0

Set Up iMIS SSO for Forumbee

This guide helps you connect iMIS to Forumbee so members can sign in with iMIS and return to your community already authenticated.

Important: Forumbee’s iMIS integration uses an iMIS IQA query to retrieve the user’s identity and committee memberships after iMIS authentication. iMIS does not automatically provide Forumbee with the user profile and committee data Forumbee needs for provisioning and access control, so the required IQA query must be set up in iMIS before users can log in.

Some iMIS environments support OIDC and a userinfo endpoint, but Forumbee’s integration uses IQA so identity and committee access are consistently available for this workflow.

Note: IQA stands for Intelligent Query Architect and is iMIS’s query tool that can be published for API access.

Before you start

You will need these details from your iMIS admin or iMIS consultant:

  • Login URL (SSO entry point)
  • Token endpoint URL
  • Client ID
  • Client Secret
  • Logout URL (recommended)
  • IQA Base URL
  • IQA Query Name
  • IQA column names returned by the query (see Step 1)

You will also need access to Forumbee Admin.

Step 1: Set up the IQA query in iMIS (required)

Forumbee uses IQA to look up the user and their committee memberships after iMIS returns an access token.

Your iMIS team must publish an IQA query that:

  • Accepts a single parameter: the literal username value returned by the iMIS token response
  • Returns the required columns below
  • Returns one row per committee membership (multiple rows if the user is in multiple committees)

Required columns (the column names can vary, but the values must be present):

  • Unique user ID (immutable iMIS identifier, often Party ID)
  • Full name
  • Committee identifier (often a committee code)

Optional but strongly recommended:

  • Email, if the iMIS token username is not always a valid email address

Forumbee IQA details are covered in the next article, but the key point for this setup guide is that the IQA query must exist and be accessible before you turn the integration on.

Step 2: Enter OAuth configuration in Forumbee

In Forumbee, go to Admin > Integrations > iMIS SSO.

In OAuth Configuration, enter:

  • Login URL
  • Logout URL
  • Token Endpoint URL
  • Client ID
  • Client Secret

Logout URL tips:

  • The Logout URL should not be the same as the Login URL.
  • Many organizations use their public website home page (or another non-login page) as the Logout URL.

Copy the Forumbee Redirect URI from the read-only field. You will use it in iMIS in the next step.

Step 3: Configure the Redirect URI in iMIS

iMIS needs to know where it is allowed to send users after authentication.

In iMIS, add the Forumbee Redirect URI as the redirect URL for the Forumbee client application.
The exact screen and wording varies by iMIS version, but it is typically part of the iMIS Single Sign On application setup and testing workflow.

Step 4: Enter IQA settings in Forumbee (required for login)

Still in Admin > Integrations > iMIS SSO, open IQA Configuration and enter:

  • IQA Base URL
  • Query Name
  • Unique User ID Column
  • Full Name Column
  • Committee ID Column
  • Email Column (optional)

Click Save.

Step 5: Choose your login experience

Go to Login Options.

Option A: Show an SSO button on the Forumbee login form

Turn on Show SSO option on Forumbee login form to display a button on the Forumbee login page.

  • Set the SSO login button label (example: Log in with iMIS).
  • Users can choose SSO at login.

Option B: Enforce SSO

Turn on Enforce SSO only after you have configured and tested SSO successfully.

If Enforce SSO is enabled, unauthenticated users are automatically redirected to iMIS. If SSO is not configured correctly yet, admins can get locked out of Forumbee.

Step 6: Turn the integration on

After you have completed the configuration above, turn Active on.

Click Save on the page.

Step 7: Do a basic test

  1. Open an incognito or private browser window.
  2. Visit your community home page.
  3. Click Log in with iMIS (or confirm you are redirected if Enforce SSO is enabled).
  4. Confirm you return to Forumbee signed in.
  5. Log out and confirm you are redirected to the Logout URL you configured (and that you do not get stuck in a logout loop).

Step 8: If something fails, check the Log tab

In Forumbee, open Admin > Integrations > iMIS SSO > Log.

The Log tab can help you understand what happened during a recent login attempt, such as whether login completed and whether Forumbee was able to reach IQA.

Common questions

Why is IQA required?

Forumbee uses IQA to retrieve the immutable iMIS user ID, the user name, committee memberships, and any profile fields you choose to map. Without that data, Forumbee cannot reliably identify the user or apply committee based access.

Reply

null
Login to reply

Content aside

Related Articles
Set Up iMIS SSO for Forumbee
Configure iMIS IQA for Committee Sync and Profile Field Mapping
Set Up Committees in Forumbee for iMIS Managed Access
Troubleshooting iMIS SSO and Committee Access Sync