The Device Authorization Flow, which is also called the device flow, enables users to use SSO on phones with limited input capabilities, such as J1xx phones. In this flow, the users provide SSO credentials for their phone on another device, such as a smartphone. The device flow does not use the embedded Keycloak service.
Before configuring SSO authentication on Avaya Aura® Device Services, do the following:
Obtain the following data from the Avaya IAM identity provider:
The Avaya IAM root CA certificate.
The Discovery URL address and optionally, proxy server hostnames.
You require proxy server hostnames only if the hostname of the Discovery URL is not accessible from Avaya Aura® Device Services.
The client secret and client name configured on Avaya IAM for your organization.
Note:
The client name is mandatory and must start with "aads-" followed by a text or character. Also, configure the same client name in IAM.
Allow any combination of letters, numbers, or other characters after that.
For example:
aads-client
aads-client123
Obtain the client ID for the phone series, such as J1XX, to configure the Device Authorization Flow.
Phone models of the same phone series have the same client ID. For example, all J1XX phones have client ID aoc-j100-cli.
Add the Avaya IAM root CA certificate to the Avaya Aura® Device Services truststore.
Ensure that the Discovery URL or proxy server hostname is accessible from Avaya Aura® Device Services.
To contact
Avaya IAM support:
