You are currently reviewing an older revision of this page.

Microsoft Azure AD configuration for OIDC

Introduction

This guide provides instructions for setting up Single Sign-on between Microsoft Azure AD and Bentley's Identity Management System (IMS), for your corporate users.

This guide assumes that your Azure AD tenant is properly set up on a SSL /TLS endpoint using HTTPS, and that the authentication address is accessible by your corporate users.

 

 

Create the Application in Azure AD

Note: The interface for Azure changed in early 2019, so your Azure interface may look different than the screenshots depicted below. 

  • Open your Azure AD portal (https://portal.azure.com/) and login with administrative privileges
  • Select “Azure Active Directory” from the left navigation, if not already selected.
  • Choose “App Registrations”

  • Click on “New Registration”

  • Name it “Bentley IMS”, select “Accounts in this organizational directory only”, and no Redirect URI for now, click register –

Setting up your ID Token 

  • Click “Token Configuration” on the left-hand side –

  • From here, we’re going to hit “Add Optional Claim” –

  • Select the “ID” Token Type –

  • A list of claims to add will pop up. Select: ctry, email, family_name, given_name, and upn. Then hit Add –

  • A warning box will pop asking if you should turn on the Microsoft Graph, hit the checkbox and hit Add again –

Setting up your Client Secret

  • Select the “Certificates & Secrets” option on the left-hand menu

  • Select “New Client Secret”

  • Name it “Bentley Secret” and select an expiration length, hit add –

Communities
Support and Services
Training and Learning
Social Media