I have recently integrated the SAML authentication in the SonarQube Community Edition 9.7 and able to see the groups in SonarQube if that name matches the AD groups exists in the AD.
However before this a user has been assigned with SonarQube administrator inbuild group and when a group with same name of AD group created in the SonarQube, the user has been removed the SonarQube administrator inbuild group and then assigned to the AD group in SonarQube where he was originally part of in AD also. I would like to know why the user has been removed from the SonarQube administrator group.
Unless you have a matching
sonar-administrators group in AD – once you turn on Group Mapping, you cannot assign externally authenticated users to local SonarQube groups, as noted in the docs:
When using group mapping, the following caveats apply regardless of which delegated authentication method is used:
- Membership in synchronized groups will override any membership locally configured in SonarQube at each login
- Membership in a group is synched only if a group with the same name exists in SonarQube
- Membership in the default group
sonar-users remains (this is a built-in group) even if the group does not exist in the identity provider
When group mapping is configured, the delegated authentication source becomes the only place to manage group membership, and the user’s groups are re-fetched with each login.
Thanks for this perfect ans.