Group synchronization from authentication provider vs. Terraform

Hello - we are using SonarQube community edition v10.6, deployed via a helm chart to our k8s cluster. We currently are using Okta/SAML authentication but our Okta instance is not the authoritative source of which team(s) a user is assigned to. We would like to use terraform to manage user->team assignments (as well as assigning permissions for teams to specific projects) but in testing, when I authenticate (via Okta), all of my existing team assignments are wiped out and re-synced from Okta.

Is there any way to avoid or disable group synchronization so that we can manage those team assignments outside our authentication provider? I’ve googled and search the forum a bit but haven’t seen any signs of this being something that can be disabled.

We also use GitHub Enterprise Server and Google Workspaces in our environment so we could potentially switch to a different authentication provider but I would potentially want to disable group synchronization in any of these cases because team membership is not accurately reflected in those systems either.

I’m hoping I’m not the only one that has wanted to turn off this feature and that someone else has figured out a workaround.

Thanks

1 Like

Hey Brian,

I think your question boils down to “Can I disable group sync when I use SAML?” and the answer is yes – just leave the SAML group attribute blank in your SonarQube-side SAML configuration.

Thank you! This is exactly what I was looking for. Thank you

1 Like