Home/Integrations

Integrations

Connects to your entire enterprise stack.

MyPass integrates with the directory services, ERP platforms, mainframes, ITSM tools, and MFA providers your organisation already runs — through a single secure MyPass Gateway. No rip and replace. Supports 95+ target systems simultaneously.

Directory & Identity

Where identity lives

MyPass is built around Active Directory as its primary identity source, with full support for Entra ID (Azure AD), LDAP, and cloud directories.

On-Premise

Active Directory

Full SSPR, IVM, Password Sync, and Password Filter support. Domain controller interceptor captures password change events before encryption. Supports all AD versions 2012–2022. Multiple domain and forest configurations supported.

Integration Guide ↗

Cloud / Hybrid

Microsoft Entra ID (Azure AD)

Cloud-native integration for hybrid and cloud-first environments. Supports SSPR and sync for hybrid AD setups. Entra ID can be configured as primary source or secondary target alongside on-premise AD.

Integration Guide ↗

Productivity

Google Workspace

Reset and sync Google Workspace credentials alongside AD in a single SSPR flow. No separate admin intervention required. Useful for organisations running hybrid Microsoft/Google environments.

Microsoft

Microsoft 365

Synchronise on-premise AD password changes to M365 accounts automatically, eliminating the common support call caused by AD/cloud credential divergence in hybrid environments.

SAP

The most complete SAP password integration available

SAP environments are complex — multiple systems, multiple clients, ABAP and Java stacks side by side. MyPass handles the full SAP landscape with two complementary approaches.

Method 1

Password Synchronization

MyPass detects Windows / Active Directory password changes via the domain controller interceptor and instantly propagates that new password to all linked SAP systems. Users get a seamless single-password experience without touching SAP at all. Supports ABAP and Java/UME stacks. SNC (Secure Network Communications) supported for encrypted connectivity.

Best for: environments where SSO isn't deployed and users should maintain one Windows credential across all SAP systems.

Method 2

Direct SAP Portal Reset

Users request SAP password resets through the MyPass SSPR portal, secured with MFA. Preferred when security separation between Windows and SAP credentials is required. Average reset time under one minute. Unlocks accounts locked by failed login attempts simultaneously.

Best for: organisations that want separate SAP and AD credential policies, or privileged SAP accounts that should not mirror Windows passwords.

Supported SAP systems: All major versions covered — if yours isn't listed, contact us, we likely support it.
SAP ECC / ERP SAP S/4HANA SAP HANA SAP NetWeaver SAP CRM SAP SCM SAP SRM SAP Solution Manager SAP BW / BI SAP GRC SAP Fiori SAP HRMS SAP IBP SAP FICO SAP XI / PI SAP EP (Enterprise Portal) SAP UME / Java Stack SAP AFS SAP EBP SAP BPD

Technical requirements: One service account per SAP instance with sufficient rights. ABAP systems require ABAP function module installation. Java/UME systems use SPML protocol. Multi-client environments (e.g. Client 100 vs 300) handled natively. Selective sync scope lets you isolate dev, UAT, and production SAP systems independently.

SAP Integration Guide ↗

ERP & Mainframe

Business systems that demand experience

The systems SSO can't reach. MyPass Password Sync and SSPR connect to the full legacy estate — Oracle, IBM mainframe, iSeries — through the MyPass Gateway.

Oracle

Oracle E-Business Suite

Password reset and sync for Oracle EBS application user accounts and database logins. Supports Oracle 11g through 19c. Bidirectional sync available — Oracle changes can trigger AD updates where required.

IBM

IBM z/OS (RACF)

Native z/OS mainframe integration via the MyPass Gateway. RACF, ACF2, and Top Secret security managers supported. Password reset, sync, and account unlock. No mainframe-side code changes required.

Integration Guide ↗

IBM

IBM iSeries / AS400

IBM i profile database password sync and reset. Works alongside existing AS/400 security policy without modification. Real-time on AD change event via Gateway connector.

Integration Guide ↗

Unix / Linux

SSH / Linux PAM

Local PAM account sync across Linux, AIX, and Unix servers. Eliminates the last local password island from the estate. Triggered on AD change event — no user action or scheduled job required.

Integration Guide ↗

Database

SQL Server & MySQL

Database login credential sync alongside application accounts. Removes static passwords from service accounts. SQL Server 2016+ and MySQL 5.7+ supported.

Integration Guide ↗

Collaboration

HCL Domino / Notes

Lotus Notes / Domino environments still in production. Password Sync keeps Domino credentials aligned with AD without manual admin involvement.

ITSM Platforms

Embedded in your service desk workflow

IVM integrates bidirectionally with your ITSM platform. The ITSM system triggers verification automatically when a ticket is opened. MyPass completes verification and writes results back — closing the ticket loop without agent intervention.

ITSM → MyPass IVM
Verification triggered automatically
  • Ticket opened in ITSM triggers IVM via URL call
  • Passes username, proofing category, and ticket ID
  • IVM verification panel loads in the agent interface
  • No manual agent steps to initiate — fires on ticket type
<MYPASSURL>?username=XXX&category=YYY&TicketID=ZZZ
MyPass
IVM
MyPass IVM → ITSM
Results written back automatically
  • Verification result posted to ticket via JSON/REST API
  • Ticket enriched with verification outcome, factors used, and timestamp
  • Ticket closed automatically on successful verification
  • Failed or suspicious verifications flagged in ticket notes
  • Full audit trail attached — no separate logging step required

Certified

ServiceNow

ServiceNow Store certified. IVM verification panel embedded directly in incident and service request forms. Automatic ticket update and closure on verification completion. Supports ServiceNow Tokyo, Utah, Vancouver, and Washington releases.

