1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. Administration tasks
  5. Enabling single sign-on

Enabling single sign-on for Burp Suite Enterprise Edition

Instead of managing individual user accounts for each system, many organizations prefer to manage user authentication centrally. Burp Suite Enterprise Edition supports this approach by allowing you to connect to Active Directory over LDAP. Users can then log in using their existing Active Directory credentials, removing the need to explicitly create an account in Burp Suite Enterprise Edition. Their permissions are automatically assigned based on the preconfigured groups to which they belong.

Configuring an LDAP connection to your Active Directory

You first need to configure the LDAP connection between Burp Suite Enterprise Edition and your Active Directory server. This will allow your users to log in with their existing credentials.

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the settings menu, select "LDAP connection".
  3. Choose whether you want to use the LDAP or LDAPS protocol. We recommend using LDAPS wherever possible.
  4. Enter the IP address or hostname of your Active Directory server. The port number will automatically be updated based on the protocol that you selected. By default, LDAP uses port 389, while LDAPS uses port 636.
  5. Enter the credentials for a valid Active Directory service account. This will be used to query your Active Directory when authenticating users.
  6. Specify the base distinguished name from which Burp Suite Enterprise Edition should search for users. All of the users that you want to manage must be children of this base distinguished name.
  7. When you're happy with your entries, click "Check Connection".
  8. If the connection could be established, a message will confirm this. If you're using a self-signed certificate for LDAPS, you might be prompted to upload the root certificate for security reasons.

Configuring permissions for Active Directory users

Once you have configured the LDAP connection, you need to perform a few additional steps to set up your user permissions within Burp Suite Enterprise Edition. When using an Active Directory integration, you manage user permissions on the group level, with the groups in Burp Suite Enterprise Edition representing the groups in your Active Directory.

  1. Make sure that you have successfully established the LDAP connection to your Active Directory server.
  2. Go to "Team" > "Roles" and click "New role".
  3. Create roles that reflect the different sets of permissions your users need within Burp Suite Enterprise Edition. Alternatively, you can use the provided roles if they are suitable.
  4. Go to "Team" > "Groups" and click "New group".
  5. Create a new group representing each of the groups of users in your Active Directory. The group name in Burp Suite Enterprise Edition must match exactly with the corresponding group name in your Active Directory.
  6. Assign roles to your groups as required. If you do not assign any roles, users will be able to log in but will not have access to any functionality within the application.
  7. Apply site restrictions for each group as necessary. This will limit which sites members of each group are allowed to access.
  8. Users will now be able to log in to Burp Suite Enterprise Edition using their Active Directory credentials.

Note: You can also adopt a hybrid system for managing users. In addition to managing users over LDAP, you can still create individual users in Burp Suite Enterprise Edition as normal. For example, you might want to create administrator users independently of Active Directory in case there are ever issues with the LDAP connection.