Quick & painless. The way it should be.


Skypiom’s out-of-the-box integration and single sign-on solutions are based on modern standards that make integration and single sign-on simple to execute. For customer specific cases, the KMS allows access via an extensive API library.

Integrating the KMS with your specific internal or third-party systems, such as Human Capital Management Systems, is truly an unassuming task. The below are just some of the software providers that the KMS integrates into.


In all of the below cases we will configure the KMS to use the correct integration parameters and assist in the implementation and testing of the integration. The following options exist for single sign-on (SSO) integration with the KMS. Both options provide a secure way of authenticating users and synchronising data between your existing corporate directory and the KMS.

  • Open ID Connect (OIDC)
  • Skypiom API based Integration

With either of the below, forgotten passwords are a thing of the past!

Single Sign-on using OpenID Connect (OIDC)

OIDC allows you to verify the identity of the user based on the authentication performed by an Authorisation Server, as well as obtain basic profile information about the user in an interoperable manner.

For this type of integration to be considered you must have relevant OIDC capability installed. As an example, OIDC capability is available as part of Windows Server 2016, which caters for SSO using Active Directory (AD).

An alternative would be the installation of “Keycloak” to mediate between older AD installations and the modern OIDC protocol.

Single Sign-on using Skypiom API (SAPI)

An application programming interface (API) is a computing interface which defines interactions between multiple software intermediaries. It defines the kinds of calls or requests that can be made, how to make them, the data formats that should be used, the conventions to follow, etc. It can also provide extension mechanisms so that users can extend existing functionality in various ways and to varying degrees.

While OIDC relies on a comprehensive set of standard authentication protocols, SAPI takes a somewhat different approach to achieve a similar level of security. Where OIDC is not available, SSO integration is still possible using other protocols such as LDAP to communicate with corporate directory servers.

To ensure that login credentials never leave your environment, it follows that the login page needs to be hosted on your site or intranet. As a single web page with relatively simple functionality, the page requests the user’s credentials, uses LDAP on the local network to authenticate the user and then uses a Skypiom API call to establish a KMS session and transfer the user to the KMS menu. Skypiom publishes PHP sample code for the page which may be utilised and adjusted to suit your needs.