1

Ensure that you gather all required information for configuring the integration.

See Prerequisites for SSO configuration.

2

Contact Imprivata support to configure SSO functionality for your company on Imprivata.

Provide the name of the domain that your are planning to use for authorization to Imprivata. Users that belong to this domain can use Imprivata SSO functionality.

3

Obtain the metadata file in XML format from Imprivata.

4

Configure LDAP settings.

See Configuring LDAP settings.

5

Enable role fetching from LDAP.

See Enabling role fetching from LDAP.

6

Configure Keycloak settings using the Avaya Aura® Device Services configuration utility.

See Configuring Keycloak settings.

7

Configure an Imprivata identity provider on Keycloak.

See Configuring an Imprivata SAML v2.0 identity provider on Keycloak.

8

Configure attribute mapping between the Imprivata SAML v2.0 identity provider and Keycloak.

See Modifying the attribute mapping between the third-party identity provider and Keycloak.

For information about mappers that you must configure on Keycloak, see Attribute mapping parameters for Imprivata SAML v2.0 identity provider.

9

Download the SPSSODescriptor metadata file from Keycloak and provide it to Imprivata.

See Downloading the SPSSODescriptor file from Keycloak.

10

Select the identity provider to use for authorization.

See Selecting the default identity provider.

Do not perform this task if you want to allow the simultaneous use of multiple identity providers to your enterprise users.

11

Test the integration with Imprivata.

See Testing the integration with the identity provider from the web administration portal.

12

Configure expiry time for access and refresh tokens.

See Configuring access and refresh token expiry times.