First, go to the General Settings page and copy the values for "Audience" and "ACS URL":
You will need these to configure your OneLogin App.
From the OneLogin Admin console, navigate to the Applications page:
Click the "Add App" button on the top right of the page and search for "SAML Test Connector (Advanced):"
Fill in the following:
Display Name (e.g. "Panther Enterprise")
Now, open the new application's "Configuration" page and fill in the "Audience" and "ACS Consumer" values found in the Panther General Settings page above:
In the Parameters tab, add Panther's field mappings:
For each parameter, be sure to also check the "Include in SAML assertion" flag:
When complete, you should see:
Finally, in the "SSO" tab, strengthen the algorithm to SHA-512 and copy the Issuer URL:
This is the "Identity provider URL" you will need to give to Panther.
Save your OneLogin App settings.
Don't forget to grant access to the appropriate users or groups!
To finalize the SSO configuration in Panther:
Navigate to your Panther "General Settings" page
Flip the "Enable SAML" button
Set a default Panther Role of your choice
Paste the OneLogin issuer URL copied above:
Click "Save" and you're done!
Now clicking the "Login with SSO" button will redirect you to your company's OneLogin: