Hi, about this subject explained here :
This is clear for existing users, but what should be done for new users ? How should they be created to use directly SAML ?
Hey there.
If the user doesn’t exist, and the first time they login is using SAML… the user will just be created (assuming nothing on the identity provider-side is blocking the user from having access to the application).
Hi Colin, thanks for your quick answer, but is this still true if we create them using API before they first login ?
void createUser(String nni, String fullName, String email, Client client) throws DevOpsException {
Response response = client.target(this.sonarqubeUrl).path("/api/users/create")
.queryParam("login", nni)
.queryParam("name", fullName)
.queryParam("email", email)
.queryParam("local", false)
.request().accept(MediaType.APPLICATION_JSON)
.post(null);
manageError(response);
response.close();
}
To pre-provision users, I believe you would need to create them (POST api/users/create) and then immediately update the identity provider specifying the expected external identity (POST api/users/update_identity_provider).
We typically discourage pre-provisioning users because ideally access is managed through groups. What’s your use-case for pre-provisoining?
Well, we associate users to groups :
void addUserToGroup(String nni, String groupName, Client client) throws DevOpsException {
Response response = client.target(this.sonarqubeUrl).path("/api/user_groups/add_user")
.queryParam("login", nni)
.queryParam("name", groupName)
.request().accept(MediaType.APPLICATION_JSON)
.post(null);
manageError(response);
response.close();
}
Each group represents a “Sonarqube subscription” associated to multiple project analysis through permission templates.
So I suppose my question is – why not just take advantage of syncing Group information via SAML?