The below instructions outline how to setup an SAML 2.0 Web Application in OKTA to work with the Opus 2 Platform. These should be used as a reference guide, but you should also refer to the official documentation from OKTA, available here.
Create the Application with SAML
Create a new Application, and then select the SAML 2.0 option to configure SAML-based authentication for the application. (This option requires that the application support SAML 2.0.)
Configure Basic SAML Configuration
Setup the application name, and choose to not show the Application to Users. Users have to initiate login via their URL, not through an app directory. If you would like a logo for your panel, please contact Opus 2 Support.
On the SAML Setup, add your Single Sign On URL and Audience URI as provided by Opus 2. Please notify Opus 2 of the chosen Name ID format.
Configure the Application Type
Configure the application type and click Finish.
Configure User Attributes and Claims
Opus 2 platform requires mappers to update user profiles First Name and Last Name for Single Sign On. Go to the User Attributes & Claims heading and select edit. Set the values as below. Guidance on how to do this can be found on the OKTA Help Centre.
Parameter | Value |
---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | user.mail |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | user.givenname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.surname |
Provide Identity Provider Metadata URL
Please provide Opus 2 with a copy of the Identity Provider Metadata. Configuration for Opus 2 is then complete.