NOTE: This guide is deprecated and for review only. We no longer set up new SAML based federations. Please refer to the Configuring OIDC with other Identity Providers instructions.
Bentley's Service Provider Details (configure your server with this info)
It is required that a user have a valid country code in your directory in order to federate. We use this information to determine proper entitlements, billing, taxes, and more.
Parameter |
Value |
EntityID | |
Audience Restriction | |
Assertion Consumer URL | |
Assertion validity duration |
900 seconds |
Skew time |
300 seconds |
Include Name ID in assertion |
Yes (Required) |
Attributes to include in assertion |
emailaddress OR upn (depending on your identifier) givenname surname country (2-digit ISO code) |
Namespace for attributes to include in assertion |
Your SAML 2.0 Identity Provider Information (send this info back to Bentley)
Parameter |
Value |
Domain |
e.g. bentley.com <This is used to redirect users to your IdP if IMS sees this during the authentication process> |
EntityID |
Entity ID in the Federation Metadata document if you have one. Typically for ADFS it looks something like: |
Entity Metadata URL* |
Federation Metadata document if your IdP exposes it. Typically for ADFS it looks something like: |
SSO Service URL |
URL where your users will be redirected to, for authentication by your IdP. Typically for ADFS it looks like: https://<ADFS>/adfs/ls |
Thumbprint |
The thumbprint of the certificate used by your IdP for token signing |