Microsoft ADFS Configuration for SAML 2.0
NOTE: This guide is deprecated and for review only. We no longer set up new SAML based federations. Please refer to the Configuring OIDC with other Identity Providers instructions.
This guide provides step-by-step instructions for configuring a basic Identity Federation deployment between Microsoft Active Directory Federation Services (AD FS) and Bentley's Identity Management System (IMS).
The document is intended for server and active directory administrators with knowledge of ADFS.
Part1 - Register IMS as a Relying Party (RP) in ADFS
5. For the Display Name, supply “Bentley IMS”. Hit Next.
6. On the Configure Certificate menu, hit Next.
7. On the next screen, select the “Enable support for the SAML 2.0 WebSSO protocol” and supply the URL: https://ims.bentley.com/sp/ACS.saml2
8. On the next screen, supply the following URL for the Relying party trust identifier and hit add: https://ims.bentley.com/
Part 2 - Setup Claims Issuance
If the Edit Claim Rules wizard does not open automatically, access it from the AD FS Management application under AD FS > Trust Relationships > Relying Party Trusts. Click Edit Claim Rules ... on the right hand side.
Schema for above:
This completes the ADFS server configuration portion for Single Sign On with Bentley IMS using the SAML 2.0 Protocol.
Part 3 - Provide your Organization's Federation Metadata URL to Bentley
Your organization's Federation Metadata URL is available in the AD FS Management Console.
Browse to Service > Endpoints > Metadata > Type:Federation Metadata to find your federation metadata URL.