ENTERPRISE

Configuring SAML SSO with Okta

  • Last updated: September 9, 2022

  • Read time: 2 Minutes

This section explains how to configure SAML SSO using Okta as your identity provider. You may also need to refer to the Okta documentation.

Step 1: Add Burp Suite Enterprise Edition to your trusted applications

To add Burp Suite Enterprise Edition to your trusted applications:

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the settings menu , select Integrations.
  3. On the SAML tile, click Configure. Notice that you can copy both the Relying party trust identifier and the Relying party service URL.
  4. In Okta, go to SAML Settings.
  5. Paste the Relying party service URL into the Single sign on URL field.
  6. Select the Use this for Recipient URL and Destination URL tick box.
  7. Paste the Relying party trust identifier into the Audience URI field.

Step 2: Obtain key details from Okta

To configure Burp Suite Enterprise Edition, you need to obtain some key details from the Okta SAML Settings page:

  • The Identity Provider Issuer. This is the URL that is sent as the Issuer value in SAML responses.
  • The Identity Provider Single Sign-On URL. Burp Suite Enterprise Edition sends users to this URL when they choose to log in using SAML.
  • The token-signing certificate. Burp Suite Enterprise Edition uses this to verify that the SAML response was genuinely issued by Okta.

Step 3: Enter the key details in Burp Suite Enterprise Edition

To enter the key details in Burp Suite Enterprise Edition:

  1. In Burp Suite Enterprise Edition, make sure that you're still on the SAML page.
  2. In Company details, enter your company name.
  3. In SAML configuration, select the Identity provider.
  4. Enter the key details in the relevant fields.
  5. Click Save.

Step 4: Configure Okta Group Attribute Statements

To configure the Okta Group Attribute statements:

  1. From the Okta admin console, go to SAML settings for your Burp Suite Enterprise Edition integration.
  2. Create Group Attribute Statements with the following values:

    • Name: http://schemas.xmlsoap.org/claims/Group
    • Name format: Unspecified
    • Filter: Matches regex
    • Value: .*

The filter value determines which groups will be sent. The regex in this example makes sure that all groups are sent. If you want to limit the selection to a particular subset of groups, refer to the Okta documentation.

Was this article helpful?