UDiMan Name: UDiMan Identity Management service Service Type: Software as a Service (SaaS Lot 3) Introduction UDiMan is an Enterprise Identity Management solution supporting mission critical authentication and authorisation (AA) services for your private and public cloud applications. UDiMan also enables organisations to quickly and easily implement a secure Single Sign On experience for employees, customers, partners and contacts. UDiMan can be deployed on your own hosting service, a 3 rd party hosting provider or Texunatech s hosting service. In all cases, you have web-based access to the Administration component, enabling you to import data, such as users and organisations, connect existing public or private cloud-based applications and manage user s access. From there you are up and running. Built using Open Source technologies, UDiMan has been packaged by Texunatech into a secure, robust and scalable enterprise level application. UDiMan uses industry standard protocols, such as SAML using Shibboleth. UDiMan is a cloud agnostic service, operable within a Private Cloud, Public Cloud or Hybrid of the two. Benefits: Customers can gain numerous benefits by deploying UDiMan Increased security o Secure user management processes automated password expiry, automated account expiry, enforced password strength o Potential for RMADS accreditation Provide a great user experience for your employees, partners, customers and contacts o users have a single set of credentials to access all connected systems o centralised user registration Reduce time wastage both for IT support/service Desk and users. o No more password amnesia o Single Sign On o Self-service features and devolved access control allow individuals to self-serve and teams of users to self-administer their access to applications. Centralised user management - reducing user management and administration costs Complete control over access management solution and policies Ability to integrate with any SAML compliant application
Runs out of the box. Open source implementation, avoiding expensive bespoke identity and access management systems. Core features For Users: Single Sign On Account self-services Workflows: o Account activation process o Forgot username process o Forgot password process o Password reset process For Administrators and the Organisation: Self-service application integration connect SAML compliant systems Automated security features: o Activity based account locking o Activity based account archiving Account administration delegation configure responsibilities for account administration to suit the structure of your organisation Group management User/Organisation import scripts User/Organisation export scripts Confidence in a tried-and-tested secure solution using open standards Single authoritative source of user information Security features o Strong password policy customisable to your requirement o Password hashing algorithms Access management UDiMan s approach to user access management to connected applications is to centralise permissions in a single location, ensuring ease of use for application support staff, or your IT Service Desk. UDiMan allows you to create groups for access to applications. Users can be assigned to groups, giving them access to the application. Furthermore, UDiMan allows to create sub-groups for each application, allowing you to replicate an application s granular permission structure, thereby enabling you to control both access and authorisation from a single location.
UDiMan also supports a hierarchy of user types, each type inheriting more permission and control over access management than the last. This allows your organisation to delegate permission and access management to appropriate authorised users. SAML Why SAML? SAML is the most widely adopted existing SSO standard. It is a well established, mainstream open standard. Many applications support it (including Google apps, Dropbox, Office 365), and many others can support it. When procuring new applications for your employees, partners, customers or others to use, ensure they are SAML enabled to facilitate ease of integration with UDiMan. Single Sign On (SSO) UDiMan is a Single Sign On solution. Users simply sign on once and gain access to all applications they re allowed access to. Once signed in to UDiMan and accessing an application they have access to, the user is logged in to the application without having to re-enter credentials. Keep in mind that via UDiMan s user management interface, you also have full control of which applications, including application sub-permissions (where supported) the user can access. Open source Although open source software is free to use, it can be costly to implement in a robust manner without employing specialist staff. UDiMan is a pre-configured, tried-and-tested set of open source software with proprietary Texunatech components gluing the package together. This makes it easy to deploy quickly and setup strong access control for your organisation. Using UDiMan means you don t need specialist open-source technicians or authentication security experts on site, yet avoid expensive bespoke identity and access management systems. Once installed, your application developers, suppliers and SaaS partners have the option to use the SAML web standard to authenticate users into your applications and services using UDiMan 1. UDiMan uses Shibboleth as its SAML AA component. Shibboleth is the world s leading open-source SAML implementation. 1 - For an existing application that doesn t currently support SAML, you ll need to have the application developers or support team to enable SAML. This typically means integrating a SAML component within that application.
