This an an archived version of the documentation for SonarQube version 4.5 & 4.5.x LTS.
See for current functionality

Skip to end of metadata
Go to start of metadata
Unknown macro: {iframe}

Your browser does not support iframes.

Description / Features

This plugin enables the delegation of SonarQube authentication to Atlassian Crowd.

Only password-checking is done against the external system. Authorization (access control) is still fully managed in SonarQube. That’s why Crowd users do not automatically have access to SonarQube. During the first authentication trial, if the password is correct, the SonarQube database is automatically populated with the new user. The System administrator should also assign the user to the desired groups in order to grant him necessary rights. If one exists, the password in the SonarQube account will be ignored as the external system password will override it.









2.0.2 - 2.2.x


  1. Install the plugin through the Update Center or download it into the SONARQUBE_HOME/extensions/plugins directory
  2. Restart the SonarQube server


  1. Make sure that at least one user with System administration role exists in SonarQube as well as in the external system
  2. Update the SONARQUBE_HOME/conf/ file by adding the following lines:

    # Activates the plugin. Leave blank or comment out to use default SonarQube authentication.
    sonar.authenticator.class: org.sonar.plugins.crowd.CrowdAuthenticator
    # Ignore failure at startup if the connection to external system is refused.
    # Users can browse SonarQube but not log in as long as the connection fails.
    # When set to true, SonarQube will not start if connection to external system fails.
    # Default is false.
    #sonar.authenticator.ignoreStartupFailure: true
    # Automatically create users.
    # When set to true, user will be created after successful authentication, if doesn't exists.
    # The default group affected to new users can be defined online, in SonarQube general settings. The default value is "sonar-users".
    # Default is false.
    sonar.authenticator.createUsers: true
    # URL of the Crowd server (usually ends with /services/).
    # Crowd application name.
    # Default is 'sonar'.
    # Crowd application password.
  3. Restart the SonarQube server and check the log file for:

    INFO  org.sonar.INFO  Authentication plugin: class org.sonar.plugins.crowd.CrowdAuthenticator
    INFO  org.sonar.INFO  Authentication plugin started
  4. Log in to SonarQube

Technical Users

Since SonarQube 4.2, technical users can be set. Technical users are authenticated against SonarQube's own database of users, rather than against any external tool (LDAP, Active Directory, Crowd, etc.).

Similarly, all accounts not flagged as local will be authenticated only against the external tool. By default admin is a technical account. Technical accounts are configured in SONARQUBE_HOME/conf/ in the (default value = admin) property as a comma-separated list.


For versions prior to SonarQube 4.1, you can enable debug logging by adding the following to conf/logback.xml:

  <logger name="org.sonar.plugins.crowd">
    <level value="DEBUG"/>
    <appender-ref ref="CONSOLE"/>
    <appender-ref ref="SONAR_FILE"/>