We have an enterprise agreement, and have create 4 different orgs with LOC tokens within the Enterprise. When we go to one the of new orgs to add projects in our Azure Repos
we get the error - Organisation is already bound to one of the Sonar organisations.
The problem is these are separate dev teams with different permissions etc. We want each org to see only their code and work on their fixes. How do we fix this so each Org can independently see their Azure Repos.
Hey @tony.boulton,
Happy to try and help. So it is the case that there is a 1-1 binding between an ADO Organization and a SonarCloud Organization. We would usually recommend a service account or a technical user account in ADO to generate the Personal Access Token, and “bind” Sonar to the ADO org one time using that:
Once the bindings are setup to pull in projects for each organization, you will have groups or individual developers who should only be able to access certain repos / projects. You can set this up in Sonar, to say what groups of developers can access with projects, using Groups and Permission Templates:
Are you using Entra ID with your SQC setup? If so, some of this can be automated by creating the groups in SonarQube with the same name as in Entra ID to allow auto group sync as your users login:
Apologies this is a bit of content - essentially, the error you are getting is valid. You can only “bind” the ADO org once, which should be done using a service account or technical user account. After that, it is about importing the projects via that binding and then setting out proper RBAC, which can slightly differ depending on if you have Entra ID setup.
Let me know if this helps at all, happy to try and clarify anything.
Thanks,
Jamie
1 Like