UDiMan a number of Open Source components, including: Apache Tomcat PostgreSQL Puppet Apache Ant ClamAV Standards Texunatech follows open standards in our services, such as XML, HTTP, Java. Texunatech are certified to ISO 27001, ISO 20000, ISO 9001 and ISO 14001 by BSI. Deployment/Hosting UDiMan is a cloud agnostic service, it can be deployed within a Private Cloud, made available via a Public Cloud or deployed in Hybrid of the two. Figure 1 - UDiMan deployed within your Private cloud
Figure 2 - UDiMan deployed on the Public cloud UDiMan can be deployed at Texunatech s managed hosting 2, in Public cloud Amazon Web Services 3 or within your own infrastructure. 2 Texunatech s managed hosting offering for UDiMan can be based at two locations; CIX in Cork, Ireland, or KCOM in London Docklands. See Pricing section for further details. 3 Amazon Web Services hosting location is Ireland. For pricing Texunatech will charge a nominal % on cost. Whichever deployment/hosting option you choose, UDiMan comes included with its own Operating System, based on a minimal install of the CentOS Linux platform, the Texunatech Stack. This makes the OS quick and easy to deploy and maintain on a Linux based server or VM (Virtual Machine) and ensures the application s stability. The application component sits on top of Stack and provides authentication and authorisation for people accessing your applications. This ensures that customers only need to provision a physical or virtual machine for UDiMan to run out of the box removing all environment (OS, web-servers etc) setup and configuration effort. We recommend that you choose two instances of UDiMan, first for Live and the second for Testing. When deciding which systems you want to integrate with UDiMan it s likely you ll want to test all functions prior to rolling it out to your user base. Setup If you choose to host UDiMan within your own infrastructure, Texunatech will provide the self-installing Stack OS and UDiMan application with simple instructions to kick start the installer. If you choose a Public cloud or Texunatech managed hosting service, Texunatech will install the Stack OS and UDiMan. In either option, following those steps you ll be provided with an Administrator account, allowing you to configure UDiMan for your users via an intuitive user interface. You ll be guided through the process of initial configuration, application integration, user import and launch/roll-out.
Application integration UDiMan allows Administrators to configure the integration of new applications directly from the user interface. Applications must be SAML compliant, and can be integrated in a few simple steps: 1. Add the new application to UDiMan, and configure SAML settings. 2. Add any groups required to define the permission structure required for the application. 3. Assign appropriate users to those groups. Following Step 3, users will now be able to access the new application. Scalability, availability and resilience Whether your user base is hundreds, thousands or millions of people, UDiMan is a highly scalable solution, able to facilitate your authentication needs. UDiMan is designed to enable up-scaling at short notice, primarily by increasing the number of servers/vms used in your installation. UDiMan can be deployed using a clustered approach, ensuring High Availability and reliance of the application. If your user base will not access UDiMan frequently, or if availability of the system is not your priority we offer a simple single server/vm option, however, we d recommend the clustered approach for the following reasons: Capacity the more servers/vms running UDiMan, the more simultaneous users it can support Maintenance of performance under load if you have a large user base that frequently authenticate, performance can drop if they all do at the same time. If you ve got a large user base who infrequently authenticate, you don t need to worry so much the key is frequency of authentication attempts. Resilience - UDiMan is built from several core components. When clustering, components are duplicated between servers/vms, so if one component fails, the other will take over, with no noticeable difference for users. Note, in most circumstances the failed component will restore itself, ensuring there s always a backup component on standby. Availability if, and this is likely to be so, your authentication service is a core service to your organisation, you ll expect High Availability (HA). HA means the system is always accessible and operable no system is infallible so to maintain HA a clustered approach is important to allow backup components to take over in case of failure. However, if cost is your driving factor, UDiMan will perform well operating on a single server, at a very reasonable price. Note, if you choose the Texunatech managed hosting or Amazon Web Services option, our SLA guarantees 99.9% uptime for the clustered approach vs. 99% uptime for the non-clustered approach.
