Single sign-on in Avaya Workspaces

Last Updated : Dec 22, 2022 |

Avaya Workspaces supports the usage of the credentials of an active directory to log on to Avaya Workspaces.

The Avaya Workspaces address book uses Avaya Aura® Device Services (AADS) to search for enterprise directory contacts using LDAP. To enable single sign-on (SSO) capabilities for authenticated AADS users, you can use the Avaya Breeze® platform Authorization Service. Using SSO capabilities, Avaya Workspaces users can use the address book to search for enterprise directory contacts using LDAP without needing to authorize separately with AADS.

You can configure Avaya Breeze® platform Authorization Service attributes to enable Security Assertion Markup Language (SAML), Integrated Windows Authentication (IWA), and Kerberos authentication.

LDAP integration

When attempting to access the Avaya Workspaces URL, Avaya Workspaces redirects unauthorized users to the Avaya Breeze® platform Authorization Service. If you configure LDAP, the Avaya Breeze® platform prompts the user for credentials. After successful authentication, the Avaya Breeze® platform grants users authorization permissions using an authorization token. If users have the correct permissions set in Avaya Control Manager, they can access Avaya Workspaces.

SAML integration

When attempting to access the Avaya Workspaces URL, Avaya Workspaces redirects unauthorized users to the Avaya Breeze® platform Authorization Service. If you configure SAML integration, the Authorization Service redirects users to your identity provider (IdP) and prompts the user for credentials. After successful authentication, the Avaya Breeze® platform grants users authorization permissions using an authorization token. If users have the correct permissions set in Avaya Control Manager, they can access Avaya Workspaces.

IWA or Kerberos integration

When attempting to access the Avaya Workspaces URL, Avaya Workspaces redirects unauthorized users to the Avaya Breeze® platform Authorization Service. If you configure the Avaya Breeze® platform Authorization Service for IWA or Kerberos authentication, the Authorization Service automatically uses the user's Windows credentials for authentication. If users have the correct permissions set in Avaya Control Manager, they can access Avaya Workspaces.

Users are redirected to the Exit page when they exit Avaya Workspaces. Users can choose to return to Avaya Workspaces. If Authorization Service enables, the Activate Agent screen opens, and users can log on again without entering credentials.

For more information about the Avaya Breeze® platform, SAML, and Kerberos authentication, see the Avaya Breeze® platform documentation available at https://support.avaya.com.