Checklist for configuring IBM SVA integration using SAML v2.0

Last Updated : Jun 10, 2026 |

The following checklist lists the configuration tasks that you perform on the IBM Security Verify Access (SVA) and Keycloak web administration portals to set up integration with IBM SVA using SAML v2.0.

No.

Task

Notes

1

Ensure that you gather all required information for configuring the integration.

See Prerequisites for SSO configuration.

2

Create and configure an application for SSO using the IBM SVA administration dashboard and obtain the configuration metadata file.

See Creating a new SAML v2.0 application on IBM SVA.

3

Configure Keycloak settings using the Avaya Aura® Device Services configuration utility.

See Configuring Keycloak settings.

4

Configure an IBM SVA identity provider on Keycloak.

See Configuring an IBM SVA SAML v2.0 identity provider on Keycloak.

5

Configure user and administrator groups on IBM SVA.

See Configuring user and administrator groups.

6

Assign the groups to the SAML application on IBM SVA.

See Assigning groups to your IBM SVA SAML application.

7

Configure attribute mapping on IBM SVA.

See Configuring attribute mapping on IBM SVA.

8

Configure attribute mapping between the IBM SVA SAML v2.0 identity provider and Keycloak.

See Modifying the attribute mapping between the third-party identity provider and Keycloak.

For information about mappers that you must configure on Keycloak, see Attribute mapping parameters for the IBM SVA SAML v2.0 identity provider.

9

Obtain the client secret.

See Obtaining the client secret.

The client secret is required to enable communication between Avaya Aura® Device Services and Keycloak.

10

Create a client mapping.

See Creating client mapping.

If you need to regenerate the client secret, see Regenerating the Keycloak client secret.

11

Configure the LDAP UID mapping.

See Configuring the LDAP UID mapping.

12

Select the identity provider to use for authorization.

See Selecting the default identity provider.

Do not perform this task if you want to allow the simultaneous use of multiple identity providers to your enterprise users.

13

Create users on IBM SVA.

See Creating users on IBM SVA.

14

Add users to the groups on IBM SVA.

See Adding users to groups.

15

Test the integration with IBM SVA.

See Testing the integration with the identity provider from the web administration portal.

16

Configure expiry time for access and refresh tokens.

See Configuring access and refresh token expiry times.