Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,296,589
Community Members
 
Community Events
165
Community Groups

SSO into SonarQube while managing users in Atlassian Crowd

SonarQube Integration with Crowd.png

When it comes to writing code, we all know how important it is to write maintainable, clean, and bug-free code. And while talking about bug-free code, the first name that comes to mind is SonarQube. SonarQube is a renowned open-source platform that provides a static code analysis tool. It does continuous code inspection, provides code insight, and guides the developers on how to write clean and secure code. 

User and Permission management is always a concern for enterprises after they deploy applications like SonarQube. Enterprises need to manage access to such applications to allow specific users with being secure. In SonarQube, to make this process easy and more secure, miniOrange has released a SonarQube SAML Single Sign On (SSO) plugin with the feature-set that most enterprises require.

Atlassian Crowd is a powerful tool that enables users to create sessions for multiple Atlassian products like Jira, Confluence, Bitbucket, etc. The Crowd is a centralized identity for access management application that manages the users from various directories like Active Directory, LDAP, Open LDAP, Microsoft Azure Active Directory for connected applications. 

 The enterprises that use the Crowd for managing users and their permissions are also looking to delegate user authentication to central IDP (Identity Provider) for better security and seamless access for all the Crowd-connected applications. miniOrange provides an out-of-the-box Crowd Connector solution that supports this use case for Atlassian applications like Jira, Confluence, Bitbucket, Bamboo and Fisheye. Now the question is, would you be able to take the same benefits for Non-Atlassian apps like SonarQube? 

Yes, it is possible! miniOrange is introducing a Crowd-connector solution for SonarQube so that you can take real advantage of Single Sign-On. Now, your users will be able to access all Atlassian apps as well as SonarQube using the same IDP session. 

 

How does the miniOrange plugin handle this use case?

We have a SonarQube Crowd SSO Connector capable of creating user sessions by reading the Crowd session. So like any other Atlassian applications such as Jira, Confluence, and Bitbucket, you can manage groups and permissions from the Crowd. You can authenticate to the Crowd using the miniOrange’s Crowd SAML SSO plugin. And with the help of this plugin, you can invoke SSO from SonarQube itself. You do not need to log in to the Crowd explicitly.

 

How does it work?

Crowd SAML SSO Plugin acts as a SAML Service Provider and enables trust with Identity Providers. Crowd SAML SSO plugin takes care of the SAML Request, SAML response, and user session management at the Crowd end. Once the Crowd session is created, the SonarQube Crowd Connector plugin reads the session and gets the user logged into SonarQube. 

Here, IDP authenticates the user while Crowd still manages users and their groups (permissions) for all other connected applications. With this flow, end-users will experience a seamless login and won't notice that the SSO request and response passes through the Crowd Server. 

 

Let us understand the Workflow!

  1. The user tries to access the SonarQube application.
  2. For authentication, the users would get forwarded to the IDP application's login page.
    1. The SonarQube Crowd SSO Connector will redirect users to the Crowd SAML plugin.
    2. The Crowd SAML plugin will forward the user to the IDP application for authentication.
  3. Once the authentication is successful, the user will be redirected back to the SonarQube application and logged in.
    1. IDP sends a response back to the Crowd SAML plugin.
    2. Crowd SAML plugin validates the user creating the user session, and redirects the user to the starting application.
    3. Users will be granted access to SonarQube based on their groups and applications configured on Crowd.

 

SonarQube Crowd SSO Connector Flow.png

What are the Key Benefits? 

  1. There is only one set of SAML configurations for all the Atlassian as well as SonarQube.
  2. User authentication will be moved to central IDP without losing or affecting any of the existing user permissions.
  3. Users will be able to access all the connected applications (Atlassian and SonarQube) using their IDP credentials.
  4. This solution makes it simple to enforce an additional security layer like MFA on top of the SSO, which was not possible while using Crowd for Single Sign-On.

 

Don’t have a Crowd Directory? No worries! We have an alternative solution where you can use dedicated SAML SSO plugins for Atlassian and Non Atlassian Apps like Jira, Confluence, Bitbucket and SonarQube and configure it directly with central IDP.

 

What do you think of this solution? Do you think this would help to centralize authentication for your users? Let us know in the comments.

Drop us a mail at info@xecurify.com or raise a ticket here to talk to us.

2 comments

Would love if this solution supported a SonarQube sync from Crowd to populate all the users/groups/memberships from Crowd, but SAML auth from Okta.

I've contacted you via your website on this,  but will keep this thread up to date with the response as well as it might be a use case others could apply.

CCM

Hi  @Craig Castle-Mead,

Thanks for showing interset in our SonarQube Crowd Connector solution.

Seems, you want to perform SAML SSO with Okta but manage user and groups from Crowd. If that's the case, I'm certain this is the solution you required. It works along with our Crowd SAML SSO add-on, where Crowd SAML SSO takes care of SAML SSO, and SonarQube Connector add-on take care of syncing user profile/groups and allowing users to initiate SSO directly from the SonarQube.

In this case, whenever the user tries to access SonarQube, he will be redirected to OKTA for Authentication. The SSO authentication requests and responses to and from OKTA will go through the Crowd server. The user authentication will be done by the OKTA and Crowd can still be used to manage user permissions.

I have also responded to you over email, and we can continue the conversation and setup assistance over email.

Thanks,
Akshay
Like # people like this

Comment

Log in or Sign up to comment
TAGS
Community showcase
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

325 views 0 10
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you