Configuring user groups and permissions for SSO

  • Last updated: July 3, 2023

  • Read time: 2 Minutes

You can use SAML to authenticate and assign users to groups. This section explains how you can grant permissions, by matching the names of your SAML groups with groups that you create in Burp Suite Enterprise Edition.

You can also combine SAML with SCIM. This enables you to use SAML for authentication and SCIM to manage users and user groups. For more information, see Managing SCIM users and groups.

Creating groups for SAML

To create groups in Burp Suite Enterprise Edition that match your SAML groups:

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the Team menu, select Groups.
  3. Click New group.
  4. Create a new group representing each of the groups of users in your Active Directory or SAML identity provider. Make sure that the groups you create have the same names as the ones you send from Active Directory or your SAML identity provider.
  5. If you manage your users directly in Azure Active Directory, you will need to use the Group ID instead. For more information, see Configuring SAML SSO with Azure Active Directory.
  6. Assign roles to your groups as required. If you do not assign any roles, users can log in but they can't access any functionality.
  7. Apply site restrictions for each group as necessary. This limits which sites users in each group can access.

Users can now log in to Burp Suite Enterprise Edition using their existing credentials. For SAML SSO, users need to click the link on the login page to authenticate themselves via your identity provider.


You can also adopt a hybrid system for managing users, combining SSO-managed users with users created directly in Burp Suite Enterprise Edition. For example, you might want to create admin users independently of SSO in case there are issues with the connection to your IdP or Active Directory

Was this article helpful?