> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/system-configuration/saml/gsuite.md).

# G Suite SSO

## Overview

Panther supports integrating with G Suite (now named Google Workspace) as a SAML provider to enable logging in to the Panther Console via SSO.

For more information on features, terminology, and limitations of SSO integrations with the Panther Console, see [Identity & Access Integrations](/system-configuration/saml.md).

## How to configure SAML SSO to the Panther Console with G Suite

### Step 1: Obtain the SSO parameters from Panther

1. Log in to the Panther Console.
2. In the upper-right corner, click the gear icon to open Settings, then navigate to **Access & Authentication** > **Identity & Access**.
3. Next to **Enable SAML (Security Assertion Markup Language)**, set the toggle to `ON`.
4. If using [IdP-initiated login](https://docs.panther.com/system-configuration/saml/pages/-MXJ6kXOq1hLh6IY-4U0#idp-initiated-vs.-sp-initiated-login), set the **Use IdP-Initiated Single Sign On (SSO)** toggle to `ON`.
5. Copy the the **Audience** and **ACS Consumer URL** values and store them in a secure location. You will need them in the following steps.
   * If using IdP-initiated login, also copy the **Relay State** value.

{% hint style="info" %}
It's recommended to use [SP-initiated login](/system-configuration/saml.md#sp-initiated-login-recommended), as it is generally considered more secure than IdP-initiated login.
{% endhint %}

### Step 2: Create the G Suite App

Follow the [GSuite guide for SAML-based SSO](https://support.google.com/a/answer/6087519) to add a custom SAML app.

{% hint style="info" %}
Note that it may take up to 24 hours for your changes to propagate in Google Workspace.
{% endhint %}

Make the following modifications to create the SAML app for Panther:

* In the **Service Provider Details** window, enter in the following:
  * **ACS URL**: Paste the **ACS Consumer URL** value you obtained in the Panther Console in Step 1.
  * **Entity ID**: Paste the **Audience** value you obtained in the Panther Console in Step 1.
  * **Start URL**: If using IdP-initiated login, paste the **Relay State** value you copied from the Panther Console in Step 1. If using SP-initiated login, leave this value blank.

    <figure><img src="/files/5Gl23IbRSGcnnAepzv8V" alt=""><figcaption></figcaption></figure>
* On the **Attribute mapping** page, configure the following attribute mappings:
  * **First Name**: `PantherFirstName`
  * **Last Name**: `PantherLastName`
  * **Primary email**: `PantherEmail`

    <figure><img src="/files/-MOChByOM4ssm5c1iryB" alt=""><figcaption></figcaption></figure>

### Step 3: Enable the SAML app in Google Workspace

Follow [Google's documentation to turn on the SAML app](https://support.google.com/a/answer/6087519).

### Step 4: Configure SAML in Panther

1. Navigate back to the **Identity & Access** section in the Panther Console from Step 1. In the **Default Role** field, choose the Panther role that your new users will be assigned by default when they first log in via SSO.

{% hint style="warning" %}
Panther highly recommends not setting this value to `Admin`.
{% endhint %}

2. Below the **Identity Provider URL** field, click **click here** to upload the metadata file you downloaded from Google while configuring the SAML app.
3. Click **Save Changes**.

To test your setup, go to your Panther sign-in page and click **Login with SSO**.

<figure><img src="/files/-MIzspJ0WZi9aq5lOVlx" alt="The Panther login page shows a &#x22;Login with SSO&#x22; option"><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.panther.com/system-configuration/saml/gsuite.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.