You are currently reviewing an older revision of this page.
Note: If you use Azure AD as your Identity Provider, we have step-by-step instructions for setting up your SAML connection found here. ADFS instructions found here.
Bentley's Service Provider Details (configure your server with this info)
Parameter
Value
EntityID
https://ims.bentley.com/
Audience Restriction
Assertion Consumer URL
https://ims.bentley.com/sp/ACS.saml2
Assertion validity duration
900 seconds
Skew time
300 seconds
Include Name ID in assertion
Yes (Required)
Attributes to include in assertion
emailaddress
givenname
surname
windowsaccountname
upn
country (2-digit ISO code)
Namespace for attributes to include in assertion
http://schemas.microsoft.com/ws/2008/06/identity/claims
(for windowsaccountname)
http://schemas.xmlsoap.org/ws/2005/05/identity/claims
(for emailaddress, givenname, surname, name, upn)
Your SAML 2.0 Identity Provider Information (send this info back to Bentley)
Domain
e.g. bentley.com <This is used to redirect users to your IdP if IMS sees this during the authentication process>
Entity ID in the Federation Metadata document if you have one.
Typically for ADFS it looks something like:http://<ADFS>/adfs/ly/FederationMetadata/2007-06/FederationMetadata.xml
Entity Metadata URL*
Federation Metadata document if your IdP exposes it.
SSO Service URL
URL where your users will be redirected to, for authentication by your IdP.
Typically for ADFS it looks like: https://<ADFS>/adfs/ls
Thumbprint
The thumbprint of the certificate used by your IdP for token signing