How to use SonarCloud with Conditional Access enabled in Azure AD?

  • ALM used: Azure DevOps
  • CI system used: Azure DevOps
  • Paid version of SonarCloud



Our private Azure DevOps organization is locked down to only allow corporate IP adresses for Personal Access Token usage. This means that we are forced to enable the setting “Enable Azure Active Directory Conditional Access Policy Validation”.
This is a mandatory setting within our corporation and we are not able to turn this off.

This prevents us from using SonarCloud with our Azure DevOps organization.

Solution or workaround:

  1. We allow the IP addresses SonarCloud uses in our Conditional Access Policy
    Judging from other posts in this forum this is not a solution since SonarCloud IP adresses are dynamic?

  2. ?

I have read several topics about this in this forum but it looks like it isn’t possible to use SonarCloud and Azure DevOps with Conditional Access Policy Validation enabled?

Is this really correct?

Hi @Mattias and welcome to the community :slight_smile:
I’m not familiar with AAD Conditional Access Policy Validation and from what I understand, it seems like it’s not possible indeed. I will ask the question internally and see if someone has a idea :wink:

1 Like

@Christophe_Havard do you have an update on this ? we have hit the similar issues but wanted to understand if Sonarcloud can work with “Conditional Access Enabled” and what ip addresses we should whitelist.
Thank you

1 Like

Hi @jkhalid,
I’m sorry I don’t have anything new to bring regarding this subject.
I also follow the other thread you started. Please be sure that we really talk about it internally to find a way to help you. We will come back to you if we find something :wink: