Integrations

IAM Systems

Key Systems

Identity Providers

SailPoint

SCIM 2.0 REST

Entra ID

Graph API Webhooks

Okta

REST Event Hooks

One Identity

REST Polling

OpenText ILM

SCIM 2.0

User lifecycle events

Status updates

Key2XS

Intelligence Engine

Identity Resolution

Maps IAM identities to physical access profiles

Policy Engine

Enforces access rules across all systems

Connector Framework

Protocol translation and normalization

Audit Trail

Complete lifecycle logging for compliance

AI Access Plan Generator

Intelligent access orchestration

Provisioning commands

Status & audit data

Physical Access Systems

eCLIQ ASSA ABLOY

SOAP mTLS

PROTEC² CLIQ ASSA ABLOY

SOAP mTLS

CLIQ Remote ASSA ABLOY

SOAP mTLS

ABLOY PULSE ASSA ABLOY

SOAP mTLS

iLOQ S5/S50 iLOQ

REST

SailPoint

SCIM 2.0 REST

Full lifecycle management with SCIM provisioning and REST API sync.

Bidirectional

Protocol SCIM 2.0 (RFC 7643/7644) inbound + REST API outbound

Auth Bearer Token, Basic Auth, or OAuth 2.0 Client Credentials

SCIM push for real-time user lifecycle events
REST API pull for full identity data and bulk sync
Bulk operations support

SailPoint pushes user lifecycle events via SCIM; Key2XS can pull full identity data back via SailPoint's REST API for bulk sync using OAuth2 Client Credentials.

One Identity Manager

REST

Companion app for event-driven provisioning with polling-based sync.

Bidirectional

Protocol Bidirectional REST API with polling synchronization

Auth SHA-256 hashed API key

Companion app installed on OI server pushes events
Configurable polling intervals (default 60s)
Configurable field mapping via JSON

A companion application on the One Identity server communicates bidirectionally with Key2XS, pushing user changes and receiving access updates.

Microsoft Entra ID

Graph API Webhooks

Graph API integration with webhook-based change notifications.

Bidirectional

Protocol Microsoft Graph API + Graph webhook subscriptions

Auth OAuth 2.0 (MSAL)

Real-time change notifications via Graph webhooks
Group-based user filtering per key system
Custom security attribute mapping
Entra ID SSO with callback handling

Different Entra ID groups can route different user populations to different key systems through group-based sync rules.

Okta

REST Event Hooks

REST API with event-driven webhooks for user lifecycle automation.

Bidirectional

Protocol REST API + Okta Event Hooks (webhooks)

Auth OAuth with API token

Event hooks for real-time user lifecycle events
REST API for user data queries
Full JML automation support

SCIM 2.0 Universal

SCIM 2.0

Standards-compliant SCIM server for any IAM system — no custom development needed.

Inbound

Protocol SCIM 2.0 (RFC 7643/7644)

Auth Bearer Token, Basic Auth, or OAuth 2.0 Client Credentials

Any SCIM-compliant IAM can connect
Recommended path for new integrations
No custom development required

Key2XS implements a full SCIM 2.0 server, enabling out-of-the-box integration with any SCIM-capable identity provider.

OpenText ILM

SCIM 2.0

Connects via the SCIM 2.0 universal server for identity lifecycle management.

eCLIQ

SOAP mTLS

Electronic cylinders, padlocks, and programmable keys managed through the CLIQ Web Manager cloud platform.

Full lifecycle

Protocol SOAP-based API via CLIQ Web Manager (CWM)

Auth Mutual TLS (mTLS) with client certificates

Electronic cylinder and padlock management
Programmable key provisioning and revocation
Access profile and zone management
Batch operations with parallel execution
Reconciliation with orphan detection

Integrates via CLIQ Web Manager with three SOAP service types (Import, Query, Work), intelligent caching, rate limiting with exponential backoff, and collision recovery.

