Future-proofing their business with cloud-first identity management

Bentley Systems (Nasdaq: BSY) is the infrastructure engineering software company. They provide engineering contractors and owner operators with innovative software to advance the design, construction and operations of the world’s infrastructure, sustaining both the global economy and the environment. As part of their ongoing digital initiative, the company strategically decided to invest in a modern, cloud-based identity system so that Bentley could have a future-proof identity layer enabling them to bring world-class digital infrastructure applications to market faster and advance their commitment to open and extensible infrastructure digital twin technology.

The solution had to be standards-based, support evolving global data residency and compliance regulations, integrate within desktop, cloud and server applications, and provide reliable, always-on access. In addition, Bentley Systems needed to ensure integration with back office systems to ensure business continuity and deliver personalized user experiences within their broad applications portfolio.

The challenge was to ensure business continuity across their extensive install base of legacy applications, federations, global managed services and growing cloud iTwin enabled applications while modernizing their identity infrastructure to enable more rapid delivery of digital user experiences to a global customer base.

Bentley Systems evaluated a comprehensive list of vendors, initially focusing on SaaS solutions but quickly discarding them in favor of more flexible cloud solutions because of their data residency requirements. The company needed to assure their clients (specifically in Europe and Asia PAC) that their employees’ personal user data was being stored safely and in compliance with regulatory requirements.

Bentley Systems ultimately selected the Ping Intelligent Identity platform, deploying PingFederate, PingAccess, PingDirectory and PingDataGovernance, as well as PingID, with the solution hosted and managed by ProofID, Bentley Systems’ MSP and delivery partner. It was important to the company that the overall architecture of the solution had modular capabilities, giving Bentley the flexibility to customize and support wide-ranging requirements, specifically around the ability to mimic the legacy environment in order to maintain continuity for existing users.

“Establishing a standards-based, cloud-first, flexible identity platform to advance delivery of infrastructure software was essential,” said Lori Hufford, VP, Digital Foundations. “Ping Identity’s suite of applications enables enhanced value for our users. Ping’s commitment to a proof of concept as part of the evaluation process and both Ping and ProofID’s dedication to business continuity for our legacy install base throughout the implementation process showed their commitment to us as a technology partner.”

Using Ping’s solutions, Bentley Systems was able to move their entire IAM program to the cloud in a big bang implementation, achieving a variety of departmental and business objectives. Calling it a “Herculean effort” carried out by the partners, the company successfully migrated more than 1,000 applications, including 230+ independent federations and over 300 OIDC-based applications.

The creation of a flexible identity layer spanning all Bentley applications is accelerating integration with new products, services and acquisitions, while centrally protecting web, mobile and API resources at scale. The decision to invest in a vendor identity solution also allows Bentley to focus their resources on infrastructure engineering software. Lastly, the cloud-first, open, extensible architecture supports Bentley Systems’ users as they transition to digital twins, enabling owner operators to reduce their overall cost of ownership. User onboarding is streamlined and experiences are more personalized.