Enable automated identity verification within Saviynt workflows and trigger proofing during onboarding or when risk events occur.
Integration type
Marketplace
Updated
Overview
1Kosmos is available on the Saviynt Exchange as a pre-built integration that embeds identity proofing into Saviynt workflows, enabling automated verification during onboarding and re-verification when risk conditions change.
Saviynt connects to 1Kosmos through the Universal Web Login interface, which automates the API calls required to initiate proofing sessions and return results to the Saviynt workflow.
The integration supports document verification for government-issued IDs from over 150 countries, biometric matching with liveness detection, and meets NIST 800-63-3 IAL2/AAL2 and FedRAMP High standards.
Prerequisites
Active 1Kosmos tenant with IDV enabled: Contact your 1Kosmos representative to confirm IDV is active and that the Saviynt connector is configured on your tenant.
Saviynt Identity Cloud subscription: Administrator access to the Saviynt Admin Console is required to configure the integration.
Saviynt Third-Party Access Governance (TPAG) module: Required for contractor onboarding use cases. Confirm your Saviynt license includes TPAG if this is a target workflow.
API credentials from 1Kosmos: The integration uses API-based communication. Obtain your 1Kosmos tenant API endpoint and credentials from the 1Kosmos admin portal before beginning configuration.
Integration steps
Step 1 — Find the listing on Saviynt Exchange Navigate to saviynt.com/exchange and search for "1Kosmos". Select the 1Kosmos for ID Proofing listing. For pricing and provisioning, contact help-exchange@saviynt.com or your 1Kosmos representative.
Step 2 — Configure API credentials in Saviynt In the Saviynt Admin Console, navigate to the integration configuration section. Enter the 1Kosmos API endpoint and credentials. These values are available in the 1Kosmos admin portal under your tenant's API settings.
Step 3 — Configure the Universal Web Login interface The integration communicates through Saviynt's Universal Web Login (UWL) interface. In Saviynt, configure the UWL connection to point to the 1Kosmos proofing session URL. The UWL automates the API calls from Saviynt into 1Kosmos that initiate a proofing session and collect identity verification results.
Step 4 — Define verification workflows In the 1Kosmos admin portal, configure the verification journey to match your use case. Select the appropriate document types (passport, driver's license, national ID) and whether biometric selfie matching with liveness detection is required. Map the pass/fail result back to the Saviynt workflow trigger.
Step 5 — Configure re-verification triggers In Saviynt, set the conditions under which re-verification is automatically triggered: role changes, access escalation requests, or flagged anomalous activity. The 1Kosmos integration supports re-verification without re-enrollment — users who have completed an initial proofing step can be re-verified at subsequent risk points using the stored identity record.
Step 6 — Test the onboarding flow Run a test onboarding session using a sandbox user. Confirm that the Saviynt workflow initiates the 1Kosmos proofing session, the user receives the verification link by email or SMS, and the pass/fail result correctly updates the Saviynt workflow state.
Integration notes
For contractor onboarding, the workflow uses Saviynt TPAG to initiate the new hire record and passes the user into 1Kosmos for proofing. Once verified, access provisioning proceeds through Saviynt without requiring a password; the verified identity becomes the credential.
Organizations using magic links for day-zero onboarding should confirm their email or SMS delivery infrastructure is configured in the 1Kosmos admin portal before testing.
