- Password checking against the external authentication engine.
- Automatic synchronization of usernames and emails.
- Automatic synchronization of relationships between users and groups (authorization).
- Ability to authenticate against both the external or and the internal authentication systems (for instance, technical SonarQube user accounts do not need to be defined in LDAP as there is an automatic fallback on SonarQube engine if the user is not defined in LDAP or if the LDAP server is down).
During the first authentication trial, if the password is correct, the SonarQube database is automatically populated with the new user. Each time a user logs into SonarQube, the username, the email and the groups this user belongs to that are already defined in SonarQube are automatically refreshed in the SonarQube database. For the delegation of authorization, groups and related permissions must be first defined in SonarQube.