GLOBAL ENFORCEMENT

SIS Command Center

Get PDFs Open SIS Binder

Identity you can enforce worldwide.

SIS is the SKYE production gate for enterprise identity. It defines what “real SSO” and “real SCIM” mean in the field, how we verify it, and how we ship it consistently across every tenant, every market, every product line.
Read the Standard Binder AE Compliance Checklist Engineer Preflight Script
What SIS governs

SSO (Authentication)

SKYE never becomes the customer’s password vault when SSO is enabled. Authentication is owned by the customer IdP and validated correctly (OIDC or SAML).

  • Tenant routing (domain / slug / discovery)
  • Correct token/assertion validation
  • Session security + revocation
  • Policy enforcement (SSO required, password disabled, MFA via IdP)

SCIM (Lifecycle + Access)

Users and groups are provisioned, updated, and deprovisioned automatically. Access ends quickly and deterministically when the IdP says it ends.

  • Provision, update, disable, optional delete
  • Group sync → role mapping
  • Idempotency + retries
  • Auditability of every change
Operational gate

SKYE Production Certified

A tenant is “SKYE Production Certified” only if both enforcement lanes are green:

AE Checklist Complete and attached to the deal record.

Engineer Preflight Pass output attached and manual SSO steps verified.

Download Evidence Pack
One sentence we say everywhere

Client-facing line

“SKYE supports enterprise identity the right way: SSO controls authentication, SCIM controls lifecycle and access, and every change is audited.”

SKYE Identity Standard (SIS) is an enforcement system: policies, controls, evidence, and go-live gates. Deployments that do not pass SIS are not labeled “SKYE Production Certified.”