Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Creating a SAML app in Yandex Identity Hub for integration with SonarQube

Written by
Updated at November 25, 2025

Note

This feature is at the Preview stage.

SonarQube is a platform that automatically scans source code to identify errors and vulnerabilities and evaluate test coverage. SonarQube supports SAML authentication to provide secure SSO for your organization's users.

To authenticate your organization's users to SonarQube via SAML SSO, create a SAML app in Identity Hub and configure it appropriately both in Identity Hub and SonarQube.

SAML apps can be managed by users with the organization-manager.samlApplications.admin role or higher.

For the users of your organization to be able to access SonarQube:

  1. Create an app.
  2. Set up the integration.
  3. Make sure the application works correctly.

Create an app

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. In the top-right corner, click Create application and in the window that opens:
    1. Select the SAML (Security Assertion Markup Language) single sign-on method.
    2. In the Name field, specify a name for your new app: sonarqube-app.
    3. Optionally, in the Description field, enter a description for the new app.
    4. Optionally, add labels:
      1. Click Add label.
      2. Enter a label in key: value format.
      3. Press Enter.
    5. Click Create application.

Set up the integration

Note

SAML integration is supported for SonarQube Developer Edition and higher.

To integrate SonarQube with the SAML app you created in Identity Hub, complete the configuration both on the SonarQube side and in Identity Hub.

Set up the SAML app in SonarQube

Note

To set up the SAML app in SonarQube, the user needs the Administer System global permission.

  1. To configure SAML authentication in SonarQube, in the left-hand panel, navigate to Administration and then, in the menu that opens, go to Configuration -> General Settings. In the General Settings menu, select Authentication -> SAML.
  2. Click Create configuration.

Then complete the steps below:

Connect SonarQube to the IdP

Configure a link between SonarQube and Identity Hub:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and then, the SAML app.
  3. In the Overview tab, under Identity provider (IdP) configuration, copy the Issuer / IdP EntityID and Login URL field values.
  4. On the Overview tab, under Application certificate, click Download certificate and save the file to your device.
  5. Go back to SonarQube, then in the Edit SAML configuration menu:
    1. In the Application ID field, leave the default value, sonarqube.
    2. Paste the copied values ​​into the Provider ID and SAML login url fields.
    3. Open the saved certificate file in any text editor, copy its contents and paste it into the Identity provider certificate field.

Map user attributes

Set up mapping between user object fields in SonarQube and Identity Hub:

  1. In the SAML user login attribute field, specify login.
  2. In the SAML user name attribute field, specify fullname.
  3. Optionally, in the SAML user email attribute field, specify emailaddress.
  4. If you want SonarQube users to get assigned to one of the groups when they log in, add the user group attribute. To do this, specify groups under SAML group attribute.
  5. Save the settings by clicking Save configuration.
  6. Click Enable configuration.

Set the public URL

In the General Settings menu, from the Authentication section, go to General. Under General, in the Server base URL field, enter https://<your-domain>.

Map user groups

Note

If you do not configure group mapping, all users will be assigned to the default sonar-users group when they log in.

You can set up which group to assign users to upon login. To do this, you need to create groups on the SonarQube side:

  1. At the top of the page, from the Configuration section, go to Security -> Groups.
  2. Click Create Group.
  3. In the Name field, enter a name for the group, e.g., test-group. You will need to create the group when setting up the app in Identity Hub.
  4. Click Create.
  5. To configure permissions for the group:
    1. In the Security menu, go from the Groups section to the Global Permissions section.
    2. To the right of the test-group, check the required permissions.

Set up the SAML application in Yandex Identity Hub

Set up service provider endpoints

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and then, the SAML app.
  3. In the top-right corner, click Edit and in the window that opens:
    1. Set the **SP EntityID ** field value to sonarqube.
    2. In the ACS URL field, enter this address: https://<your-domain>/oauth2/callback/saml.
    3. Click Save.

Configure user attributes

Warning

For integration with SonarQube, users must have the login attribute.

If users do not have the login attribute, add it:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and select the desired app.
  3. Navigate to the Attributes tab.
  4. In the top-right corner, click Add attribute and in the window that opens:
    1. In the Attribute name field, enter login.
    2. In the Value field, select SubjectClaims.preferred_username.
    3. Click Add.

If you have configured user group mapping in SonarQube, add the user group attribute. To do this:

  1. In the top-right corner, click Add group attribute and in the window that opens:
    1. In the Attribute name field, specify groups.
    2. In the Transmitted groups field, select Assigned groups only.
    3. Click Add.

For more information about configuring attributes, see Configure user and group attributes.

Add users

For your organization's users to be able to authenticate in SonarQube with Identity Hub's SAML app, you need to explicitly add these users and/or user groups to your SAML app.

Note

Users and groups added to a SAML application can be managed by a user with the organization-manager.samlApplications.userAdmin role or higher.

  1. If you have configured user group mapping on the SonarQube side, create the required group:

    1. Log in to Yandex Identity Hub.
    2. In the left-hand panel, select Groups.
    3. In the top-right corner of the page, click Create group.
    4. Enter the name: test-group.
    5. Click Create group.
    6. Add users to the group:
      1. Navigate to the Members tab.
      2. Click Add member.
      3. In the window that opens, select the required users.
      4. Click Save.

  2. Add users to the application:

    1. Log in to Yandex Identity Hub.
    2. In the left-hand panel, select Apps and select the required app.
    3. Navigate to the Users and groups tab.
    4. Click Add users.
    5. In the window that opens, select the required user or user group.
    6. Click Add.

Make sure your application works correctly

To ensure that your SAML app and integration with SonarQube are working correctly, authenticate to SonarQube as one of the users you added to the app. To do this:

  1. In your browser, navigate to the address of your SonarQube instance, e.g., https://<your-domain>.
  2. If you were logged in to SonarQube, log out.
  3. On the SonarQube authentication page, click Log in with SAML.
  4. On the Yandex Cloud authentication page, enter your email address and user password. The user or group they belong to must be added to the application.
  5. Make sure you are logged in to SonarQube.
  6. If you have configured role mapping, go to the user profile in SonarQube and make sure the appropriate group is displayed under Groups.
Previous
Yandex 360
Next
Organization