Managing user authentication
By default, authentication is forced.
Authentication can be managed:
Via the SonarQube Server built-in users/groups database. See Creating users manually
Via several delegated authentication methods, see the Authentication and provisioning pages for more information.
Disabling forced user authentication
You can disable forced user authentication, and allow anonymous users to browse projects and run analyses in your instance. To do so, you need the Administer System permission.
Disabling forced authentication can expose your SonarQube Server instance to security risks. We strongly recommend forcing user authentication on production instances or carefully configuring the security (user permissions, project visibility, etc.) on your instance. See also Accessible API endpoints if forced authentication is disabled below.
We advise keeping forced authentication if you have your SonarQube Server instance publicly accessible.
To disable forced authentication:
Go to Administration > Configuration > General Settings > Security.
Disable Force user authentication.
Last updated
Was this helpful?