Configuring user groups and permissions for SSO in Burp Suite Enterprise Edition
Last updated: September 9, 2022
Read time: 2 Minutes
You can use SAML to configure user groups and permissions. You can also combine SAML with SCIM. This enables you to use SAML for authentication and SCIM to manage users and user groups.
Combining SAML with SCIM provides greater transparency because it enables you to view key details about your users and groups from Burp Suite Enterprise Edition.
Before you can use SAML to configure user groups, you need to set up an LDAP or SAML connection for single sign-on (SSO):
Creating groups with SAML
This section describes how to create groups using SAML without SCIM integration:
- Log in to Burp Suite Enterprise Edition as an administrator.
- From the Team menu, select Groups.
- Click New group.
- Create a new group representing each of the groups of users in your Active Directory or SAML identity provider. Make sure that the groups you create have the same names as the ones you send from Active Directory or your SAML identity provider.
If you manage your users directly in Azure Active Directory, you will need to use the
Group IDinstead. For more information, see Configuring SAML SSO with Azure Active Directory.
- Assign roles to your groups as required. If you do not assign any roles, users can log in but they can't access any functionality.
- Apply site restrictions for each group as necessary. This limits which sites users in each group can access.
Users can now log in to Burp Suite Enterprise Edition using their existing credentials. For SAML SSO, users need to click the link on the login page to authenticate themselves via your identity provider.
You can also adopt a hybrid system for managing users, combining SSO-managed users with users created directly in Burp Suite Enterprise Edition. For example, you might want to create admin users independently of SSO in case there are issues with the connection to your IdP or Active Directory
Was this article helpful?
An error occurred, please try again.