This guide provides instructions for setting up Single Sign-on between Microsoft Azure AD and Bentley's Identity Management System (IMS), for your corporate users.
This guide assumes that your Azure AD tenant is properly set up on a SSL /TLS endpoint using HTTPS, and that the authentication address is accessible by your corporate users.
Note: The interface for Azure changed in early 2019, so your Azure interface may look different than the screenshots depicted below.
You will need to add the country claim, which is not included by default.
Alternately, you may add users and groups explicitly. This can be used to limit access to Bentley users and IT admins if desired.
If you cannot add an application due to a conflict, you may be able to remove it using PowerShell:
Get-AzureADApplication -All $true | select DisplayName, IdentifierUris | where IdentifierUris -Contains "https://ims.bentley.com/"
Get-AzureADApplication -Filter "DisplayName eq 'Bentley'"
Remove-AzureADApplication -ObjectId " ????????-???-????-???-????????????"