Registering SonarQube Community Build in Microsoft Entra ID
This page explains how to register SonarQube Community Build in Microsoft Entra ID. This is the first step of SAML authentication setup with Microsoft Entra ID. For an overview of the complete setup, see Setting up SAML with Microsoft Entra ID.
Step 1: Create the SAML application for SonarQube Community Build in MS Entra ID
1. In Microsoft Entra ID, go to Manage > Enterprise applications > All applications.
2. Select New application and then Create your own application.
3. Fill in the name and select the Integrate any other application you don't find in the gallery option.
4. Select Create.
Step 2: Configure the application for SonarQube Community Build in MS Entra ID
1. Go to Single sign-on > SAML. The Set up Single Sign-On with SAML page opens
2. In the Basic SAML Configuration section of the page, select Edit, fill in the Identifier and the Reply URL fields as described below, and save.
Basic configuration fields
| Field | Description |
|---|---|
| Identifier | Identifier of the SonarQube Community Build application in Entra ID. |
| Reply URL | Must be in the format: Example: Note: Make sure SonarQube Community Build URL is correctly set in SonarQube Community Build. |
3. In the Attributes & Claims section of the page, configure the attributes used by SonarQube Community Build as described below. To add an attribute, select Add new claim.
Attributes & claims
The table below shows possible mappings you can use for the SAML attributes used by SonarQube Community Build.
| SAML attribute used by SonarQube Community Build | Description | Attribute in Microsoft Entra ID | Required |
|---|---|---|---|
| Login | A unique name to identify the user in SonarQube Community Build. | Examples: emailaddress, objectID | x |
| Name | The full name of the user. | Example: givenname | x |
| The email of the user. | Example: emailaddress |
The NameID attribute is not used in SonarQube Community Build.
4. If you use Just-in-Time provisioning with the group synchronization feature, create and verify the user groups in SonarQube Community Build (see Just-in-Time provisioning > Group synchronization in Authentication and provisioning overview), and add a group attribute as follows:
- Select Add a group claim, and configure the group attribute as follows:
- Group Claims: Groups assigned to the application
- Source attribute: sAMAccountname
- Once done, the option to add a group will be unavailable and the group attribute will be listed with the other attributes in the Add new claim tab.
Microsoft Entra ID SAML tokens have a limit regarding the number of groups a user can belong to (see the description of groups in the Claims in SAML Token table). In such cases, you might need to reduce the number of groups the user is in.
6. To configure a group claim to include the group display name for cloud-only groups (to show the group’s display name rather than a UUID like 7c8435d6-3ee1-46c6-be4a-e2e67bff8620), add a group claim with:
- Group Claims: Groups assigned to the application
- Source attribute: Cloud-only group display names
as follows:
- If you have added a group attribute in step 4, add it from the Additional claims section.
- Otherwise, add it as described in step 4.
6. In the SAML Certificates section of the page, download Certificate (Base64). (You will have to copy-paste the downloaded certificate into SonarQube Community Build during the setup in SonarQube Community Build.)
7. Assign users and groups as follows:
- Go to Manage > Users and groups.
- Select Add user/group to assign users or groups to the application.
Related pages
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
