Introduction to SAML with Microsoft Entra ID

Main steps of SAML authentication setup with Microsoft Entra ID.

For an overall understanding of the SAML authentication feature, read the Overview of SAML support page.

To set up SAML with Microsoft Entra ID:

If you want to use Just-in-Time provisioning with the group synchronization feature, verify the user groups in SonarQube Server so that the automatic group synchronization can take place properly. See Group synchronization in Just-in-Time provisioning.
Make sure your SonarQube URL is set in SonarQube Server. See Server base URL.
Register SonarQube Server in Entra ID. See Setup in Microsoft Entra ID.
Configure SAML in SonarQube Server. See Setup in SonarQube Server.
If you want to use SCIM provisioning, set up SCIM provisioning. See SCIM with Microsoft Entra ID.
Optionally, set up security features. See Setup of security features.

Group synchronization doesn’t work with Microsoft Entra ID’s nested groups.
Microsoft Entra ID SAML tokens have a limit regarding the number of groups a user can belong to (see the description of groups in the Claims in SAML Token table). In such cases, you might need to reduce the number of groups the user is in.

Was this helpful?