Request to unbind organization from Azure Devops (to rebind with a new token)

Template for a good new topic, formatted with Markdown:

  • ALM used: Azure DevOps

  • CI system used: Azure DevOps

  • Languages of the repository: several repositories, PHP, Kotlin, JS, Swift

  • Error observed:
    Around 30 March 2023, all our pipelines started to fail at the SonarCloudAnalyze@1 task with error “ERROR: Could not find a default branch to fall back on.”

We also noticed in the logs that now there is a line
“INFO: Detected project binding: NONEXISTENT”

In previous successful runs this same line shows
“INFO: Detected project binding: NOT_BOUND”

Things we have done to check:

  1. SonarCloud service integration is ok
  2. Organisation setting for Azure Active Directory Conditional Access Policy Validation is disabled
  3. Suspecting the access token used to bind the projects have expired, we changed the access token for one project to test. All the tokens we tried have failed.
  • Changed to a “fake” token guaranteed to fail
  • Changed to a token with full access
  • Changed to a token with code (read & write) access

What other things could be done?

sonaranalyze error.txt (10.3 KB)
sonarcloud config.txt (6.8 KB)
working run.txt (17.0 KB)
pipeline config.txt (4.1 KB)

1 Like

you can try to scan the master branch first @zaros .

Thanks for the suggestion, but it also failed with the same reason.

I have just realised that I should try to change the Personal Access Token at the organization level and not at the project level as mentioned in the getting started doc.

I think I need to unbind my Azure Devops from SonarCloud and redo the binding. Could anyone help with this please?

I have partly solved the problem by recreating the service connection in Azure Devops with a new token, and now able to run the SonarCloud analysis from my pipelines.

but I cannot add analyse a new project. The error seen:

The Azure DevOps access token is not valid Reasons: The token doesn’t have the required permissions (Code: Read & Write)

Screenshot 2023-04-06 at 10.31.11 AM

You can check your account permission to make sure you have enough permission to create a new project. You can visit this for more information Managing Permissions | SonarCloud Docs

I am an Admin in the organisation and I have all the possible permissions.

Have you followed this docs? Driving continuous quality of your code with SonarCloud | Azure DevOps Hands-on-Labs

Yes but I can’t change the Azure Devops access token in SonarCloud. Do you know where?

Plus, I see similar requests happened here, so I need a SonarSourcer’s help

@asd_asdasd Do you know how can I get a SonarSourcer’s attention here?

I’m not sure @zaros . Might be @CommunityManagers can help

1 Like


I’m a bit confused. It looks like the initial problem was that your Azure PAT had expired. You replaced it and analyses began working, but you can’t add new projects. The error message you’re getting is coming from Azure:

So that’s about the PAT’s permissions to access projects on the Azure side.

It looks like you’ve come to the conclusion that you need to unbing and re-bind, but unfortunately, it’s currently not possible to unbind an organization and bind it to something else. You can vote for adding this feature here.

The only way to have your organization bound to a different DevOps Platform currently is to create a new organization and re-import your repositories there. Unfortunately, that means you’ll lose the results of previous analyses on these projects.

If you have a yearly subscription for your current organization, a new coupon can be issued for your new organization by reaching out to your sale representative.
If you have a monthly subscription by credit card, you can simply stop your subscription on the old organization and re-subscribe on the new one.

Sorry for the inconvenience.


Hi @ganncamp ,

You have understood my problem correctly. My apologies for any confusion.

It looks like you’ve come to the conclusion that you need to unbing and re-bind

That is my conclusion but not what I want to do. To give you some context how I came to this conclusion:

  • my issue started when the account of the person that set up the integration was deleted from Azure DevOps, which led me to assume the token he generated is no longer valid. Another reason is the token could have become invalid because it expired. So I am trying to change the PAT in SonarCloud to a new PAT

  • In this doc it is written: Azure DevOps | SonarCloud Docs

If you later need to update the value of this token you can find it under Your Organization > >Administration > Organization Settings > Azure DevOps connectivity management .

  • However I don’t appear to be able to do so, and there is no section in the settings for Azure DevOps connectivity management

  • I read other scenarios (as linked above) that appeared to have been solved with unbinding and rebinding the organisation and I concluded that is what needs to be done

So if I can just change the token without unbinding and rebinding that would be the solution I am looking for. I do not want to change to a different DevOps Platform.

Can you assist with this please?


To be clear, you have the Administration menu, but under Organization Settings, Azure DevOps connectivity management doesn’t show up?



Yes, there no section for Azure DevOps connectivity management.

This is the whole settings page that I can see:


Thanks for the screenshot. I’m going to flag this for more expert eyes.


1 Like

@ganncamp I have managed to solve this issue on my own. This is how I did it:

  1. I realised that although I am an admin of my organization in SonarCloud, I use Github to login. I hypothesised that this was the reason for this (possible bug).

  2. I created an alternate account in SonarCloud using Azure Devops to login to SonarCloud, and made this alternate account an admin in my organisation.

  3. When I login with my alternate account, I was able to see the settings as expected:

  1. I then generated my PAT in Azure DevOps and entered it in SonarCloud, finally able to add a new project to SonarCloud.

So in summary, the access token for Azure Devops is only modifiable if the user logged in using an Azure Devops account.

I believe this is a bug because I expected any admin in my organisation should be able to change this token, regardless of their login method.

I am happy to close this issue now. Thanks @ganncamp @asd_asdasd for the help!


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.