You can delegate authentication to GitLab using a dedicated GitLab OAuth application.
Creating a GitLab OAuth app
You can find general instructions for creating a GitLab OAuth app here.
Specify the following settings in your OAuth app:
- Name: Your app's name, such as SonarQube.
- Redirect URL:
<Your SonarQube URL>/oauth2/callback/gitlab. For example,
- Scopes: Select api if you plan to enable group synchronization. Select read_user if you only plan to delegate authentication.
After saving your application, GitLab takes you to the app's page. Here you find your Application ID and Secret.
Setting your authentication settings in SonarQube
Open your SonarQube instance, and navigate to Administration > Configuration > General Settings > Authentication > GitLab Authentication. Set the following settings to finish setting up GitLab authentication:
- Enabled: Set to
- Application ID: The application ID is found on your GitLab app's page.
- Secret: The secret is found on your GitLab app's page.
On the login form, the new Log in with GitLab button allows users to connect with their GitLab accounts.
GitLab group synchronization
Enable Synchronize user groups at Administration > Configuration > General Settings > Authentication > GitLab Authentication to associate GitLab groups with existing SonarQube groups of the same name. GitLab users inherit membership to subgroups from parent groups.
To synchronize a GitLab group or subgroup with a SonarQube group, name the SonarQube group with the full path of the GitLab group or subgroup URL.
For example, with the following GitLab group setup:
- GitLab group: My Group
- GitLab subgroup: My Subgroup
- GitLab subgroup URL:
You should name your SonarQube group
my-group to synchronize it with your GitLab group and