SonarQube and SAML Authentication with Okta

Hello!

Some users request guidance for integrating SAML authentication when using Okta as an identity provider.

I recently pulled together some detailed information internally based on my experience with a test organization in Okta, and I’m happy to share it with our awesome community!

You may need to adjust based on your specific set of circumstances, but I hope this gets you started.

1. Create a new application in Okta

2. Configure General Settings for your Application

  • I recommend checking “Do not display application icon to users” as it is currently only possible to initiate a login from SonarQube itself.

3. Configure SAML for your Application

  • The Single Sign-On URL should be set as https://sonarqube.mycompany.com/oauth2/callback/saml, adjusted for the actual URL of your SonarQube instance
  • I recommend setting the SP Entity ID as sonarqube

4. Set up your mapping between attributes

  • Specifically SonarQube will need to know the user’s name, username (login), and email. Here you could also pass information about the groups the user belongs to, if you wish to enable Group Mapping.

5. Confirm you are an Okta user setting up an internal application

6. Browse to Okta Setup Instructions

7. Take note of the Single-Sign On URL, Issuer, and Certificate

8. Browse to SonarQube Administration > General

  • Make sure sonar.core.serverBaseURL is set correctly

9. Browse to SonarQube Administration > Security > SAML

  • Enable SAML
  • Set the SP Entity ID configured in Step 3 (usually sonarqube)

10. Provide Metadata from the SAML Provider

  • Configure Provider ID, SAML login URL, and Provider Certificate with the values from Step 7

11. Add the appropriate attributes defined in Step 4

  • You can also add an attribute to the SAML group attribute if you chose to pass group information.

12. You can now try logging in with SAML!

  • Make sure you’ve added users to the application!

If you receive an error while authenticating with SAML, troubleshooting information should be available in the $SONARQUBE_HOME/logs/web.log file of your instance.

If you run into any trouble or have feedback on this guide, don’t hesitate to create a new post in the Community.

8 Likes