UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS. Single Sign-On (SSO) Solution



Similar documents
Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

PingFederate. SSO Integration Overview

Flexible Identity Federation

PingFederate. Integration Overview

Identity. Provide. ...to Office 365 & Beyond

Enable Your Applications for CAC and PIV Smart Cards

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

A Standards-based Mobile Application IdM Architecture

Extend and Enhance AD FS

Connecting Users with Identity as a Service

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Flexible Identity Federation

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Access Management Analysis of some available solutions

CA Single Sign-On Migration Guide

Federated Identity and Single Sign-On using CA API Gateway

Single Sign On. SSO & ID Management for Web and Mobile Applications

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

USING FEDERATED AUTHENTICATION WITH M-FILES

IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

PHP Integration Kit. Version User Guide

CA CloudMinder. Getting Started with SSO 1.5

Get Success in Passing Your Certification Exam at first attempt!

Ping Identity, Euro Cloud award entry

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

The increasing popularity of mobile devices is rapidly changing how and where we

The Top 5 Federated Single Sign-On Scenarios

Secure the Web: OpenSSO

SECUREAUTH IDP AND OFFICE 365

The Primer: Nuts and Bolts of Federated Identity Management

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

NetworkingPS Federated Identity Solution Solutions Overview

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

The Role of Identity Enabled Web Services in Cloud Computing

Safewhere*Identify 3.4. Release Notes

API-Security Gateway Dirk Krafzig

Customer Identity and Access Management (CIAM) Buyer s Guide

HOL9449 Access Management: Secure web, mobile and cloud access

Using SAML for Single Sign-On in the SOA Software Platform

SAML 101. Executive Overview WHITE PAPER

BYE BYE PASSWORDS. The Future of Online Identity. Hans Zandbelt Sr. Technical Architect. CTO Office - Ping Identity

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

Identity Server Guide Access Manager 4.0

An Overview of Samsung KNOX Active Directory-based Single Sign-On

SAML-Based SSO Solution

The Role of Federation in Identity Management

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

Secure Access Control for Mobile, Cloud, and Web Apps

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

An Oracle White Paper Dec Oracle Access Management Federation Service

Pick Your Identity Bridge

Connected Data. Connected Data requirements for SSO

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

How To Manage A Plethora Of Identities In A Cloud System (Saas)

PingFederate. OpenID Cloud Identity Connector. User Guide. Version 1.1

SSO Plugin. Release notes. J System Solutions. Version 3.6

SAML SSO Configuration

Implementation Guide SAP NetWeaver Identity Management Identity Provider

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

The Primer: Nuts and Bolts of Federated Identity Management

Cloud Security: Is It Safe To Go In Yet?

nexus Hybrid Access Gateway

Getting Started with Single Sign-On

Configuring. Moodle. Chapter 82

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

PingFederate. IWA Integration Kit. User Guide. Version 3.0

SAML single sign-on configuration overview

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

Test Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

OpenID Connect 1.0 for Enterprise

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Introduction to SAML

How to Get to Single Sign-On

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

SAP NetWeaver AS Java

SAML Security Option White Paper

McAfee Cloud Identity Manager

Azure Active Directory

Single Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1

User Identity and Authentication

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

White Pages Managed Service Solution Rapid Global Directory Implementation. White Paper

Identity in the Cloud

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Getting Started with AD/LDAP SSO

Product Guide Revision A. McAfee Cloud Single Sign On 4.0.1

PingFederate. IWA Integration Kit. User Guide. Version 2.6

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

SAML-Based SSO Solution

CA SiteMinder. Federation Security Services Release Notes. r12.0 SP3

CA SiteMinder. Implementation Guide. r12.0 SP2

Retrofi8ng OAuth 2.0 Security into Exis?ng REST Service [CON1765]

Transcription:

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS Single Sign-On (SSO) Solution For University Information Systems (UIS) May 9, 2013

2 University of Colorado Intent to Sole Source Procurement CU-JL39027649-SS I. General Information UIS needs to implement a new Single Sign-On (SSO) solution to replace the existing service, providing greater reliability, stability and reduced time to deploy to new applications. The SSO solution allows users to login once to access several university applications without having to login again. The current SSO solution (FedAuthN/Token Exchange) is custom developed. Because it is unstable and contains defects, it requires a significant amount of IT technical labor to maintain and support. Connecting new applications to this service is labor intensive and time consuming. The resulting SSO service does not met the needs of the CU user community including students, faculty, staff and others. UIS intends to utilize Ping Identity Corporation for this solution in order to meet all their requirements. This notice is being posted as required by the University of Colorado Procurement Rules. This is not a request for quotes. Should your company be able to meet all of the below features/requirements please submit an email and/or separate Word or PDF document via email with your product information/model(s)/quantities required to meet the features/requirements below. Vendors must also provide a point-by-point response as to how their product will comprehensively meet each feature/requirement. One to three online or in-person demonstrations of your product provided at no charge to the University may also be required to confirm your proposed system meets all the University s features/requirements. With your response to this Intent to Sole Source procurement, please confirm the availability of your system for this no charge demonstration to confirm your system meets all features/requirements. The University of Colorado will be the sole judge of equivalence. Any responses that fail to respond as instructed within this document will be deemed non-responsive and automatically be removed from consideration. Interested parties must read and be familiar with the specifications before responding as the below specifications must be met or exceeded with validation. Responses must be submitted by email to: jeff.lehmann@cu.edu no later than Monday, May 13.2013, by 5:00 p.m. Denver, CO local time with CU-JL39027649-SS referenced in subject line. II. Mandatory Requirements Provide SSO capability to all existing UIS applications as well as some that are planned in the near future Provide support for multiple, industry standard, authentication protocols Provide support for multiple authentication directories in use across CU. Reduce administrative burden of the SSO infrastructure Significantly reduce labor and time required to integrate with new applications

