SONAR-21413 Rely on new boolean property isProvisioningTokenSet

server/sonar-web/src/main/js/apps/settings/components/authentication/GitLabAuthenticationTab.tsx

     }
     const type = changes.provisioningType ?? configuration.provisioningType;
     if (type === ProvisioningType.auto) {
-      const hasConfigGroups =
-        configuration.provisioningGroups && configuration.provisioningGroups.length > 0;
-      const hasToken = hasConfigGroups
-        ? changes.provisioningToken !== ''
-        : !!changes.provisioningToken;
-      return hasToken;
+      return configuration.isProvisioningTokenSet || !!changes.provisioningToken;
     }
     return true;
   };
                                     provisioningToken: value as string,
                                   })
                                 }
-                                isNotSet={configuration.provisioningType !== ProvisioningType.auto}
+                                isNotSet={!configuration.isProvisioningTokenSet}
                               />
                             </>
                           )}

server/sonar-web/src/main/js/apps/settings/components/authentication/GitLabConfigurationForm.tsx

         type: SettingType.BOOLEAN,
       },
     },
-    provisioningGroups: {
-      value: data?.provisioningGroups ?? [],
+    allowedGroups: {
+      value: data?.allowedGroups ?? [],
       required: true,
       definition: {
-        name: translate('settings.authentication.gitlab.form.provisioningGroups.name'),
+        name: translate('settings.authentication.gitlab.form.allowedGroups.name'),
         secured: false,
-        key: 'provisioningGroups',
-        description: translate(
-          'settings.authentication.gitlab.form.provisioningGroups.description',
-        ),
+        key: 'allowedGroups',
+        description: translate('settings.authentication.gitlab.form.allowedGroups.description'),
         multiValues: true,
       },
     },

server/sonar-web/src/main/js/apps/settings/components/authentication/__tests__/Authentication-Gitlab-it.tsx

     name: 'settings.almintegration.form.secret.update_field',
   }),
   groups: byRole('textbox', {
-    name: 'property.provisioningGroups.name',
+    name: 'property.allowedGroups.name',
   }),
   deleteGroupButton: byRole('button', { name: /delete_value/ }),
   removeProvisioniongGroup: byRole('button', {
-    name: /settings.definition.delete_value.property.provisioningGroups.name./,
+    name: /settings.definition.delete_value.property.allowedGroups.name./,
   }),
   saveProvisioning: glContainer.byRole('button', { name: 'save' }),
   cancelProvisioningChanges: glContainer.byRole('button', { name: 'cancel' }),
   expect(ui.editConfigButton.query()).not.toBeInTheDocument();
 });
 
