When we initially integrated Panopto with Canvas, we assigned the new user we created as an Account Admin account role to our instance. After testing, we created a separate account role and assigned it the permissions listed on this page - Panopto Support. Our end users complained that they could not log in to Panopto using SSO.
Panopto support looked into it and said the role we created also requires the following permissions:
Users - manage login details
Users - view login IDs
These permissions are missing on their support document. Just wanted to share this information with anyone else looking to integrate Panopto with Canvas.