Just-in-Time provisioning

With the Just-in-Time (JIT) provisioning mode, user accounts are automatically created in SonarQube Server when GitLab users log in for the first time.

The Just-in-Time (JIT) provisioning is the default provisioning mode. User accounts are created in SonarQube Community Build when GitLab users log in for the first time. With this mode, you can use the group synchronization feature.

Group synchronization

Groups are used in SonarQube Community Build to manage user permissions.

With the group synchronization:

  • The synchronization occurs each time a user logs in to SonarQube Community Build with their GitLab credentials.

  • If a matching group is found in SonarQube Community Build, the GitLab account’s memberships in that group are synchronized in SonarQube Community Build. The groups match if the SonarQube Community Build group name matches the GitLab group URL. For example, the SonarQube Community Build group my-gitlab-group/sub-group matches the GitLab group whose URL is https://gitlab.com/my-gitlab-group/sub-group. (The name check is case-sensitive; The default built-in sonar-users group is excluded from the synchronization.)

  • Manually added group memberships of JIT-provisioned users are reset in SonarQube Community Build at synchronization time.

JIT's group synchronization principles with GitLab

User access restriction (Allowed groups)

You can block the signup of new users with SonarQube. This may be useful if you want to manage user provisioning through an API.

With SonarQube Server, you can restrict access to SonarQube by defining Allowed groups. For more information, see Feature comparison table.

Last updated

Was this helpful?