Sonarqube Okta group sync

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) SonarQube 9.8 community edition
  • what are you trying to achieve OKta SAML integration
  • what have you tried so far to achieve this please find the links below

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Following the thread -

Hi, my integration is working, but when I try to reconcile my groups from okta → sonarqube, all users get assigned to default group in sonarqube - sonar-users, instead of example-internal:sonarqube-users
Similarly, I have my example-internal:sonarqube-admins group in sonarqube and okta, but none of users in okta group example-internal:sonarqube-admins gets admin permission in sonaqube, user gets assigned to again sonar-users
I also have my group attribute to match regex example-internal:sonarqube
Do you have any solution on this? it would be great help
I also tried force sync option in okta admin console
My sonarqube is 9.8 community edition

Hey there.

If your group names match exactly between SonarQube and your directory, it’s possible Okta isn’t providing the groups in the format you expect, or with the right attribute.

To understand the issue you face, I suggest the following.

  • Turn on TRACE level logs (Global Administration > System > Log Level
  • Have users attempt logging in over SAML who are not receiving the right groups
  • Turn on INFO level logs (Global Administration > System > Log Level

In your logs/web.log file of your SonarQube installation directory, you’ll find the specific SAML responses, with information like this:

<saml:Attribute Name="group"> 
<saml:Attribute Name="group"> 
<saml:AttributeValue xmlns:xsi="" xsi:type="xs:string">

The saml:Attribute Name needs to match what you’ve defined for, and the values returned in AttributeValue should match the group names you’ve defined in SonarQube.

Hello, thanks for the info. I was just trying out different things, and deviated from sonarqube documentation. So when I put STARTS_WITH filter for groups attribute it worked.