Black Friday offer! Buy your Burp Suite certified exam for just $9, pass before 15 Dec, and we'll refund your $9.  –   Find out more

ENTERPRISE

Integrating SCIM using Okta

  • Last updated: November 11, 2021

  • Read time: 4 Minutes

In this section, we'll guide you through the process of integrating SCIM with Burp Suite Enterprise Edition using Okta as your identity provider (IdP).

Prerequisites

If you want to integrate SCIM without setting up SAML, use Okta's pre-built SCIM 2.0 Test App (Header Auth) app integration from the app catalog instead. Note that in this case, some of the steps described here may vary.

Set a port for the SCIM URL and generate an API token

The first part of the integration process is to set a dedicated port for the SCIM URL that Okta will use to communicate with Burp Suite Enterprise Edition. The base URL takes the following format:

https://<host>:<port>/scim/v2

The host is usually the same domain name or IP address as in the Burp Suite Enterprise Edition web server URL, but this may differ depending on your network infrastructure.

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the settings menu, select SCIM.
  3. Under Configure SCIM, enter the port that you want to use for the SCIM URL. You should use a different port than the web server URL so that you can configure separate firewall rules for this connection.
  4. Click Save & generate API token.
  5. When prompted, copy and save the new API token somewhere secure. Okta will need to use this to authenticate itself to Burp Suite Enterprise Edition when sending requests to the SCIM URL.

Note

If you lose your API token, you can generate a new one by clicking Regenerate API token in the upper-right corner of the SCIM settings page.

Upload a TLS certificate

Okta only supports SCIM over HTTPS. Therefore, you need to enable TLS on the connection by uploading a PKCS#12 certificate. Note that this must have the .p12 file extension - certificates in .psx format are not supported.

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the settings menu, select SCIM.
  3. Under Configure SCIM, activate the Enable TLS toggle.
  4. When prompted, upload your certificate and enter the certificate password.
  5. Click Save.

Configure the connection in Okta

Once you've set a SCIM URL and generated an API token in Burp Suite Enterprise Edition, you can use this information to configure the connection from Okta.

Enable SCIM provisioning

  1. Log in to Okta.
  2. Go to Applications and select the app integration that you created for Burp Suite Enterprise Edition.
  3. Go to the General tab.
  4. In the App Settings section, click Edit.
  5. Under Provisioning, select the Enable SCIM provisioning checkbox.
  6. Save your changes.

Enter the connection details

  1. In Okta, select the app integration that you created for Burp Suite Enterprise Edition.
  2. Go to the Provisioning tab.
  3. From the Settings menu on the left, select Integration.
  4. In the SCIM Connection panel, click Edit.
  5. In the SCIM connector base URL field, enter your SCIM URL in the following format:

    https://<host>:<port>/scim/v2

    The host is usually the same domain name or IP address as in the Burp Suite Enterprise Edition web server URL, but this may differ depending on your network infrastructure. The port is the one that you configured manually in the Burp Suite Enterprise Edition SCIM settings

  6. In the Unique identifier field for users field, enter userName.
  7. Under Supported provisioning actions, select only the following options:

    • Push New Users
    • Push Profile Updates
    • Push Groups
  8. Under Authentication mode, select HTTP header.
  9. In the Authorization field, enter the API token that you copied from Burp Suite Enterprise Edition.
  10. Click Test Connector Configuration to confirm that the connection is working as expected.
  11. Save your changes.

Configure the provisioning to app settings

  1. In Okta, select the app integration that you created for Burp Suite Enterprise Edition.
  2. Go to the Provisioning tab.
  3. From the Settings menu on the left, select To App.
  4. In the Provisioning To App section, click Edit.
  5. Use the checkboxes to enable the following settings:

    • Create Users
    • Update User Attributes
    • Deactivate Users

    If you're not using SAML, you should also enable the Sync Password setting and configure it accordingly.

  6. Save your changes.

Push your Okta users and groups to Burp Suite Enterprise Edition

Once you have successfully configured the Okta integration, you can assign and push your users and groups so that they are available in Burp Suite Enterprise Edition.

To push users:

  1. In Okta, select the app integration that you created for Burp Suite Enterprise Edition.
  2. Go to the Assignments tab.
  3. To assign individual users, click Assign > Assign to People. Alternatively, click Assign > Assign to Groups to assign all users from a particular group to the application.

Warning

Assigning groups to the app integration pushes all users belonging to that group to Burp Suite Enterprise Edition, but it does not push the group itself. To avoid synchronization issues, we strongly recommend creating a separate group in Okta specifically for the purpose of bulk-assigning users to Burp Suite Enterprise Edition.

After a while, these users will be available in Burp Suite Enterprise Edition. Any changes you make to these users in Okta will automatically be synced. However, note that users will not have access to any functionality unless they are assigned to a group with the relevant roles in Burp Suite Enterprise Edition.

To push groups:

Warning

You should not push the group you created for bulk-assigning users to Burp Suite Enterprise Edition.

  1. In Okta, select the app integration that you created for Burp Suite Enterprise Edition.
  2. Go to the Push Groups tab.
  3. Click Push Groups > Find Group By Name and select the relevant group.
  4. Once the group is pushed, it will be available in Burp Suite Enterprise Edition. Any changes you make to this group in Okta will now automatically be synced.