This version of the SonarQube documentation is no longer maintained. It relates to a version of SonarQube that is not active.

GitLab

You can delegate authentication to GitLab using a dedicated GitLab OAuth application.

You can delegate authentication to GitLab using a dedicated GitLab OAuth application.

Creating a GitLab OAuth app

You can find general instructions for creating a GitLab OAuth app here.

Specify the following settings in your OAuth app:

  • Name: Your app’s name, such as SonarQube.

  • Redirect URL: <Your SonarQube URL>/oauth2/callback/gitlab. For example, https://sonarqube.mycompany.com/oauth2/callback/gitlab.

  • Scopes: select api and read_user

After saving your application, GitLab takes you to the app’s page. Here you find your Application ID and Secret.

Setting your authentication settings in SonarQube

  • Enabled: Set to true.

  • GitLab URL: https://gitlab.com for cloud version of Gitlab, otherwise your self-hosted GitLab server URL

  • Application ID: The application ID is found on your GitLab app’s page.

  • Secret: The secret is found on your GitLab app’s page.

  • Allow users to sign up: enable to allow new users to authenticate. When disabled, only existing users will be able to authenticate to the server.

  • Allowed groups: this is to restrict users allowed on SonarQube to certain GitLab groups. Only members of these groups (and sub-groups) will be allowed to authenticate. Please enter the group slug as it appears in the GitLab URL, for instance if the group URL is https://gitlab.com/my-gitlab-group, then enter my-gitlab-group.

  • Synchronize user groups: For each GitLab group they belong to, users will be assigned to a group with the same name (if it exists) in SonarQube. On SonarQube, groups you want to synchronize must be named according to their GitLab URL:

    • https://gitlab.com/my-gitlab-groupmy-gitlab-group

    • https://gitlab.com/my-gitlab-group/sub-groupmy-gitlab-group/sub-group

When group synchronization is configured, the delegated authentication source becomes the only place to manage group membership, and the user’s groups are re-fetched with each login. It is not possible to use both manual group memberships and group synchronization (via your ALM integration) for the same user.

Last updated

Was this helpful?