| Minimum Software Version | 8.18.10 |
| Solution(s) | Cases International ✓ Cases US ✓ Institutions ⨉ Counsel ✓ |
This article describes how to configure ADFS (Active Directory Federation Services) as an Identity Provider (IdP) to enable SAML 2.0 Single Sign On (SSO) with the Opus 2 platform.
Opus 2 supports federated authentication using SAML 2.0 via ADFS. To enable Single Sign On, administrators must configure Opus 2 as a Relying Party Trust in ADFS and ensure the correct claims are issued during authentication.
These instructions should be used as a reference guide. Administrators should also consult Microsoft’s official documentation for ADFS SAML 2.0 configuration for additional context and security best practices.
Set Up the Relying Party Trust
- Open the AD FS Management Console.
- Right‑click Trust Relationships > Relying Party Trusts.
- Select Add Relying Party Trust.
Select Trust Type
- In the wizard, choose Non‑Claims Aware.
- Proceed to the next step.
Import Federation Metadata
- On the Select Data Source screen, choose:
Import data about the relying party published online or on a local network - Enter the Federation Metadata Address URL provided by your Opus 2 Solution Consultant or Platform Support.
Note:
If the metadata import fails due to firewall restrictions, contact Opus 2 Platform Support. A file‑based metadata option can be provided.
- Continue through the wizard. The remaining values should be automatically populated from the imported metadata.
- On the final screen, ensure Configure Claims Issuance Policy is checked.
- Click Finish.
Example:
Importing metadata ensures the correct endpoints and identifiers are configured automatically for Opus 2.
Create Claim Rules – Attribute Mappers
- In the Claim Rules Editor, open the Issuance Transform Rules tab.
- Select Add Rule.
- Choose Send LDAP Attributes as Claims and click Next.
- Assign a rule name of your choice.
- Configure the following mappings:
| LDAP Attribute | Outgoing Claim Type |
|---|---|
| E‑Mail‑Addresses | |
| Given‑Name | FirstName |
| Surname | LastName |
- Click Finish.
These mappings are required for Opus 2 user identification and account creation.
Create Claim Rules – NameID
Opus 2 also requires the NameID claim to be configured correctly.
- In the Issuance Transform Rules tab, select Add Rule again.
- Choose Transform an Incoming Claim and click Next.
- Configure the rule using the following values:
| Parameter | Value |
|---|---|
| Incoming Claim Type | Name ID |
| Incoming Name ID Format | Unspecified |
| Outgoing Claim Type | E‑Mail Address |
- Ensure Pass through all claim values is selected.
- Click Finish.
Example:
Ensuring the NameID maps to the user’s email address allows Opus 2 to uniquely identify users during SSO login.
Related links
After completing the ADFS configuration, test Single Sign On with a pilot user to confirm claims are issued correctly. If metadata import or claim configuration does not behave as expected, contact Opus 2 Platform Support for assistance.