Connecting to iMIS - Configuring the OpenID Connect Module

This page explains how to connect iMIS SSO Premium to OpenID Connect.

🚧

Warning

In order to use iMIS SSO Premium, you must have the additional OpenID Connect license. To verify this, go to Settings > About iMIS, and make sure that OpenID Connect is listed in the Licensed features list.

Do the following to connect iMIS SSO Premium with OpenID Connect:

1. Log in to the Cloud Dashboard and go to Cloud SSO > Settings. You will need these fields for reference.
2. Open a new browser tab, and go to the iMIS Staff site.
3. Go to Settings > Contacts > Open ID Connect.
4. Configure the following:
   • OIDC authentication: Set to Test mode until all setup is complete and all functionality is verified.
   • Type: Okta
   • Name: Can be anything - recommended: iMIS SSO
   • Client ID: Copy this value from the Client ID field in the iMIS SSO app
   • Client Secret: Copy this value from the Client Secret field in the iMIS SSO app
   • Well-Known URL: Copy this value from the Discovery (Well-Known) URL field in the iMIS SSO app
   • Authority URL: Copy this value from the Issuer field in the iMIS SSO app
   • Redirect login URL: Enter the base domain of the iMIS instance, including https:// and a trailing slash.
     • Example: https://www.example.org/
     • Example: https://members.example.com/
   • External ID claim type: Enter external_id.
   • Set login hint: Enable this setting
   • Claim type: staff
   • Claim value: 1
   • Email body: Customize this as needed to your organization’s preferences
5. Click Save.
6. Back in the Cloud Dashboard, copy the Redirect login URL value from the OpenID Connect configuration screen and paste it into the iMIS SSO Redirect URL field.
7. Click Save Settings.

📘

Note

The connection between iMIS SSO Premium and iMIS OpenID Connect that was just set up is a one-time setup process.

• If a staff user is connecting one or more external directories, they do not need to repeat this process or change anything in iMIS.
• The settings that were just configured in iMIS are for the iMIS SSO product only – be sure not to enter any external directory-specific information into iMIS.
• Connections to external directories (Amazon Cognito, Microsoft Entra, Okta, and more) should only be configured inside the iMIS SSO app, not iMIS. The iMIS SSO is the proxy or gateway to these connected external directories.

When finished configuring OpenID Connect, proceed to configuring one or more external directories.