ENTERPRISE
Configuring SAML SSO with Azure Active Directory
-
Last updated: September 14, 2023
-
Read time: 2 Minutes
This section explains how to configure SAML SSO using Azure AD as your identity provider. You may also need to refer to the Azure AD documentation.
Before you start
Make sure your web server URL includes protocol and port information. For more information, see Configuring your web server.
Note
The relying party trust information is dependent on your web server URL.
Step 1: Add Burp Suite Enterprise Edition to your trusted applications
To add Burp Suite Enterprise Edition to your trusted applications:
- Log in to Burp Suite Enterprise Edition as an administrator.
- From the settings menu , select Integrations.
- On the SAML tile, click Configure. Notice that you can copy both the Relying party trust identifier and the Relying party service URL.
- In Azure AD, go to Basic SAML Configuration.
- Paste the Relying party service URL into the Reply URL (Assertion Consumer Service URL) field.
- Paste the Relying party trust identifier into the Identifier (Entity ID) field.
Step 2: Import key details from Azure AD
To configure Burp Suite Enterprise Edition, you need to import some key details from Azure AD:
- In Azure AD, go to the SAML Signing Certificate page.
- Download the Federation Metadata XML file.
- In Burp Suite Enterprise Edition, make sure that you're still on the SAML page.
- In Company details, enter your company name.
- In SAML configuration, click Import metadata.
- Click Choose file and select the Federation metadata XML file.
- Click Save.
Step 3: Configure group membership
To send your users' group membership to Burp Suite Enterprise Edition:
- In Azure portal, open the application that represents Burp Suite Enterprise Edition.
- Under Set up Single Sign-on with SAML, go to User Attributes and Claims and add a group claim.
-
Select the Customize the name of the group claim checkbox and enter the following values:
-
Name:
Group
-
Namespace:
http://schemas.xmlsoap.org/claims
-
Name:
The next step depends on how you manage your users:
-
If your Azure instance is backed by an on-premise installation of Active Directory, select
sAMAccountName
as the source attribute. Note that when you create your user groups in Burp Suite Enterprise Edition, they must have the exact same name as the correspondingsAMAAccountName
in your Active Directory. -
If your users are managed in Azure Active Directory, select
Group ID
as the source attribute. In this case, you will need to use the correspondingGroup ID
as the name for your user groups in Burp Suite Enterprise Edition.
For more information about user groups in Burp Suite Enterprise Edition, see Configuring user permissions for SSO.