This is an archived version of the documentation for SonarQube version 6.5.
See Documentation for current functionality
The first question that should be answered when setting the security strategy for SonarQube is: Can anonymous users browse the SonarQube instance or is authentication be required?
To force user authentication, log in as a system administrator, go to Administration > Configuration > General Settings > Security, and set the Force user authentication property to
Authentication can be managed through a number of mechanisms :
- Via the SonarQube built-in users/groups database
Via external identity providers such as an LDAP server (including LDAP Service of Active Directory), GitHub etc. See the Authentication & Authorization section of the Plugin Library.
- Via HTTP headers:
SONAR-5430Getting issue details...
This can be enabled in sonar.properties (property sonar.web.sso.enable). Refer to your Reverse Proxy documentation for guidance on how to feed and forward the appropriate headers accordingly.
When you create a user in SonarQube's own database, it is considered as local and will only be authenticated against SonarQube's own user/group database rather than against any external tool (LDAP, Active Directory, Crowd, etc.). By default
admin is a local account.
Similarly, all non-local accounts will be authenticated only against the external tool.
An Administrator can manage tokens on a user's behalf via Administration > Security > Users. From here, click in the user's Tokens column to see the user's existing tokens, and either revoke existing tokens or generate new ones. Once established, a token is the only credential needed to run an analysis. Pass it as the value to the
Default Admin Credentials
When installing SonarQube, a default user with Administer System permission is created automatically:
- Login: admin
- Password: admin
I lost the admin password
In case you lost the
admin password of your SonarQube instance, you can reset it by executing the following query:
This will reset the password to