Troubleshooting iMIS SSO and Committee Access Sync

Symptom:

• The user clicks Log out, then immediately ends up logged in again.

Cause:

• Enforce SSO is enabled and Logout URL is blank, or the Logout URL sends users back into the login flow.

What you can check:

• In OAuth Configuration, confirm the Logout URL is set and is not the same as the Login URL.
• The Log tab may show a logout followed by a new SSO redirect.

Fix:

1. Go to Admin > Integrations > iMIS SSO.
2. Under OAuth Configuration, set a Logout URL.
3. Make sure the Logout URL is different from the Login URL.
4. Save and retest.

Symptom:

• Login fails because Forumbee cannot determine a valid email.

Cause:

• The IQA email column is not configured or does not return a value, and the token username is not a valid email address.

What you can check:

• Confirm whether the token username is an email.
• If not, configure an Email Column in IQA Configuration and update the IQA query to return email.
• The Log tab may include a message that email is missing or invalid.

Fix options:

• Configure an IQA Email column in IQA Configuration and return a valid email in the query, or
• Update the iMIS configuration so the token username is a valid email, if that is appropriate for your environment

Common causes:

• A user has an invalid email in iMIS
• The IQA query returns blank values for required fields

What to check:

• The IQA response includes a valid immutable ID and full name for the user
• Email is present and valid based on the email sourcing rules

Common causes:

• Wrong IQA base URL
• Wrong query name
• Query is not published or not accessible to the API user
• Query does not accept the provided parameter

What to check:

• IQA Base URL looks like https://{org}.imiscloud.com/api/IQA
• Query name matches exactly, including folder path
• Request uses Parameter=<username> with a capital P
• The query is authored so that Parameter accepts the literal username string from the token

The Log tab may show that the IQA call failed or returned no rows, but the exact detail can vary.

Common causes:

• Committee identifier mismatch
• Wrong column name configured for committee ID or code
• Mapping rows not saved, or mapped to the wrong group
• The user has not completed a fresh SSO login since changes were made

What to check:

• In Forumbee IQA Configuration, confirm the committee column name matches the IQA result
• In Forumbee Group Mapping, confirm the iMIS committee value matches exactly what IQA returns in the Committee ID Column

Common causes:

• The mapped IQA column name does not match the response
• The IQA query does not return the column for that user
• Users have not logged in through SSO since the mapping was added

What to check:

• Column names are exact, including spaces and capitalization
• The IQA response includes the column values you expect
• The user completes a fresh SSO login

Forumbee updates committee memberships and mapped profile fields during SSO login.

If you need changes in iMIS to apply sooner in Forumbee, ask your Forumbee account manager about reducing the session length so users re-authenticate more often.

• Store client secrets securely and share them only through a secure method
• Do not paste production secrets into email or chat
• Rotate credentials if you suspect exposure