Integrating Okta with Panther Enterprise

First, deploy Panther Enterprise and go to the General Settings page. Note the values for "Audience" and "ACS URL":

Create Okta App

We are in the process of registering an official Panther Okta app, but in the meantime follow these steps to configure an Okta app manually.

From the Okta admin console, navigate to the Applications tab

Click "Add Application"

Click "Create New App" and configure "Platform: Web" app and "Sign on method: SAML 2.0"

Click "Create" and configure the General Settings however you see fit. We recommend:

Click "Next" and configure section 2A, "SAML Settings", as follows:

The "Single sign on URL" and "Audience URI" were copied from the Panther General Settings page earlier. The "Group Attribute Statements" can be left blank (not shown here). Click "Next" and fill out feedback for Okta, linking to this documentation page if you like. Click "Finish."

Copy the "Identity Provider metadata" link shown on the next screen, under the Settings section of the "Sign On" tab:

This is the "Identity provider URL" you will need to give to Panther.

Finally, be sure to grant access to the appropriate people/groups in the "Assignments" tab.

Configure Panther

From the Panther settings page, enable SAML with a default Panther role of your choice and paste the Okta metadata URL you just copied:

Click "Save" and then you're done! Now, clicking the "Login with SSO" button will redirect you to Okta: