In our company we’re using SonarCloud Enterprise with SSO enabled. Before it worked correctly, but since a while, new users are no longer added to our organization after SSO login.
They are part of a group in our IDP that is mapped to a SonarCloud group. Before it worked correctly, but now the users has no organizations assigned.
Hello @ddj91 and welcome to our community.
What you are describing is weird behavior indeed, just a few things to double check to exclude the “usual” issues:
- The groups are properly configured on both IdP and SonarQube Cloud sides (especially if there were some organiazational changes were groups in your IdP were impacted).
- The users sign-up/sign-in using the correct enterprise key (it is case sensitive)
- If you are using Entra ID, make sure you are not assigning a user to more than 150 groups
I hope this helps!
Hi Nour,
Thanks for your swift reply.
The groups are indeed properly configured, it worked well before.
Also the right enterprise key is being used, I will double check it tomorrow.
What do you exactly mean with the last bullet? We indeed use Entra ID. To the group for “general access” I added a group containing all users, since we don’t feel the need to specify who can access SonarCloud with basic permissions. Since we are quite a big company, not sure if anyone is assigned to more than 150 groups.
Regards,
David
We use the correct enterprise key. When logging in, the user if forwarded to the regular SonarCloud overview page, but the organization is not accessible nor visible under the user navigation menu.
Hi Nour, any update on this? It’s blocking any users to join our SonarCloud org.
Hello @ddj91 and apologies for the late reply.
What I meant by my last bullet point was that Entra ID SAML tokens have a limit regarding the number of groups a user can belong to (more details for Claims in SAML Token). However, I don’t think this is the reason why none of your users are onboarded on the organization.
You mention that it worked before, can you recall any change on your SQC enterprise, you organizations, the SAML configuration or the IdP configuration? Maybe the SQC plans as well?
I am happy to jump on a call to try and investigate this together. You can book a time slot here if you think that would help.
Best
Thanks Nour, unfortunately I can’t think of anything. I will schedule a call. Think that would be the most productive for both of us 