Our contractor developers are added to our Azure AD as guest accounts. I need them to be able to view sonar reports in the event that a quality gate blocks a PR. Unfortunately, they are unable to log in to sonarcloud.io and are seeing this error:
just adding more info as I dig deeper… obviously, you don’t support personal microsoft accounts. However, my guest accounts are work/school accounts, all set up in Azure DevOps as well. My current assumption is that, based on you using the common authorize endpoint, which does not support guest accounts, that I cannot use azure ad guest accounts from other domains to log in to sonarcloud.io even though they are logging in as work/school accounts, not personal accounts.
Unless I hear differently from Sonar, I’m considering this issue unresolvable at the time of this writing. I’ve summarized the issue and a possible solution under the feature request linked below. Go vote if you have this issue!
indeed, this is (another AD-based) use case which SonarCloud does not cover well yet.
Identity management in the Microsoft world is really complex, and fortunately we have good contacts at Microsoft to help on this. The fact is: they are themselves currently doing a lot of developments to simplify all this, and hopefully we’ll be able to benefit from this in the near future to more easily and seamlessly support all of those various use cases.
In any case, thanks for the investigation and all the details!
