This version of the SonarQube documentation is no longer maintained. It relates to a version of SonarQube that is not active.
Start Free

Setup in Microsoft Entra ID

This page explains how to register SonarQube in Microsoft Entra ID. This is the first step of SAML authentication setup with Microsoft Entra ID.

This page explains how to register SonarQube in Microsoft Entra ID. This is the first step of SAML authentication setup with Microsoft Entra ID. For an overview of the complete setup, see Introduction.

Step 1: Create the SonarQube SAML application in MS Entra ID

1. In Microsoft Entra ID, go to Manage > Enterprise applications > All applications.

2. Select New application and then Create your own application.

3. Fill in the name and select the Integrate any other application you don’t find in the gallery option.

4. Select Create.

Step 2: Configure the SonarQube application in MS Entra ID

1. Go to Single sign-on > SAML. The Set up Single Sign-On with SAML page opens

2. In the Basic SAML Configuration section of the page, select Edit, fill in the Identifier and the Reply URL fields as described below, and save.

Basic configuration fields

Field

Description

Identifier

Identifier of the SonarQube application in Entra ID.

Reply URL

Must be in the format: <sqServerBaseUrl>/oauth2/callback/saml

Example: https://my-sonarqube.com/oauth2/callback/saml

Note: Make sure the SonarQube Server URL is correctly set in SonarQube:

1. Go to Administration > Configuration > General Settings > General.

2. Navigate to the General section and check the Server base URL field value.

3. In the Attributes & Claims section of the page, select Edit and configure the attributes used by SonarQube as described below. To add an attribute, select Add new claim.

Attributes & claims

The table below shows possible mappings you can use for the SAML attributes used by SonarQube.

SAML attribute used by SonarQube

Description

Attribute in Microsoft Entra ID

Required

Login

A unique name to identify the user in SonarQube.

Examples: emailaddress, objectID

x

Name

The full name of the user.

Example: givenname

x

Email

The email of the user.

Example: emailaddress

The NameID attribute is not used in SonarQube.

4. If you use the group synchronization feature (If a matching group is found in SonarQube, the Entra ID user account’s memberships in that group are synchronized in SonarQube.), add a group attribute as described below. Alternatively, you may use SCIM user and group provisioning, see With Microsoft Entra ID.

Adding a group attribute

  1. Select Add a group claim, and configure the group attribute as follows:

    • Group Claims: Groups assigned to the application

    • Source attribute: sAMAccountname

  2. Once done, the option to add a group will be unavailable and the group attribute will be listed with the other attributes in the Add new claim tab.

Microsoft Entra ID SAML tokens have a limit regarding the number of groups a user can belong to (see the description of groups in the Claims in SAML Token table). In such cases, you might need to reduce the number of groups the user is in.

5. In the SAML Certificates section of the page, download Certificate (Base64). (You will have to copy-paste the downloaded certificate into SonarQube during the Setup in SonarQube.)

6. Assign users and groups as follows:

  • Go to Manage > Users and groups.

  • Select Add user/group to assign users or groups to the application.

Related pages

PreviousIntroductionNextSetup in SonarQube

Last updated

Was this helpful?