Note: If you use Azure AD for your Identity Provider, we have step-by-step instruction for setting up your OIDC connection found here.
Note: It is required that a user have a valid country code in your directory in order to federate. We use this information to determine proper entitlements, billing, taxes, and more.
Your Token Provider Information
Parameter
Value
Issuer/Authority
https://login.microsoftonline.com/{tenant}/v2.0 [Azure Example]
Discovery URI
/.well-known/openid-configuration
Client ID
Typically, OAuth token Provider will create an OAuth client, will be needed to receive and validate JWT tokens
Client Secret
Typically, OAuth token Provider will create an OAuth secret, will be needed to receive and validate JWT tokens
Scopes
Provide what scope needs to be requested to receive user information
For example, openid profile
OpenID Login Type
Code & Code_Challenge_Method=S256
Note: Code_Challenge requires PKCE to be enabled at your identity provider.
Authentication Method
POST (This is the method PingFederate will use to perform client authentication)
Authorization Endpoint
<optional if discovery url provided>
Token Endpoint
UserInfo Endpoint
JWKS Endpoint
Token Attributes
emailAddress OR upn (depending on your identifier)
givenName
lastName
country
name
sub
Bentley OIDC / OAuth Service Provider Details
Redirect URI
Bentley will Provide once Token Provider is registered (unique_id is dynamically generated) https://ims.bentley.com/sp/{unique_id}/cb.openid