PROTEC² CLIQ

SOAP mTLS

High-security locking combining rotating disc technology with electronic identification, managed through CWM.

Full lifecycle

Protocol SOAP-based API via CLIQ Web Manager (CWM)

Auth Mutual TLS (mTLS) with client certificates

High-security rotating disc + electronic ID
Key and cylinder lifecycle management
Access profile provisioning
Batch operations with parallel execution
Reconciliation with orphan detection

Same CLIQ Web Manager integration path as eCLIQ, sharing the SOAP service architecture and mTLS authentication.

CLIQ Remote

SOAP mTLS

Remote key updates via wall programmers, desktop units, or the CLIQ Connect Bluetooth app. No physical key return needed.

Full lifecycle

Protocol SOAP-based API via CLIQ Web Manager (CWM)

Auth Mutual TLS (mTLS) with client certificates

Remote key updates without physical return
Wall programmer support
Desktop programming unit support
CLIQ Connect Bluetooth app integration
Over-the-air access rights updates

Enables remote access management through multiple update channels, all orchestrated through the CLIQ Web Manager.

ABLOY PULSE

SOAP mTLS

Self-sustaining energy harvesting locks that generate power from key insertion. No batteries or external wiring required.

Full lifecycle

Protocol SOAP-based API via CLIQ Web Manager (CWM)

Auth Mutual TLS (mTLS) with client certificates

Energy harvesting from key insertion
No batteries or wiring required
Key and lock lifecycle management
Access profile provisioning
Ideal for remote or hard-to-reach locations

Self-powered lock technology managed through the same CLIQ Web Manager SOAP integration.

iLOQ S5/S50

REST

Physical, Bluetooth, and NFC phone key provisioning with full lifecycle control.

Full lifecycle

Protocol REST API (HTTP-based)

Auth API key authentication

Physical key (S5) provisioning
Bluetooth and NFC phone key (S50) provisioning
Security access management
29 independent sync operation toggles
Reconciliation and orphan detection

Conservative defaults with destructive operations disabled. Phone key SMS notifications and physical key stock monitoring built in.

REST API & SCIM 2.0 Server

Key2XS exposes a comprehensive REST API and a standards-compliant SCIM 2.0 server. Auto-generated OpenAPI documentation provides full endpoint reference with request/response schemas.

api-endpoints.txt

# IDENTITY MANAGEMENT
POST /api/v1/users   Create user
GET /api/v1/users/{id}/keys   Get assigned keys

# KEY LIFECYCLE
POST /api/v1/keys/assign   Assign key to user
DEL /api/v1/keys/{id}/revoke   Revoke key access

# COMPLIANCE
GET /api/v1/audit/trail   Query audit events
POST /api/v1/reports/generate   Generate report

# SCIM 2.0
GET /scim/v2/Users   List users (SCIM)
POST /scim/v2/Users   Create user (SCIM)

Deployment & Infrastructure

Deployment Model

Available as cloud-hosted SaaS, on-premises, or hybrid deployment. All options include the same full feature set and API access.

Authentication

OAuth 2.0, API keys, mutual TLS (mTLS) for key system connections

Data Handling

Pass-through middleware architecture — no long-term PII storage. Identity data flows from IAM to key systems without being retained.

SCIM 2.0 OpenAPI 3.0 OAuth 2.0 mTLS

Integrations & Technical Details

Integration Architecture

Identity Providers

Key2XS

Identity Resolution

Policy Engine

Connector Framework

Audit Trail

AI Access Plan Generator

Physical Access Systems

IAM System Integrations

SailPoint

One Identity Manager

Microsoft Entra ID

Okta

SCIM 2.0 Universal

OpenText ILM

Physical Access System Integrations

eCLIQ

PROTEC² CLIQ

CLIQ Remote

ABLOY PULSE

iLOQ S5/S50

API & Deployment

REST API & SCIM 2.0 Server

Deployment & Infrastructure

See Key2XS in Action