Can I enable SSO for internal firm users only?

Yes, SSO is enabled on a ‘per user’ basis, as such the internal firm users can have SSO enabled, while external users can login using local Opus credentials.

Can MFA be enabled when using SSO?

Yes, MFA can be setup to work as part of your IdP authentication, or alternatively within the Opus application itself.

Once I enable SSO, can anyone in my firm login?

No, we have implemented it so that user access must first be granted and enabled from the Opus application.

If an SSO user leaves the firm, will they still be able to access Opus2?

No, if the user has been removed from your AD or equivalent trust from your end, they will not be able to authenticate into Opus.

Does SSO work for On-Premise installations?

Yes, SSO with Keycloak is available for both our hosted and On-Premise setups.

If I have SSO enabled on my account, can I still login using regular Opus2 credentials?

No, you will only be able to access Opus2 via the ‘Single Sign-On’ button.

Can the login process be initiated by our IdP?

No, we currently do not support IdP initiated login, you must use the ‘Single Sign-On’ button on the login screen to start the authentication process.