Configuring SAML with Microsoft Entra ID in SonarQube
On this page
This page explains how to set up SAML in SonarQube when using Microsoft Entra ID as the identity provider. This is the second step of SAML authentication setup with Microsoft Entra ID. For an overview of the complete setup, see Setting up SAML with Microsoft Entra ID.
Proceed as follows:
- Open MS Entra ID to prepare the copy-paste of single-sign-on settings in SonarQube.
- Configure SAML in SonarQube.
Open MS Entra ID
To prepare the copy-paste of single-sign-on settings in SonarQube:
- In Microsoft Entra ID, go to Identity > Applications > Enterprise applications > All applications and select the SonarQube application.
- On the application's page, select Single sign-on. You will need to retrieve values related to sections 1, 2, and 4. In section 2, select Edit first to open the Attributes & Claims page.
Configure SonarQube
1. Go to Administration > Configuration > General Settings > Authentication> SAML.
2. Select Create Configuration.
3. Fill in the fields as explained in the table below.
| Field in SonarQube | Description |
|---|---|
| Application ID | Value in MS Entra ID:In the Basic SAML Configuration section (1), value of the Identifier(Entity ID) field. |
| Provider ID | Value in MS Entra ID:In the Set up <sonarQubeApplication> section (4), value of the Microsoft Entra ID Identifier field. |
| Provider Name | Name of the Identity Provider displayed in SonarQube login page when SAML authentication is active. |
| SAML Login URL | Value in MS Entra ID:In the Set up <sonarQubeApplication> section (4), value of the Login URL field. |
| Identity provider certificate | Certificate downloaded in Step 2 of Setup in Entra ID. |
| SAML user login attribute | Value in MS Entra ID:In the Attributes & Claims section (2), select Edit and retrieve the Claim name (URL type value) of the attribute to be used for Login. For an example, see the SonarQube screenshot below. |
| SAML user name attribute | Value in MS Entra ID:In the Attributes & Claims section (2), select Edit and retrievethe Claim name (URL type value) of the attribute to be used for Name. For an example, see the SonarQube screenshot below. |
| SAML user email attribute | Optional. Value in MS Entra ID:In the Attributes & Claims section (2), select Edit and retrieve the Claim name (URL type value) of the attribute to be used for email. |
| SAML group attribute | Optional (if you want to use the group synchronization). Value in MS Entra ID:In the Attributes & Claims section (2), select Edit and retrieve the Claim name (URL type value) of the groups attribute. |
Below is a SonarQube screenshot with SAML user login and name value examples.
4. Save the configuration.
5. Before enabling SAML authentication on SonarQube, you can verify that the configuration is correct by selecting Test Configuration. This will initiate a SAML login and return useful information about the SAML response obtained from the identity provider.
6. Select Enable configuration.
7. Check that the SonarQube login form now contains a SAML login button.
Related pages
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
