# Setup in SonarQube

This page explains how to set up SAML in SonarQube when using Microsoft Entra ID as the identity provider. This is the second step of SAML authentication setup with Microsoft Entra ID. For an overview of the complete setup, see [introduction](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/ms-entra-id/introduction "mention").

Proceed as follows:

1. Open MS Entra ID to prepare the copy-paste of single-sign-on settings in SonarQube.
2. Configure SAML in SonarQube.

## Open MS Entra ID <a href="#open-entra-id" id="open-entra-id"></a>

To prepare the copy-paste of single-sign-on settings in SonarQube:

1. In Microsoft Entra ID, go to **Identity** > **Applications** > **Enterprise applications** > **All applications and** select the SonarQube application.
2. On the application’s page, select **Single sign-on**. You will need to retrieve values related to sections **1**, **2**, and **4**. In section **2**, select **Edit** first to open the **Attributes & Claims** page.

![](https://3272878703-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI10pmJWeVVXYITlQJllp%2Fuploads%2Fgit-blob-cb9747f66b8333609eabefcba9b8a6d58dcda457%2F7768fabc20136e1c83f10ddb3d41f1c83546d6c9.png?alt=media)

## Configure SonarQube <a href="#configure-sq" id="configure-sq"></a>

1\. Go to **Administration > Configuration > General Settings > Authentication> SAML**.

2\. Select **Create Configuration**.

![](https://3272878703-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI10pmJWeVVXYITlQJllp%2Fuploads%2Fgit-blob-c47820acc9820f8c026f62a01b0dce9f772f4cf6%2F1925594e0a93e432a65cce3f67b52dd44281e936.png?alt=media)

3\. Fill in the fields as explained in the table below.

| **Field in SonarQube**        | Description                                                                                                                                                                                                                                                                                        |
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Application ID                | Value in MS Entra ID:In the **Basic SAML Configuration** section (**1**), value of the **Identifier(Entity ID)** field.                                                                                                                                                                            |
| Provider ID                   | Value in MS Entra ID:In the **Set up \<sonarQubeApplication>** section (**4**), value of the **Microsoft Entra ID Identifier** field.                                                                                                                                                              |
| Provider Name                 | Name of the Identity Provider displayed in SonarQube login page when SAML authentication is active.                                                                                                                                                                                                |
| SAML Login URL                | Value in MS Entra ID:In the **Set up \<sonarQubeApplication>** section (**4**), value of the **Login URL** field.                                                                                                                                                                                  |
| Identity provider certificate | Certificate downloaded in **Step 2** of [setup-in-entra-id](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/ms-entra-id/setup-in-entra-id "mention").                                                                                               |
| SAML user login attribute     | <p>Value in MS Entra ID:In the <strong>Attributes & Claims</strong> section (<strong>2</strong>), select <strong>Edit</strong> and retrieve the <strong>Claim name</strong> (URL type value) of the attribute to be used for Login.</p><p>For an example, see the SonarQube screenshot below.</p>  |
| SAML user name attribute      | <p>Value in MS Entra ID:In the <strong>Attributes & Claims</strong> section (<strong>2</strong>), select <strong>Edit</strong> and retrievethe <strong>Claim name</strong> (URL type value) of the attribute to be used for Name.</p><p>For an example, see the SonarQube screenshot below.</p>    |
| SAML user email attribute     | <p>Optional.<br>Value in MS Entra ID:In the <strong>Attributes & Claims</strong> section (<strong>2</strong>), select <strong>Edit</strong> and retrieve the <strong>Claim name</strong> (URL type value) of the attribute to be used for email.</p>                                               |
| SAML group attribute          | <p>Optional (if you want to use the group synchronization).<br>Value in MS Entra ID:In the <strong>Attributes & Claims</strong> section (<strong>2</strong>), select <strong>Edit</strong> and retrieve the <strong>Claim name</strong> (URL type value) of the <code>groups</code> attribute.</p> |

Below is a SonarQube screenshot with SAML user login and name value examples.

![](https://3272878703-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI10pmJWeVVXYITlQJllp%2Fuploads%2Fgit-blob-de8fced6f0907082813307f766dcf89fc19147aa%2Fdf3b35e6d38519ae6cac9aca777ed529296a7a44.png?alt=media)

4\. Save the configuration.

5\. Before enabling SAML authentication on SonarQube, you can verify that the configuration is correct by selecting **Test Configuration**. This will initiate a SAML login and return useful information about the SAML response obtained from the identity provider.

6\. Select **Enable configuration**.

7\. Check that the SonarQube login form now contains a SAML login button.

![](https://3272878703-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI10pmJWeVVXYITlQJllp%2Fuploads%2Fgit-blob-8314b12e2c0eb02987a4a46b53be183b5a315047%2F78005818186e61fc567bfe728d92ce92870260c0.png?alt=media)

## Related pages <a href="#related-pages" id="related-pages"></a>

* [overview](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/overview "mention")
* [setup-in-entra-id](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/ms-entra-id/setup-in-entra-id "mention")
* [optional-security-features](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/ms-entra-id/optional-security-features "mention")
* [scim-provisioning-with-azure-ad](https://docs.sonarsource.com/sonarqube-server/10.7/instance-administration/authentication/saml/scim/scim-provisioning-with-azure-ad "mention")