Our private Azure DevOps organization is locked down to only allow corporate IP adresses for Personal Access Token usage. This means that we are forced to enable the setting “Enable Azure Active Directory Conditional Access Policy Validation”.
This is a mandatory setting within our corporation and we are not able to turn this off.
This prevents us from using SonarCloud with our Azure DevOps organization.
Solution or workaround:
We allow the IP addresses SonarCloud uses in our Conditional Access Policy
Judging from other posts in this forum this is not a solution since SonarCloud IP adresses are dynamic?
?
I have read several topics about this in this forum but it looks like it isn’t possible to use SonarCloud and Azure DevOps with Conditional Access Policy Validation enabled?
Hi @Mattias and welcome to the community
I’m not familiar with AAD Conditional Access Policy Validation and from what I understand, it seems like it’s not possible indeed. I will ask the question internally and see if someone has a idea
@Christophe_Havard do you have an update on this ? we have hit the similar issues but wanted to understand if Sonarcloud can work with “Conditional Access Enabled” and what ip addresses we should whitelist.
Thank you
Hi @jkhalid,
I’m sorry I don’t have anything new to bring regarding this subject.
I also follow the other thread you started. Please be sure that we really talk about it internally to find a way to help you. We will come back to you if we find something
@Christophe_Havard Any updates on this topic? Enabling Conditional Access Policy is also required for 2FA services such as Duo, so it is not an option to disable it.
Unless there is viable solution for this scenario, we won’t be able to use Sonarcloud.
Just in case anybody else comes across this thread, SonarCloud does now provide fixed public IP addresses for communication with DevOps platforms (like Azure DevOps)
