SonarQube groups are not in sync with Azure AD groups

Hello Sonar Community,
we configure SonarQube with Azure AD by following this document How to setup Azure AD. We are able to login through single sign on. We created the AD groups at Azure AD and at SonarQube having same names at both ends. But seems like the groups at both SonarQube and Azure AD are not in sync with each other.
e.g. If we add one user in the group at SonarQube, and if the same user logged in to SonarQube through SSO(single sign on) then the user gets thrown out of the group.
Could you please help me on this?


Welcome to the community!

That’s because group synchronization works in the other direction. Adding a user to a group in SonarQube won’t add the user to the same group in AD. Group synchronization means that at each login, the user’s groups in SQ will be updated to what they are in AD. So add the user to the group in AD, and it will get added in SonarQube at the next login.


Hi, I added my user at Azure AD group, but the user is not updated at the Sonarqube group even after the next login. Group name at both ends is same. Could you please suggest on this?


Can you

  • tune your server logging to DEBUG
  • get the user to log in
  • tune your logging back to INFO (debug logs get big, fast)
  • post the logs from the authentication, redacted as necessary