Note: If you use Azure AD for your Identity Provider, we have step-by-step instruction for setting up your OIDC connection found here.
Note: It is required that a user have a valid country code in your directory in order to federate. We use this information to determine proper entitlements, billing, taxes, and more.
Your Token Provider Information
|
Parameter |
Value |
|
Issuer/Authority |
https://login.microsoftonline.com/{tenant}/v2.0 [Azure Example] |
|
Discovery URI |
/.well-known/openid-configuration |
|
Client ID |
Typically, OAuth token Provider will create an OAuth client, will be needed to receive and validate JWT tokens |
|
Client Secret |
Typically, OAuth token Provider will create an OAuth secret, will be needed to receive and validate JWT tokens |
|
Scopes |
Provide what scope needs to be requested to receive user information For example, openid profile |
|
OpenID Login Type |
Code & Code_Challenge_Method=S256 Note: Code_Challenge requires PKCE to be enabled at your identity provider. |
|
Authentication Method |
POST (This is the method PingFederate will use to perform client authentication) |
|
Authorization Endpoint |
<optional if discovery url provided> |
|
Token Endpoint |
<optional if discovery url provided> |
|
UserInfo Endpoint |
<optional if discovery url provided> |
|
JWKS Endpoint |
<optional if discovery url provided> |
|
Token Attributes |
emailAddress OR upn (depending on your identifier) givenName lastName country name sub |
Bentley OIDC / OAuth Service Provider Details
|
Parameter |
Value |
|
Redirect URI |
Bentley will Provide once Token Provider is registered (unique_id is dynamically generated) |