Enterprise Edition
Managing SCIM users and groups
-
Last updated: October 31, 2024
-
Read time: 2 Minutes
Users and groups that are pushed to Burp Suite Enterprise Edition via SCIM are labeled as such throughout the web UI. You manage these users and groups in a slightly different way to local users that were created directly in Burp Suite Enterprise Edition.
You can also combine SAML with SCIM. This provides greater transparency because it enables you to view key details about your users and groups from Burp Suite Enterprise Edition.
Assigning permissions to SCIM users
Just like local users, SCIM users inherit their permissions from the groups they belong to. They can be members of both SCIM groups, and groups that you have created in Burp Suite Enterprise Edition.
Assigning permissions to SCIM groups
Before you can use SCIM to configure user groups, you need to set up an LDAP or SAML connection for single sign-on (SSO):
You cannot modify which users belong to a SCIM group from within Burp Suite Enterprise Edition. However, you can assign roles and site restrictions to them just like you would for a local group.
Removing a SCIM user
You cannot remove or disable a SCIM user from within Burp Suite Enterprise Edition. Instead, you need to remove their assignment in your identity provider's admin console.
Note for Okta users
Even if you delete a user in Okta, this user will be disabled but still visible in Burp Suite Enterprise Edition. This is due to the way Okta sends data about deleted users to connected applications. In order to completely remove these users, you need to remove your SCIM integration from the Burp Suite Enterprise Edition settings.