Documentation - Professional and Enterprise
This section contains documentation specific to iMIS SSO Professional and Enterprise.
Features
- Connect the iMIS OIDC module to otherwise unsupported directories, such as AWS Cognito.
- Enable single logout between iMIS and your external directory (learn more).
- (Enterprise only) Connect different directories for iMIS public users and staff users.
- (Enterprise only) Connect multiple directories and allow users signing in to choose which directory they want to sign into from a list.
Limitations
- When external directories are enabled in iMIS EMS, the following restrictions apply:
- First name, Last name, and Primary Email Address fields in RiSE are marked read-only and not able to be updated.
- Attempting to change these fields via the REST API results in an error being returned.
- These fields are synchronized from the directory during user sign-in, and should be updated in the connected directory.
- New contact/user creation logic is limited to iMIS out of the box functionality (for example, member type follows the New Web Member Type setting in iMIS).
- Custom security roles, groups, committees, panel records, and other supplemental data are not able to be synced during the sign-in process directly (this requires a custom integration or code separate from iMIS SSO).
- Staff and public users sharing a single directory for sign-in must have a custom claim added to their directory’s user record that denotes if they are a staff user or not. This claim must be a string or number (not an array) and visible in either the Access Token, ID Token, or Userinfo endpoint.
- SAML, SCIM, and WS-FED are currently not supported by iMIS SSO Professional and Enterprise; only OpenID Connect IdPs may be used.