Hey there.
Unless you have a matching sonar-administrators group in AD – once you turn on Group Mapping, you cannot assign externally authenticated users to local SonarQube groups, as noted in the docs:
Group Mapping
When using group mapping, the following caveats apply regardless of which delegated authentication method is used:
- Membership in synchronized groups will override any membership locally configured in SonarQube at each login
- Membership in a group is synched only if a group with the same name exists in SonarQube
- Membership in the default group
sonar-usersremains (this is a built-in group) even if the group does not exist in the identity providerWhen group mapping is configured, the delegated authentication source becomes the only place to manage group membership, and the user’s groups are re-fetched with each login.