Configuring SAML SSO with Azure Active Directory
Last updated: September 14, 2023
Read time: 2 Minutes
This section explains how to configure SAML SSO using Azure AD as your identity provider. You may also need to refer to the Azure AD documentation.
Before you start
Make sure your web server URL includes protocol and port information. For more information, see Configuring your web server.
The relying party trust information is dependent on your web server URL.
Step 1: Add Burp Suite Enterprise Edition to your trusted applications
To add Burp Suite Enterprise Edition to your trusted applications:
- Log in to Burp Suite Enterprise Edition as an administrator.
- From the settings menu , select Integrations.
- On the SAML tile, click Configure. Notice that you can copy both the Relying party trust identifier and the Relying party service URL.
- In Azure AD, go to Basic SAML Configuration.
- Paste the Relying party service URL into the Reply URL (Assertion Consumer Service URL) field.
- Paste the Relying party trust identifier into the Identifier (Entity ID) field.
Step 2: Import key details from Azure AD
To configure Burp Suite Enterprise Edition, you need to import some key details from Azure AD:
- In Azure AD, go to the SAML Signing Certificate page.
- Download the Federation Metadata XML file.
- In Burp Suite Enterprise Edition, make sure that you're still on the SAML page.
- In Company details, enter your company name.
- In SAML configuration, click Import metadata.
- Click Choose file and select the Federation metadata XML file.
- Click Save.
Step 3: Configure group membership
To send your users' group membership to Burp Suite Enterprise Edition:
- In Azure portal, open the application that represents Burp Suite Enterprise Edition.
- Under Set up Single Sign-on with SAML, go to User Attributes and Claims and add a group claim.
Select the Customize the name of the group claim checkbox and enter the following values:
The next step depends on how you manage your users:
If your Azure instance is backed by an on-premise installation of Active Directory, select
sAMAccountNameas the source attribute. Note that when you create your user groups in Burp Suite Enterprise Edition, they must have the exact same name as the corresponding
sAMAAccountNamein your Active Directory.
If your users are managed in Azure Active Directory, select
Group IDas the source attribute. In this case, you will need to use the corresponding
Group IDas the name for your user groups in Burp Suite Enterprise Edition.
For more information about user groups in Burp Suite Enterprise Edition, see Configuring user permissions for SSO.
Was this article helpful?
An error occurred, please try again.