ALM used: Azure DevOps
CI system used: Azure DevOps
Hello Sonar Community,
Our company is already on the enterprise plan for SonarQube Cloud, and we plan to use SSO as the default and required login method.
Our three organizations within the enterprise are linked to their respective Azure DevOps organizations. Every Azure DevOps project has its own SonarQube service connection.
I was reading about disabling the OAuth authentication with Azure DevOps, but it doesn’t seem to be possible.
Removing all accounts created via the Azure DevOps authentication flow doesn’t help us because a user can easily create a new account, even if our permission template doesn’t grant them any application role.
Unbinding the Azure DevOps organization from the SonarQube organization is also not possible.
With this context, we have the following questions:
-
Can we prevent login via Azure DevOps to SonarQube if the user does not exist in any of our organizations?
-
If we decide to unbind our Azure DevOps organizations:
-
Could we create a specific request (and how can we do it)?
-
Will the service connections continue to work in Azure DevOps?
-
Thank you for your help.