I’m struggling with this issue myself: We’re maintaining our user identities in Keycloak. Our users are using the same login / username via SSO (OpenID Connect) in GitLab, Mattermost, Jira, … and (up to version 7.9) in SonarQube.
Unlike Gitlab’s REST API SQ’s Web API does not support the attributes externalIdentity and externalProvider while creating new users. So until SonarSource adds this kind of support, pre-creating externally managed users is not possible any more.