Azure Active Directory SSO

Overview

Panther supports integrating with Azure Active Directory as a SAML provider to enable logging in to the Panther Console via SSO.

For more information on features, terminology, and limitations of SSO integrations with the Panther Console, see Identity & Access Integrations.

How to configure SAML SSO to the Panther Console with Azure Active Directory

Step 1: Obtain the Azure Active Directory SSO parameters from Panther

1. In the upper-right corner of your Panther Console, click the gear icon.

2. In the dropdown menu, click General.

3. Click the Identity & Access tab.

   • Keep this browser window open, as you will need the Audience and ACS Consumer URL values in the next steps.

Step 2: Create a Microsoft Azure Enterprise Application

1. Log in to your Azure Portal.

2. In the left-hand navigation bar, click Azure Active Directory.

3. Under Manage, click Enterprise applications.

4. Click + New application, then + Create your own application.

5. On the Create your own application screen, configure the following fields:

   • Input name: Enter a descriptive value, such as "Panther Console."

   • Integrate any other application you don’t find in the gallery (Non-gallery): Select this radio button.

6. Click Create.

Step 3: Configure your Microsoft Azure Enterprise Application

1. Within your newly created application, click 1. Assign users and groups.

   1. Click + Add user/group.

   2. Under Users and groups, click the None Selected link.

   3. Select your user(s), then click Select.

   4. Click Assign.

2. Navigate back to the Enterprise Application Overview, then click 2. Set up Single Sign-on.

3. On the Select a Single Sign-on method screen, click SAML.

4. Within Set up Single Sign-on with SAML, make the following configurations:

   1. Under Basic SAML Configuration, click Edit, and configure the following fields:

      • Add Identifier (Entity ID): Paste the Audience value you obtained in the Panther Console in Step 1.

      • Add reply URL: Paste the ACS Consumer URL value you obtained in the Panther Console in Step 1.

   2. Under Attributes & Claims, click Edit.

      1. Click + Add new claim and configure the following fields:

         • Name: Enter PantherEmail.

         • Namespace: Leave this field blank.

         • Source: Select the Attribute radio button.

         • Source Attribute: Select user.email.

      2. Click Save.

      3. Click + Add new claim and configure the following fields:

         • Name: Enter PantherFirstName.

         • Namespace: Leave this field blank.

         • Source: Select the Attribute radio button..

         • Source Attribute: Select user.givenname.

      4. Click Save.

      5. Click + Add new claim and configure the following fields:

         • Name: Enter PantherLastName.

         • Namespace: Leave this field blank.

         • Source: Select the Attribute radio button..

         • Source Attribute: Select user.surname.

      6. Click Save.

   3. Under SAML Certificates, next to Federation Metadata XML, click the Download link.

5. Click Save.

Step 4: Configure the Panther Console with Azure AD SSO

1. Back in the Panther Console, under the Identity & Access tab, click click here to upload the metadata file you downloaded from Azure.

2. Click Save Changes.

To test your setup, go to your Panther sign-in page and click Login with SSO.