Capabilities
The SonarQube connector syncs active users, groups, global permissions (system-wide roles), permission templates (custom project-level roles), and projects with their permission assignments.
This connector supports the following provisioning operations:
- Users: Create new local users (with auto-generated passwords) and deprovision users via soft delete (deactivation)
- Groups: Add and remove users from groups
- Global Permissions: Assign and revoke system-wide permissions to users
- Permission Templates: Assign and revoke specific permissions within permission templates to users (
admin,user,codeviewer,issueadmin,securityhotspotadmin,scan) - Projects: Assign and revoke project-level permissions to users (
admin,issueadmin,securityhotspotadmin,scan)
The SonarQube v2 Users API returns only active users by default; the connector does not apply an additional filter on top of that. If the API ever returns inactive users, the connector represents them with a disabled status.
Grant expansion supported. When a group has a permission assigned via SonarQube UI (global or project-level), all members of that group automatically inherit that permission through grant expansion. Group permission assignments are read-only — they are synced but not provisioned through the connector.
Requirements
- SonarQube Server 10.0+ or SonarQube Cloud
- A SonarQube API token generated by a user with Administer System global permission
Bearer token authentication (used by this connector) is only supported in SonarQube 10.0 and later. SonarQube Server versions prior to 10.0 are not supported.
Gather SonarQube credentials
Configuring the connector requires a SonarQube API token. Gather this credential before you move on.Generate a SonarQube API token
1
Log in to your SonarQube instance with an administrator account (the account must have Administer System global permission).
2
Click on your profile avatar in the top-right corner and navigate to My Account → Security.
3
Under Generate Tokens, enter a token name (for example,
C1).4
Select User Token as the token type.
5
Click Generate and copy the token immediately — it will not be shown again.
Configure the SonarQube connector
- Cloud-hosted
- Self-hosted
Follow these instructions to use a built-in, no-code connector hosted by C1.Done. Your SonarQube connector is now pulling access data into C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for SonarQube and click Add.
3
Choose how to set up the new SonarQube connector:
- Add the connector to a currently unmanaged app
- Add the connector to a managed app
- Create a new managed app
4
Set the owner for this connector and click Next.
5
Find the Settings area of the page and click Edit.
6
Enter your SonarQube instance URL in the SonarQube URL field (for example,
https://sonarqube.example.com).7
Paste the API token you generated into the SonarQube Access Token field.
8
Click Save.
9
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.
Known limitations
Project permissions
The connector supports 4 project-level permissions for provisioning:admin, issueadmin, securityhotspotadmin, and scan. The user (Browse) and codeviewer (See Source Code) permissions are not supported for provisioning because:
- For public projects: These permissions are implicit — all users automatically have access.
- For private projects: Access is controlled by project visibility settings.
user and codeviewer are provisionable at the permission template level. Permission templates apply these permissions to projects when the template is associated with a project, rather than assigning them to individual projects directly.