Burp Suite User Forum

Login to post

Burp Suite Enterprise - SAML Authentication Issues

Nilkanth | Last updated: Jul 13, 2021 08:05PM UTC

Hello Team, We have enabled SAML authentication for our Burp Suite setup, but we observed that burp suite does not verify user identity or display the user details on UI post login with SAML. There is no capability to manage individual users and permissions, currently application only provides group based role/permission management which seems difficult to manage and we will end up having huge number of groups both in application and in idp. We would like to understand if you provide single sign-on capabilities such as SCIM, where we can manage users in burp suite who are logged in with SAML integration. Please let us know if you need any further information. Thanks, Suresh

Alex, PortSwigger Agent | Last updated: Jul 14, 2021 02:20PM UTC

Hi Suresh, Thanks for your post. This is our current process for configuring user groups and permissions with SSO: https://portswigger.net/burp/documentation/enterprise/administration-tasks/sso/permissions We are adding SCIM support to Burp Suite Enterprise for SSO, and this is due in a future release. I have linked your details to this, so you should be notified when the release is available. Thanks

Nilkanth | Last updated: Jul 16, 2021 04:49PM UTC

Hi Alex, Thank you for your response. Do you have tentative timelines by when the SCIM support for SSO will be added to Burp Suite Enterprise? Thanks

Alex, PortSwigger Agent | Last updated: Jul 20, 2021 08:07AM UTC

Hi, This feature is actively being developed as part of a larger effort to improve identity management across Burp Suite Enterprise. Unfortunately, due to the scope of this work, I am unable to give you a timeline at this moment. As mentioned, I have linked your details with the development work so you are notified when the release is available. You are also welcome to check back in with us at a later date to see if the timeline has been updated. Thanks

You need to Log in to post a reply. Or register here, for free.