Email verification is now required for all users logging in to SonarQube Cloud through SAML SSO. This one time only step adds a layer of security to help protect our service and user accounts.
How does it work?
The next time you log in through SAML SSO, a verification modal will appear on SonarQube Cloud, prompting you to enter the code sent to your email.
Once the correct code is entered, youāll proceed to access the product as usual ā no impact on your experience beyond this one-time check.
Please reach out to us if you experience any issue
Doesnāt Email validation per application in the enterprise defeats the very purpose of the organizationās SSO policy? In my organization, the elevated account used to access SonarQube cloud does not have an email Id tied to it. How do I bypass this step?
my org has also lost access to sonarcloud due to this change as we login via devops and even if they are legit azure tenant usernames, there are no email box, my colleague has already opened ticket with your support to hopefully get the email verification disabled only for our sc org or something else
Just to clarify: we have not enabled MFA on SQC. Instead, we introduced a one-time email verification step to address a security gap we identified.
Would it be possible for you to request a temporary mailbox just for the purpose of verifying your email? We understand this may be an inconvenience, and weāre actively working on less restrictive solutions. That said, we want to ensure security remains uncompromised.
To be transparent, we hadnāt anticipated that many customers would be using SQC without a valid email address and mailbox, especially since several core features depend on having both.
To better understand your use case and ensure we make more informed decisions moving forward, Iād appreciate it if you could book a time in my calendar so we can discuss it further.
@anterokarttunen For users logging in through Azure DevOps, the process to unblock access by disabling email verification is outlined earlier in this thread. We are working on a long term solution.
Iām currently doing some research into this topic. Iād like to get on a call with customers who have been able to sign up/sign in to SonarQube Cloud with an email address that doesnāt have a mailbox behind it. Weāre interested in understanding what the use case(s) are for customers setting their instance up this way.
Email verification is now required for all users logging in to SonarQube Cloud through SAML SSO. This one time only step adds a layer of security to help protect our service and user accounts.
How does it work?