Can I delete all non-SAML user accounts in Panther?

Last updated: December 31, 2025

QUESTION

Is it possible to delete all non-SAML user accounts, so that the only way to access Panther is through an identity provider, such as Okta?

ANSWER

No.

As a continuance measure, Panther requires at least one admin-level non-SAML user to prevent a total lockout due to issues with an identity provider. In the case where you want to your team to access only through SAML, you may wish to name this account something generic such as "Recovery" and store the credentials in a secure location.

At least one password-based user must have the Admin role.

If Enforce Single Sign On (SSO) is enabled, at least one IdP-managed user must also have the Admin role, in addition to at least one password-based user with the Admin role.