# Setup in SonarQube Server

This is the second step of SAML authentication setup with Ping Identity. For an overview of the complete setup, see [introduction](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ping-identity/introduction "mention") to Ping identity for more details.

Proceed as follows:

1\. Go to **Administration > Configuration > General Settings > Authentication> SAML**.

2\. Select **Create Configuration**.

<figure><img src="broken-reference" alt="Select the Create Configuration button to create a new SonarQube configuration for SAML"><figcaption></figcaption></figure>

3\. Fill in the fields as explained in the table below.

* Some fields must be filled with the values set in the application created in PingOne (or PingFederate) during the [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention"). To retrieve these values, retrieve the application in PingOne as follows: go to **Applications > Applications** and open the application’s detail page.
* Some fields must be filled with values retrieved from the metadata file downloaded in **Step 2** of [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention").

| **Field in in SonarQube Server** | Description                                                                                                   |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| Application ID                   | In the application’s **Configuration** tab: **Entity ID**.                                                    |
| Provider ID                      | Is retrieved from the downloaded metadata file. See below.                                                    |
| Provider Name                    | Name of the Identity Provider displayed in in SonarQube Server login page when SAML authentication is active. |
| SAML Login URL                   | Is retrieved from the downloaded metadata file. See below.                                                    |
| Identity provider certificate    | Is retrieved from the downloaded metadata file. See below.                                                    |
| SAML user login attribute        | `login`                                                                                                       |
| SAML user name attribute         | `name`                                                                                                        |
| SAML user email attribute        | `email`                                                                                                       |
| SAML group attribute             | `group_names`                                                                                                 |

<details>

<summary>Retrieving values from the downloaded metadata file</summary>

1\. Open the metadata file (`saml2-metadata-idp-<UUID>.xml`) you downloaded in **Step 2** of [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention"). This file contains your X.509 certificate.

2\. Find the `<md:EntityDescriptor...` node and look for the `entityID` attribute. Set this value as your SonarQube Server’s **SAML Provider ID**.

<figure><img src="broken-reference" alt="Find the <md:EntityDescriptor... node in Ping Identity&#x27;s metadata file"><figcaption></figcaption></figure>

3\. Find the first instance of `<md:SingleSignOnService...` node and look for the `Location` attribute. Set this value as your in SonarQube Server’s **SAML Login URL**.

<figure><img src="broken-reference" alt="Find the first instance of <md:SingleSignOnService... node in Ping Identity&#x27;s metadata file"><figcaption></figcaption></figure>

4\. Find the `<ds:X509Certificate>` node. Set its contents as the in SonarQube Server’s **Identity provider certificate**. Note that end-of-line spaces and new line characters are fine, it does not need to be all on one line of text.

<figure><img src="broken-reference" alt="Find the <ds:X509Certificate> node in the Ping Identity&#x27;s metadata file"><figcaption></figcaption></figure>

</details>

4\. Save the configuration.

5\. Before enabling SAML authentication on in SonarQube Server, you can verify that the configuration is correct by selecting **Test Configuration**. This will initiate a SAML login and return useful information about the SAML response obtained from the identity provider.

6\. Select **Enable configuration**.

7\. Check that the SonarQube Server login form now contains a SAML login button. The text highlighed in the figure below can be configured through the **Provider Name** field of the SAML configuration in SonarQube Server.

<figure><img src="broken-reference" alt="SonarQube Server login form with login button for SAML"><figcaption></figcaption></figure>

## Related pages <a href="#related-pages" id="related-pages"></a>

* [overview](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/overview "mention")
* [setup-in-ping-identity](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ping-identity/setup-in-ping-identity "mention")
* [optional-security-features](https://docs.sonarsource.com/sonarqube-server/2025.2/instance-administration/authentication/saml/ping-identity/optional-security-features "mention")