Sync Azure AD group to Enterprise Sonarqube

Hi Sonar Community,
I completed integrate sonarqube with AAD SSO (Tutorial: Azure AD SSO integration with Sonarqube - Microsoft Entra | Microsoft Docs), however I am unable to see AAD group to set permission for every specific group. I am only see users after the first user login.

Could you please support us the wait to fix this problem. Did I miss any steps?

I am looking forward from the support.

FYI: we’re using Enterprise Edition - Version 9.4 (build 54424)

Thanks

Hey there.

You’ll need to make sure that you have an attribute defined for sonar.auth.saml.group.name to which Azure AD is returning group information.

Turning up your log level (Global **Administration > System > Log Level) and observing your /logs/web.log file will let you see what is being returned in the SAML response, and if group information exists.

After that, you’ll need to make sure that the groups you want to have synced with Azure AD are already created (and match in name identically) on your SonarQube server.

Users will then sync with those groups on their next login.

Could you please explain more detail with steps?

What should I have to provide in SAML group attribute? Pease see my current screenshot

This relies entirely on your SAML configuration in Azure AD, which we don’t have any specific guidance for. Group information needs to be returned in the SAML response the same way your login, name, and e-mail is.

Hi Colin,

This is what I tried to find.
From my sonarqube

From my AAD (Enterprise Application)

However, when I created new group in sonarqube, it did map to correct group. Moreover, users that I set manually to admin group was reset and add back to default group sonar-users.

Hi again,

This is my AAD group that I want to map with Sonarqube group:
image

Hi Colin,

It worked.

Thanks

1 Like