OpenID Connect Premium

The OpenID Connect Premium module expands authentication flexibility by allowing connections to otherwise unsupported directories, including Amazon Cognito.

Features

Integrate the iMIS OIDC module with directories that are not natively supported.
Configure single logout between iMIS and your external identity provider to maintain consistent session control.
Assign separate directories for iMIS public users and staff users.
Connect multiple directories and present users with a selectable list of sign-in options at login.

Limitations

Consider the following when implementing OIDC Premium:

When external directories are enabled in iMIS EMS, the following restrictions apply:
- First name, Last name, and Primary Email Address fields in RiSE are marked read-only and not able to be updated.
- Attempting to change these fields through the REST API results in an error being returned.
- These fields are synchronized from the directory during user sign-in, and should be updated in the connected directory.
New contact or user creation logic is limited to iMIS out of the box functionality. For example, member type follows the “New Web Member Type” setting in iMIS.
Custom security roles, groups, committees, panel records, and other supplemental data are not able to be synced during the sign-in process directly. This requires a custom integration or code separate from Cloud SSO.
Staff and public users sharing a single directory for sign-in must have a custom claim added to their directory’s user record that denotes if they are a staff user or not; this claim must be a string or number (not an array) and visible in either the Access Token, ID Token, or Userinfo endpoint.
SAML, SCIM, and WS-FED are currently not supported by Cloud SSO Professional and Enterprise; only OpenID Connect IdPs may be used.