Setting up GitLab authentication and provisioning
You can delegate in SonarQube Community Build the authentication to GitLab by using one of the following provisioning modes:
- Just-in-Time
- Automatic (starting from the Developer Edition)
You need the global Administer System permission in SonarQube Community Build to set up the authentication delegation.
When you set up GitLab authentication and provisioning, existing manual users are not removed and you cannot edit their group membership or permissions anymore. For security reasons, we recommend that you deactivate them: see Deactivating users.
Setup overview
SonarQube Community Build uses a GitLab OAuth 2 application to manage the authentication delegation to GitLab and the user or group synchronization. SonarQube Community Build uses a “GitLab Configuration” record to access the GitLab application.
Step 1: Create a GitLab application for authentication and provisioning
- Create a GitLab OAuth 2 application: see the GitLab documentation.
- Specify the following settings in your GitLab application:
- Name: Your app's name, such as SonarQube Community Build.
- Redirect URI:
<Your SonarQube Community Build URL>/oauth2/callback/gitlab. For example, https://sonarqube.mycompany.com/oauth2/callback/gitlab. - Scopes: Select
apiif you plan to enable group synchronization with Just-in-Time or enable automatic provisioning. Selectread_userotherwise.
- Save your application. GitLab takes you to the application's page, where you can find your Application ID and Secret you’ll need in Step 2 below.
Step 2: Configure GitLab authentication and provisioning in SonarQube Community Build
This step is different depending on your in SonarQube Community Build Edition.
SonarQube Community Build
- In in SonarQube Community Build, go to Administration > Configuration > General Settings > Authentication > GitLab.
- Select Enabled.
- Fill the following fields with information from the GitLab application created in Step 1:
- GitLab URL: Enter
https://gitlab.comor your own GitLab server URL where applicable. - Application ID
- Secret
- GitLab URL: Enter
- Set the options you want to use:
- Allow users to sign up: You can block new user sign-up with in SonarQube Community Build. This may be useful if you want to manage user provisioning through an API.
- Synchronize user groups: You can enable group synchronization. See also Setting up the group synchronization
From the Developer Edition
1. In in SonarQube Community Build, go to Administration > Configuration > General Settings > Authentication > GitLab.
2. In GitLab configuration, select Create configuration. The New GitLab Configuration dialog opens.
3. Fill the fields of GitLab configuration with information from the GitLab application created in Step 1:
- Application ID
- GitLab URL: Enter
https://gitlab.comor your own GitLab server URL where applicable. - Secret
4. Select the Synchronize user groups option if you want to enable group synchronization at user login:
- In Just-in-Time provisioning mode, this means that group synchronization is enabled.
- In automatic provisioning mode, this means that users’ group memberships are also synchronized at user authentication time (and not only on an hourly basis).
5. Select Save configuration. The configuration is created.
6. Select Test configuration to check the configuration. Correct it if necessary.
Related pages
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
