Uploaded image for project: 'Product Roadmaps'
  1. Product Roadmaps
  2. MMF-152

Support synchronization of user groups with AAD after a OAuth 2 login

    XMLWordPrintable

    Details

    • Type: MMF
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Labels:

      Description

      Once MMF-150 will be available, it will be possible from SonarQube to log in based on any OAuth 2.0 service and so based on user PERSONAL GitHub, Google, Microsoft, ... accounts for instance. But for companies using AAD to manage their employee PROFESSIONAL accounts, it will be also possible to configure SonarQube to make the authentication against AAD using the OAuth 2.0 protocol.

      The next step and purpose of this ticket is then to also automatically synchronize the SonarQube user groups at login time based on what is defined in AAD.

      As mentioned by Jean-Marc Prieur MSFT:

      The information in the directory is contained in the Azure Active Directory Graph. And therefore, I believe that we are interested in the following scopes:

      https://msdn.microsoft.com/Library/Azure/Ad/Graph/howto/azure-ad-graph-api-permission-scopes

      I think that we need the user to accept:

      • User.Read for the Single Sign-on.
      • Group.Read.All and User.ReadBasic.All for the groups information.
      • In the future if we wanted to support reports based on the management chain (some customers would like to have a consolidation of technical debt by manager, hierarchically), we’d also need the User.Read.All

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              freddy.mallet Freddy Mallet (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: