Minimum Software Version8.18.10
Solution(s)Cases International Cases US Institutions Counsel

This article outlines how to configure OKTA as an Identity Provider (IdP) using SAML 2.0 to enable Single Sign On (SSO) with the Opus 2 platform.


Opus 2 supports SAML 2.0 authentication via OKTA. To enable Single Sign On, administrators must create and configure a SAML 2.0 web application in the OKTA administration panel and apply the correct URLs and attribute mappings required by Opus 2.

These instructions serve as a reference guide. Administrators should also consult OKTA’s official documentation for additional details and configuration best practices.

Create the Application with SAML

  1. Log in to the OKTA Administration Console.
  2. Create a new application.
  3. Select SAML 2.0 as the sign‑on method to configure SAML‑based authentication.

Note: This option requires that the application supports SAML 2.0.

Configure Basic SAML Configuration

  1. Enter the Application name.

  2. Configure the application to not be visible to users, as users will initiate login via their URL rather than an app directory.

  3. If a logo is required for the application panel, contact Opus 2 Platform Support.

  4. In the SAML Settings, enter:

    • Single Sign On URL (provided by Opus 2)
    • Audience URI (SP Entity ID) (provided by Opus 2)

  5. Notify Opus 2 of the chosen Name ID format

Example:
Configuring the Single Sign On URL ensures OKTA sends authentication responses to the correct Opus 2 endpoint.

Configure the Application Type

  1. Complete the application type configuration as prompted by OKTA.
  2. Click Finish to save the application.

Configure User Attributes and Claims

Opus 2 requires specific attributes for Single Sign On to successfully update user profiles.

  1. Navigate to User Attributes & Claims.
  2. Select Edit.
  3. Configure the following claim mappings:
Claim URIValue
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressuser.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameuser.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameuser.surname

Guidance for configuring these mappings is available in the OKTA Help Centre.

Example:
Including first and last name attributes ensures Opus 2 can correctly populate user details during account creation.

Provide Identity Provider Metadata

  1. Copy the Identity Provider Metadata from the OKTA application.
  2. Provide this metadata to Opus 2 Platform Support or your Opus 2 contact.

Once the metadata has been supplied, configuration for Opus 2 is complete.


After completing the OKTA configuration, test Single Sign On with a pilot user to confirm authentication and attribute mapping are working as expected. If you need assistance validating the setup or your configuration differs from this guide, contact Opus 2 Platform Support.