# Managing JIT provisioning

You need the global Administer System permission in SonarQube Community Build to perform this setup.

## Setting up the group synchronization <a href="#group-synchronization" id="group-synchronization"></a>

You can enable the group synchronization. The group synchronization requires that you manually create the user groups in SonarQube Community Build: see below.

{% hint style="warning" %}
If you enable the group synchronization, you cannot manage group memberships manually and existing manually added group memberships of JIT-provisioned users are reset in SonarQube Community Build during synchronization.
{% endhint %}

1. Go to **Administration** > **Configuration** > **General Settings** > **Authentication** > **GitLab**.
2. Select or unselect the **Synchronize user groups** option.
3. Save.

<details>

<summary>Creating the user groups in SonarQube Community Build</summary>

To allow group synchronization, you must create in SonarQube Community Build a group for each GitLab group and subgroup you want to synchronize: see [user-groups](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/user-management/user-groups "mention").

You must name the SonarQube Community Build group according to the URL of the GitLab group or subgroup. Be aware that that name check is case-sensitive.

Examples:

* If the URL of the GitLab group is `https://gitlab.com/my-gitlab-group`, the name of the SonarQube Community Build group mus be `my-gitlab-group`.
* If the URL of the GitLab group is `https://gitlab.com/my-gitlab-group/sub-group`, the name of the SonarQube Community Build group must be `my-gitlab-group/sub-group.`

{% hint style="info" %}
To set the group permissions at the system level, see [user-permissions](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/user-management/user-permissions "mention").
{% endhint %}

</details>

## Blocking/Authorizing the sign-up of new users <a href="#sign-up-new-users" id="sign-up-new-users"></a>

You can block the signup of new users with SonarQube. This may be useful if you want to manage user provisioning through an API.

To block or authorize the sign-up of new users with SonarQube Community Build:

1. Go to **Administration** > **Configuration** > **General Settings** > **Authentication** > **GitLab**.
2. Unselect or select the **Allow new users to sign up** option.
3. Save.

{% hint style="info" %}
With SonarQube Server, you can restrict access to SonarQube by defining Allowed groups. For more information, see [feature-comparison-table](https://docs.sonarsource.com/sonarqube-community-build/feature-comparison-table "mention").
{% endhint %}

## Related pages <a href="#related-pages" id="related-pages"></a>

* [just-in-time](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/gitlab/provisioning-modes/just-in-time "mention")
* [setting-up](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/gitlab/setting-up "mention")
* [user-permissions](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/user-management/user-permissions "mention")