Backup and maintenance Should you choose Texunatech managed hosting or Amazon Web Services, we ll take care of UDiMan backups, maintenance, monitoring, disaster recovery and upgrades. Should you choose to host internally, we ll provide detailed maintenance instructions for you to support the product, including all disaster recovery instructions and scripts necessary to restore UDiMan in case of failure. In addition, we ll provide information on backups and monitoring that you can implement using any existing solutions and services that you use on your infrastructure. We ll also provide step-bystep guides to install upgrades. Pricing Texunatech offer a flexible pricing model for UDiMan, depending on your needs. The price for UDiMan will depend on the number of servers/vms that you ll need, whether you require hosting or not, and the level of support you ll require. Servers/VMs mandatory Cost Standard server/vm High Available & Scalable Clustered servers/vms 5,000 per server/vm p.a 7,500 per server/vm p.a Some popular configurations: Micro limited to small user base of up to 100 users o Two environments (Live and Testing) using a single standard server/vm = 5,000 p.a. Standard suitable for medium sized user base (around 1000 users) o Two environments (Live and Testing) using single servers/vm = 10,000 p.a. Clustered suitable for large user base (many thousands of users) o Two environments (Live and Testing) using four clustered servers/vms = 60,000 p.a.
Micro-enterprise discount For micro-enterprise only (limited to up to 100 users), we offer a discounted package with test and live UDiMan instances running on the same VM. As part of this package you re eligible to purchase an integrated mail server, virtual file server and secure fileshare facility for an additional 5,000 p.a. These facilities include backup management and maintenance by Texunatech. Hosting Cost Tier 2 hosting CIX, Ireland Tier 3 hosting KCOM, London Docklands Amazon Web Services 1,500 per server/vm p.a 3,000 per server/vm p.a Dependent on customer usage estimations Hosting includes: Offsite backup management Monitoring Support Basic 0 p.a. Premium 10000 p.a. Enterprise 30000 p.a. Unlimited users 4 x x x Integrate with unlimited applications x x x Documentation wiki x x x Data import scripts and templates x x x Standard maintenance scripts x x x
Account manager x x Software updates X x In-hours Email technical support 5 3 day response time SLA 1 day response time SLA In-hours Telephone technical support 5 x Priority enhancements x Branding customisation (CSS) x 3 days consultancy p.a. x 4 for micro-enterprise only this is limited to 100 users. 5 email & telephone support is limited: Premium - 10 hours per month; Enterprise - 30 hours per month, combined. Hours are between 9am and 5pm Monday to Friday (excl UK bank holidays). The following additional support can be provided at Texunatech s day rate charges as attached: Custom attribute configuration; Visual customisation (CSS); Systems integration support; and Data synchronization to/from external RDBMS Invoicing On purchase, you will be invoiced for the full amount up front. If applicable Amazon hosting will be charged on a monthly basis (if applicable). Payment terms are 30 days Contract term Minimum contract term is 12 months.
You must give 30 days notice before expiry of the 12 month contract period. The contract will automatically renew should notice not be provided, up to a maximum length of 2 years as per GCloud rules. On-boarding When choosing UDiMan for your organisation, the on-boarding steps are as follows: 1. Contact Texunatech with a draft order form. 2. We ll contact you to discuss the options most suited to your requirement. 3. Once the options are agreed, the order form will be finalised and accepted by both parties. 4. As per the timelines agreed on the order form, you ll provide some technical information related to your install, such as hostname. 5. If you re hosting, we ll prepare your UDiMan package for download and make accessible to you via our secure file transfer service. If we re hosting we ll install UDiMan. 6. Once installed, we ll provide you Administration accounts, and you re ready to setup according to your needs. See the Setup section for more information including users import and provisioning. Off-boarding If you choose to end your subscription to UDiMan, the off-boarding steps are as follows: 1. Provide notice of termination (at least 30 days before term expiry) 2. If we re hosting, we ll extract all relevant data in.csv format and send it to you via our secure file transfer service. Once you ve confirmed receipt, we ll purge and destroy your data from our servers. That s it 3. If you re hosting, we ll send out the data export script that you can run to export all relevant data and provide confirmation that UDiMan has been removed from your servers or those of your hosting provider. This process should be completed within 30 days after expiry of contract. Time to provision/de-provision Dependent on customer requirements and options selected, time to provision can be from as low as 1 day from order form acceptance. Time to de-provision can be from as low as 1 day from expiry of contract.