The below instructions outline how to setup an Enterprise Application in Microsoft Entra (Azure) to work with the Opus 2 Platform. These should be used as a reference guide, but you should also refer to the official documentation from Microsoft, available here.
Create the Application with SAML
Create a new Application, and then select the SAML option to configure SAML-based authentication for the application. (This option requires that the application support SAML 2.0.) The Set up Single Sign-On with SAML page appears.
Configure Basic SAML Configuration
Go to the Basic SAML Configuration heading and select its Edit icon (a pencil). You should populate the Identifier (Entity ID) and the Reply URL (ACS) as provided by Opus 2.
Configure User Attributes and Claims
Opus 2 platform requires both Name ID and email, First Name and Last Name for Single Sign On. Go to the User Attributes & Claims heading and select edit. Set the values as below.
Parameter | Value |
---|---|
Name Identifier Value | user.userprincipalname [nameid-format:emailAddress] |
Parameter | Value |
---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | user.mail |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | user.surname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.givenname |
Provide App Federation Metadata URL and Login URL
On the Set up Single Sign-On with SAML page appears. Please provide Opus 2 with a copy of the App Federation Metadata URL, and the Login URL. Configuration for Opus 2 is then complete.
Assign Users and Groups to your SAML Application (Optional)
As a security control, Microsoft Entra only issues a token allowing a user to sign into the application if Microsoft Entra has granted access to the user. Users may gain access directly or through a group membership.
To assign a new user or group to your application, complete the following.
- In the application sidebar, select Users and Groups The <application name> - Users and Groups page appears, which shows the current list of assigned users and groups.
- Select Add Users, the Add Assignments page appears.
- Select Users and Groups, the Users and Groups page appears, showing a list of available users and groups.
- Find the User or Group you wish to add, click select.
- In the Add Assignments page, select Assign. The User and Groups page appears within the additional users shown in the list.