-
Notifications
You must be signed in to change notification settings - Fork 44
Group Sync
As an advanced configuration option, you can sync group membership in the Azure Active Directory with SonarQube. This feature was introduced in version 1.1 RC1 of the plugin.
This feature works by matching the names of the Active Directory groups to which the logged in user belongs with those in SonarQube and adjusting the membership on login.
The plugin doesn't work with indirect group membership, such as when a group is a member of another group.
-
To begin, sign into the Azure Management Portal. (If you are using one of the "national cloud" Azure instances, log in using the correct portal URL for your country.)
-
Open the Azure Active Directory blade from the shortcut on the left, or if the shortcut is missing, search from the top of the page.
-
On the sidebar, under the Manage category, choose
App registrationsand then select the application you registered for SonarQube. -
Click on the
Settingsbutton at the top of the screen and then selectRequired permissions. Select "Windows Azure Active Directory" from the list that appears. Make sure that "Read directory data" from the "Delegated Permissions" section is selected. Make sure to selectSaveto update the permissions. -
Click on the
Grant permissionsbutton at the top of the previous pane. This will grant the permissions that you selected and allow the plugin to read the user's groups. This step _must _ be done or group sync will not work.
-
Log into your SonarQube install with an account that has administrative permission.
-
Click on the
Administrationheader at the top, then select theAzure Active Directorytab from the general settings area. -
Toggle the setting labeled
Enable Groups Synchronizationto on/enabled to activate the plugin.
This is a very easy process. All you need to do is create a security group in SonarQube with the same name as one in your Active Directory. The name must match exactly or the sync will not work. Once a user logs into your SonarQube install that's a member of that group, they will be added to that group in SonarQube. If they are removed from that group in AD, then they will be removed from the group in SonarQube once they log back in.