Must-share information (formatted with Markdown):
- which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension)
- how is SonarQube deployed: zip, Docker, Helm - zip
- what are you trying to achieve: Disable automatic account creation and access to Sonarqube for unauthorized users.
- what have you tried so far to achieve this
- Force authentication enabled
- All projects/applications marked as private.
- No privileges granted for sonar-users group on any projects/applications/templates etc.
- Discussed with F5 team on authentication - F5 adds credentials to HTTP Headers. No SAML enabled
New Users (never registered with sonar) are still able to access sonarqube. Sonarqube creates new account for the user and associates with sonar-user group. Projects/portfolios/issues doesnt show project scan details/report however, user can see quality profiles and quality gates.
What are we trying to accomplish: Any new user who never registered with sonar before should be blocked coming into sonarqube. Only admins should be able to user accounts
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!