I'm guessing since SmarterMail 16x. will be completely API driven, it will need to have SSO capabilities for security purposes.
Everything will be exposed to and driven by the API, so the initial connection will require authentication with the SM user account db. Then you will get a token, key, or something to be used for further calls so the user doesn't have to keep entering their password (and you don't have to save it, creating a vulnerability).
Once you have this token, you should be able to route the user to their Inbox or do whatever you want. Again, this is just my take on things. ST would need to confirm.