We have configured the connection between Azure DevOps and Sonar so that it works with SSO.
The SSO seems to be working correctly, but we have a major issue: when we log out of Sonar with a user who logged in via SSO, Sonar loses the association with all the groups that the user had been assigned to, except for the SSO group (the one synchronized with Azure Entra ID).
Additionally, if user X is not logged in and an Admin assigns them to some groups, as soon as X logs in via SSO, Sonar again removes all previously assigned group associations (except for the SSO-synced group).
Is there a way to prevent Sonar’s group configuration from being overwritten by the one coming from Azure DevOps?
With group synchronization enabled… that’s what you get. SonarQube Cloud synchronizes the groups assigned to the user in your IdP. So if you want the user to have group X in SonarQube Cloud, you must assign them that group in the IdP.
Is there any plan to introduce a configuration option or flag that allows disabling automatic group synchronization when using SSO (SAML/OIDC) on SonarCloud?Currently, group membership is always synchronized during authentication, but we would like the ability to keep SSO enabled while preventing automatic group sync (e.g., via a toggle or setting).