SCIM overview

SCIM helps you automatically provision user and groups to SonarQube Server.

Automatic provisioning through SCIM is available starting in Enterprise Edition.

SCIM is a protocol used to automatically manage user identity between an identity provider (IdP) and a service provider (SP, SonarQube Server in this context). If you manage permissions through groups, SCIM helps you automatically maintain user existence and permissions in SonarQube Server.

For SCIM to work with SonarQube Server, the Identity Provider (IdP) needs to be able to access the SonarQube server, meaning it needs to be reachable from the IdP’s environment. This typically involves exposing the on-premise SonarQube instance to the IdP’s network, either directly or through a secure connection (e.g. public URL, provisioning agent).

You can enable SCIM to automate user and group provisioning in SonarQube Server. Supported operations from your IdP are:

User creation
User deletion
Group creation
Group membership addition and removal
Group name update
Group deletion

You can set up automatic provisioning between SonarQube Server and the following IdPs:

Microsoft Entra ID: see SCIM with Microsoft Entra ID
Okta: see SCIM with Okta

When you enable automatic provisioning through SCIM, all users and groups become read-only in SonarQube Server. The only operations available in SonarQube Server are local group deletion and local user deactivation (local meaning not managed by SCIM).

Note that before you can configure SCIM provisioning, you must configure SAML.

PreviousWith SCIM provisioning NextSCIM with Microsoft Entra ID

Last updated 10 days ago

Was this helpful?