Hello everyone,
We are excited to share a major update aimed at making organization administration smoother, more secure, and friction-free. We’re rolling out new Single Sign-On (SSO) configuration enhancements directly inside SonarQube Cloud!
With this update, organization administrators can now explicitly verify ownership of their corporate email domains during the SSO setup.
This verification does two things: it immediately removes login friction for your existing team members, and it establishes the essential foundation for upcoming corporate security policy enforcement across your organization.
What’s New?
-
Domain verification in the SSO setup wizard: A brand new, intuitive domain verification step is now built directly into the SSO setup wizard. This gives you a clear, independent path to register and prove ownership of your corporate domains.
-
OTP prompts skipped for verified domains: Previously, users could encounter extra One-Time Password (OTP) steps during post-login actions. Now, once an organization admin completes the domain verification, SonarQube Cloud implicitly trusts the identity authenticated by your Identity Provider (IdP)—skipping redundant OTP prompts for those domain users entirely.
-
No support contact required: Domain-level trust settings are now self-serve from your admin console.
Why this matters now: Domain verification also sets up your organization for upcoming policy enforcement controls that will let you govern how identity and access policies apply across all users under your corporate domain. Completing verification today means you won’t need to revisit this step when those controls become available.
Where to Find It
-
Log in to SonarQube Cloud and navigate to your Organization’s Administration settings.
-
Head over to the Authentication / SSO configuration tab.
-
You will see the new Domain Verification step surfaced within the setup guidance wizard.
We’re dedicated to making enterprise security both seamless and robust. We would love to hear your thoughts on this updated flow or what specific policy enforcement capabilities are highest on your priority list. Share your feedback in the comments!
-–Chris