Setting up authentication

You can delegate in SonarQube Community Build the authentication to GitLab by using the Just-in-Time provisioning.

You need the global Administer System permission in SonarQube Community Build to set up the authentication delegation.

Setup overview

SonarQube Community Build uses a GitLab OAuth 2 application to manage the authentication delegation to GitLab and the user or group synchronization. SonarQube Community Build uses a "GitLab Configuration" record to access the GitLab application.

Step 1: Create a GitLab application for authentication and provisioning

1. Create a GitLab OAuth 2 application: see the GitLab documentation.

2. Specify the following settings in your GitLab application:

   • Name: Your app’s name, such as SonarQube Community Build.

   • Redirect URI: <Your SonarQube Community Build URL>/oauth2/callback/gitlab. For example, https://sonarqube.mycompany.com/oauth2/callback/gitlab.

   • Scopes: Select api if you plan to enable group synchronization with Just-in-Time. Select read_user otherwise.

3. Save your application. GitLab takes you to the application’s page, where you can find your Application ID and Secret you’ll need in Step 2 below.

Step 2: Configure GitLab authentication and provisioning in SonarQube Community Build

1. In in SonarQube Community Build, go to Administration > Configuration > General Settings > Authentication > GitLab.

2. Select Enabled.

3. Fill the following fields with information from the GitLab application created in Step 1:

   • GitLab URL: Enter https://gitlab.com or your own GitLab server URL where applicable.

   • Application ID

   • Secret

4. Set the options you want to use:

   • Allow users to sign up: You can block new user sign-up with in SonarQube Community Build. This may be useful if you want to manage user provisioning through an API.

   • Synchronize user groups: You can enable Just-in-Time provisioning. See also Managing JIT provisioning

Related pages

• Just-in-Time provisioning

• Disabling authentication