Problem while connecting SonarCloud to Azure AD

Hello, we just registered our organization to SonarCloud, I am able to log in but not my teammates.

They have the error: AADSTS90094: An administrator of XXX has set a policy that prevents you from granting Sonarcloud the permissions it is requesting. Contact an administrator of XXX who can grant permissions to this application on your behalf.

The difference is I’m an Azure admin…

I found SonarCloud application in Azure, I added manually the user but still has the error.

Application: Sonarcloud
MFA Required: No
Sign-in status: Failure
Sign-in error code: 90094
Failure reason: Other

In Sonarcloud - Self-service window I cannot save the form when I enable “Allow users to…”.

Hi Bertrand,

usually, this kind of error can be fixed only by the administrator of the Azure Active Directory you are belonging to wanted to. The setting to update is the following:

Hope this will solve your issue.

Thank you!

Unfortunately, it’s already enabled.

Humm, this might be related to some other security settings - like if your AAD admin specifically configured the directory to not let users share their details with third-party application. And on my side, I don’t have enough knowledge to help you further on this. :confused:

Hi Bertrand,

FYI, our team spent some time to investigate what the problem could be and try to reproduce it, but we couldn’t manage to get into the same situation as you. On your side, did you find a way to fix this?

1 Like

Hi Fabaice, no I didn’t.
Azure AD is synced with our on-premise AD on which I’m not an admin and no support, I guess this issue is coming from there.
We use my account to link SonarCloud to VSTS and I add my colleague in the team with their github accout, not perfect but it works.

Any update on SoanrCloud with Azure AD? does this work?

Yes it works, we have plenty of Azure DevOps users on SonarCloud.

1 Like

Hi @Fabrice_Bellingard - we noticed this issue since yesterday - which directory does sonarcloud choose, it is forcing us to grant permission for an organization where this is not enabled/needed. So no new users are able to register now. Earlier it used to pick the correct organization which we are using in AzureDevOps. Anything changed at your end recently that could be causing this to fail now?

Please provide an update

Please check, let me know if the details are not clear

Hi @Kinna_Sonar,

Could you please write here which exact message are you seeing ?
Could you also provide a screenshot ?

Regards,
Julien Lancelot

Hey @Fabrice_Bellingard - Can you please share the exact documentation for integrating and testing Azure AD SSO with Sonarcloud?