Hi Yatheesh,
Available authentication mechanisms are documented here: https://docs.sonarqube.org/display/SONAR/Authentication .
At high-level, SSO remains a concept, i.e. the concept of having unique credentials and logging-in seamlessly in applications. Considered as such, one can therefore explore the following approaches:
-
LDAP Plugin: allowing for unique company-wide credentials for SonarQube users. And the SonarQube session tracking, and inactivity timeout would then keep the user logged-in for quite a while if he regularly uses the server.
-
HTTP header authentication (referred to as sso in sonar.properties), which allows for common centralized authentication shared by multiple backend applications. This does require advanced configuration on reverse-proxy side, and advanced setup of infra/network setup, all beyond pure SonarQube scope.
-
potential lightweight custom integration (via a custom plugin, using OAuth2IdentityProvider extension point) allowing for a one-click-login that would call an SSO backend (see example on SonarCloud , with example open code for GitHub Authentication ).