Documentation - Professional and Enterprise

This section contains documentation specific to iMIS SSO Professional and Enterprise.

Features

• Connect the iMIS OIDC module to otherwise unsupported directories, such as AWS Cognito.
• Enable single logout between iMIS and your external directory (learn more).
• (Enterprise only) Connect different directories for iMIS public users and staff users.
• (Enterprise only) Connect multiple directories and allow users signing in to choose which directory they want to sign into from a list.

Limitations

• When external directories are enabled in iMIS EMS, the following restrictions apply:
  • First name, Last name, and Primary Email Address fields in RiSE are marked read-only and not able to be updated.
  • Attempting to change these fields via the REST API results in an error being returned.
  • These fields are synchronized from the directory during user sign-in, and should be updated in the connected directory.
• New contact/user creation logic is limited to iMIS out of the box functionality (for example, member type follows the New Web Member Type setting in iMIS).
• Custom security roles, groups, committees, panel records, and other supplemental data are not able to be synced during the sign-in process directly (this requires a custom integration or code separate from iMIS SSO).
• Staff and public users sharing a single directory for sign-in must have a custom claim added to their directory’s user record that denotes if they are a staff user or not. This claim must be a string or number (not an array) and visible in either the Access Token, ID Token, or Userinfo endpoint.
• SAML, SCIM, and WS-FED are currently not supported by iMIS SSO Professional and Enterprise; only OpenID Connect IdPs may be used.

 

• Connecting to iMIS - Configuring the OpenID Connect Module
• Connecting to an External Directory / Identity Provider
• Directory Providers
  • Microsoft Entra ID (Formerly Azure AD)
  • AWS Cognito