User Account Concepts
A ProjectWise user is a person with an account in the datasource. Each user account, at a minimum, consists of a unique log in name and password, and various user settings and privileges. When a user account is created, the account is immediately made active, and the user automatically receives a set of user settings and privileges based on the currently defined default user settings for that datasource.
All user accounts for a datasource are listed under the Users datasource node in ProjectWise Administrator. The list displays the general properties for each user, plus whether or not the user is currently connected to the datasource (from any ProjectWise application).
| Property Column | Description |
|---|---|
| Name | The name of the user. |
| Domain | The name of the Windows domain to which the user
belongs, if the account is a Windows account.
This field is blank if the account is a Bentley IMS account or a logical account. |
| Description | Displays a description of the user, if one is specified. |
| Displays the user's email address, if one is specified. | |
| Identity | The user name (primary email address) of the Bentley
profile (Bentley IMS account) associated to this user account, if one is
associated. Any user with such an identity can log in to the datasource with
the credentials of their Bentley profile.
This field is blank if the account is a Windows account or a logical account. |
| Identity Provider | The web address of the
Bentley Identity Management Service:
https://ims.bentley.com/
This field is blank if the account is a Windows account or a logical account. |
| Connected | Displays whether or not the user is logged in to the datasource. |
| Disabled | Displays whether or not the user's account is currently disabled. |
| Created | Displays the date the user account was created in the datasource. |
Account Types
There are four types of user or group accounts that can exist in the datasource:
A Logical account, or a ProjectWise native account, is an account whose user name and password are "made up" by the administrator when the account is created. The user name and password for logical accounts are stored in the ProjectWise database.
A Windows account is an account that leverages its user name and password from an existing Windows domain account, but the account itself is manually managed by the administrator. The user name and password of Windows accounts are not stored in the ProjectWise database.
A Windows, synchronized account is also an account that leverages its user name and password from an existing Windows domain account, but unlike regular Windows accounts, Windows, synchronized accounts are managed by ProjectWise User Synchronization Service.
A Federated Identity account is an account that is associated to a Bentley profile, so that the user can log in to the datasource with their Bentley credentials using Bentley Identity Management Service (Bentley IMS) authentication. This is also simply referred to as a Bentley IMS account.
For logical accounts, ProjectWise does the authentication (password verification) whenever a user logs in. For Windows and Windows, synchronized accounts, authentication is done by the operating system itself. For federated identity accounts, authentication is done by the identity provider, which is the Bentley Identity Management Service (Bentley IMS) located at https://ims.bentley.com.
Windows Single Sign-on
Windows single sign-on allows a user to be automatically logged in with their Windows credentials when they select a datasource in ProjectWise Explorer.
For Windows single sign-on to work for a user, Windows single sign-on must be enabled in the datasource, the user logging in must have a Windows-based account in a datasource, and the user must be currently logged in to the operating system as that user. When these conditions are met, the user can just double-click a datasource in ProjectWise Explorer and be automatically logged in and not be prompted for a user name and password. For Windows single sign-on to work in ProjectWise Administrator, the Windows-based account must also be a member of the Administrator group in ProjectWise.
When Windows single sign-on is enabled and a user needs to bypass this automatic log in (for example, if an administrator needs to log in on a user's computer), in ProjectWise Explorer the user can select the datasource and select .
Windows single sign-on can be enabled when creating a datasource by turning on the Support Windows Domain authentication option in the New Datasource Wizard. This adds the setting SSO=1 to the DMSKRNL.CFG file, at the end of the section that contains datasource-specific settings. For example:
[db0]
Description=pwtest
Type=Microsoft SQL Server
DisplayName=pwtest
InterfaceType=ODBC
Name=pwdb
DBUserName=pwadmin
DBUsrPwdDecrypt=5
DBUserPassword=<encryptedpassword>
SSO=1
If you need to turn this setting on or off after the datasource is created, you can manually edit the DMSKRNL.CFG file on the ProjectWise Design Integration Server computer (...\ProjectWise\bin). To turn the setting off, change the setting to SSO=0 or delete the setting altogether.
Bentley IMS Authentication
Bentley Identity Management Service (Bentley IMS) authentication lets a user log in to a datasource with their Bentley IMS credentials.
For Bentley IMS authentication to work, Bentley IMS authentication must be enabled in the datasource, the user logging in must have already signed in on their computer with their Bentley credentials using the CONNECTION Client, and the user logging in must have a Bentley profile associated to their ProjectWise account. If needed, the administrator can configure datasource settings so that a ProjectWise user account is automatically created with the user's Bentley profile associated to it the first time the user tries to log in to the datasource.
Bentley IMS authentication can be enabled when creating a datasource by turning on the Support Bentley IMS authentication option in the New Datasource Wizard. This adds the setting STS=1 to the DMSKRNL.CFG file, at the end of the section that contains datasource-specific settings. For example:
[db0] Description=pwtest Type=Microsoft SQL Server DisplayName=pwtest InterfaceType=ODBC Name=pwdb DBUserName=pwadmin DBUsrPwdDecrypt=5 DBUserPassword=<encryptedpassword> SSO=1 STS=1
If you need to turn this setting on or off after the datasource is created, you can manually edit the DMSKRNL.CFG file on the ProjectWise Design Integration Server computer (...\ProjectWise\bin). To turn the setting off, change the setting to STS=0 or delete the setting altogether.
In the example datasource configuration above, both Windows single-sign on and Bentley IMS authentication are enabled. When both settings are enabled, this transforms basic Bentley IMS authentication into Bentley IMS single sign-on, which allows a user to be automatically logged in with their Bentley IMS credentials when they select a datasource in ProjectWise Explorer.