The integration supports document verification for government-issued IDs from over 150 countries, biometric matching with liveness detection, and meets NIST 800-63-3 IAL2/AAL2 and FedRAMP High standards.

End-User Experience

The identity verification process is initiated by the end user through an email invitation. Users follow a simple set of steps to verify their identity and complete onboarding.

To complete the identity verification, the end user:

1. Receives an email prompting them to verify their identity for onboarding into the Saviynt Identity Cloud.

2. Opens the email and clicks Verify Your Identity.

3. Is redirected to the 1Kosmos Identity Verification page and selects Start ID Proofing.

4. Follows the on-screen instructions and completes identity verification using a valid ID document.

5. Upon successful verification, their onboarding is automatically approved

Prerequisites

• Active 1Kosmos tenant with IDV enabled: Contact your 1Kosmos representative to confirm IDV is active and that the Saviynt connector is configured on your tenant.

• Saviynt Identity Cloud subscription: Administrator access to the Saviynt Admin Console is required to configure the integration.

• Saviynt Third-Party Access Governance (TPAG) module: Required for contractor onboarding use cases. Confirm your Saviynt license includes TPAG if this is a target workflow.

• API credentials from 1Kosmos: The integration uses API-based communication. Obtain your 1Kosmos tenant API endpoint and credentials from the 1Kosmos admin portal before beginning configuration.

Integration steps

Step 1 — Find the listing on Saviynt Exchange Navigate to saviynt.com/exchange and search for "1Kosmos". Select the 1Kosmos for ID Proofing listing. For pricing and provisioning, contact help-exchange@saviynt.com or your 1Kosmos representative.

Step 2 — Define verification workflows

In the 1Kosmos admin portal, configure the verification journey to match your use case. Select the appropriate document types (passport, driver's license, national ID) and whether biometric selfie matching with liveness detection is required. Map the pass/fail result back to the Saviynt workflow trigger.

Refer to the Product Documentation for technical specifics: Configuring Verification Journeys in 1Kosmos

Step 3 — Configure the Universal Web Login interface

The integration communicates through Saviynt's Universal Web Login (UWL) interface. In Saviynt, configure the UWL connection to point to the 1Kosmos proofing session URL. The UWL automates the API calls from Saviynt into 1Kosmos that initiate a proofing session and collect identity verification results.

Refer to the Product Documentation for technical specifics: Configuring Identity Proofing settings in Saviynt

Step 5 — Configure re-verification triggers In Saviynt, set the conditions under which re-verification is automatically triggered: role changes, access escalation requests, or flagged anomalous activity. The 1Kosmos integration supports re-verification without re-enrollment — users who have completed an initial proofing step can be re-verified at subsequent risk points using the stored identity record.

Step 6 — Test the onboarding flow Run a test onboarding session using a sandbox user. Confirm that the Saviynt workflow initiates the 1Kosmos proofing session, the user receives the verification link by email or SMS, and the pass/fail result correctly updates the Saviynt workflow state.

Integration notes

For contractor onboarding, the workflow uses Saviynt TPAG to initiate the new hire record and passes the user into 1Kosmos for proofing. Once verified, access provisioning proceeds through Saviynt without requiring a password; the verified identity becomes the credential.

Organizations using magic links for day-zero onboarding should confirm their email or SMS delivery infrastructure is configured in the 1Kosmos admin portal before testing.