Hi All,

When trying to use Get-PWNonFederatedLoginToken and Get-IMSNonFederatedAccountToken   all i get is "WARNING: Get Non-Federated Token Failed"

I have tried passing my own email/password credentials, have tried a non-mfa account too with same results.

I saw Dave Brumbaugh 's comment "you'll have to establish a non-federated IMS account within your IMS Organization" in Bentley IMS New-PWLogin - In Azure Runbooks but don't really understand what this means or what i need to do.

What I am trying to achieve is to be able to run DM/Connected cmdlets without relying on Connection Client signed in.

Can anybody help shed some light or point me in the right direction?

Thanks All.

Currently running:

v2.0.7.0 pwps_dab
v1.0.1.7 PWPS_PWDM
v11.00.04.15 Connection Client
v10.03.453 PWE
v10.6.0.242 DM

  • The token in PWPS_PWDM may be slightly different, but for Get-PWNonFederatedLoginToken from PWPS_DAB, you need to establish a non-federated user. This is a user that does not use your normal email domain and yet is an IMS user associated with your organization. Many users register a gmail account and add it to their IMS Organization and I've established a Google mail-forwarding domain to help users out with this.

    Anyway, register the user as you normally would (either directly through or by having your IMS Administrator send an invitation). The only real requirement is that the email address be valid and you be able to get to it so you can respond to the validation email. If you add that user to your datasource, you should be able to login with

    $token = Get-PWNonFederatedLoginToken -UserName -Password (ConvertTo-SecureString Pass -AsPlainText -Force)

    New-PWLogin server:DSN -BentleyIMS -Token $token

    To get a token suitable for use with DM, use the -CreateWebToken switch with Get-PWNonFederatedLoginToken and you'll get a properly encrypted token.


    Answer Verified By: Lisa Chan