At the moment, burp enterprise does not support Authenticated scanning with OAUTH and SSO.
Going forward it is good to have a login sequence recorder to overcome such issues
I agree, this would be a good feature. This is on our development plan, although it may be a little while until we get to this.
In the meantime, if you include the identity provider within your scope, Burp may be able to treat it as a normal login form.
Yes, that’s worth a try. We’d be interested to know how you get on with that.
I added the Oauth provider to the scope. However, It still doesn't work. Looks like scanner does not support any other forms of authentication like SSO/OAuth or NTLM. Without support for these authentication types, one cannot perform authenticated scans on their sites.
This has to be on your priority list.
You can use NTLM authentication. It’s a little tricky to set up but I can provide instructions if needed.
Unfortunately OAuth is not on our priority list. We are aware a few people are unable to scan their sites because of this. It will probably be some months until we get to this.
Hi Phil, we’ve made a note of your request in our development backlog.
We have this feature on this years roadmap. We’ll update you when we release the feature.