Identity and Access Management Services G-Cloud 7
Who We Are Kainos is one of the longest standing independent digital technology companies in UK. We provide digital technology solutions that enable companies to work smarter, faster, better. We re agile and creative, and always on top of the latest technologies and trends.
700 + Staff 150 + 30 years global customers We employ more than 700 staff in the UK, Poland and Ireland, directly supporting the technology needs for over 150 global customers, in government, healthcare and financial services. We have long-standing and mutuallysatisfying relationships with our many customers around the world.
Our Work in Government 20 years We ve been working for over 20 years in the UK public sector for various organisations including local authorities, hospitals and central government departments. Kainos has been part of the Government Digital Services Digital by Default programme from the start, and has worked on over 40 digital projects across government. 40 8
We ve worked on digital services that are now available to millions of UK citizens, including drivers, farmers, MOT testers and voters.
Kainos and the UK Government Digital Programmes Kainos is heavily involved in the UK government s initiative to transform public services by making them easier to use, transparent and online. We use the GDS Digital by Default design principles, which place user needs at the heart of everything.
We use open source technologies and agile methodologies to develop efficient and elegant digital solutions.
Kainos and our Digital Transformation Projects Kainos is extending the boundaries 07 We ve been involved in 7 of the 25 exemplar projects and together with our customer departments we re extending the boundary of what is possible. 25 We are recognised as Digital Industry Leaders
Firsts We worked on the first government digital service to deploy application and data in the cloud. We are the first supplier to make use of the UK government s new Identity Assurance service, which verifies a citizen s identity and makes online services more secure. We were the first to deliver a major government transactional service for the Cabinet Office, all the way from discovery to live operation as an agile project.
Our Digital Delivery Experience We solve complex digital problems of scale and build smarter, faster, better services for users that enable organisational transformation beyond technology DVLA Driving License Cabinet Office Register to Vote DVSA MOT Modernisation Enabling Drivers in Great Britain to access Driving records online. Simplifying voter registration in England and Wales by bringing it online Disrupting the UK MOT industry through digital 500 million 45million users yearly transactions 9,218,788 online applications in 2015 15 33 million saving 46 485,012 million users single day sign-ups peak 55,000 testers million tests 25000 garages
Identity Assurance and Access Management Our Identity Assurance and Access Management (IDAM) service provides Government with expert advice on maintaining customer privacy and data security. We offer an open ended engagement focused on helping you to understand how best to confirm the identity of people accessing your service and ensuring information is safe. Features 1. Expert advice and guidance on meeting privacy and security standards 2. Analysis of business processes identifying those with an IDAM need 3. Categorisation of the various Identity Assurance Providers required 4. Identification of business process with a Gov.UK Verify need 5. Identification of business processes with an Assisted Assurance need 6. Identification of business processes with bespoke Identity Assurance need 7. Identification of bespoke Identity Providers that may be necessary 8. Identification of applicable Service Providers 9. Selection of best-fit Access Management products Benefits Benefits 1. Confidence in customer privacy and data security In-depth knowledge and experience of public 2. sector. Clarification of Identity Assurance & Access Flexible Management approach to needs delivery. Rapid deployment of team - on-site, remote, or a 3. combination. Guidance on incorporating Identity Assurance Ability services to off-shore into business specific activities, processes enabling competitive costs. 4. Kainos extensive Identity Assurance & Access Openness and transparency, ensuring tangible benefits Management and outcomes. experience 5. Fully Access averse to in Kainos GDS standards extensive and principles. set of wider services Input into larger transformation programmes 6. and Kainos IT strategy. proven track record in Identity Assurance & Reduce Access operational Management costs. Increase innovation. 7. Improve Vision to and service scope for users for proceeding and customers to fulfil the IDAM requirements
Identity Assurance and Access Management - continued The Identity Assurance and Access Management consultancy offering provides government departments and associated agencies, with an open-ended engagement focused on assisting you to identify and understand needs in the areas of Identity Assurance and Access Management. We will assist you in building the vision for your services, and guide you through the various aspects of that vision in order to clarify the key areas of scope. Kainos has extensive experience in the area of Identity Assurance and Access Management, having built and provided IDAM capabilities for numerous online services; including several of the UK Government s initial exemplar services. In addition to the consultancy offering, we provide an extensive range of services covering all aspects of Identity Assurance and Access Management. These service offering include the following: Provision of citizen-based Identity Assurance capabilities that are delivered by the UK Government s Gov.uk Verify service Provision of organisation & delegate based Identity Assurance capabilities that are delivered by bespoke Identity Providers Provision of Assisted Digital for identity Assurance where Identity Assurance capabilities are tailored to meet the specific needs of the department and associated agencies in question, building the necessary back-office capabilities in order to meet the demand. Provision of a unified Identity Assurance & Access Management solution capable of incorporating numerous differing categories of Identity Provider providing Identity Assurance for the complete set of services which they are entitled to use based upon their role. The outputs of the consultancy exercise will prepare the ground for the Discovery phase, identifying the key Identity Assurance and Access Management requirements that need to be fulfilled by the service.