Supported

Zendesk

IVM verification widget embedded in the Zendesk agent interface. Supports Zendesk Support and Zendesk Suite. Ticket enriched with verification result via Zendesk API on completion.

Supported

Jira Service Management

IVM panel within the Jira Service Management agent queue. Works with Jira Cloud and Jira Data Centre editions. Verification results written back to the Jira ticket automatically.

Supported

ManageEngine ServiceDesk Plus

Deep integration including automatic ticket enrichment and IVM verification panel. Compatible with ManageEngine ServiceDesk Plus Cloud and On-Premises editions.

Supported

Ivanti

Integration via Ivanti's standard REST API. Supports Ivanti Neurons for ITSM and Ivanti Service Manager. Bidirectional ticket enrichment on verification completion.

Supported

HaloITSM

IVM integration via HaloITSM REST API. Verification triggered on ticket type, results posted back automatically. Contact us for specific configuration details.

Supported

TOPdesk

IVM integration via TOPdesk API. Supports TOPdesk SaaS and on-premise deployments. Verification results and audit trail written back to the TOPdesk call card.

Authentication Providers

MFA you already trust — used in SSPR and IVM

MyPass integrates with your existing MFA platform for both self-service resets and live helpdesk verification. Users already enrolled in Okta, Duo, or RSA can use those same credentials — no re-enrolment required.

Identity Platform
Okta
Full Okta integration for both SSPR and IVM. When a user belongs to an Okta group, MyPass asks Okta to confirm identity via the Okta API. Supports on-premise and Okta cloud deployments. Different verification factors can be weighted and assigned per user group or network location.
Okta Verify Push TOTP SMS Email Callback Google TOTP
MFA Platform
Duo Security
Duo integration for live challenge during helpdesk calls and self-service resets. Push approval, passcode, and phone callback methods all supported. Users without Duo enrolment can fall through to alternative MyPass verification methods.
Duo Push Passcode Phone Callback Hardware Token
MFA Platform
RSA SecurID
RSA SecurID token integration for organisations running RSA as their enterprise MFA standard. Supports both hardware tokens and the RSA Authenticator app. Used in IVM as a live verification factor during helpdesk calls.
Hardware Token RSA Authenticator App TOTP
Microsoft
Microsoft Authenticator
Microsoft Authenticator push and TOTP integration for SSPR and IVM. Leverages existing Microsoft MFA enrolment — no additional setup for users already registered. Compatible with Microsoft Entra ID MFA policies.
Push Notification TOTP Passwordless
Standard
TOTP / Google Authenticator
Any RFC 6238-compliant TOTP authenticator app supported — Google Authenticator, Authy, Microsoft Authenticator, and others. Useful as a lightweight MFA option where no enterprise MFA platform is in place.
RFC 6238 TOTP Google Authenticator Authy Any TOTP App
Standards-Based
SMS OTP, FIDO2 & Smart Cards
SMS one-time passwords for users without smartphone MFA. FIDO2 / WebAuthn for hardware security key support. Smart card and PKI certificate verification for high-assurance environments such as government and defence.
SMS OTP FIDO2 / WebAuthn Smart Card / PIV PKI Certificate

MyPass Gateway

The secure bridge between cloud and your environment

The MyPass Gateway is a lightweight on-premise component that acts as the integration bridge between the MyPass Cloud tenant and your internal systems. The cloud tenant initiates an inbound TLS connection to the Gateway — secured by inbound NAT and application-layer security — and the Gateway traverses from there to your on-premise targets. No VPN required.

Deploy one Gateway per environment, or multiple Gateways per region for geographically distributed estates. Each Gateway handles local system updates independently — isolated networks, remote datacentres, and disconnected segments all supported.

  • Inbound TLS — secured by NAT and application security — The MyPass tenant connects to the Gateway over TLS. Inbound NAT and application-layer controls secure the entry point. No VPN required.
  • Connector and credential store — Integration connector configurations and target-system credentials are stored on the Gateway — in your network, not in the cloud.
  • Local interaction logs — All Gateway-to-system activity is logged on-premise for troubleshooting and optional SIEM ingestion.
  • High availability — Multiple Gateway instances supported for redundancy and load distribution across regions or data centres.
  • Smart routing — Supports email and SMS traffic routing for smart host relay and least-cost SMS delivery across regions.
  • Lightweight deployment — Single Windows Server 2019–2025 instance. 95+ enterprise platforms supported simultaneously.
  • Optional DMZ deployment — Gateway can be deployed in a DMZ for additional network segmentation.
  • Queued retry — Offline target systems are queued and synced automatically when they come back online.
Gateway Deployment Guide ↗
Integration request
System type
HR · ERP · Directory · ITSM
Connection method
REST API
LDAP
SAML 2.0
Connector
Custom connector availableYES

Don't see your system listed?

We support 95+ target systems and custom integrations for enterprise environments. Get in touch and we'll assess compatibility with your specific stack.

Talk to an Engineer Book a Demo