1. VTT currently utilizes Microsoft AD and Entra ID for identity management, with Microsoft MFA and FIDO2 security keys for authentication. The HR system is integrated with Microsoft AD and Entra ID, which supports single sign-on (SSO) and self-service capabilities for distribution list and physical access management. However, the existing architecture is complex with many overlapping systems. Key challenges include the absence of role-based access control and inconsistent access review processes.
2. The objectives for the future IAM solution include:
•Simplifying the current IAM architecture.
•Enhancing access review capabilities.
•Increasing self-service functionalities.
•Expanding IAM functionalities to better support VTT research projects.
•Ensuring the IAM service catalog and architecture support both research and business needs.
•Fulfills certification and regulatory requirements such as ISO27001 and GDPR.
3. Requirements
3.1 Identity Lifecycle Management
The solution must:
•Manage the lifecycle of identities (create, update, and delete) based on synchronization from on-prem and cloud environments.
•Automatically disable and remove accounts and access based on business rules.
•Manage Contractors, Consultants and Other Non-employees, that are not entered into HR system with similiar degree of granularity as an employee.
•Handle non-personal accounts like service accounts and robots.
•Assign random passwords that meet assigned password policies.
3.2 Access Request Management
The solution must:
•Provide a service catalog for configuring access services with approval workflows.
•Integrate the access service catalog with ITSM tools.
•Support role-based and multi-level approval workflows (manager, system owner, etc.), including parallel approvals and delegation.
•Offer escalation of approval tasks and segregation of duties policies.
3.3 Access Review Certification
The solution must:
•Support both automated and manual access certification campaigns.
•Provide automatic notifications during lifecycle events for expiring access/accounts and task reminders.
3.4 Access Management
The solution must:
•Support secure, user-friendly login with additional MFA and SSO where appropriate.
•Allow interaction with the solution according to access policies (e.g., RBAC).
•Define roles with provisioning policies based on personal attributes and connected to multiple services/resources.
•Automate identity and access provisioning based on business rules.
•Maintain access role reference integrity when provisioning policies change.
•Provide role mining capabilities to analyze user accounts, entitlements, and permissions.
3.5 User and Access Provisioning
The solution must:
•Provision identities to multiple Active Directory forests and domains.
•Provision users and groups to Entra ID and Active Directory.
•Provision group memberships and Microsoft 365 licenses.
•Trigger mailbox creation in Microsoft 365.
•Require minimal changes in target environments for provisioning.
•Support standard provisioning interfaces and protocols.
•Integrate with VTT HR system and other IDPs.
•Support naming policies (for groups, roles etc.)
3.6 User Authentication
The solution must:
•Support authentication from multiple user repositories such as Active Directory and Entra ID.
•Support SAML, OAuth, and OpenID Connect.
3.7 Non-Functional Requirements
The solution must:
•Support a zero trust strategy by providing a centralized identity repository for personal and non-personal identities.
Also to facilitate your submission, please address the following questions:
1. Does your company have an interest in participating in the VTT procurement process?
2. Are the requirements mentioned in section 3.6-3.7 such that your company can meet them? If not, in what way would you like the requirements to be changed?
3. What services can your company offer to help VTT achieve its IAM future state?
4. Do you have an existing service offering that is suitable or easily customizable to meet VTT’s requirements?
5. Is custom software development required, or can commercial off-the-shelf (COTS) solutions be used?
6. Could you provide a list of software, products, professional services, and other resources that can be used to achieve VTT's IAM future state?
7. What types of licenses are required (e.g., per-user, per-device, enterprise)?
8. Are there any preferred licensing models (e.g., subscription-based, perpetual)?
9. Are there any duration requirements for the license agreements?
10. Are there any restrictions or conditions associated with the software, services, or other required components?
11. Are there any support or maintenance considerations associated with the software, services, or other required components?
12. Is it possible for a single provider to offer all the included service components?
13. Could you please list all partners and subcontractors used for providing services?
14. Could you specify the deployment model and geographical location for the service or system? Is it provided via cloud, private cloud, or on-premises, and where is it geographically hosted?
15. Are there any hardware requirements for VTT?
16. Could you please specify the geographical locations where the system operations are conducted?
17. Could you provide an estimated price for the implementation project as well as for the service costs and what are the pricing principles for the service costs?
18. Could you provide an estimate of the duration of the implementation project for achieving VTT's IAM future state?
19. Are there any training requirements for VTT staff?
20. What other feedback would you like to provide based on the information request?
Ilmoitusnumero | 667661-2024 |
---|---|
Ilmoitusta kuvaavat CPV-Koodit | Tietotekniset palvelut: neuvonta, ohjelmistojen kehittäminen, Internet ja tuki (72000000) |
EUVL S | 214/2024 |
Ilmoitustyyppi | Ennakkoilmoitus julkisesta hankinnasta |
Aluekoodi | |
Osoitetiedot |
VTT Technical Research Centre of Finland Ltd Espoo kilpailutus@vtt.fi https://ted.europa.eu/en/notice/-/detail/667661-2024 |
Osoite, johon tarjoukset tai osallistumispyynnöt on lähetettävä | |
Liitteet | |
Lähde | TED |