3 Provide support for SaaS solutions Provide a highly reliable, secure and scalable SSO capability Demonstrate success in a multi-campus higher education setting Support for multiple protocols: SAML 1.0, 1.1, 2.0, OAuth, OpenID, etc. Must be highly configurable Must require minimal software development/integration labor to implement Must provide built-in support for existing CU applications Must provide connectivity to multiple authentication directories. Must expedite connectivity to new applications Must easily integrate to cloud based (SaaS) solutions Must support VMWare and RHEL Must support Peoplesoft applications Must enable rapid scalability as user demand changes Can act as both an Identity Provider and a Service Provider Multi-protocol support - SAML 1.0, 1.1, 2.0, OAuth, OpenID and more. 100% Standards-based Wizard-driven GUI 60+ Integration Kits Multiple deployment models - On-Premise, Cloud, Hybrid Adaptive Federation - Adapter Selectors, Composite Adapters, Identity Attribute Aggregation, Token Issuance Criteria Support for all Identity Federation roles and profiles, as outlined in the attached document Rules engine to determine authentication mechanism (which identity, multi-factor or step-up authentication, etc.) Rapid implementation of new Federation connections (hours/days vs. months) III. Product Features Federation Standard Support SAML 1.0 SAML 1.1 SAML 2.0 WS-Federation OpenID OpenIDConnect SCIM (provisioning) Secure Web APIs WS-Security WS-Trust WS-Federation OAuth 2.0 Federation Roles Identity Provider (IdP)

4 Service Provider (SP) Identity Bridge IdP Discovery Token Validation Service Token Exchange Service Authorization Server Policy Service API Gateway Identity Bridge AML Bindings HTTP Post HTTP Artifact HTTP Redirect SOAP Key Capabilities IdP-Initiated SSO SP-Initiated SSO Single Log-Out (SLO) Attribute Query & XASP IdP Discovery Account Linking / Mapping Adaptive Authentication Access Portal Multifactor Authentication Certificate Management Express Provisioning Attribute Sources LDAP JDBC Custom (via SDK) Certificate Validation CRL OCSP Trust Models Unanchored Anchored Logging, Monitoring and HA File-based Common Event Format (CEF) Database Published MIB JMX Support

5 N node Clustering Supporting Capabilities Metadata Exchange Integration with Thales nshield Password Management Integration with MDM products Support for O365 (active and passive) Kantara/Liberty Alliance SAML Interop Certifications IdP Lite SP Lite egov Integra(on Kits NET Integra-on Kit Agentless Integra-on Kit Apache RHEL Integra-on Kit Apache Windows Integra-on Kit Citrix Integra-on Kit IIS Integra-on Kit Java Integra-on Kit NetWeaver Integra-on Kit OAM Integra-on Kit PHP Integra-on Kit RSA SecurID Integra-on Kit SharePoint Integra-on Kit Siteminder Integra-on Kit WebLogic Integra-on Kit WebSphere Integra-on Kit Windows IWA Integra-on Kit X509 Cer-ficate Integra-on Kit VeriSign Iden-ty Protec-on (VIP) SaaS Connectors Google Connector Salesforce Connector WebEx Connector Cloud Iden(ty Connectors Facebook Cloud Iden-ty Connector

6 OpenID Cloud Iden-ty Connector Salesforce Cloud Iden-ty Connector TwiVer Cloud Iden-ty Connector LinkedIn Cloud Iden-ty Connector Windows Live Cloud Iden-ty Connector PingFederate Token Translators Siteminder Token Translator Kerberos Token Translator OAM Token Translator OpenToken Token Translator Username Token Translator X509 Token Translator IV. Specification Configuration The only known solution able to meet above requires is the Ping Identity Enterprise Subscription Production Subscription w/70 Production Connections. V. Security FERPA Requirements: Vendor agrees to comply with all applicable requirements of the Family Educational Rights and Privacy Act ( FERPA ), Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act ( HIPAA ), together hereinafter the Acts, and guarantees that all information covered by the Acts and provided to vendor by the University ( University Information ) will be used only in conjunction with the product or service being provided, that it will not be used for any other purpose, or be released by vendor or copied in any manner for any other use and will be promptly returned or destroyed upon termination of this Agreement. Vendor shall use commercially reasonable efforts to notify all of its foreseeable agents, employees, subcontractors and assigns who will come into contact with University Information that they shall comply with, and are subject to the confidentiality requirements set forth in the Acts and shall provide each with a written explanation of the Acts requirements for confidentiality before they are permitted to access the University Information. Vendor shall provide and maintain a secure environment that ensures confidentiality of all University Information wherever located. No University Information shall be distributed or sold to any third party or used by vendor or its agents in any way, except as authorized by the Agreement and as approved by the University. Vendor agrees to notify the University, within seventy-two (72) hours, of any security breach that could result in the unauthorized disclosure of University Information. University Information shall not be retained in any files or otherwise by vendor or its agents, except as set forth in this Agreement and approved by the University. Disclosure of University Information may be cause for legal action against vendor or its agents. Defense of any such action shall be the sole responsibility of vendor.

7 III. Sole Point of Contact - Purchasing Agent Jeff Lehmann University of Colorado, Office of the President 1800 Grant Street Denver, CO 80203 303.764.3413 Jeff.lehmann@cu.edu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information