Identity Assurance and Access Management Discovery Service Our Identity Assurance and Access Management (IDAM) discovery service provides Government with a time bound engagement (3-4 weeks) focused on preparing for an Alpha delivery phase. Our expert consultants will analyse your service and provide specialist guidance on the customer privacy and data security requirements that you ll need to address. Features 1. Expert advice and guidance on meeting privacy and security standards 2. Categorisation of the various Identity Assurance Providers (IdP) required 3. Identification of business processes with a Gov.UK Verify need 4. Identification of business processes with an Assisted Assurance need 5. Identification of business processes with bespoke Identity Assurance need 6. Identification of bespoke Identity Providers that may be necessary 7. Identification of applicable Service Providers 8. Specification of best-fit Access Management products 9. Provision of key artefacts for input to Alpha delivery phase Benefits Benefits 1. In-depth Confidence knowledge that and you experience understand of public your Identity sector. Assurance needs Flexible approach to delivery. Rapid deployment of team - on-site, remote, or a 2. Guidance on incorporating Identity Assurance combination. services into business processes Ability to off-shore specific activities, enabling competitive costs. 3. Openness Identification and transparency, of the IDAM ensuring needs tangible for input to Alpha benefits and outcomes. Fully averse in GDS standards and principles. 4. Input Service into larger delivery transformation plan for the programmes Alpha phase and IT strategy. 5. Reduce Access operational to Kainos costs. extensive set of wider services Increase innovation. Improve to service for users and customers 6. Kainos proven track record in Identity Assurance & Access Management
Identity Assurance and Access Management Discovery Service - continued The Kainos Identity Assurance and Access Management service discovery offering provides government departments and associated agencies with a time-bound engagement (typically aligned with the Discover phase of the Service Delivery) focused on assisting the department or associated agency to identify their Identity Assurance and Access Management requirements; and to guide the department or associated agency through the specification and design of their service to meet their Identity Assurance and Access Management requirements. During this engagement we will assist you to categorise the various differing types of Identity Provider required; from UK citizen based Gov.UK Verify to Organisation, Professional and Delegated Authority Identity Providers. We will also assist you with the identification of the roles based access requirements for each of the categories of user and identify how these might be fulfilled as part of the delivered service.
