Hi, I’m currently working on migrating our Sonarqube SAML authentication from Okta to Microsoft EntraID. The SAML integration with EntraID is set up and working, but when I attempt to log in, I received the following error:
“This account is already associated with another authentication method. Sign in using the current authentication method, or contact your administrator to transfer your account to a different authentication method.”
Could you please advise on the recommended way to update existing user accounts to use the new authentication provider, without having to delete and recreate them?
SonarQube setup: SonarQube Server Enterprise Edition v2025.1 (102418), deployed with Helm.
Since you’re using SAML for both Okta and Entra, the transition should ideally be seamless. However, it’s possible that Okta and Entra provide different external identities, which prevents SonarQube from matching users between the two providers.
To investigate further, try comparing the API response for two users: one who has already logged into SonarQube (SQ) with Okta, and a new user who has only signed in using Entra. You can use the GET api/users/search or /api/v2/users-management/users/ endpoints for this purpose. Refer to your SQ instance’s documentation for details on these APIs.
This comparison should help identify any discrepancies in how user identities are being handled, and what changes you need to make to migrate the users from one IDP to a new one.
Thank you for your response. I understand your suggestion to compare API responses between Okta and Entra users; however, given that we are running Enterprise Edition v2025.1 with over 700 active SAML users, we were expecting more specific guidance from Enterprise Support.
Since this migration involves a change in externalIdentity values for a large user base, we want to ensure the transition is seamless and does not cause downtime or lockouts.
To proceed efficiently, could you please provide:
1. A recommended bulk migration process for updating users from Okta SAML to Entra SAML in our version.
2. Any official scripts, API calls, or tooling that can safely handle this at scale.
3. Best practices for avoiding user disruption during the changeover.
4. Guidance on testing the migration in a staging environment before applying it in production.
We’d like to avoid trial and error for something that affects our entire user base. Given our Enterprise subscription, we expect direct and detailed steps from the SonarQube team to carry this out successfully.
Thank you for your assistance, we’re looking forward to your detailed recommendations.