Skip to end of metadata
Go to start of metadata

Table of Contents

The first question that should be answered when setting the security strategy for SonarQube is: Can anonymous users browse the SonarQube instance or is authentication be required? 

To force user authentication, log in as a system administrator, go to Administration > Configuration > General Settings > Security, and set the Force user authentication property to true

Authentication Mechanisms

Authentication can be managed through a number of mechanisms :

  • Via the SonarQube built-in users/groups database
  • Via external identity providers such as an LDAP server (including LDAP Service of Active Directory), GitHub etc. See the Authentication & Authorization section of the Plugin Library.

  • Via HTTP headers

Technical Users

When you create a user in SonarQube's own database, it is considered as local and will only be authenticated against SonarQube's own user/group database rather than against any external tool (LDAP, Active Directory, Crowd, etc.). By default admin is a local account.

Similarly, all non-local accounts will be authenticated only against the external tool. 

An Administrator can manage tokens on a user's behalf via Administration > Security > Users. From here, click in the user's Tokens column to see the user's existing tokens, and either revoke existing tokens or generate new ones. Once established, a token is the only credential needed to run an analysis. Pass it as the value to the sonar.login property.

Default Admin Credentials

When installing SonarQube, a default user with Administer System permission is created automatically:

  • Login: admin
  • Password: admin

FAQ

I lost the admin password

In case you lost the admin password of your SonarQube instance, you can reset it by executing the following query:

update users set crypted_password = '88c991e39bb88b94178123a849606905ebf440f5', salt='6522f3c5007ae910ad690bb1bdbf264a34884c6d' where login = 'admin'

This will reset the password to admin.

  • No labels