# Generic SSO
## Overview
Panther supports integrating with any SAML Identity Provider (IdP) to enable logging in to the Panther Console via SSO.
For more information on features, terminology, and limitations of SSO integrations with the Panther Console, see [Identity & Access Integrations](https://docs.panther.com/system-configuration/saml).
## How to configure SAML SSO to the Panther Console with the generic integration
Integrate any SAML Identity Provider (IdP) with Panther in three easy steps:
### Step 1: Obtain the SSO parameters from Panther
1. Log in to the Panther Console.
2. In the upper-right corner, click the gear icon, and then click **General**.
3. Navigate to the **Identity & Access** tab.
4. Next to **Enable SAML (Security Assertion Markup Language)**, set the toggle to `ON`.
5. If using [IdP-initiated login](https://docs.panther.com/system-configuration/saml/..#idp-initiated-vs.-sp-initiated-login), set the **Use IdP-Initiated Single Sign On (SSO)** toggle to `ON`.
6. Copy the the **Audience** and **ACS Consumer URL** values and store them in a secure location. You will need them in the following steps.
* If using IdP-initiated login, also copy the **Relay State** value.
{% hint style="info" %}
It's recommended to use [SP-initiated login](https://docs.panther.com/system-configuration/saml/..#sp-initiated-login-recommended), as it is generally considered more secure than IdP-initiated login.
{% endhint %}
### Step 2: Create the application in your IdP
1. Log in to the administrative console of your IdP.
2. Create a SAML application in your IdP with the following settings:
* **Audience**: Enter the **Audience** value you copied from the Panther Console in Step 1.
* **ACS Consumer URL**: Enter the **ACS URL** value you copied from the Panther Console in Step 1.
* **Relay State**: If using IdP-initiated login, paste the **Relay State** value you copied from the Panther Console in Step 1. If using SP-initiated login, leave this value blank.
* **SAML Attribute Mapping**:
* **PantherEmail**: Map this field to user email.
* **PantherFirstName**: Map this field to first name.
* **PantherLastName**: Map this field to last name.
* Grant access to the appropriate users
3. Copy the **Issuer ID** from your IdP and store it in a secure location. You will need this in the next steps.
* This URL should be a publicly accessible XML document.
* If your IdP lets you download the metadata XML file directly but does not provide a URL, download this file so you can upload it into Panther.
### Step 3: Configure the generic SAML application in Panther
1. Navigate back to the **Identity & Access** section in the Panther Console from Step 1. In the **Default Role** field, choose the Panther role that your new users will be assigned by default when they first log in via SSO.
{% hint style="warning" %}
Panther highly recommends not setting this value to `Admin`.
{% endhint %}
2. In the **Identity Provider URL** field, paste the **Issuer URL** that you obtained in the previous steps of this documentation.
* If your IdP did not provide a file URL but did allow you to download the metadata XML file, upload it to Panther by clicking **click here** below the **Identity Provider URL** field.
3. Click **Save Changes**.
To test your setup, go to your Panther sign-in page and click **Login with SSO**.
For examples, see the [OneLogin SSO](https://docs.panther.com/system-configuration/saml/onelogin) and [Okta SSO ](https://docs.panther.com/system-configuration/saml/okta)integration guides.
%20(1).png?alt=media)