I was talking to sales but they asked me to post these questions here, we’re considering SonarCloud as a code quality/security tool and I wanted to check (since I can’t find it in the documentation anywhere):
We are planning on using GitHub as our authentication/authorization provider. I found this post, which suggests that GitHub assigns project access rights to users as per GitHub, is there any documentation that explains this?
Does SonarCloud support multi-organization GitHub installations (Cloud-based GitHub Enterprise)? We have a couple of organizations in GitHub that we’d like to integrate and ideally we’d like to be able to configure them in a single place.
Does SonarCloud have the option of using our organization’s SSO, or is that only possible with our own SonarQube installations?
Hi @jbmyob ! Welcome to the community and thanks for posting!
We are planning on using GitHub as our authentication/authorization provider. I found this post, which suggests that GitHub assigns project access rights to users as per GitHub, is there any documentation that explains this?
You may want to read this section of the documentation
Does SonarCloud support multi-organization GitHub installations (Cloud-based GitHub Enterprise)? We have a couple of organizations in GitHub that we’d like to integrate and ideally we’d like to be able to configure them in a single place.
SonarCloud does not support multi-organization GitHub installations.
Does SonarCloud have the option of using our organization’s SSO, or is that only possible with our own SonarQube installations?
You are correct: you have to use one of the 4 providers (GitHub, GitLab, Bitbucket, Azure DevOps) to authenticate on SonarCloud; you can’t use your organization’s SSO.
Thanks for that! Would multi-organization GitHub installations be treated as separate installations/licenses?
I’m a little puzzled by this part of the documentation you linked: Note that in all cases, members should have a SonarCloud account before being synchronized with GitHub or added manually.
I’m also a little confused about how the synchronization is triggered - is it a manual process or does it sync itself when somebody uses the “login with GitHub” button?
Lastly (sorry about the sheer number of questions!), how are organization admins synced? Are they the synced GitHub organization admins, or is it managed separately/manually?