NOTE: Before using this guide to set up federation, please ensure that you've spoken with an engineer from the Bentley IMS team.
Do not use any Bentley Systems Azure store applications for this set up. We do not have an application that will complete this process for you at this time. This set up must be completed using these instructions only.
This guide provides instructions for setting up Single Sign-on between Microsoft Azure AD and Bentley's Identity Management System (IMS), for your corporate users.
This guide assumes that your Azure AD tenant is properly set up on a SSL /TLS endpoint using HTTPS, and that the authentication address is accessible by your corporate users.
This guide provides federation metadata, however, simply importing it will not completely set up this connection. Please finish the entire document to set up your federation.
Note: The interface for Azure changed in early 2019, so your Azure interface may look different than the screenshots depicted below.
https://ims.bentley.com/saml2/FederationMetadata/2007-06/FederationMetadata.xml
Identifier: https://ims.bentley.com/
Reply URL: https://ims.bentley.com/sp/ACS.saml2
You will need to add the country claim, which is not included by default.
Note: It is required that a user have a valid country code in your directory in order to federate. We use this information to determine proper entitlements, billing, taxes, and more.
Schema: http://schemas.xmlsoap.org/ws/2005/05/identity/claims
E-Mail:
UPN:
Define the Users and Groups for this application