You can delegate authentication to GitLab using a dedicated GitLab OAuth application.
You can find general instructions for creating a GitLab OAuth app here.
Specify the following settings in your OAuth app:
- Name: Your app's name, such as SonarQube.
- Redirect URL:
<Your SonarQube URL>/oauth2/callback/gitlab. For example,
- Scopes: Select api if you plan to enable group synchronization. Select read_user if you only plan to delegate authentication.
After saving your application, GitLab takes you to the app's page. Here you find your Application ID and Secret.
Open your SonarQube instance, and navigate to Administration > Configuration > General Settings > Authentication > GitLab Authentication. Set the following settings to finish setting up GitLab authentication:
- Enabled: Set to
- Application ID: The application ID is found on your GitLab app's page.
- Secret: The secret is found on your GitLab app's page.
On the login form, the new Log in with GitLab button allows users to connect with their GitLab accounts.
To associate GitLab groups with existing SonarQube groups of the same name, enable Synchronize user groups by navigating to Administration > Configuration > General Settings > Authentication > GitLab.
To synchronize a GitLab group or subgroup with a SonarQube group, name the SonarQube group with the full path of the GitLab group or subgroup URL. For example, with the following GitLab group setup:
- GitLab group: My Group
- GitLab subgroup: My Subgroup
- GitLab subgroup URL:
You will name your SonarQube group
my-group to synchronize it with your GitLab group and
my-group/my-subgroup to synchronize it with your GitLab subgroup.
See the Group synchronization section on the Overview page for more detail about this feature’s general behavior.
When group synchronization is configured, the delegated authentication source becomes the only place to manage group membership, and the user's groups are re-fetched with each login. It is not possible to use both manual group memberships and group synchronization (via your ALM integration) for the same user.
© 2008-2023, SonarSource S.A, Switzerland. Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution-NonCommercial 3.0 United States License. SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.