diff options
| author | michaelbirnstiehl <michael.birnstiehl@sonarsource.com> | 2021-09-14 16:48:04 -0500 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2021-09-16 20:03:30 +0000 |
| commit | 80b0a518649d0297904eabcc69ccdcacc3ade5b6 (patch) | |
| tree | 375975f1a7bc542d41660926241f59cd9ceabd91 /server/sonar-docs/src | |
| parent | 45a7be6641d7af08dcaea2ffeb5f5065ced02a15 (diff) | |
| download | sonarqube-80b0a518649d0297904eabcc69ccdcacc3ade5b6.tar.gz sonarqube-80b0a518649d0297904eabcc69ccdcacc3ade5b6.zip | |
SONAR-15381 Document removing tokens for authenticated users in SQ
Diffstat (limited to 'server/sonar-docs/src')
| -rw-r--r-- | server/sonar-docs/src/pages/instance-administration/delegated-auth.md | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/server/sonar-docs/src/pages/instance-administration/delegated-auth.md b/server/sonar-docs/src/pages/instance-administration/delegated-auth.md index 02879451f8a..c259d6bc4df 100644 --- a/server/sonar-docs/src/pages/instance-administration/delegated-auth.md +++ b/server/sonar-docs/src/pages/instance-administration/delegated-auth.md @@ -3,7 +3,6 @@ title: Delegating Authentication url: /instance-administration/delegated-auth/ --- - SonarQube comes with an onboard user database, as well as the ability to delegate authentication via HTTP Headers, GitHub Authentication, GitLab Authentication, SAML, or LDAP. Each method offers user identity management, group synchronization/mapping, and authentication. ## Group Mapping @@ -13,8 +12,7 @@ When using group mapping, the following caveats apply regardless of which delega * membership in the default group `sonar-users` remains (this is a built-in group) even if the group does not exist in the identity provider [[warning]] -|When group mapping is configured, the delegated authentication source becomes the one and only place to manage group membership, and the user's groups are re-fetched with each log in. - +|When group mapping is configured, the delegated authentication source becomes the only place to manage group membership, and the user's groups are re-fetched with each log in. ## HTTP Header Authentication You can delegate user authentication to third-party systems (proxies/servers) using HTTP Header Authentication. See `SSO AUTHENTICATION` section within `sonar.properties` file. @@ -238,3 +236,6 @@ If you are changing your delegated authentication method and migrating existing * Time out when running SonarQube analysis using LDAP Java parameters are documented here: http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html. Such parameters can be set in `sonar.web.javaAdditionalOpts` in _$SONARQUBE-HOME/conf/sonar.properties_. + +## Revoking tokens for deactivated users +When SonarQube authentication is delegated to an external identity provider (LDAP, SAML, GitHub, or GitLab), deactivating a user on the identity provider side does not remove any tokens associated with the user on the SonarQube side. We recommend deactivating the user in SonarQube at **Administration > Security > Users** by selecting **Deactivate** from the  drop-down menu to ensure tokens associated with that user can no longer be used. |