+it('should change from just-in-time to Auto Provisioning if auto was never set', async () => {
+  const user = userEvent.setup();
+  renderAuthentication([Feature.GitlabProvisioning]);
+
+  expect(await ui.editConfigButton.find()).toBeInTheDocument();
+  expect(ui.jitProvisioningRadioButton.get()).toBeChecked();
+
+  user.click(ui.autoProvisioningRadioButton.get());
+  expect(await ui.autoProvisioningRadioButton.find()).toBeEnabled();
+  expect(ui.saveProvisioning.get()).toBeDisabled();
+
+  await user.type(ui.autoProvisioningToken.get(), 'JRR Tolkien');
+  expect(await ui.saveProvisioning.find()).toBeEnabled();
+});
+
+it('should change from just-in-time to Auto Provisioning if auto was set before', async () => {
+  handler.setGitlabConfigurations([
+    mockGitlabConfiguration({
+      allowUsersToSignUp: false,
+      enabled: true,
+      provisioningType: ProvisioningType.jit,
+      allowedGroups: ['D12'],
+      isProvisioningTokenSet: true,
+    }),
+  ]);
+  const user = userEvent.setup();
+  renderAuthentication([Feature.GitlabProvisioning]);
+
+  expect(await ui.editConfigButton.find()).toBeInTheDocument();
+  expect(ui.jitProvisioningRadioButton.get()).toBeChecked();
+
+  user.click(ui.autoProvisioningRadioButton.get());
+  expect(await ui.autoProvisioningRadioButton.find()).toBeEnabled();
+  expect(ui.saveProvisioning.get()).toBeEnabled();
+});
+
 it('should change from auto provisioning to JIT with proper validation', async () => {
   handler.setGitlabConfigurations([
     mockGitlabConfiguration({
       allowUsersToSignUp: false,
       enabled: true,
       provisioningType: ProvisioningType.auto,
-      provisioningGroups: ['D12'],
+      allowedGroups: ['D12'],
+      isProvisioningTokenSet: true,
     }),
   ]);
   const user = userEvent.setup();
       allowUsersToSignUp: false,
       enabled: true,
       provisioningType: ProvisioningType.auto,
-      provisioningGroups: ['Cypress Hill', 'Public Enemy'],
+      allowedGroups: ['Cypress Hill', 'Public Enemy'],
+      isProvisioningTokenSet: true,
     }),
   ]);
   const user = userEvent.setup();
       allowUsersToSignUp: false,
       enabled: true,
       provisioningType: ProvisioningType.auto,
-      provisioningGroups: ['Cypress Hill', 'Public Enemy'],
+      allowedGroups: ['Cypress Hill', 'Public Enemy'],
+      isProvisioningTokenSet: true,
     }),
   ]);
   const user = userEvent.setup();
       mockGitlabConfiguration({
         enabled: true,
         provisioningType: ProvisioningType.auto,
-        provisioningGroups: ['Test'],
+        allowedGroups: ['Test'],
       }),
     ]);
   });

server/sonar-web/src/main/js/helpers/mocks/alm-integrations.ts

     allowUsersToSignUp: false,
     synchronizeGroups: true,
     provisioningType: ProvisioningType.jit,
-    provisioningGroups: ['Cypress Hill'],
+    allowedGroups: ['Cypress Hill'],
+    isProvisioningTokenSet: false,
     ...overrides,
   };
 }

server/sonar-web/src/main/js/types/provisioning.ts

   url: string;
   secret: string;
   synchronizeGroups: boolean;
-  provisioningGroups: string[];
+  allowedGroups: string[];
 }
 
 export type GitLabConfigurationUpdateBody = {
   enabled?: boolean;
   provisioningType?: ProvisioningType;
   provisioningToken?: string;
-  provisioningGroups?: string[];
+  allowedGroups?: string[];
   allowUsersToSignUp?: boolean;
 };
 
   synchronizeGroups: boolean;
   url: string;
   provisioningType: ProvisioningType;
-  provisioningGroups: string[];
+  allowedGroups: string[];
   allowUsersToSignUp: boolean;
   errorMessage?: string;
+  isProvisioningTokenSet: boolean;
 };
 
 export enum ProvisioningType {

sonar-core/src/main/resources/org/sonar/l10n/core.properties

 settings.authentication.gitlab.form.secret.description=Secret provided by GitLab when registering the application.
 settings.authentication.gitlab.form.synchronizeGroups.name=Synchronize user groups
 settings.authentication.gitlab.form.synchronizeGroups.description=For each GitLab group they belong to, the user will be associated to a group with the same name (if it exists) in SonarQube. If enabled, the GitLab OAuth 2 application will need to provide the api scope.
-settings.authentication.gitlab.form.provisioningGroups.name=Groups
-settings.authentication.gitlab.form.provisioningGroups.description=Only members of these groups (and sub-groups) will be provisioned. Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`.
+settings.authentication.gitlab.form.allowedGroups.name=Groups
+settings.authentication.gitlab.form.allowedGroups.description=Only members of these groups (and sub-groups) will be provisioned. Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`.
 settings.authentication.gitlab.form.allowUsersToSignUp.name=Allow users to sign up
 settings.authentication.gitlab.form.allowUsersToSignUp.description=Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate to the server.
 settings.authentication.gitlab.form.provisioningToken.name=Provisioning token