Documentation - Professional and Enterprise

This section contains documentation specific to Cloud SSO Professional and Enterprise.

Features

Connect the iMIS OIDC module to otherwise unsupported directories, such as AWS Cognito.
Enable single logout between iMIS and your external directory (learn more).
(Enterprise only) Connect different directories for iMIS public users and staff users.
(Enterprise only) Connect multiple directories and allow users signing in to choose which directory they want to sign into from a list.

When external directories are enabled in iMIS EMS, the following restrictions apply:
- First name, Last name, and Primary Email Address fields in RiSE are marked read-only and not able to be updated
- Attempting to change these fields via the REST API results in an error being returned
- These fields are synchronized from the directory during user sign-in, and should be updated in the connected directory
New contact/user creation logic is limited to iMIS out of the box functionality (e.g. member type follows the “New Web Member Type” setting in iMIS)
Custom security roles, groups, committees, panel records, and other supplemental data are not able to be synced during the sign-in process directly (this requires a custom integration or code separate from Cloud SSO)
Staff and public users sharing a single directory for sign-in must have a custom claim added to their directory’s user record that denotes if they are a staff user or not; this claim must be a string or number (not an array) and visible in either the Access Token, ID Token, or Userinfo endpoint
SAML, SCIM, and WS-FED are currently not supported by Cloud SSO Professional and Enterprise; only OpenID Connect IdPs may be used

Directory Providers