Knowledge BaseRelease NotesRequest Demo

OneLogin SSO

Set up OneLogin SSO to log in to the Panther Console

Overview

Panther supports integrating with OneLogin as a SAML provider to enable logging in to the Panther Console via SSO.

For more information on features, terminology, and limitations of SSO integrations with the Panther Console, see Identity & Access Integrations.

How to configure SAML SSO to the Panther Console with OneLogin

Step 1: Obtain the OneLogin SSO parameters from Panther

  1. Log in to the Panther Console.

  2. In the upper-right corner, click the gear icon, and then click General.

  3. Navigate to the Identity & Access tab.

  4. Next to Enable SAML (Security Assertion Markup Language), set the toggle to ON.

  5. (Optional) If using IdP-initiated login, set the Use IdP-Initiated Single Sign On (SSO) toggle to ON.

  6. Copy the the Audience and ACS Consumer URL values and store them in a secure location. You will need them in the following steps.

    • If using IdP-initiated login, also copy the Relay State value.

It's recommended to use SP-initiated login, as it is generally considered more secure than IdP-initiated login.

In the Settings section of the Panther Console, within the Identity & Access tab, various fields like "Enable SAML", "Audience" and "ACS Consumer URL" are shown

Step 2: Create the OneLogin App

  1. Log in to the OneLogin administrative console.

  2. Click the Applications tab. In the drop-down menu, click Applications.

  3. In the upper-right side of the page, click Add App. Search for and select SAML Custom Connector (Advanced).

  4. Fill in the form:

    • Display Name: Add a descriptive name, such as "Panther Console."

    • Logo Icon: Upload a Panther logo to help users quickly identify this app.

    • Description: Add a description of the app.

  5. Click Save.

  6. Open your new app's Configuration page. Under Application Details, enter the following:

    • Audience: Enter the Audience value you copied from the Panther Console in Step 1.

    • Recipient: Enter the ACS URL value you copied from the Panther Console in Step 1.

    • ACS (Consumer) URL Validator: Enter the ACS URL value you copied from the Panther Console in Step 1.

    • ACS (Consumer) URL: Enter the ACS URL value you copied from the Panther Console in Step 1.

    • (Optional) Relay State: If using IdP-initiated login, paste the Relay State value you copied from the Panther Console in Step 1. If using SP-initiated login, leave this value blank.

  7. In the Parameters tab, add the attribute mappings for Panther. Check the box next to "Include in SAML assertion" for each attribute.

    • PantherFirstName: First Name

    • PantherLastName: Last Name

    • PantherEmail: Email

    When you are done, they will appear in the attributes list:

  8. Click Save.

  9. In the SSO tab, set the algorithm to SHA-512.

  10. Copy the Issuer URL and store it in a secure location. You will need this in the next steps.

  11. Save your settings.

After you're done, make sure to grant access to the appropriate users and groups.

Step 3: Configure OneLogin SAML in Panther

  1. Navigate back to the Identity & Access section in the Panther Console from Step 1. In the Default Role field, choose the Panther role that your new users will be assigned by default when they first log in via SSO.

    Panther highly recommends not setting this value to Admin.

  2. In the Identity Provider URL field, paste the Issuer URL from OneLogin that you obtained in the previous steps of this documentation.

  3. Click Save Changes.

To test your setup, go to your Panther sign-in page and click Login with SSO.

The Panther login page displays a "Login with SSO" button at the bottom.
PreviousOkta SCIMNextGeneric SSO

Last updated

Was this helpful?