Government Gateway Transition Following the launch of Verify, the Government s new identity assurance service, retirement of the Government Gateway is imminent. Moving to the new service or creating an alternative can be complex, involving process and service redesign. Our experts will guide you through this change ensuring you maintain privacy and data security. Features 1. Expert advice and guidance on meeting privacy and security standards 2. Analysis of business processes identifying those with an IDAM need 3. Categorisation of the various Identity Assurance Providers required 4. Identification of business processes with a Gov.UK Verify need 5. Identification of business processes with an Assisted Assurance need 6. Identification of business processes with bespoke Identity Assurance need 7. Identification of bespoke Identity Providers that may be necessary 8. Identification of applicable Service Providers 9. Selection of appropriate Identity Providers 10.Design and delivery of services with an alternative Identity Assurance mechanism Benefits Benefits 1. Confidence that you understand your Identity In-depth Assurance knowledge needs and experience of public sector. Flexible approach to delivery. 2. Rapid Guidance deployment on incorporating of team - on-site, Identity remote, Assurance or a combination. services into business processes Ability to off-shore specific activities, enabling competitive costs. 3. Access to Kainos extensive set of wider services Openness and transparency, ensuring tangible benefits and outcomes. 4. Fully Kainos averse proven in GDS standards track record and principles. Identity Assurance & Input Access into larger Management transformation programmes and IT strategy. Reduce operational costs. 5. Start to finish service offering Increase innovation. Improve to service for users and customers 6. Elimination of dependency upon the Government Gateway service offering
Government Gateway Transition- continued The End-of-Life for the UK Government s Government Gateway service has already been announced; and those existing government services that rely upon the Government Gateway service in order to provide identity assurance need to transition to an alternate Identity Assurance mechanism. The applicable alternative Identity Assurance mechanisms will vary from one government department or associated agency to another; and in many cases will involve incorporation of the UK Governments Gov.UK Verify c itizen based Identity Assurance service. In other cases this will involve incorporation of alternative Identity Providers; in particular in scenarios where the Identity Assurance requirements are geared towards organisation, principle and delegated authorities. During this engagement we will assist in the identification and selection of the applicable Identity Providers, and in some scenarios there may be a need for multiple different Identity Providers; in other cases there many even also be a need to build a service specific Identity Provider. We will propose and design an Identity Assurance solution around the department s or associated organisations needs and then integrate the Identity Assurance solution into the your existing services.
Identity Assurance for people and organisations Knowing who is accessing your service is paramount to privacy and data security. For individuals, we can help you integrate with the Government s Verify identity assurance service. For organisations, we can provide a corporate identity assurance and access management capability designed to meet your needs for a service-specific Digital Identity. Features 1. Analysis of business processes identifying those with an IDAM need 2. Categorisation of the various Identity Assurance Providers required 3. Identification of business process with a Gov.UK Verify need 4. Identification of business process with an Assisted Assurance need 5. Identification of business process with corporate Identity Assurance need 6. Identification of business process with bespoke Identity Assurance need 7. Identification of bespoke Identity Providers that may be necessary 8. Identification of applicable Service Providers 9. Design of services with citizen and/or corporate IDAM capabilities 10.Delivery of services with citizen and/or corporate IDAM capabilities Benefits Benefits 1. Clarification of the department s Identity Assurance In-depth needsknowledge and experience of public sector. Flexible approach to delivery. 2. Rapid Guidance deployment on incorporating of team - on-site, Identity remote, Assurance or a combination. services into business processes Ability to off-shore specific activities, enabling competitive costs. 3. Access to Kainos Identity Assurance & Access Openness Management and transparency, and wider ensuring services tangible benefits and outcomes. Fully averse in GDS standards and principles. 4. Input Kainos into larger proven transformation track record programmes in Identity Assurance & and Access IT strategy. Management Reduce operational costs. Increase innovation. 5. Start to finish service offering Improve to service for users and customers 6. Incorporation of citizen and/or corporate Identity Assurance into services
Identity Assurance for people and organisations - continued The Kainos Citizen and/or Corporate identity Assurance offering provides government departments and associated organisations or agencies with a means of incorporating Identity Assurance capabilities into their di gital services. We will guide you through the identification of the appropriate categories of Identity Assurance required; assist with the selection of the applicable Identity Providers and incorporation of the Identity Assurance capabilities of the chosen Identity Providers into your digital services. In many cases this will involve integration of the Identity Assurance capabilities offered by the UK Government s Gov.UK Verify service into the department s or associated agency s services. In other cases this will involve incorporation of alternative Identity Providers; in particular in scenarios where the Identity Assurance requirements are geared towards organisation, principle and delegated authorities. During this engagement we will assist in the identification and selection of the applicable Identity Providers, and in some scenarios there may be a need for multiple different Identity Providers ; in other cases there many even also be a need to build a service specific Identity Provider. We will propose and design an Identity Assurance solution around the department s or associated organisations needs and then integrate the Identity Assurance solution into the your existing services.
