Checklist for configuring Microsoft Azure Active Directory integration using SAML v2.0

Last Updated : Jun 10, 2026 |

The following checklist lists the configuration tasks that you perform on the Microsoft Azure web portal and the Keycloak web administration portal to set up integration with Microsoft Azure Active Directory (Azure AD) using SAML v2.0.

No.

Task

Notes

1

Ensure that you gathered all required information for configuring integration.

See Prerequisites for SSO configuration.

2

Create and configure an application for SSO on Microsoft Azure.

See Creating a new application.

3

Configure user and administrator groups on Microsoft Azure.

See Configuring user and administrator groups and Adding users to groups.

4

Obtain the user and administrator group IDs.

See Obtaining the group ID.

5

Select Microsoft Azure Active Directory users and groups that can use SSO capabilities.

See Assigning users and groups to the SSO application on Microsoft Azure.

6

Configure Keycloak settings using the Avaya Aura® Device Services configuration utility.

See Configuring Keycloak settings.

7

Configure a Azure AD SAML v2.0 identity provider on Keycloak.

See Configuring an Azure AD SAML v2.0 identity provider on Keycloak.

8

Configure attribute mapping between the Office 365 SAML v2.0 identity provider and Keycloak.

See Modifying the attribute mapping between the third-party identity provider and Keycloak.

For information about mappers that you must configure on Keycloak, see Attribute mapping parameters for Microsoft Azure SAML v2.0 identity provider.

9

Obtain the client secret.

See Obtaining the client secret.

The client secret is required to enable communication between Avaya Aura® Device Services and Keycloak.

10

Create a client mapping.

See Creating client mapping.

If you need to regenerate the client secret, see Regenerating the Keycloak client secret.

11

Configure the LDAP UID mapping.

See Configuring the LDAP UID mapping.

12

Select the identity provider to use for authorization.

See Selecting the default identity provider.

Do not perform this task if you want to allow the simultaneous use of multiple identity providers to your enterprise users.

13

Test the integration with Azure AD.

See Testing the integration with the identity provider from the web administration portal.

14

Configure expiry time for access and refresh tokens.

See Configuring access and refresh token expiry times.