Creating client mapping

Last Updated : Jun 05, 2026 |

About this task

In the authorization flow, Avaya Aura® Device Services interacts with Keycloak on behalf of a client, such as Avaya Workplace Client, Avaya Meeting Scheduler Outlook Add-in, Avaya Meetings Server Unified Portal, Avaya Agent for Desktop, or Avaya Calling for Microsoft Teams. To enable Avaya Aura® Device Services to communicate with Keycloak, you must provision Avaya Aura® Device Services with the Keycloak client secret and the URL to discover Keycloak resources. You must create a client mapping for each client that your deployment supports.

Important:

If you have multiple client mappings in your deployment, the value of Access token email address attribute must be the same for each client mapping.

To configure the device flow for phones, such as J1XX, see Creating client mapping for the device flow in Administering Avaya Aura® Device Services.

Before you begin

Obtain the client secret as described in Obtaining the client secret.

Procedure

  1. Log in to the Avaya Aura® Device Services web administration portal with the Security administrator role.
  2. Navigate to Security Settings > Client ID Mapping.
  3. Click Add.
  4. In the Create new client mapping window, complete the fields as follows:
    1. In Client ID:

      • For Avaya Workplace Client, type Equinox.

      • For Avaya Meeting Scheduler Outlook Add-in, type MeetingScheduler.

      • For Avaya Meetings Server Unified Portal, type UnifiedPortal.

      • For Avaya Agent for Desktop, type aafd.

      • For Avaya Calling for Microsoft Teams, type CallAssist.

      This value is case sensitive.

    2. In OIDC Discovery URL, type https://<AADS_FQDN>:<PORT>/auth/realms/<REALM>/.well-known/openid-configuration

      In this string:

      • <AADS_FQDN> is the Avaya Aura® Device Services front-end FQDN.

      • <PORT> is the Avaya Aura® Device Services front-end FQDN service port.

      • <REALM> is the Keycloak realm, which is SolutionRealm by default.

    3. In Client Secret, enter the string copied from the Keycloak web administration interface.
    4. Leave the Client Name and Proxy Address fields blank.
    5. Clear the Enable device Auth check box.
    6. For other fields, keep the default values.
  5. Click OK.

    Avaya Aura® Device Services displays the new client mapping on the page.

  6. If you already have another client mapping in your deployment, do the following:
    1. On the Client ID Mapping page, click Edit for the client mapping that you have just created.
    2. Ensure that the value of Access token email address attribute matches the value that you recorded.
    3. If the values are different, update Access token email address attribute with the value that you recorded.
    4. Click OK.
  7. Optional Create a client mapping for any additional clients that your deployment supports.