The first question that should be answered when setting the security strategy is: Can anonymous users browse the SonarQube instance or is authentication be required? To force user authentication, log in as a System administrator and go to Administration > Configuration > General Settings > Security and set the Force user authentication property to
true. To allow users to sign up for a SonarQube account, set the Allow users to sign up property to
Creating a User
A user is a set of basic information: login, password, name and email.
To create a new user, go to Administration > Security > Users > Create User:
Changing your Password
To change your password, log in and go to My_Name > My profile > Change password:
When the LDAP plugin is installed and activated, it is no longer possible for users to change their passwords. Then, only system administrators can do so through Administration > Security > Users by clicking on the padlock icon. Note that this password is only used when the LDAP server is not reachable and the authentication mechanism fall back to the SonarQube built-in mechanism.
Technical users that are authenticated against SonarQube's own database of users, rather than against any external tool (LDAP, Active Directory, Crowd, etc.) can be created.
Similarly, all non-local accounts will be authenticated only against the external tool. By default
admin is a technical account. Technical accounts are configured in SONARQUBE_HOME/conf/sonar.properties in the
sonar.security.localUsers (default value = admin) property as a comma-separated list.
Default Admin Credentials
When installing SonarQube, a default user with Administer System permission is created automatically:
- Login: admin
- Password: admin
I lost the admin password
In case you lost the
admin password of your SonarQube instance, you can reset it by executing the following query:
This will reset the password to