DDaT21551 - URKI Identity & Access Management

Concepts

• swindon
• information technology
• ukri
• identity governance and administration
• identity policy management
• identity access management
• ukri identity
• access management
• modern intelligent identity
• identity governance

Location

United Kingdom:

Description

UKRI Identity & Access Management Solution

Total Quantity or Scope

The final date and time for the submission of bids is 04/02/2022 at 14:00 DO NOT apply directly to the buyer. All tender information MUST be submitted through the Delta eSourcing Portal. Brief Description of Requirement Launched in April 2018, UK Research and Innovation (UKRI) is a non-departmental public body sponsored by the Department for Business, Energy and Industrial Strategy (BEIS). UKRI brings together the nine councils, working together in innovative ways to deliver an ambitious agenda, drawing on our great depth and breadth of expertise and the enormous diversity of our portfolio. Through our councils we maintain and champion the creativity and vibrancy of disciplines and sector-specific priorities and communities. Our councils shape and deliver both sectoral and domain-specific support. We work with our stakeholders to understand the opportunities and requirements of all the different parts of the research and innovation landscape, maintaining the health, breadth, and depth of the system. The UKRI Digital, Data and Technology (DDaT) strategy has a vision to deliver services that maximise user productivity and empower effective decision making by unlocking UKRI business data and information. Flexible and Secure is one of the strategic themes of the DDaT strategy to provide the enterprise grade Security that ensures that our assets are protected, and our legal obligations are met. Identity Access Management (IAM) is the strategic initiative under Flexible and Secure theme of the DDaT strategy. Aims IAM Project Vision The vision for the UKRI IAM Project is 'to deliver a modern intelligent identity and access management platform which provides Identity Governance and Administration (IGA) and Access Management (AM) services that encompass the entire organisation.' To achieve the vision, the project will focus on delivering the following benefits: • Reduced Risk • Reduced Operational Costs • Improved User Experience • Improved Efficiency Objectives The objective of UKRI IAM Project is to deliver the strategic Identity Access Management (IAM) capabilities. To avoid ambiguity, the industry standard terminology is used to describe Identity Governance and Administration (IGA) and Access Management (AM) capabilities. The low-level requirements can be found in the "IAM Technical Compliance Requirements": Identity Governance and Administration (IGA)  Identity Policy management  Identity life cycle management  Roles and Entitlements management  Access requests and Workflow management  Provisioning and Fulfilment  Access certification  Identity Governance and Auditing  Identity analytics and reporting Access Management (AM)  Support internal and external identities  Directory and identity synchronization, including identity repository services  User self-service capabilities, including registration, password management, profile management and delegated administration  User authentication methods, multifactor authentication (MFA) and single sign-on (SSO)  Support advanced user authentication methods, such as Fast IDentity Online (FIDO) and Passwordless authentication  Authorisation and adaptive access  Access orchestration for decision tree support of external authentication and authorization methods  Support for UK AMF and modern identity protocols, such as Security Assertion Markup Language (SAML), OAuth, System for Cross-Domain Identity Management (SCIM) and OpenID Connect (OIDC).  Access enforcement for standard and nonstandard target applications  Proxy services, agents, or other mechanisms for nonstandard application enablement  Session management  Event logging, access analytics and reporting  BYOI integration  Developer self-service for application integrations and administration Project Implementation Approach As part of UKRI's 'Reforming Our Business' programme, a new environment has been created to deliver a single shared infrastructure for delivery of centralised unified IT services for the whole of UKRI. This environment is often referred to as 'Greenfield' and currently contains Active Directory, Azure AD, Microsoft 365, and other services. The 'Business IT Unification' programme is migrating each of the councils from their legacy environments into the new 'Greenfield' environment. The IAM project adopts a simplified implementation approach, which benefits other strategic UKRI programmes/projects. The project is able to use internal UKRI resources to help the suppliers throughout the implementation phases. The following table illustrates a phased approach for Financial Year 1 (2022-23), which is flexible. Bidders are encouraged to provide alternate implementation path that satisfies "IAM Technical Compliance Requirements". Implementation Area Phase 1 (July 2022) Phase 2 (October 2022) Phase 3 (February 2023) Greenfield / Non-Greenfield Greenfield Greenfield Greenfield and Non-Greenfield User Population  3000 internal users  5000 external users  Additional 3500 internal users  Additional 10000 external users  Additional 3500 internal users (total 10,000 users)  Additional 15000 external users (total 30,000 users) Identity Governance and Administration (IGA)  Build IGA Foundational capabilities  Build a central identity vault  Authoritative sources integration for identities having HR record (Oracle HR and Workday)  Authoritative sources integration for identities NOT having HR record (AD, Azure AD)  Automatic provisioning of accounts to Greenfield AD and Azure AD  Lifecycle management of users (New Joiners and Leavers)  Support integration of identity vault with UKRI Staff Directory service  Authoritative sources integration for identities from various sources requiring manual data feed (Supplier will configure 1 source per data feed pattern)  Guest Users management  Roles and entitlements management of Greenfield apps (supplier will configure 2 apps per pattern)  Access Catalogue, Access requests, workflows and automatic provisioning/deprovisioning of access (supplier will configure 2 apps per pattern)  Automatic provisioning of accounts to council-specific AD domains (maximum 2) and council-specific Azure AD tenants (maximum 2)  ServiceNow CMDB integration  Lifecycle management of users (Movers)  Access recertification  Roles and entitlements management of Non-Greenfield apps (supplier will configure 2 apps per integration pattern)  Automatic provisioning of accounts to council-specific AD domains (maximum 2) and council-specific Cloud tenants (maximum 2)  ServiceNow Ticketing integration  Segregation of Duties and Toxic combinations Access Management (AM)  Build Access Management Foundational capabilities  Integration of selected pilot apps (maximum 5) with Access Management foundational capabilities  Integration of selected Greenfield apps (Supplier will configure 2 apps per integration pattern) with Access Management foundational capabilities  Integration of selected Non-Greenfield apps (Supplier will configure 2 apps per integration pattern) with Access Management foundational capabilities Please ensure you review all attached information to ensure a full understanding of this requirement. All attachments can be found with the Document Uploads tab within the Delta eSourcing Portal and in the associated Contracts Finder Notice. This contract will be awarded based on the evaluation criteria as set out in the RFP document. How to Apply UK Shared Business Services Ltd (UK SBS) will be using the Delta eSourcing Portal for this procurement. To register on the Delta eSourcing portal please use the link https://www.delta-esourcing.com/ and follow the instructions to register. If you are already registered on the Delta eSourcing Portal and wish to participate in this procurement, please use the link: https://www.delta-esourcing.com/ and the follow the instructions to 'Log in' Once you are logged into the system you will be able to link yourself into this procurement using the Access Code: 5DJDP8WMVM The contract shall be in operation for an initial period of 2 years with the option to extend +1 +1 + 1, for a total of 5 years.

