Overview
When configuring the IQ Server integration in Nexus Repository(nexus-repository-3-pro-setup) and clicking Verify Connection, the result message can vary significantly depending on the user's license type, the permissions assigned to the IQ Server service account, and the state of the IQ Server environment. These variations are frequently misinterpreted as errors. This article explains what each result means and whether any action is required.
Scenario Breakdown
Scenario 1: Firewall-Only License + Evaluate Individual Components Permission → "No Applications Found" (Expected)
Verify Connection output:
"Connection Successful! Applications: No applications found - this could mean no apps are configured or insufficient permissions. Upgrade IQ Server for explicit permission validation."
Explanation: Sonatype Repository Firewall evaluates repositories, not applications. Application and organization management is a feature of the Lifecycle license. A Firewall-only customer cannot create or access IQ Server applications, so no applications will appear in the Verify Connection result. This is expected behavior and does not indicate a misconfiguration.
Resolution: No action required. Proceed to configure Firewall audit and quarantine capabilities for your proxy repositories.
Scenario 2: Lifecycle License + Missing Evaluate Applications Permission → "No Applications Found" (Insufficient Permissions)
"Connection Successful! Applications: No applications found…"
Explanation: When a Lifecycle license is present, applications should appear in the Verify Connection result — but only if the service account has sufficient permissions. The Verify Connection feature calls the IQ Server API endpoint /rest/integration/applications, which requires the Evaluate Applications permission in addition to Evaluate Individual Components. If this permission is absent, no applications are returned even though applications exist in IQ Server.
Resolution: Assign a role to the service account(user) that includes all three of the following permissions, at the Root Organization level in IQ Server Org and Policies (the Repository Managers level inherits from Root Org):
Evaluate Individual ComponentsEvaluate Applications
After assigning the role, re-run Verify Connection. The application list should populate.
Steps to configure:
- Navigate to Repos and Policies → Repository Managers → Access.
- Click Add a Role.
- Assign a role containing the 2 permissions above to your dedicated integration user.
Scenario 3: Firewall-Only License + Applications Are Listed (Also Expected in Certain Cases)
Verify Connection output:
"Connection Successful! Applications: Sandbox Application, …"
Explanation: Applications appearing under a Firewall-only license is not necessarily a misconfiguration. This can occur when:
- Sample data was enabled (sample-data-configuration) on the IQ Server instance, which pre-populates example applications.
- The system previously had a Lifecycle license, leaving application data behind after the license changed.
In these cases, the service account(user) may have broader permissions (e.g., inherited from Root Org) that allow it to see existing application data.
Resolution: If you do not want applications to appear in the Verify Connection result under a Firewall-only license, ensure the configured service account has only the Evaluate Individual Components permission at the Repository Managers level — and no broader role assignments at the Root Organization level that would expose application data.
To verify your current license, navigate to System Preferences → Product License in the IQ Server UI.