Email verification for SQC users with a Microsoft account

Starting July 7th, Email verification will be required for all users logging in to SonarQube Cloud through Azure DevOps.
This one time only step adds a layer of security to help protect our service and user accounts.

How does it work?
The next time you log in through Azure DevOps starting July 7th, a verification modal will appear on SonarQube Cloud, prompting you to enter the code sent to your email address.
Once the correct code is entered, you’ll proceed to access the product as usual — no impact on your experience beyond this one-time check.

Please reach out to us if you experience any issue

Thank you

In our organization, we use Azure DevOps accounts for logging into SonarQube Cloud. However, we have a number of contractors who are provided with Azure DevOps accounts but do not have email inboxes or licenses associated with those accounts. As a result, they will not be able to receive the email verification code required by the new process.

Is there a recommended or viable solution for users in this situation? For example, is it possible to configure an alternative verification method, or can we associate a different email address for these accounts? Any guidance or workaround you can provide would be greatly appreciated, as this change will impact our contractors’ ability to access SonarQube Cloud.

This also introduced problems for us.
We have accounts used for Azure DevOps as well which is not associated/linked to a physical email account and for this reason not getting notifications. Luckily were able to register and add another account to continue working, with multiple other accounts still being impacted resulting in new registrations and adding individuals to our organization.

I’m sorry to hear this has created friction for you. We introduced email verification as a security measure to protect our customers’ accounts.

For your contractors, I see two potential options:

1. If possible, you can override their email addresses in Entra ID with emails they can access.
2. Temporarily assign them a license to provision a mailbox so they can receive the verification code. Once verified, you can remove the license if it’s no longer needed.

Please let me know if one of these approaches helped you unblock your teams.

I’m having a similar issue. I only have 1 account for use with a government project, and it cannot receive emails from external addresses. The email is linked to a valid Entra account, without inbox access it’s no longer possible to log into Sonar Cloud. I cannot adjust my billing either without account access.

There must be another option for two factor authentication than forcing inbox access. If not, at least consider dropping the restriction for affected users or providing responsive customer support. As it stands, anyone affected is effectively locked out.

I’m agree with some other user, there must be another option for 2MFA, our users don¿t have access to inbox access in their accounts, in my case only the admin account has a inbox access , but anyway the mail with confirmation code isn’t work , this mail has never was received. Your “feature” is affecting many teams in many companies.

I understand the frustration this has caused, and I’m sorry you’re experiencing such disruption. To clarify, this verification step is not multi-factor authentication (MFA), and it won’t challenge users at every login. It’s a one-time email verification implemented to address a security concern.

That said, I recognize it is blocking some of your users from accessing SQC. Please send me a direct message here in the community with the email addresses or domains affected that have no possible workaround. I will escalate this with our security team to find a solution to unblock your users.

This measure was introduced to protect your accounts, not to prevent access. From what I see, the majority of users have been able to verify their email successfully, but I want to ensure we resolve the issue for your teams as well.

Hey Nour. Thanks for the update. It is also a huge problem for us. At the moment we have ~45 users who can not access SQC for the mentioned reason

@peri-patrick I have DMed you for more info.

Thanks

Hello Team,

We are using sonar cloud from so many years and we used the following URL SonarQube Cloud

Which will then prompt the login and we use the registered azure devops account and it automatically allows us to redirect to the home page.

image507×588 17.6 KB

But today while we are accessing the sonar cloud portal with azure devops account it’s prompting to Verify your email address

image506×713 23.1 KB

Please enter the 6-digit verification code that was sent to ****@.onmicrosoft.com.

The problem here is that for the registered account we will not receive any emails as this tenancy is only for the development (not configured to receive emails). We need to find out how to add alternate email addresses at the sonar cloud to avoid this in future.

But now we are completely blocked to continue our development, so we want quick support to unblock the login issue. could someone please help us asap.

@Gangadhar Thank you for taking the time to share these details. I’ve DMed you to gather a bit more information.
Thanks

That was fast! Thank you Nour Zerhouni, We are now unblocked. your speedy response was a big help.

We are in the same boat as everyone else and suddenly today all our 3rd party developers lost access to sonarcloud enterprise. So how can we move forward?

How can I DM somebody?

My team is also in the same boat, as Johnathan mentioned, is it possibly to DM somebody

@nour.zerhouni how can I DM you?

DM sent

DM sent

I have the same issue too as of yesterday. Thanks

DM sent