The below instructions outline how to setup your AD FS to work with Opus 2 Platform. These should be used as a reference guide, but you should also refer to the official documentation from Microsoft on AD FS Setup with SAML 2.0 as found here. 

Setup Relying Party

In AD FS Management Console, right-click Trust Relationships > Relying Party Trusts and select Add Relying Party Trust.

In the pop-up wizard choose "Non-Claims Aware".

On the Select Data Source screen, choose Import Data about the relying party published online or on a local network and add in the Federation metadata Address URL as provided by Opus 2 Solution Consultant or Platform Support. 

If this fails due to firewall policies, please let us know, and we can provide a file version for you to use for the import. 

The steps after this can be left as they should be populated by the import - if this is not the case, please notify us and we can provide the manual details to populate these fields. On the final page, Finish ensure Configure Claims Issuance Policy is checked, then click close.

Create Claim rules - Mappers

In the Issuance Transform Rules tab of the Claim Rules Editor, select Add Rule.

On the Choose Rule Type screen, select Send LDAP Attributes as Claims then click next. 

Opus 2 requires the following Mappers in the SAML response:

  • Email
  • First Name
  • Last Name

At this time you can choose a Claim rule name of your choice, but the following mappings need to be included. Once added, click Finish.

LDAP ATTRIBUTEOutgoing Claim Type

Create Claim rules - NameID

Additionally, we need to ensure the NameID policy is setup correctly. To do this, select Add Rule again, and on the Choose Rule Type screen, select Transform an Incoming Claim then click next.

Again you can name this rule as you see fit, but the parameters should be as follows. 

Incoming Claim typeName ID
Incoming name ID formatUnspecified
Outgoing claim typeE-Mail Address

Finally, ensure Pass through all claim values is checked and click finish and setup is complete.