SOL
SKYE Standard · SIS
SKYE Identity Standard
Global Command Center · Skyes Over London LC
⬡ All Platforms ← SOL Home Open Command Center →
SKYE Standard · SIS-1.0 · Production Gate

Identity You Can
Enforce Worldwide.

The SKYE Identity Standard (SIS) is the enterprise-grade production gate for SSO + SCIM across every SKYE deployment. It defines what "real SSO" and "real SCIM" mean in the field, how we verify it, and how we ship it consistently across every tenant, every market, every product line.

🔐 Open the Command Center See the Enforcement Lanes ↓
SSO Enforcement
SCIM Lifecycle
Production Gate
AE Compliance Checklist
Engineer Preflight Script
Evidence PDF Downloads
2
Enforcement Lanes
SIS-1.0
Standard Version
100%
Tenant Gate Requirement
OIDC + SAML
SSO Protocols
PDF + JSON
Evidence Pack Formats
The Standard

What SIS Governs

Enterprise identity is two distinct problems. SIS solves both — with enforcement, not suggestions. Every SKYE deployment that handles enterprise tenants must pass both lanes.

SIS LANE 1
🔑 SSO — Authentication

SKYE never becomes the customer's password vault when SSO is enabled. Authentication is owned by the customer IdP and validated correctly via OIDC or SAML. The customer controls authentication. We enforce that this is always true.

  • Tenant routing (domain / slug / discovery)
  • Correct token & assertion validation (OIDC and SAML)
  • Session security + revocation on IdP signal
  • Policy enforcement — SSO required, password login disabled, MFA via IdP
SIS LANE 2
🔄 SCIM — Lifecycle & Access

Users and groups are provisioned, updated, and deprovisioned automatically. Access ends quickly and deterministically when the IdP says it ends. No manual off-boarding. No lingering access. No exceptions.

  • Provision, update, disable, and optional delete via SCIM v2
  • Group sync mapped directly to SKYE roles
  • Idempotency + retry logic for unreliable pushes
  • Full auditability of every lifecycle change
The Gate

One Sentence That Closes Every Deal

✅ SKYE Production Certified

"SKYE supports enterprise identity the right way: SSO controls authentication, SCIM controls lifecycle and access, and every change is audited."

A tenant earns the SKYE Production Certified label only when both the AE Compliance Checklist is completed and attached, and the Engineer Preflight Script passes with manual SSO steps verified.

📋

AE Compliance Checklist

Pre-deployment verification for Account Executives — confirms the deal record has all identity requirements documented and signed off before engineering begins. Must be completed and attached to move to production.

⚙️

Engineer Preflight Script

Technical validation checklist for engineers — step-by-step verification of SSO token validation, SCIM endpoint behavior, session revocation, and group sync. Pass output must be attached before go-live sign-off.

📥

Evidence Pack

Downloadable PDF artifacts for every SIS document — Standard Binder, AE Checklist, and Engineer Preflight — ready to attach to deal records, audit packages, and partner submissions.

Process

The Go-Live Enforcement Flow

Every enterprise tenant follows this path before receiving a SKYE Production Certified status. No shortcuts. No overrides.

📖
Standard Binder
Read and acknowledge the full SIS — all teams
📋
AE Checklist
AE completes and attaches to deal record
⚙️
Engineer Preflight
Engineer runs and attaches pass output
🔒
Manual SSO Verify
Engineer verifies SSO steps in a live tenant
Production Certified
Both lanes green — SKYE cert label applied
SIS Standard Binder

The Full Specification — Not a Summary

The SIS Binder is the complete production specification — not guidelines, not best practices. It defines the exact requirements for SSO and SCIM across SIS-Core and SIS-Enterprise tiers that every SKYE deployment must satisfy before client data is involved.

  • 🔑
    SSO Protocol Coverage: OIDC and SAML 2.0 — tenant routing, token validation, session revocation, policy enforcement.
  • 🔄
    SCIM v2 Lifecycle: Provisioning, deprovisioning, group sync, idempotency, and full audit trail requirements.
  • 🏢
    SIS-Core vs SIS-Enterprise: Tiered requirements so every deployment is measured against the right standard for its scope.
  • 🌍
    Global Enforcement: Consistent across every tenant, every market, every product line — no regional carve-outs.
SIS Standard Binder — Modules
SIS-Core · SSO Required Enforced
OIDC Token Validation Pass
SAML Assertion Validation Pass
Session Revocation on IdP Signal Pass
SCIM v2 Provision & Deprovision Pass
Group Sync → Role Mapping ~ Pending
Audit Log Completeness Pass
Production Gate 7/8 green Review pending
AE Compliance Checklist

AEs: Know What You're Selling

The AE Compliance Checklist exists because identity misrepresentation is one of the most common causes of enterprise churn. If an AE promises SSO without knowing what SKYE's SSO actually does, everyone loses. The checklist closes that gap before the deal is signed.

  • 💼
    Pre-Sale Verification: Confirm the customer's IdP, SSO protocol, and SCIM requirements before committing to a go-live timeline.
  • 📄
    Deal Record Attachment: Completed checklist is attached to the deal record — audit trail starts here, not at engineering.
  • 🤝
    Handoff Clarity: Engineering receives a complete spec. No re-scoping after kickoff because the AE guessed.
  • 📥
    PDF Available: Downloadable PDF version for offline review, client signoff, or compliance packages.
AE Checklist — Sample Items
Customer IdP confirmed Okta
SSO protocol agreed SAML 2.0
SCIM required? Yes
Group sync required? 3 groups
MFA via IdP confirmed Yes
Password login disabled Confirmed
Checklist attached to deal AE sign-off
Status Ready for Engineering Handoff
Inside the Command Center

Five Sections. One Source of Truth.

Everything enforcement-related for enterprise identity lives here — no Confluence required.

HOME
🏠 Command Center Home
Overview of SIS, governance principles, and the SKYE Production Certified gate.
Open →
SIS BINDER
📖 Standard Binder
The full SIS specification — SSO and SCIM requirements for Core and Enterprise tiers.
Open →
AE LANE
📋 AE Compliance Checklist
Pre-sale identity verification — complete before deal sign-off and attach to the record.
Open →
ENG LANE
⚙️ Engineer Preflight
Technical go-live script — SSO validation, SCIM testing, session revocation, and group sync.
Open →
DOWNLOADS
📥 Evidence Pack PDFs
Branded PDF downloads for every SIS document — Standard Binder, AE Checklist, Preflight Script.
Open →
Built For

Who Uses the SIS Command Center

💼

Account Executives

Use the AE Checklist before every enterprise deal closes. Know exactly what you're promising on SSO and SCIM — so engineering isn't surprised after kickoff.

👨‍💻

Implementation Engineers

Run the Preflight Script on every enterprise tenant before go-live. Attach the pass output to the deployment record. If it doesn't pass, it doesn't ship.

🔍

Security & Compliance Reviewers

The SIS Binder and Evidence Pack give auditors and compliance reviewers a standardized, printable record of every identity enforcement decision made during tenant onboarding.

Deploy With Confidence

Open the SKYE Identity Standard
Command Center — No Login.

Production-grade enterprise identity enforcement, in your browser, right now. Standard Binder, AE Checklist, Engineer Preflight, and PDF Downloads ready to go.

🔐 Open the Command Center ⬡ More SOL Platforms
← SOL Home ⬡ All Platforms