Configuring SAML SSO with Azure Active Directory

  • Last updated: July 3, 2023

  • Read time: 2 Minutes

This section explains how to configure SAML SSO using Azure AD as your identity provider. You may also need to refer to the Azure AD documentation.

Before you start

Make sure your web server URL includes protocol and port information. For more information, see Configuring your web server.


The relying party trust information is dependent on your web server URL.

Step 1: Add Burp Suite Enterprise Edition to your trusted applications

To add Burp Suite Enterprise Edition to your trusted applications:

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the settings menu , select Integrations.
  3. On the SAML tile, click Configure. Notice that you can copy both the Relying party trust identifier and the Relying party service URL.
  4. In Azure AD, go to Basic SAML Configuration.
  5. Paste the Relying party service URL into the Reply URL (Assertion Consumer Service URL) field.
  6. Paste the Relying party trust identifier into the Identifier (Entity ID) field.

Step 2: Import key details from Azure AD

To configure Burp Suite Enterprise Edition, you need to import some key details from Azure AD:

  1. In Azure AD, go to the SAML Signing Certificate page.
  2. Download the Federation Metadata XML file.
  3. In Burp Suite Enterprise Edition, make sure that you're still on the SAML page.
  4. In Company details, enter your company name.
  5. In SAML configuration, click Import metadata.
  6. Click Choose file and select the Federation metadata XML file.
  7. Click Save.

Step 3: Configure group membership

To send your users' group membership to Burp Suite Enterprise Edition:

  1. In Azure portal, open the application that represents Burp Suite Enterprise Edition.
  2. Under Set up Single Sign-on with SAML, go to User Attributes and Claims and add a group claim.
  3. Select the Customize the name of the group claim checkbox and enter the following values:

    • Name: Group
    • Namespace: http://schemas.xmlsoap.org/claims

The next step depends on how you manage your users:

  • If your Azure instance is backed by an on-premise installation of Active Directory, select sAMAccountName as the source attribute. Note that when you create your user groups in Burp Suite Enterprise Edition, they must have the exact same name as the corresponding sAMAAccountName in your Active Directory.
  • If your users are managed in Azure Active Directory, select Group ID as the source attribute. In this case, you will need to use the corresponding Group ID as the name for your user groups in Burp Suite Enterprise Edition.

For more information about user groups in Burp Suite Enterprise Edition, see Configuring user permissions for SSO.

Was this article helpful?