# Setting up authentication

You can delegate in SonarQube Community Build the authentication to GitLab by using the Just-in-Time provisioning.

{% hint style="info" %}
With SonarQube Server, you can use the automatic provisioning mode. For more information, see [feature-comparison-table](https://docs.sonarsource.com/sonarqube-community-build/feature-comparison-table "mention").
{% endhint %}

You need the global Administer System permission in SonarQube Community Build to set up the authentication delegation.

{% hint style="info" %}
When you set up GitLab authentication and provisioning, existing manual users are not removed and you cannot edit their group membership or permissions anymore. For security reasons, we recommend that you deactivate them: see [deactivating-users](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/user-management/deactivating-users "mention").
{% endhint %}

## Setup overview <a href="#overview" id="overview"></a>

SonarQube Community Build uses a GitLab OAuth 2 application to manage the authentication delegation to GitLab and the user or group synchronization. SonarQube Community Build uses a "GitLab Configuration" record to access the GitLab application.

<figure><img src="broken-reference" alt="SonarQube Server uses a GitLab OAuth 2 application to manage the authentication delegation to GitLab and the user or group synchronization. SonarQube Server uses a “GitLab Configuration” record to access the GitLab application."><figcaption></figcaption></figure>

## Step 1: Create a GitLab application for authentication and provisioning <a href="#create-gitlab-app" id="create-gitlab-app"></a>

1. Create a GitLab OAuth 2 application: see the [GitLab documentation](https://docs.gitlab.com/ee/integration/oauth_provider.html).
2. Specify the following settings in your GitLab application:
   * **Name**: Your app’s name, such as SonarQube Community Build.
   * **Redirect URI**: `<Your SonarQube Community Build URL>/oauth2/callback/gitlab`. For example, <https://sonarqube.mycompany.com/oauth2/callback/gitlab>.
   * **Scopes**: Select `api` if you plan to enable group synchronization with Just-in-Time. Select `read_user` otherwise.
3. Save your application. GitLab takes you to the application’s page, where you can find your Application ID and Secret you’ll need in Step 2 below.

## Step 2: Configure GitLab authentication and provisioning in SonarQube Community Build <a href="#configure-in-sq" id="configure-in-sq"></a>

1. In in SonarQube Community Build, go to **Administration** > **Configuration** > **General Settings** > **Authentication** > **GitLab**.
2. Select **Enabled**.
3. Fill the following fields with information from the GitLab application created in Step 1:
   * **GitLab URL**: Enter `https://gitlab.com` or your own GitLab server URL where applicable.
   * **Application ID**
   * **Secret**
4. Set the options you want to use:
   * **Allow users to sign up:** You can block new user sign-up with in SonarQube Community Build. This may be useful if you want to manage user provisioning through an API.
   * **Synchronize user groups:** You can enable Just-in-Time provisioning. See also [managing-jit-mode](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/gitlab/managing-jit-mode "mention")

## Related pages <a href="#related-pages" id="related-pages"></a>

* [just-in-time](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/gitlab/provisioning-modes/just-in-time "mention")
* [disabling](https://docs.sonarsource.com/sonarqube-community-build/instance-administration/authentication/gitlab/disabling "mention")