1

Ensure that you gather all required information for configuring the integration.

See Prerequisites for SSO configuration.

2

Enable and configure SSO functionality on AD FS.

See the Microsoft documentation for AD FS installation and configuration.

3

Obtain the AD FS configuration file.

See the prerequisites in Configuring an AD FS SAML v2.0 identity provider on Keycloak.

4

Configure Keycloak settings using the Avaya Aura® Device Services configuration utility.

See Configuring Keycloak settings.

5

Configure the AD FS identity provider on Keycloak.

See Configuring an AD FS SAML v2.0 identity provider on Keycloak.

6

Configure Keycloak as a relying party trust on AD FS.

See Configuring Keycloak as a relying party trust.

7

Configure attribute mapping between the AD FS SAML v2.0 identity provider and Keycloak.

See Modifying the attribute mapping between the third-party identity provider and Keycloak.

For information about mappers that you must configure on Keycloak, see Attribute mapping parameters for ADFS SAML v2.0 identity provider.

8

Configure the claim issuance policy on AD FS.

See Configuring the claim issuance policy.

9

Obtain the client secret.

See Obtaining the client secret.

The client secret is required to enable communication between Avaya Aura® Device Services and Keycloak.

10

Create a client mapping.

See Creating client mapping.

If you need to regenerate the client secret, see Regenerating the Keycloak client secret.

11

Configure the LDAP UID mapping.

See Configuring the LDAP UID mapping.

12

Select the identity provider to use for authorization.

See Selecting the default identity provider.

Do not perform this task if you want to allow the simultaneous use of multiple identity providers to your enterprise users.

13

Test the integration with AD FS.

See Testing the integration with the identity provider from the web administration portal.

14

Configure expiry time for access and refresh tokens.

See Configuring access and refresh token expiry times.