NOTE: This guide is deprecated and for review only. We no longer set up new SAML based federations. Please refer to the Configuring OIDC with other Identity Providers instructions.
Bentley's Service Provider Details (configure your server with this info)
It is required that a user have a valid country code in your directory in order to federate. We use this information to determine proper entitlements, billing, taxes, and more.
Parameter
Value
EntityID
https://ims.bentley.com/
Audience Restriction
Assertion Consumer URL
https://ims.bentley.com/sp/ACS.saml2
Assertion validity duration
900 seconds
Skew time
300 seconds
Include Name ID in assertion
Yes (Required)
Attributes to include in assertion
emailaddress OR upn (depending on your identifier)
givenname
surname
country (2-digit ISO code)
Namespace for attributes to include in assertion
http://schemas.xmlsoap.org/ws/2005/05/identity/claims
Your SAML 2.0 Identity Provider Information (send this info back to Bentley)
Domain
e.g. bentley.com <This is used to redirect users to your IdP if IMS sees this during the authentication process>
Entity ID in the Federation Metadata document if you have one.
Typically for ADFS it looks something like:http://<ADFS>/adfs/ly/FederationMetadata/2007-06/FederationMetadata.xml
Entity Metadata URL*
Federation Metadata document if your IdP exposes it.
SSO Service URL
URL where your users will be redirected to, for authentication by your IdP.
Typically for ADFS it looks like: https://<ADFS>/adfs/ls
Thumbprint
The thumbprint of the certificate used by your IdP for token signing