DAST

Integrating SCIM using Entra ID

• Last updated: September 17, 2025

• Read time: 3 Minutes

This section explains how to integrate SCIM with Burp Suite DAST using Entra ID as your identity provider.

Prerequisites

• You have created an Entra ID enterprise application.
• You have assigned your users and groups to the enterprise application.
• You have a Microsoft Entra ID P1 or P2 license (required for group provisioning).
• Make sure your firewall allows outbound access to *.oastify.com on port 443.

Get your SCIM URL and API token

You need to obtain the SCIM URL and API token. Entra ID uses these to communicate with Burp Suite DAST.

Cloud instances

1. Log in to Burp Suite DAST as an administrator.
2. From the Settings menu, select Integrations.
3. On the SCIM tile, click Configure.
4. Copy the displayed SCIM URL.
5. Click Generate API token.
6. Save the new API token somewhere secure.

Self-hosted instances

1. Log in to Burp Suite DAST as an administrator.
2. From the Settings menu, select Integrations.
3. On the SCIM tile, click Configure.
4. Configure the SCIM port. Enter the port that you want to use for the SCIM URL. Use a different port to your web server URL, so you can configure separate firewall rules. We recommend enabling TLS (see the TLS section below for details).
5. Note your SCIM URL format: https://<host>:<port>/scim/v2
   • The host is usually the same domain name or IP address used in the Burp Suite DAST web server URL. This may differ depending on your network infrastructure.
   • The port is the SCIM port you configured (not the web server port).
6. Click Save & generate API token.
7. Save the new API token somewhere secure.

Upload a TLS certificate

Self-hosted

For production use, we strongly recommend enabling TLS on the connection by uploading a PKCS#12 certificate. Note that this must have the .p12 file extension - certificates in .psx format are not supported.

1. From the Settings menu, select Integrations.
2. On the SCIM tile, click Edit.
3. Under Configure SCIM, select the Use TLS toggle.
4. When prompted, upload your certificate and enter the certificate password.
5. Click Save.

Configure the connection in Entra ID

Once you've got your SCIM URL and generated an API token in Burp Suite DAST, you can use this information to configure the connection from Entra ID. The SCIM URL format is https://<host>:<port>/scim/v2 where the port is the SCIM port (not the web server port).

Enter the connection details

1. In Entra ID, create an enterprise application.
2. From the left-hand navigation menu, select Provisioning.
3. Under Create configuration, click Connect your application.
4. In the Tenant URL field, enter your SCIM URL.
5. In the Secret token field, enter the API token.
6. Click Test Connection and make sure the connection was successful.
7. Click Create.

Enable SCIM provisioning

Once you've successfully configured the SCIM connection between Entra ID and Burp Suite DAST, you need to add users and groups, then enable SCIM provisioning so that you can sync your users and groups.

1. Click Manage on the left-hand side menu.
2. Select Users and groups.
3. Add users and groups as needed.
4. Go back to the Overview page.
5. Click the play button to start provisioning. The configuration status will show as enabled.

After a while, your users and groups will be available in Burp Suite DAST. Users will not have access to any functionality unless they are assigned to a group with the relevant roles in Burp Suite DAST.

For more information, see Managing users and permissions.

Troubleshooting provisioning issues in Entra ID

To check that all of your users were provisioned successfully:

1. In Entra ID, select the Enterprise Application that you created for Burp Suite DAST.
2. From the left-hand navigation menu, select Provisioning.
3. On the Overview tab, make sure that the Configuration status is Enabled.
4. On the Monitoring tab, click View provisioning logs. Review the logs to assist with troubleshooting.