Managing user authentication

By default, authentication is forced.

Authentication can be managed:

Disabling forced user authentication

You can disable forced user authentication, and allow anonymous users to browse projects and run analyses in your instance. To do so, you need the Administer System permission.

Accessible API endpoints if forced authentication disabled

If forced authentication is disabled, the following API endpoints are accessible without authentication:

  • api/components/search

  • api/issues/tags

  • api/languages/list

  • api/metrics/domains

  • api/metrics/search

  • api/metrics/types

  • api/plugins/installed

  • api/project_tags/search

  • api/qualitygates/list

  • api/qualitygates/search

  • api/qualitygates/show

  • api/qualityprofiles/backup

  • api/qualityprofiles/changelog

  • api/qualityprofiles/export

  • api/qualityprofiles/exporters

  • api/qualityprofiles/importers

  • api/qualityprofiles/inheritance

  • api/qualityprofiles/projects

  • api/qualityprofiles/search

  • api/rules/repositories

  • api/rules/search

  • api/rules/show

  • api/rules/tags

  • api/server/version

  • api/settings/login_message

  • api/sources/scm (for public repositories)

  • api/sources/show (for public repositories)

  • api/system/dbmigrationstatus

  • api/system/migrate_db

  • api/system/ping

  • api/system/status

  • api/system/upgrades

  • api/users/search

  • api/webservices/list

  • api/webservices/response_example

To disable forced authentication:

  1. Go to Administration > Configuration > General Settings > Security.

  2. Disable Force user authentication.

Last updated

Was this helpful?