Why email address is checked in SAML authentication?

Continuing the discussion from Migration to SAML authentication:

Why the email address is checked while login?
I have a local administrator (no SAML!) which I would like to configure with my personal email address.
The same email address is configured in my personal AD account.
If I have configured both SQ users with the same email address I cannot login anymore with SAML with the following error message:

This account is already associated with another authentication method.
Sign in using the current authentication method,
or contact your administrator to transfer your account to a different authentication method.

This is confusing because the configured identity is the domain user name (onpremisessamaccountname).

This applies to SQ version 9.9 and 10.0.


In fact, this applies much farther back than that. I’m not finding it in the docs (and I plan to raise that internally) but IIRC, we insist on email unicity because it does / can come into play for issue assignment.


Users should be assigned, now email addresses.
As explained there are two users with the same address: It is me in two different roles, user and (local) administrator.


I’ve confirmed internally that the email unicity requirement is because we use it in issue assignment. Perhaps your email admin can give you an alias?


Perhaps you can assign users, and send information on user’s email address.

Hello we are facing similar kind of we have integrated Sonar with Azure Ad using SAML SSO.
Ideally, SonarQube should consistently use the email ID for login purposes, as we typically grant access based on the user’s email ID. However, in this particular instance, the system is utilizing the users’ SHORTID, associated with their [xxxx.net]) accounts. And this is issue started happening for the new users who got onboarded to sonarqube and the system is working fine for existing users. any thoughts on this???

Hi @Lakshmi_Ganapathi,

Per the FAQ, please create a new thread with all your details.