Integrating OneLogin with Panther Enterprise

First, deploy Panther Enterprise and go to the General Settings page. Note the values for "Audience" and "ACS URL":

Create OneLogin App

We are in the process of registering an official Panther OneLogin app, but in the meantime follow these steps to configure a OneLogin app manually.

From the OneLogin admin console, navigate to the Applications tab.

Click the "Add App" button at the top of the next page, and search for "saml test connector:"

Choose a display name (e.g. "Panther Enterprise") and a logo/description, if you like. We recommend disabling "visible in portal," since SAML logins can only be initiated from Panther. Click "Save."

Now you can edit the application configuration, filling in the "Audience" and "ACS Consumer" values you found in the Panther General Settings page a moment ago:

In the next tab, add Panther's custom parameters - PantherFirstName, PantherLastName, and PantherEmail:

For each parameter, be sure to check "include in SAML assertion":

From the "SSO" tab, strengthen the algorithm to SHA-512 (optional) and copy the Issuer URL:

This is the "Identity provider URL" you will need to give to Panther.

Finally, don't forget to grant access to the appropriate users / groups. Save your OneLogin application.

Configure Panther

From the Panther settings page, enable SAML with a default Panther role of your choice and paste the OneLogin issuer URL you just copied:

Click "Save" and then you're done! Now clicking th "Login with SSO" button will redirect you to OneLogin: