Resolution: Won't Fix
MMF-150 will be available, it will be possible from SonarQube to log in based on any OAuth 2.0 service and so based on user PERSONAL GitHub, Google, Microsoft, ... accounts for instance. But for companies using AAD to manage their employee PROFESSIONAL accounts, it will be also possible to configure SonarQube to make the authentication against AAD using the OAuth 2.0 protocol.
The next step and purpose of this ticket is then to also automatically synchronize the SonarQube user groups at login time based on what is defined in AAD.
As mentioned by Jean-Marc Prieur MSFT:
The information in the directory is contained in the Azure Active Directory Graph. And therefore, I believe that we are interested in the following scopes:
I think that we need the user to accept:
- User.Read for the Single Sign-on.
- Group.Read.All and User.ReadBasic.All for the groups information.
- In the future if we wanted to support reports based on the management chain (some customers would like to have a consolidation of technical debt by manager, hierarchically), we’d also need the User.Read.All