Azure AD question in Sonarqube 7.5

authentication
azure

(Jorge Caballero) #1

Hi SonarQube team,

Does this new version deliver a Password Policy section or enable/disable to use SonarQube users if we configure external identity management such as Azure AD?


SonarQube 7.5 Released
(Julien Lancelot) #2

Hi @George_Knight,

Could you explain what you mean by “Password Policy” please ?
And about the fact to enable/disable SonarQube users when using Azure AD authentication, nothing has changed in 7.5 : users are always stored in SonarQube database, but without any password.

Regards,
Julien Lancelot


(Jorge Caballero) #3

Hi Julien,

Thanks for replying. What I mean by “Password Policy” is a set of configurations that allow you to set policies such as Enforce password history, Minimum password length, Password must meet complexity requirements, etc.

Regarding to enable/disable SonarQube users when using Azure AD authentication, I mean if SonarQube provides a feature to forbidden to create/use SonarQube built-in users and just allows Azure AD users to log in SonarQube site.

Thanks in advanced.


(Julien Lancelot) #4

There’s nothing to do that when using local authentication.
When using an external authentication like Azure AD, the password management is completely handled by the authentication system.

It’s not possible to forbid creation of local users, but as this action is only possible for a system administrator I don’t see the point to prevent it.