Synchronize groups using SAML authentication on Okta

SonarQube Server / Community Build
,
1

Heads-up that a SAML login will overwrite your groups in SonarQube. Make sure you have another admin user available to recover.

To get group assignments via SAML to work with Okta I did something like the following:

  1. In SonarQube, go to Administration > Security > Groups (<SonarQube URL>/admin/groups)
  2. Create group example-internal:sonarqube-admins
  3. Create group example-internal:sonarqube-users
  4. In SonarQube, go to Administration > Security > Global Permissions (<SonarQube URL>/admin/permissions)
  5. Search for example-internal:sonarqube-
  6. For group example-internal:sonarqube-admins, tick the Administer System, Administer Quality Profiles, Administer Quality Gates, and Create Projects check boxes
  7. In SonarQube, go to Administration > Security > Global Permissions (<SonarQube URL>/admin/permission_templates)
  8. By Default Template, click gear and select Edit Permissions
  9. Search for example-internal:sonarqube-
  10. Tick same check boxes for example-internal:sonarqube-users as are ticked for sonar-users
  11. Tick same check boxes for example-internal:sonarqube-admins as are ticked for sonar-administrators
  12. Create example-internal:sonarqube-users in Okta and assign to appropriate users
  13. Create example-internal:sonarqube-admins in Okta and assign to appropriate users (certainly include yourself while testing)

You can take this even further by creating group rules in Okta to assign users of AD groups to the example-internal:sonarqube- groups.

2

@AlainODea I’ve move this post to a new topic as it was not related to the problem of No provider key found in URI.

1 Like
3

@AlainODea Do you think you can help us with the following? Thanks!

4

Hi, my integration is working, but when I try to reconcile my groups from okta → sonarqube, all users get assigned to default group in sonarqube - sonar-users, instead of example-internal:sonarqube-users
Similarly, I have my example-internal:sonarqube-admins group in sonarqube and okta, but none of users in okta group example-internal:sonarqube-admins gets admin permission in sonaqube, user gets assigned to again sonar-users
I also have my group attribute to match regex example-internal:sonarqube
Do you have any solution on this? it would be great help
My sonarqube is 9.8 community edition