Setting up Okta SSO to log in to the Panther Console
Panther supports integrating with Okta as a SAML provider to enable logging in to the Panther Console via SSO.
- 1.Log in to the Panther Console.
- 2.Click the gear icon in the upper right. In the dropdown menu, click General.
- 3.Click the SAML Configuration tab.
Keep this browser window open, as you will need the Audience and ACS URL values in the next steps.
- 1.Log in to your Okta administrative console.
- 2.Click the Applications tab, then click Create App Integration.
- 3.Within the "Create a new app integration" modal, fill in the form to configure the new app:
- Sign on Method: Select SAML 2.0
- 4.Click Next.
- 5.Configure the general settings:
- App name: Add a memorable name such as "Panther Console."
- App logo: Upload a Panther logo to help users quickly identify this app.
- App visibility: Configure the visibility of this application for your users.
- 6.Click Next.
- 7.In the SAML Settings section, configure the following under General:
- Single sign on URL: Enter the ACS URL you copied from the Panther Console in earlier steps of this documentation.
- Audience: Enter the Audience you copied from the Panther Console in earlier steps of this documentation.
- 8.Configure the following under Attribute Statements:
- 9.The Group Attribute statements can be left blank. Click Next.
- 10.Click Finish.
- 11.On the next screen, navigate to SAML Setup along the right-hand side of the screen.
- 12.Click View SAML setup instructions which will open up a new browser tab.
- 13.Copy the Identity Provider Single Sign-On URL. Okta displays the URL in the following format:
Adjust the URL as follows in order to use it with Panther:
- Copy this URL as you will need it in the following steps.
- 14.Grant access to the appropriate users and groups in the Assignments tab.
Amazon Cognito, which powers Panther's user management, does not support IdP-initiated logins. However, you can simulate an IdP-initiated flow with an Okta Bookmark app, which will allow users to click a tile in Okta to sign in to Panther. To configure a Bookmark app for Panther, follow the instructions in the Okta Help Center: Simulate an IdP-initiated flow using the Bookmark App.
- 2.Next to "Enable SAML", set the toggle to ON.
- 3.In the "Default Role" field, choose the Panther role that your new users will be assigned by default when they first log in via SSO.
- 4.In the Identity Provider URL field, paste the metadata URL from Okta that you obtained in the previous steps of this documentation.
- 5.Click Save Changes.
To test your setup, go to your Panther sign-in page and click Login with SSO.