| Minimum Software Version | 8.18.10 |
| Solution(s) | Cases International ✓ Cases US ✓ Institutions ⨉ Counsel ✓ |
This article explains how to configure DUO as an Identity Provider (IdP using SAML 2.0) to enable Single Sign On (SSO) with the Opus 2 platform.
Opus 2 supports SAML 2.0 authentication through DUO using a Generic SAML Service Provider configuration. To enable Single Sign On, administrators must create a SAML application in the DUO Admin Panel, configure the required entity identifiers and assertion URLs, and ensure that the correct user attributes are issued in the SAML response.
These instructions are provided as a reference guide. Administrators should also refer to DUO’s official documentation for further details and security considerations.
Create the Application with SAML
- Log in to the DUO Admin Panel.
- Navigate to Applications.
- Select Protect an Application.
- Locate Generic SAML Service Provider with the protection type
“2FA with SSO hosted by Duo (Single Sign-On)”. - Click Protect to begin configuring the application.
The Metadata section contains SAML Identity Provider information that will be required later for Opus 2 configuration.
The DUO application setup is configured across three areas: Basic Configuration, Attributes & Claims, and Metadata Setup.
Basic Configuration
Opus 2 requires two values for authentication.
- Return to the application page in the DUO Admin Panel.
- Navigate to the Service Provider section.
- Set the following values using the information provided by Opus 2:
- Entity ID (Identifier)
- Assertion Consumer Service (ACS) URL (Reply URL)
- Save the changes.
Example:
Configuring the correct ACS URL ensures DUO sends authentication responses to the Opus 2 login endpoint.
Configure User Attributes and Claims
When users authenticate, DUO issues a SAML token containing identity attributes. Opus 2 relies on these values to uniquely identify users.
- Navigate to the SAML Response section.
Configure NameID
| Claim Name | Value |
|---|---|
| NameID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| NameID Attribute | <Email Address> |
Configure Attribute Mapping
Ensure Map Attributes is configured as follows:
| IdP Attribute | SAML Response Attribute |
|---|---|
<First Name> | firstName |
<Last Name> | lastName |
<Email Address> | email |
Example:
Including email, first name, and last name ensures Opus 2 can create and correctly identify user accounts during SSO login.
Provide Identity Provider Metadata URL
- Return to the application page in the DUO Admin Portal.
- Navigate to the Metadata section.
- Copy the Metadata URL.
- Provide this URL to Opus 2 Platform Support or your Opus 2 contact.
Once supplied, DUO configuration for Opus 2 is complete.