We activated our Enterprise organization license, and I created our Enterprise and Organization via Github login, where I have full access rights.
After that, I configured our SSO with Microsoft Entra. Now our employees are able to login via SSO, but when I login with my Github user, and promote them (or myself, my entra user) to admin to an organization, after the first login via SSO, all users lose their admin access to that org.
It’s easily reproducable, whenever I promote anyone to admin in an org, who logged in via SSO from MS Entra, at the first login, they lose their admin rights. They can login, check the repositories, etc. but they lose their admin privileges.
Please fix this bug, like this it virtually does not make any sense to use SSO, which is the primary reason we bought the Enterprise tier.
If you’re assigning permissions to an individual and they lose those permissions after logging in, that definitely sounds like a bug.
Assigning permissions to groups is a bit more complex. If a required group is missing from the user’s profile at login, SonarQube will remove them from that group’s permissions (like admin). While this makes sense, it can be tricky to troubleshoot—which is why I asked about it.
I’ll ask our team to get in touch with you for further details.
It’s easily reproducable, whenever I promote anyone to admin in an org, who logged in via SSO from MS Entra, at the first login, they lose their admin rights. They can login, check the repositories, etc. but they lose their admin privileges.
I was not able to reproduce this. It worked wells for me.
But even on group level, documentation does not tell me how I can promote a full group to Administration permission
To do this, you need to make sure you have your group in Entra and in SonarQube Cloud with the exact same name like “admins“. Add the users you want to have the admin rights in this group in Entra.
Log in and out to make sure changes get added in SonarQube Cloud.
In the organization administration section, under permission add the Administer Organization to your group (admins).
Your users, that are member of that group, should now be able to login with the Administer Organization permission.