GitLab

You can delegate authentication to GitLab using a dedicated GitLab OAuth application.

Creating a GitLab OAuth app

You can find general instructions for creating a GitLab OAuth app here.

Specify the following settings in your OAuth app:

• Name: Your app's name, such as SonarQube.
• Redirect URL: <Your SonarQube URL>/oauth2/callback/gitlab. For example, https://sonarqube.mycompany.com/oauth2/callback/gitlab.
• Scopes: select api and read_user

After saving your application, GitLab takes you to the app's page. Here you find your Application ID and Secret.

Setting your authentication settings in SonarQube

• Enabled: Set to true.
• GitLab URL: https://gitlab.com for cloud version of Gitlab, otherwise your self-hosted GitLab server URL
• Application ID: The application ID is found on your GitLab app's page.
• Secret: The secret is found on your GitLab app's page.
• Allow users to sign up: enable to allow new users to authenticate. When disabled, only existing users will be able to authenticate to the server.
• Allowed groups: this is to restrict users allowed on SonarQube to certain GitLab groups. Only members of these groups (and sub-groups) will be allowed to authenticate. Please enter the group slug as it appears in the GitLab URL, for instance if the group URL is https://gitlab.com/my-gitlab-group, then enter my-gitlab-group.

• Synchronize user groups: For each GitLab group they belong to, users will be assigned to a group with the same name (if it exists) in SonarQube.
  On SonarQube, groups you want to synchronize must be named according to their GitLab URL:
  • https://gitlab.com/my-gitlab-group → my-gitlab-group
  • https://gitlab.com/my-gitlab-group/sub-group → my-gitlab-group/sub-group