# Setup in SonarQube Server

This is the second step of SAML authentication setup with Microsoft Entra ID. For an overview of the complete setup, see [introduction](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ms-entra-id/introduction "mention") to Microsoft Entra ID.

Proceed as follows:

1. Open MS Entra ID to prepare the copy-paste of single-sign-on settings in SonarQube Server.
2. Configure SAML in SonarQube Server.

## Open MS Entra ID <a href="#open-entra-id" id="open-entra-id"></a>

To prepare the copy-paste of single-sign-on settings in SonarQube Server:

1. In Microsoft Entra ID, go to **Identity** > **Applications** > **Enterprise applications** > **All applications and** select the application you created for SonarQube Server.
2. On the application’s page, select **Single sign-on**. You will need to retrieve values related to sections **1**, **2**, and **4**. In section **2**, select **Edit** first to open the **Attributes & Claims** page.

<figure><img src="broken-reference" alt="Locate in MS Entra ID the field values to be copy-pasted to SonarQube"><figcaption></figcaption></figure>

## Configure SonarQube Server <a href="#configure-sq" id="configure-sq"></a>

1\. Go to **Administration > Configuration > General Settings > Authentication> SAML**.

2\. Select **Create Configuration**.

<figure><img src="broken-reference" alt="Select the Create Configuration button to create a new SonarQube configuration for SAML"><figcaption></figcaption></figure>

3\. Fill in the fields as explained in the table below.

| **Field in SonarQube Server** | Description                                                                                                                                                                                                                                                                                                                    |
| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Application ID                | Value in MS Entra ID:In the **Basic SAML Configuration** section (**1**), value of the **Identifier(Entity ID)** field.                                                                                                                                                                                                        |
| Provider ID                   | Value in MS Entra ID:In the **Set up \<applicationForSonarQubeServer>** section (**4**), value of the **Microsoft Entra ID Identifier** field.                                                                                                                                                                                 |
| Provider Name                 | Name of the Identity Provider displayed in SonarQube Server login page when SAML authentication is active.                                                                                                                                                                                                                     |
| SAML Login URL                | Value in MS Entra ID:In the **Set up \<applicationForSonarQubeServer>** section (**4**), value of the **Login URL** field.                                                                                                                                                                                                     |
| Identity provider certificate | Certificate downloaded in **Step 2** of [setup-in-entra-id](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ms-entra-id/setup-in-entra-id "mention").                                                                                                                         |
| SAML user login attribute     | <p>Value in MS Entra ID:In the <strong>Attributes & Claims</strong> section (<strong>2</strong>), select <strong>Edit</strong> and retrieve the <strong>Claim name</strong> (URL type value) of the attribute to be used for Login.</p><p>For an example, see the SonarQube Server screenshot below.</p>                       |
| SAML user name attribute      | <p>Value in MS Entra ID:In the <strong>Attributes & Claims</strong> section (<strong>2</strong>), select <strong>Edit</strong> and retrieve the <strong>Claim name</strong> (URL type value) of the attribute to be used for Name.</p><p>For an example, see the SonarQube Server screenshot below.</p>                        |
| SAML user email attribute     | <p>Optional.<br>Value in MS Entra ID:In the <strong>Attributes & Claims</strong> section (<strong>2</strong>), select <strong>Edit</strong> and retrieve the <strong>Claim name</strong> (URL type value) of the attribute to be used for email.</p>                                                                           |
| SAML group attribute          | <p>Optional (if you use the Just-in-Time provisioning’s group synchronization feature).<br>Value in MS Entra ID:In the <strong>Attributes & Claims</strong> section (<strong>2</strong>), select <strong>Edit</strong> and retrieve the <strong>Claim name</strong> (URL type value) of the <code>groups</code> attribute.</p> |

Below is a SonarQube Server screenshot with SAML user login and name value examples.

![](https://3577027091-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F69lEOGGgOhCpumODGD9v%2Fuploads%2Fgit-blob-de8fced6f0907082813307f766dcf89fc19147aa%2Fdf3b35e6d38519ae6cac9aca777ed529296a7a44.png?alt=media)

4\. Save the configuration.

5\. Before enabling SAML authentication on SonarQube Server, you can verify that the configuration is correct by selecting **Test Configuration**. This will initiate a SAML login and return useful information about the SAML response obtained from the identity provider.

6\. Select **Enable configuration**.

7\. Check that the SonarQube Server login form now contains a SAML login button. The text highlighed in the figure below can be configured through the **Provider Name** field of the SAML configuration in SonarQube Server.

<figure><img src="broken-reference" alt="SonarQube Server login form with login button for SAML"><figcaption></figcaption></figure>

## Related pages <a href="#related-pages" id="related-pages"></a>

* [overview](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/overview "mention")
* [setup-in-entra-id](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ms-entra-id/setup-in-entra-id "mention")
* [optional-security-features](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ms-entra-id/optional-security-features "mention")
* [scim-provisioning-with-azure-ad](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/scim/scim-provisioning-with-azure-ad "mention")