Knowledge BaseRelease NotesRequest Demo

G Suite SSO

Set up G Suite SSO to log in to the Panther Console

Overview

Panther supports integrating with G Suite (now named Google Workspace) as a SAML provider to enable logging in to the Panther Console via SSO.

For more information on features, terminology, and limitations of SSO integrations with the Panther Console, see Identity & Access Integrations.

How to configure SAML SSO to the Panther Console with G Suite

Step 1: Obtain the SSO parameters from Panther

  1. Log in to the Panther Console.

  2. In the upper-right corner, click the gear icon, and then click General.

  3. Navigate to the Identity & Access tab.

  4. Next to Enable SAML (Security Assertion Markup Language), set the toggle to ON.

  5. (Optional) If using IdP-initiated login, set the Use IdP-Initiated Single Sign On (SSO) toggle to ON.

  6. Copy the the Audience and ACS Consumer URL values and store them in a secure location. You will need them in the following steps.

    • If using IdP-initiated login, also copy the Relay State value.

It's recommended to use SP-initiated login, as it is generally considered more secure than IdP-initiated login.

In the Settings section of the Panther Console, within the Identity & Access tab, various fields like "Enable SAML", "Audience" and "ACS Consumer URL" are shown

Step 2: Create the G Suite App

Follow the GSuite guide for SAML-based SSO to add a custom SAML app.

Note that it may take up to 24 hours for your changes to propagate in Google Workspace.

Make the following modifications to create the SAML app for Panther:

  • In the Service Provider Details window, enter in the following:

    • ACS URL: Paste the ACS Consumer URL value you obtained in the Panther Console in Step 1.

    • Entity ID: Paste the Audience value you obtained in the Panther Console in Step 1.

    • (Optional) Start URL: If using IdP-initiated login, paste the Relay State value you copied from the Panther Console in Step 1. If using SP-initiated login, leave this value blank.

  • On the Attribute mapping page, configure the following attribute mappings:

    • First Name: PantherFirstName

    • Last Name: PantherLastName

    • Primary email: PantherEmail

Step 3: Enable the SAML app in Google Workspace

Follow Google's documentation to turn on the SAML app.

Step 4: Configure SAML in Panther

  1. Navigate back to the Identity & Access section in the Panther Console from Step 1. In the Default Role field, choose the Panther role that your new users will be assigned by default when they first log in via SSO.

    Panther highly recommends not setting this value to Admin.

  2. Below the Identity Provider URL field, click click here to upload the metadata file you downloaded from Google while configuring the SAML app.

  3. Click Save Changes.

To test your setup, go to your Panther sign-in page and click Login with SSO.

The Panther login page shows a "Login with SSO" option
PreviousDuo SSONextOkta SSO

Last updated

Was this helpful?