OneLogin SSO

Set up OneLogin SSO to log in to the Panther Console

Overview

Panther supports integrating with OneLogin as a SAML provider to enable logging in to the Panther Console via SSO.

For more information on features, terminology, and limitations of SSO integrations with the Panther Console, see Identity & Access Integrations.

Log in to the Panther Console.
Click the gear icon in the upper right. In the dropdown menu, click General.
Click the Identity & Access tab.

Keep this browser window open, as you will need the Audience and ACS URL values in the next steps.

Log in to the OneLogin administrative console.
Click the Applications tab, then click Applications in the drop-down menu.
Fill in the form: Note: We recommend that you disable the "visible in portal" option since SAML logins can only be initiated from Panther.
- Display Name: Add a descriptive name, such as "Panther Console."
- Logo Icon: Upload a Panther logo to help users quickly identify this app.
- Description: Add a description of the app.
Click Save.
Open your new app's "Configuration" page. Under "Application Details," enter the following:
- Audience: Enter the Audience you copied from the Panther Console in earlier steps of this documentation.
- Recipient: Enter the ACS URL you copied from the Panther Console in earlier steps of this documentation.
- ACS (Consumer) URL Validator: Enter the ACS URL you copied from the Panther Console in earlier steps of this documentation.
- ACS (Consumer) URL: Enter the ACS URL you copied from the Panther Console in earlier steps of this documentation.
In the Parameters tab, add the attribute mappings for Panther. Check the box next to "Include in SAML assertion" for each attribute.
- PantherFirstName: First Name
- PantherLastName: Last Name
Click Save.
In the SSO tab, set the algorithm to SHA-512.
Save your settings.

After you're done, make sure to grant access to the appropriate users and groups.

Navigate back to the SAML configuration you started earlier in this documentation.
Next to Enable SAML, set the toggle to ON.
In the Default Role field, choose the Panther role that your new users will be assigned by default when they first log in via SSO.
In the Identity Provider URL field, paste the Issuer URL from OneLogin that you obtained in the previous steps of this documentation.
Click Save Changes.

To test your setup, go to your Panther sign-in page and click Login with SSO.

Last updated 11 months ago

Was this helpful?

Create the OneLogin App

Click the Applications tab, then click Applications in the drop-down menu.

Click Add App in the upper right side of the page. Search for and select SAML Custom Connector (Advanced).

Fill in the form: Note: We recommend that you disable the "visible in portal" option since SAML logins can only be initiated from Panther.

Click Save.

Open your new app's "Configuration" page. Under "Application Details," enter the following:

Audience: Enter the Audience you copied from the Panther Console in earlier steps of this documentation.
Recipient: Enter the ACS URL you copied from the Panther Console in earlier steps of this documentation.
ACS (Consumer) URL Validator: Enter the ACS URL you copied from the Panther Console in earlier steps of this documentation.
ACS (Consumer) URL: Enter the ACS URL you copied from the Panther Console in earlier steps of this documentation.

In the Parameters tab, add the attribute mappings for Panther. Check the box next to "Include in SAML assertion" for each attribute.

PantherFirstName: First Name
PantherLastName: Last Name
PantherEmail: EmailWhen you are done, they will appear in the attributes list:

Click Save.

In the SSO tab, set the algorithm to SHA-512.

Copy the Issuer URL and store it in a secure location. You will need this in the next steps.

Save your settings.

After you're done, make sure to grant access to the appropriate users and groups.

Configure OneLogin SAML in Panther

Navigate back to the SAML configuration you started earlier in this documentation.

Next to Enable SAML, set the toggle to ON.

In the Default Role field, choose the Panther role that your new users will be assigned by default when they first log in via SSO.

In the Identity Provider URL field, paste the Issuer URL from OneLogin that you obtained in the previous steps of this documentation.

Click Save Changes.

To test your setup, go to your Panther sign-in page and click Login with SSO.