SAML authentication with Entra Id - groups missing

Hello there,
SonarQube Developer Edition, Version: 10.7.0.96327 in K8 Helm envir.

We are trying to migrate from LDAP Active Directory to Microsoft Entra id SAML based authentication (SSO).

Here is the link to the documentations that was used:

The authentication works partially fine, I can login to sonarqube with saml with my account from Entra. But my sonarqube groups are wiped out. The only group that my account is a member of is ‘sonar-users’.
Need assistance with resolving this issue. I went through all the documentation that I could find and can’t get it to work correctly.
Your help is much appreciated.
Thank you.

Hey there.

While using LDAP, are you syncing your group membership with groups in Active Directory?

If so, then you’ll need to make sure as you migrate to SAML – you are also passing that group information into an attribute that you define as the SAML group attribute in SonarQube.

If not, just leave the SAML group attribute setting empty in SonarQube. Your groups will no longer sync, and you can continue to manage group membership exclusively in SonarQube.

Thank you for your response; it was extremely helpful. I have removed the group attributes from both Entra and the Sonar configuration. Currently, the groups are not synced with Entra, but this is something we can effectively manage moving forward.
Thanks again, much appreciated.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.