I have the following SAML settings on both OKTA and SonarQube and SSO is “kinda” of working (Thanks @AlainODea). However, I am not sure how the grouping work. People are auto assign to “Sonar-Users” group when are first signed in to SonarQube. I have the following group created under AD/Okta and SonarQube and using the setting below.
- Internal-sonarqube-admins
- Internal-sonarqube-users
Where should I go to setup the correct grouping? Let say User A is assigned to Internal-sonarqube-admins AD/Okta group and that person should auto assign to Interna-sonarqube-admins group and have admin access.
Okta SSO related information:
Here are settings that work for Okta:
- Single Sign-On URL https://sonarqube.example.com/oauth2/callback/saml 14
- Audience Restriction: sonarqube
Attribute Statements
- login = user.login
- name = user.login
- email = user.email
Group Attribute Statements
groups Starts with: example-internal:sonarqube-
Corresponding settings in SonarQube (https://sonarqube.example.com/admin/settings?category=saml 13)
-
sonar.auth.saml.applicationId = sonarqube
-
sonar.auth.saml.providerName = SAML
-
sonar.auth.saml.providerId = entityId from SAML metadata, aka Identity Provider Issuer URI
-
sonar.auth.saml.loginUrl = HTTP-POST binding location from SAML metadata, Identity Provider Single Sign-On URL
-
sonar.auth.saml.certificate.secured = X509Certificate text in KeyInfo use=signing from SAML metadata, X.509 Certificate
-
sonar.auth.saml.user.login = login
-
sonar.auth.saml.user.name = name
-
sonar.auth.saml.user.email = email
-
sonar.auth.saml.group.name = groups