SAML configuration with Azure AD - Some users not allowed

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • how is SonarQube deployed: zip, Docker, Helm
  • what are you trying to achieve
  • what have you tried so far to achieve this

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Hi all,

SonarQube version 9.9 and deployed using helm 8.0.1

We are trying to configure SAML using the official documentation How to setup Azure AD

We thought that we have successfully done that as we could check with some users and almost all of them are able to access to sonarQube using the SAML authentication button.

Unfortunately, we have identified some users which are not allowed to access the portal with the following message: “You’re not authorized to access this page. Please contact the administrator.”

Checking the users in sonarqube as an Admin, we see that those users that are not allowed to do login, are not present there, since the users which are able to do login, are shown in the list with the SAML logo in it.

My question would be, what could be wrong in the configuration of Azure AD to have sync some users and other users no?

Let me clarify that we have configured the Azure AD, so all users can access SonarQube, and it works for almost all the users. “Assignment required” set to “No”

Many thanks!


Welcome to the community!

What is it you’re seeing in SonarQube that makes you think the users aren’t allowed to log in?


Hi there,

we finally solved the issue. In case it could help someone, the problem was that the users that were not allowed to authenticate using SAML in SonarQube, were not properly fulfilled in Azure Active Directory.
The field: “First Name” and “Last Name” were empty, and those fields are used by the SOAP call during the SAML authentication.

After the data was properly configured in Azure Active Directory, all the users were able to work.

I hope that helps!


Also another factor to consider regarding group mapping: according to Azure, this source attribute only works for groups synchronized from an on-premises Active Directory using AAD Connect Sync or above. Azure AD hosted on cloud cannot map to groups in SQ.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.