The first question that should be answered when setting the security strategy is: Can anonymous users browse the SonarQube instance or must authentication be required? To force user authentication, log in as a System administrator and go to Settings > General Settings > Security and set the Force user authentication property to
true. To allow users to sign up for a SonarQube account, set the Allow users to sign up property to
A user is a set of basic information: login, password, name and email.
To create a new user, go to Setting > Users > Add new user:
To change your password, log in and go to My_Name > My Profile:
When the LDAP plugin is installed and activated, it is no longer possible for users to change their password. Then, only system administrators can do so through Settings > Users > Change password. Note that this password is only used when the LDAP server is not reachable and the authentication mechanism fall back to the SonarQube built-in mechanism.
Since SonarQube 4.2, technical users can be set. Technical users are authenticated against SonarQube's own database of users, rather than against any external tool (LDAP, Active Directory, Crowd, etc.).
Similarly, all accounts not flagged as local will be authenticated only against the external tool. By default
admin is a technical account. Technical accounts are configured in SONARQUBE_HOME/conf/sonar.properties in the
sonar.security.localUsers (default value = admin) property as a comma-separated list.
When installing SonarQube, a default user with Administer System permission is created automatically:
In case you lost the
admin password of your SonarQube instance, you can reset it by executing the following query:
update users set crypted_password = '88c991e39bb88b94178123a849606905ebf440f5', salt='6522f3c5007ae910ad690bb1bdbf264a34884c6d' where login = 'admin'
This will reset the password to