Unified Identity Assurance and Access Management Our unified Identity Assurance and Access Management (IDAM) hub provides Government organisations with a single sign-on solution for multiple services. Using a distributed identity control, we will help you ensure that the right people get the right level of access, to the right services, at the right time. Features 1. Service enrolment 2. User provisioning and maintenance 3. Multiple Identity Providers, selection based upon category of user 4. Single Sign-on to available services 5. Multiple Service Providers, with availability based upon user role 6. Roles based Access Management 7. User focused Service Dashboard 8. Single point of access for all of the department s services 9. Audit of all user interactions 10. Workflow driven approvals processes Benefits Benefits 1. Centralised user provisioning/de-provisioning across In-depth department knowledge and experience of public sector. Flexible approach to delivery. 2. Rapid Centralised deployment user of team maintenance - on-site, remote, across or department a combination. Ability to off-shore specific activities, enabling 3. Controlled access to department s services competitive costs. Openness and transparency, ensuring tangible 4. benefits Verified and Identity outcomes. Assurance for all service users Fully averse in GDS standards and principles. Input into larger transformation programmes 5. and Extensible IT strategy. set of Identity Providers Reduce operational costs. 6. Increase Extensible innovation. set of Service Providers Improve to service for users and customers 7. Department wide Digital Identity for all users
Unified Identity Assurance and Access Management - continued The Unified Identity Assurance and Access Management offering provides Government departments and associated agencies with organisation-wide IDAM control, ensuring that the right people get the right level of access to the right services at the right time; with identity being distributed throughout all available services via Single Sign on (SSO). The core component of the offering is the Identity Assurance & Access Management hub, which enables government departments and large organisations to take control of their Identity Assurance and Access Management activities, providing the department with a single user management Portal and a central point for user provisioning. Central to the capability of the Identity Assurance and Access Management hub is the fact that the end -user s identity has already been verified to the appropriate level of assurance, before the end-user is allowed to access any of the department s secure services; by default, LOA-2 is the required the Level of Assurance (LOA). Identity Assurance is a core element of the user enrolment process, where the end-user s identity is verified (to the appropriate level) by one of a set of external Identity Providers, based upon the category of the end-user. End-users enrolling as a citizen are routed to the UK Government s Gov.UK Verify service, in order to verify their identity; whilst the department s own internal users will be routed to an Internal User Identity Provider instead. Other categories of end- user will be routed to alternative Identity Providers, and the set of available Identity Providers can be extended to accommodate other categories of end-user as required. The enrolment applications for all end-users are subject to a typical approvals process prior to being set-up as users of the system. Endusers will be notified of the outcome of this, and where applicable directed to their new Service Dashboard.
Unified Identity Assurance and Access Management - continued The Service Dashboard provides the end-user with centralised access to the complete set of departmental services that they have been approved to use. Access to each service couldn t be easier, there is no need for the end-user to provide service specific credentials as the end-user s identity is automatically passed to the Service Provider (SP) as a secure Single Sign-on token. When circumstances change (e.g. a change in an end-user s role) the Access Management capabilities made available to the internal users allow them to alter the end-user s role and privileges accordingly; where necessary the next time that the end-user accesses their departmental services they will be directed to the appropriate Identity Provider to re-verify their identity, in order to take account of any changes that the internal user has made. Internal users can locate the records for the end-user in question and amend any aspect of the information held. The level of information that internal users can amend ranges from an end-user s assigned roles to their identity (e.g. name, address, etc.). The internal users also have access to a mechanism for de-provisioning end-users; thus terminating the end-user s ability to use the Service Dashboard and any of the departmental services which the end- user had previously been authorised to use. Identity Assurance & Access Management Hub
Commercial Statement Confidentiality and Copyright Kainos Software Limited 2015 ("Kainos") The contents of this document are commercial and confidential in nature and the copyright of Kainos. This document must not be reproduced (in whole or in part) save in connection with the purpose for which it was issued. Trademarks Kainos is a registered trademark of Kainos Software Limited. All rights reserved. You may not delete or change or modify any copyright or trademark notice. Caveats Kainos has used all reasonable endeavours to ensure that the contents of this document are accurate, but is not responsible for any errors or omissions. All information provided prior to execution of a contract is provided "as is" and subject to contract without warranty of any kind. This document does not constitute an offer from Kainos. In the event that the parties elect to work together, they will only be contractually bound to each other upon signature of a contract. Corporate Information Kainos is the trading name of the Kainos group of companies, further information on which can be found here: https://www.kainos.com/corporate-information/