# Azure Active Directory SSO ## Overview Panther supports integrating with [Azure Active Directory](https://azure.microsoft.com/en-us/solutions/active-directory-sso) as a SAML provider to enable logging in to the Panther Console via SSO. For more information on features, terminology, and limitations of SSO integrations with the Panther Console, see [Identity & Access Integrations](https://docs.panther.com/~/changes/15ann7vKLltCCAGHtdQr/system-configuration/saml). ## How to configure SAML SSO to the Panther Console with Azure Active Directory ### **Step 1: Obtain the Azure Active Directory SSO parameters from Panther** 1. In the upper-right corner of your Panther Console, click the gear icon. 2. In the dropdown menu, click **General**. 3. Click the **Identity & Access** tab. * Keep this browser window open, as you will need the **Audience** and **ACS Consumer URL** values in the next steps.

In the Settings section of the Panther Console, within the Identity & Access tab, various fields like "Enable SAML", "Audience" and "ACS Consumer URL" are shown

### Step 2: Create a Microsoft Azure Enterprise Application 1. Log in to your [Azure Portal](https://portal.azure.com). 2. In the left-hand navigation bar, click **Azure Active Directory**. 3. Under **Manage**, click **Enterprise applications***.* 4. Click **+ New application**, then **+ Create your own application**. 5. On the **Create your own application** screen, configure the following fields: * **Input name**: Enter a descriptive value, such as "Panther Console." * **Integrate any other application you don’t find in the gallery (Non-gallery)**: Select this radio button. 6. Click **Create**. ### Step 3: Configure your Microsoft Azure Enterprise Application 1. Within your newly created application, click **1. Assign users and groups**. 1. Click **+ Add user/group**. 2. Under **Users and groups**, click the **None Selected** link. 3. Select your user(s), then click **Select**. 4. Click **Assign**. 2. Navigate back to the Enterprise Application **Overview**, then click **2. Set up Single Sign-on**. 3. On the **Select a Single Sign-on method** screen, click **SAML**. 4. Within **Set up Single Sign-on with SAML,** make the following configurations: 1. Under **Basic SAML Configuration**, click **Edit**, and configure the following fields: * **Add Identifier (Entity ID)**: Paste the **Audience** value you obtained in the Panther Console in Step 1. * **Add reply URL**: Paste the **ACS Consumer URL** value you obtained in the Panther Console in Step 1. 2. Under **Attributes & Claims**, click **Edit**. 1. Click **+ Add new claim** and configure the following fields: * **Name**: Enter `PantherEmail`. * **Namespace**: Leave this field blank. * **Source**: Select the **Attribute** radio button. * **Source Attribute**: Select `user.email`. 2. Click **Save**. 3. Click **+ Add new claim** and configure the following fields: * **Name**: Enter `PantherFirstName`. * **Namespace**: Leave this field blank. * **Source**: Select the **Attribute** radio button.. * **Source Attribute**: Select `user.givenname`. 4. Click **Save**. 5. Click **+ Add new claim** and configure the following fields: * **Name**: Enter `PantherLastName`. * **Namespace**: Leave this field blank. * **Source**: Select the **Attribute** radio button.. * **Source Attribute**: Select `user.surname`. 6. Click **Save**. 3. Under **SAML Certificates,** next to **Federation Metadata XML,** click the **Download** link. 5. Click **Save**. ### Step 4: Configure the Panther Console with Azure AD SSO 1. Back in the Panther Console, under the **Identity & Access** tab, click **click here** to upload the metadata file you downloaded from Azure.

In the Panther Console settings, there is a Default Role field and an Identity provider URL field. Below, there is a button to upload a metadata file.

2. Click **Save Changes**. To test your setup, go to your Panther sign-in page and click **Login with SSO**.