Documentation - Professional and Enterprise

This section contains documentation specific to iMIS SSO Professional and Enterprise.

Features

  • Connect the iMIS OIDC module to otherwise unsupported directories, such as AWS Cognito.
  • Enable single logout between iMIS and your external directory (learn more).
  • (Enterprise only) Connect different directories for iMIS public users and staff users.
  • (Enterprise only) Connect multiple directories and allow users signing in to choose which directory they want to sign into from a list.

Limitations

  • When external directories are enabled in iMIS EMS, the following restrictions apply:
    • First name, Last name, and Primary Email Address fields in RiSE are marked read-only and not able to be updated.
    • Attempting to change these fields via the REST API results in an error being returned.
    • These fields are synchronized from the directory during user sign-in, and should be updated in the connected directory.
  • New contact/user creation logic is limited to iMIS out of the box functionality (for example, member type follows the New Web Member Type setting in iMIS).
  • Custom security roles, groups, committees, panel records, and other supplemental data are not able to be synced during the sign-in process directly (this requires a custom integration or code separate from iMIS SSO).
  • Staff and public users sharing a single directory for sign-in must have a custom claim added to their directory’s user record that denotes if they are a staff user or not. This claim must be a string or number (not an array) and visible in either the Access Token, ID Token, or Userinfo endpoint.
  • SAML, SCIM, and WS-FED are currently not supported by iMIS SSO Professional and Enterprise; only OpenID Connect IdPs may be used.