Enterprise Edition

Configuring SAML SSO with Okta

• Last updated: December 19, 2024

• Read time: 3 Minutes

This section explains how to configure SAML SSO using Okta as your identity provider. You may also need to refer to the Okta documentation.

Before you start

Make sure your web server URL includes protocol and port information. For more information, see Configuring your web server.

Step 1: Add Burp Suite Enterprise Edition to your trusted applications

To add Burp Suite Enterprise Edition to your trusted applications:

1. Log in to Burp Suite Enterprise Edition as an administrator.
2. From the settings menu , select Integrations.
3. On the SAML tile, click Configure. Notice that you can copy the Relying party trust identifier, the Relying party service URL, and the Relying party single logout URL.
4. In Okta, go to the dashboard and sign in as an administrator.
5. Create a new app integration using SAML 2.0.
6. When you create the new integration, paste the Relying party service URL into the Single sign-on URL field.
7. Select the Use this for Recipient URL and Destination URL tick box.
8. Paste the Relying party trust identifier into the Audience URI field.

Step 2: Add a Group Attribute Statement

Add a Group Attribute Statement in Okta as follows:

1. In the Name field, enter http://schemas.xmlsoap.org/claims/group.
2. Leave the Name format as Unspecified.
3. Set the Filter to Matches regex, and enter .*.

Step 3: Obtain key details from Okta

To configure Burp Suite Enterprise Edition, you need to obtain the following Sign On information from Okta's SAML 2.0 settings page:

• The Sign on URL. Burp Suite Enterprise Edition sends users to this URL when they choose to log in using SAML.
• The Issuer URL. This is the URL that is sent as the Issuer value in SAML responses.
• The Signing Certificate. Burp Suite Enterprise Edition uses this to verify that the SAML response was genuinely issued by Okta. Download this and keep it for the next step.

Step 4: Enter the key details in Burp Suite Enterprise Edition

To enter the key details in Burp Suite Enterprise Edition:

1. In Burp Suite Enterprise Edition, make sure that you're still on the SAML page.
2. In Company details, enter your company name.

3. In SAML configuration, enter the following information:

   • In the Identity provider Entity ID field, enter the Issuer URL from Okta.
   • In the Identity provider SSO URL field, enter the Sign on URL from Okta.
   • Open the Signing Certificate that you downloaded from Okta in a text editor, and copy the certificate. Paste the certificate into the Identity provider token signing public certificate field.
4. Click Save.

Step 5: Test your configuration

Once the connection is established, we recommend that you test your configuration:

1. Log out of Burp Suite Enterprise Edition and Okta.
2. Go to Burp Suite Enterprise Edition, and notice that a new login panel is added to the login page. It has the same name as the Name field that you set in Okta.
3. Click Login in the new panel, and sign in with your Okta username and password.

If the configuration was successful, you will now be logged into Burp Suite Enterprise Edition. However, you won't yet have permission to do anything.

Managing groups

You can now configure how you manage your groups:

• You can push the groups from your identity provider using SCIM. For more information, see Configuring SCIM.
• Alternatively, you can duplicate your Okta groups in Burp Suite Enterprise Edition, and manage them locally. For more information, see Enabling Burp Suite Enterprise Edition to access your Okta groups.