Skip to content
SignetAssure
Request a demo

Integrations

Connect, don’t replace.

SignetAssure plugs into the kit and identity you already trust, sends comms on the channels that get answered, and federates vetting state between trusted peer deployments — with the audit trail to prove it.

Access control

Doors that listen to clearance state.

Native · Bi-directional

CredoID

A first-class CredoID integration distributed in the UK by Alton Valley. Personnel, access profiles and per-person grants flow into the badge in real time — and unapproved levels get cleaned up automatically.

  • • Push personnel — create, update, disable, remove
  • • Scheduled background sync (configurable interval)
  • • Access profiles auto-assigned on sync
  • • Per-person access level grants with enforced start & end dates — levels activate and expire automatically
  • • Unapproved level detection and auto-removal
  • • Inactivity-driven disable and removal dates
  • • Live event log streamed per person
  • • Company and location mapping between SA and CredoID

Open · API-led

Any API-led ACS

The CredoID integration is the deepest, but the pattern is repeatable. If your access control system has an API, SignetAssure can drive it — with the same field mapping, retry, replay and audit guarantees.

  • • REST and webhook patterns
  • • Configurable field mapping
  • • Idempotent, replayable events
  • • Signed audit trail

Cross-organisation vetting sharing

SignetAssure ↔ SignetAssure.

Run SignetAssure at every trusted site in your supply chain and clearance state flows end to end. Three endpoints, two scopes, signed audit on both sides. Designed so a prime can verify a tier-1’s person, a tier-1 can post back the outcome of a vetting check, and neither needs to email a PDF again.

Model

Peer-to-peer trust

Each organisation runs their own SignetAssure instance. Trust is mutual and explicit: you issue keys to them, they issue keys to you, and either side can revoke at any time.

Scopes

vetting:read · vetting:return

Two narrow scopes, separately grantable. read lets a partner verify clearance state; return lets them post back the outcome of a vetting check they ran on your behalf.

Controls

IP allow-list · rate limit · signed audit

Each inbound key can be IP-pinned. The /lookup endpoint is capped at 60 calls per minute, /return at 30. Every call — success or failure — is written to an append-only audit log.

Endpoint · lookup

POST /api/external/vetting/lookup

Resolve a name + date of birth to clearance state. Returns the minimum sufficient data for an access decision; never shares address, NI number or line manager.

POST /api/external/vetting/lookup
Authorization: Bearer <api-key>
Content-Type: application/json

{
  "firstName": "Jane",
  "lastName":  "Davies",
  "dob":       "1985-04-12",
  "reason":    "Pre-site access verification"
}
200 OK

{
  "found":   true,
  "subject": { "firstName": "Jane", "lastName": "Davies", "active": true },
  "matches": [
    {
      "caseRef":          "v_2c1f...",
      "type":             "renewal",
      "status":           "cleared",
      "clearanceLevel":   "SC",
      "validFrom":        "2024-09-01",
      "validTo":          "2027-09-01",
      "vettingOwner":     "Vetting Officer (Site B)",
      "issuingAuthority": "Acme Defence Ltd",
      "expired":          false,
      "renewalDue":       false
    }
  ],
  "queriedAt":  "2026-05-20T09:15:00Z",
  "partnerOrg": "Beacon Aerospace"
}

Endpoint · return

POST /api/external/vetting/return

A partner running a vetting check on your behalf posts the outcome back against the originating case. On a cleared outcome, the state mirrors onto the person record automatically.

POST /api/external/vetting/return
Authorization: Bearer <api-key>
Content-Type: application/json

{
  "caseRef":        "v_2c1f...",
  "outcome":        "cleared",
  "clearanceLevel": "SC",
  "validFrom":      "2026-05-15",
  "validTo":        "2031-05-15",
  "partnerCaseId":  "BA-VET-00421"
}

outcomes: cleared · refused · with_advisory · withdrawn

Endpoint · whoami

GET /api/external/vetting/whoami

Auth probe. Confirms the key is valid and shows its partner org, name and active scopes — useful for connection tests and integration health checks.

GET /api/external/vetting/whoami
Authorization: Bearer <api-key>

Disclosure trail

Per-person, both sides

Every lookup creates a vetting disclosure on the individual’s record. Internal staff see partner-driven access alongside manual disclosures — one paper trail, not two.

Outbound calls

Encrypted credentials

Bearer secrets issued to you by partner sites are encrypted at rest with an app-managed key. Never returned by the API after issue. Never written to logs.

Revocation

Soft-revoke a site

Marking a partner site revoked deactivates every inbound key and outbound credential bound to it in one operation. No orphan trust, no stragglers.

Talk to us about federation Module detail →

Identity

Bind to the directory you already run.

Microsoft 365 / Entra ID

OAuth2 sign-in for development and test environments. Map M365 groups to SignetAssure roles so capability follows directory membership.

LDAP / Active Directory

Production-grade LDAP-AD authentication with group-to-role mapping. Suited to the on-prem and segregated networks Defence and CNI typically run.

Communications

Channels that get answered.

SMS broadcast

Group-based emergency SMS, reminders and renewal nudges. UK numbers, two-way keyword response, delivery receipts and cost tracking.

WhatsApp Business

Templated business messaging where it suits the audience. Consent capture and opt-out built in.

Email

For approvals, renewals and self-service flows where email is the right medium. Templated, logged, searchable.

API

Open by default.

REST API

Read and write personnel, vetting cases, clearances, access grants, supplier records and travel. Token-scoped, rate-limited.

Webhooks

Subscribe to lifecycle events. Push them to your SIEM, HRIS, ITSM or case management.

Bulk export

Signed evidence packs for DSO and external audit. A link, not a folder.