Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSO into SonarQube while managing users in Atlassian Crowd

October 21, 2021

SonarQube Integration with Crowd.png

When it comes to writing code, we all know how important it is to write maintainable, clean, and bug-free code. And while talking about bug-free code, the first name that comes to mind is SonarQube. SonarQube is a renowned open-source platform that provides a static code analysis tool. It does continuous code inspection, provides code insight, and guides the developers on how to write clean and secure code. 

User and Permission management is always a concern for enterprises after they deploy applications like SonarQube. Enterprises need to manage access to such applications to allow specific users with being secure. In SonarQube, to make this process easy and more secure, miniOrange has released a SonarQube SAML Single Sign On (SSO) plugin with the feature-set that most enterprises require.

Atlassian Crowd is a powerful tool that enables users to create sessions for multiple Atlassian products like Jira, Confluence, Bitbucket, etc. The Crowd is a centralized identity for access management application that manages the users from various directories like Active Directory, LDAP, Open LDAP, Microsoft Azure Active Directory for connected applications. 

 The enterprises that use the Crowd for managing users and their permissions are also looking to delegate user authentication to central IDP (Identity Provider) for better security and seamless access for all the Crowd-connected applications. miniOrange provides an out-of-the-box Crowd Connector solution that supports this use case for Atlassian applications like Jira, Confluence, Bitbucket, Bamboo and Fisheye. Now the question is, would you be able to take the same benefits for Non-Atlassian apps like SonarQube? 

Yes, it is possible! miniOrange is introducing a Crowd-connector solution for SonarQube so that you can take real advantage of Single Sign-On. Now, your users will be able to access all Atlassian apps as well as SonarQube using the same IDP session. 

 

How does the miniOrange plugin handle this use case?

We have a SonarQube Crowd SSO Connector capable of creating user sessions by reading the Crowd session. So like any other Atlassian applications such as Jira, Confluence, and Bitbucket, you can manage groups and permissions from the Crowd. You can authenticate to the Crowd using the miniOrange’s Crowd SAML SSO plugin. And with the help of this plugin, you can invoke SSO from SonarQube itself. You do not need to log in to the Crowd explicitly.

 

How does it work?

Crowd SAML SSO Plugin acts as a SAML Service Provider and enables trust with Identity Providers. Crowd SAML SSO plugin takes care of the SAML Request, SAML response, and user session management at the Crowd end. Once the Crowd session is created, the SonarQube Crowd Connector plugin reads the session and gets the user logged into SonarQube. 

Here, IDP authenticates the user while Crowd still manages users and their groups (permissions) for all other connected applications. With this flow, end-users will experience a seamless login and won't notice that the SSO request and response passes through the Crowd Server. 

 

Let us understand the Workflow!

  1. The user tries to access the SonarQube application.
  2. For authentication, the users would get forwarded to the IDP application's login page.
    1. The SonarQube Crowd SSO Connector will redirect users to the Crowd SAML plugin.
    2. The Crowd SAML plugin will forward the user to the IDP application for authentication.
  3. Once the authentication is successful, the user will be redirected back to the SonarQube application and logged in.
    1. IDP sends a response back to the Crowd SAML plugin.
    2. Crowd SAML plugin validates the user creating the user session, and redirects the user to the starting application.
    3. Users will be granted access to SonarQube based on their groups and applications configured on Crowd.

 

SonarQube Crowd SSO Connector Flow.png

What are the Key Benefits? 

  1. There is only one set of SAML configurations for all the Atlassian as well as SonarQube.
  2. User authentication will be moved to central IDP without losing or affecting any of the existing user permissions.
  3. Users will be able to access all the connected applications (Atlassian and SonarQube) using their IDP credentials.
  4. This solution makes it simple to enforce an additional security layer like MFA on top of the SSO, which was not possible while using Crowd for Single Sign-On.

 

Don’t have a Crowd Directory? No worries! We have an alternative solution where you can use dedicated SAML SSO plugins for Atlassian and Non Atlassian Apps like Jira, Confluence, Bitbucket and SonarQube and configure it directly with central IDP.

 

What do you think of this solution? Do you think this would help to centralize authentication for your users? Let us know in the comments.

Drop us a mail at info@xecurify.com or raise a ticket here to talk to us.

Comment
Watch
Like # people like this
3263 views

2 comments

Craig Castle-Mead
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 12, 2022

Would love if this solution supported a SonarQube sync from Crowd to populate all the users/groups/memberships from Crowd, but SAML auth from Okta.

I've contacted you via your website on this,  but will keep this thread up to date with the response as well as it might be a use case others could apply.

CCM

Like Akshay_miniOrange likes this
Akshay_miniOrange
Akshay_miniOrange May 13, 2022
Hi  @Craig Castle-Mead,

Thanks for showing interset in our SonarQube Crowd Connector solution.

Seems, you want to perform SAML SSO with Okta but manage user and groups from Crowd. If that's the case, I'm certain this is the solution you required. It works along with our Crowd SAML SSO add-on, where Crowd SAML SSO takes care of SAML SSO, and SonarQube Connector add-on take care of syncing user profile/groups and allowing users to initiate SSO directly from the SonarQube.

In this case, whenever the user tries to access SonarQube, he will be redirected to OKTA for Authentication. The SSO authentication requests and responses to and from OKTA will go through the Crowd server. The user authentication will be done by the OKTA and Crowd can still be used to manage user permissions.

I have also responded to you over email, and we can continue the conversation and setup assistance over email.

Thanks,
Akshay
Like # people like this

Comment

Log in or Sign up to comment
Shradha Kamble

Shradha Kamble

Atlassian Partner

About this author

Senior Software Engineer

18 total posts

View profile
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events