ENTERPRISE
Configuring SAML SSO with Okta
-
Last updated: January 24, 2023
-
Read time: 2 Minutes
This section explains how to configure SAML SSO using Okta as your identity provider. You may also need to refer to the Okta documentation.
Step 1: Add Burp Suite Enterprise Edition to your trusted applications
To add Burp Suite Enterprise Edition to your trusted applications:
- Log in to Burp Suite Enterprise Edition as an administrator.
- From the settings menu , select Integrations.
- On the SAML tile, click Configure. Notice that you can copy both the Relying party trust identifier and the Relying party service URL.
- In Okta, go to SAML Settings.
- Paste the Relying party service URL into the Single sign on URL field.
- Select the Use this for Recipient URL and Destination URL tick box.
- Paste the Relying party trust identifier into the Audience URI field.
Step 2: Obtain key details from Okta
To configure Burp Suite Enterprise Edition, you need to obtain some key details from the Okta SAML Settings page:
- The Identity Provider Issuer. This is the URL that is sent as the Issuer value in SAML responses.
- The Identity Provider Single Sign-On URL. Burp Suite Enterprise Edition sends users to this URL when they choose to log in using SAML.
- The token-signing certificate. Burp Suite Enterprise Edition uses this to verify that the SAML response was genuinely issued by Okta.
Step 3: Enter the key details in Burp Suite Enterprise Edition
To enter the key details in Burp Suite Enterprise Edition:
- In Burp Suite Enterprise Edition, make sure that you're still on the SAML page.
- In Company details, enter your company name.
- In SAML configuration, select the Identity provider.
- Enter the key details in the relevant fields.
- Click Save.
Step 4: Configure Okta Group Attribute Statements
To configure the Okta Group Attribute statements:
- From the Okta admin console, go to SAML settings for your Burp Suite Enterprise Edition integration.
-
Create Group Attribute Statements with the following values:
-
Name:
http://schemas.xmlsoap.org/claims/Group
-
Name format:
Unspecified
-
Filter:
Matches regex
-
Value:
.*
-
Name:
The filter value determines which groups will be sent. The regex in this example makes sure that all groups are sent. If you want to limit the selection to a particular subset of groups, refer to the Okta documentation.