iMIS Power Suite - SSO Premium

iMIS SSO Premium

iMIS SSO Premium is a cloud-based single sign-on solution that implements both the SAML 2.0 and OpenID Connect standards (and by extension, OAuth 2.0) with iMIS as the identity provider. The assertion and user-profile data are powered by a fully customizable query stored within iMIS.

Since no software installation is required, third-party vendors and websites that cannot perform a direct SSO with iMIS can still authenticate users with their iMIS credentials and retrieve real-time, customizable profile information about the signing-in user. By supporting industry-standard OpenID and SAML SSO protocols, iMIS SSO Premium allows vendors and third-party systems to integrate directly with iMIS, significantly reducing the cost and time needed to connect your systems to iMIS.

Features

  • Connect iMIS OIDC to additional directories, such as AWS Cognito.
  • Enable single logout between iMIS and your external directory.
  • Connect different directories for iMIS public users and staff users.
  • Connect multiple directories and allow users signing in to choose which directory they want to sign into from a list.

Limitations

  • When external directories are enabled in iMIS EMS, the following restrictions apply:
    • First name, Last name, and Primary email address fields are marked read-only and not able to be updated.
    • Attempting to change these fields via the REST API results in an error being returned.
    • These fields are synchronized from the directory during user sign-in, and should be updated in the connected directory.
  • New contact/user creation logic is limited to iMIS out of the box functionality (for example, member type follows the New Web Member Type setting in iMIS).
  • Custom security roles, groups, committees, panel records, and other supplemental data are not able to be synced during the sign-in process directly (this requires a custom integration or code separate from iMIS SSO).
  • Staff and public users sharing a single directory for sign-in must have a custom claim added to their directory’s user record that denotes if they are a staff user or not. This claim must be a string or number (not an array) and visible in either the Access Token, ID Token, or Userinfo endpoint.
  • SAML, SCIM, and WS-FED are currently not supported by iMIS SSO Premium; only OpenID Connect IdPs may be used.