Membership of an organization is managed on the Members page. Only organization administrators can manage membership.
For GitHub organizations, adding and removing members should be done on the GitHub side. Any changes are automatically synchronized between GitHub and SonarCloud. See Member Synchronization on GitHub below. For the other repository platforms, membership must be managed manually by adding or removing members in the platform organization and then, separately doing the same on the SonarCloud side.
Before being added to an organization on the SonarCloud side, either through synchronization or manually, the user must first sign into SonarCloud at least once, establishing a SonarCloud account.
In SonarCloud, if GitHub automatic synchronization is not enabled, you can add members to an organization using the Add a member button on the Members page. Administrators can search for SonarCloud users and add them as members.
Members can be removed using the drop-down to the right of the member listing on the Members page. When a member is deleted, their user access tokens are also deleted. See below for more details about Member synchronization.
Once users are added or synchronized, organization administrators can grant them permission to perform specific operations in the organization. It is up to the administrators to make sure each member gets the relevant permissions. To avoid having to manage individual permissions at a project level, organization admins can create groups to manage permissions and add new users to those groups on the Members page.
Transferring ownership of an organization
As the administrator, there may be cases where you wish to transfer ownership of an organization. For example, if are leaving a team or company. Transferring ownership is simply a matter of granting the Administer Organization permission to another member.
Member synchronization on GitHub
When binding a GitHub organization with SonarCloud, members are automatically synchronized between the GitHub organization and the corresponding SonarCloud organization.
This means that each member of your GitHub organization who has a SonarCloud account will be automatically added to the SonarCloud organization, and will have direct access in SonarCloud to the organizations they've been added to.
In all cases, members should have a SonarCloud account before being synchronized. In other words, the user must have signed in to SonarCloud via GitHub at least once, to establish an identity on the SonarCloud side.
During synchronization, members of the SonarCloud organization who are not part of the GitHub organization are removed from the SonarCloud organization, and members of the GitHub organization who are not members of the SonarCloud organization are added to the SonarCloud organization.
After creating an organization or activating synchronization, SonarCloud users that are added or removed from the GitHub organization are automatically added or removed from the SonarCloud organization. It's not possible to manually add or remove a member when synchronization is activated.
Activating and deactivating member synchronization
You can activate and deactivate member synchronization for GitHub using the Configure synchronization button.
After you deactivate member synchronization, members will no longer be added or removed automatically and membership in GitHub-based organizations must be managed manually, as it is with other repository platforms.
Permissions, including the member/owner distinction, are not synchronized and must be managed manually:
- When you add a user to an organization on GitHub, you can choose whether to make them a regular member or an owner. This distinction is not reflected automatically on the SonarCloud side.
- When a user is added via synchronization on the SonarCloud side, they are always made a regular member of the organization and granted the permissions for regular members as defined in the default permission template.
- To make them an owner, or to otherwise replicate their permissions, you have to manually make those changes on the SonarCloud side after the synchronization.