in-time "mention")
* [setting-up](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/gitlab/setting-up "mention")
* [user-permissions](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/user-management/user-permissions "mention")


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/gitlab/managing-jit-mode.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.