Integrate with SonarQube
Support level: Community
What is SonarQube?
SonarQube Server is a self-managed static analysis tool for continuous code inspection.
Preparation
The following placeholders are used in this guide:
sonarqube.companyis the FQDN of the SonarQube installation.authentik.companyis the FQDN of the authentik installation.
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
authentik configuration
authentik 2026.5 introduces changes to how the SAML provider behaves. Specifically, the provider now automatically sets the Issuer value to: https://authentik.company/application/saml/<application_slug>/metadata/
Older versions of authentik set this value to authentik by default. If you're running an older version, please set Issuer to https://authentik.company/application/saml/<application_slug>/metadata/, where <application_slug> is the slug that you selected for the application.
To support the integration of SonarQube with authentik, you need to create an application/provider pair in authentik.
Create an application and provider in authentik
-
Log in to authentik as an administrator and open the authentik Admin interface.
-
Navigate to Applications > Applications and click New Application to open the application wizard.
- Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Note the Slug value because it will be required later.
- Choose a Provider type: select SAML Provider as the provider type.
- Configure the Provider: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Set the ACS URL to
https://sonarqube.company/oauth2/callback/saml. - Set the Audience to
sonarqube. - Under Advanced protocol settings:
- Select an available Signing Certificate.
- Set Service Provider Binding to Post.
- Set the ACS URL to
- Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's Application Dashboard page.
-
Click Submit to save the new application and provider.
SonarQube configuration
- Log in to SonarQube as an administrator.
- Navigate to Administration > Configuration > General Settings > Authentication > SAML.
- Click Create Configuration and configure the following settings:
- Application ID:
sonarqube - Provider Name:
authentik - Provider ID:
https://authentik.company/application/saml/<application_slug>/metadata/ - SAML login URL:
https://authentik.company/application/saml/<application_slug>/ - Identity provider certificate: paste the signing certificate that you selected for the authentik SAML provider. You can download it from the authentik SAML provider page, under Related objects > Download signing certificate.
- SAML user login attribute:
http://schemas.goauthentik.io/2021/02/saml/username - SAML user name attribute:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name - SAML user email attribute:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Application ID:
- Click Save configuration.
- Click Test Configuration to start a SAML test sign-in.
- After the test succeeds, click Enable configuration.
Configuration verification
To confirm that authentik is properly configured with SonarQube, log out of SonarQube and open the integration. Click Log in with authentik and confirm that you are redirected to authentik for authentication and then back to SonarQube.