Renewal Options

The contract can be extended on an annual basis till 2027.

Award Criteria

CPV Codes

• 72000000 - IT services: consulting, software development, Internet and support

Indicators

• This is a one-off contract (no recurrence)
• Renewals are available.

Other Information

** PREVIEW NOTICE, please check Find a Tender for full details. ** All submissions will be assessed in accordance with the Public Procurement Regulations that apply to this opportunity. Responses must be received by the date and time in the tender documentation; responses received outside of the deadline or not sent via the Delta eSourcing portal will not be accepted or considered by the Contracting Authority further for this opportunity. Interested organisations should ensure that they allow a sufficiency of time, prior to the deadline to allow all sections to be completed in full and any attachments to be uploaded. As a user of the Delta eSourcing Portal you will have access to the Delta messaging service which facilitates all messages sent to you and from you, as well as other messages and updates in relation to any specific tender event. Please note that any and all information secured outside of the messaging service, shall have no merit or worth and should not be relied upon by any organisation submitting a tender response. Please note it is your organisations responsibility to access these messages on a regular basis to ensure you have sight of all relevant information applicable to this opportunity. The Contracting Authority expressly reserves the right: i. not to award any contract as a result of the procurement process commenced by publication of this notice; and ii. to make whatever changes it may see fit to the content and structure of the procurement; and under no circumstances as part of your organisations participation in this opportunity, will the Contracting Authority be liable for any costs incurred by any organisation as a result. If the Contracting Authority decides to enter into a contract with any successful organisation(s), this does not mean that there is any guarantee of subsequent contracts being awarded. Any expenditure, work or effort undertaken prior to contract award is accordingly a matter solely for the commercial judgement of your organisation in doing so. About UK Shared Business Services UK Shared Business Services Ltd (UK SBS) brings a commercial attitude to the public sector; helping our contracting authorities to improve efficiency, generate savings and modernise. Where UK SBS is not named as the Contracting Authority within the documentation, UK SBS will be acting as an agent on behalf of the Contracting Authority. Our broad range of expert services is shared by our customers. This allows our customers the freedom to focus resources on core activities; innovating and transforming their own organisations. For full details of our partner base please review the following link: http://www.uksbs.co.uk/services/procure/contracts/Pages/default.aspx