Troubleshooting unexpected role changes for SAML users in Panther

Last updated
Save as PDF

Issue

My Panther Console has some users that log into Panther using SAML, and one or more of these users has Admin privileges in Panther. The default role is "Analyst Read Only" but we want these specific users to maintain Admin privileges.

When one of these users logs in via SAML, their privileges are downgraded from Admin to Analyst Read Only, and when we try to change the role, the change is not allowed.

Resolution

To resolve this issue:

Check the SAML configuration and make sure it's sending the correct user attributes to Panther.
- Name and email address values are particularly important since Panther uses these for internal operations.
If the SAML provider is configured correctly, ask each user to log in to the Panther Console and enter their email address manually in Settings > Users.

If these steps don't resolve the issue, contact Panther support for assistance.

Cause

This issue can occur when a Panther user account is missing an email address, e.g. if the SAML provider doesn't provide it.