Service Descriptin Service Overview The Symantec Identity: Access Manager service ( Service ) is a hsted security platfrm that ffers single sign-n with strng authenticatin, access cntrl, and user management in a unified slutin. Additinally, this slutin allws Custmer t extend internal security plicies t public and private clud services in supprt f cmpliance and auditing requirements. This Service Descriptin, with any attachments included by reference, is part f any agreement which incrprates this Service Descriptin by reference (cllectively, the Agreement ), fr thse Services which are described in this Service Descriptin and are prvided by Symantec. Table f Cntents Technical/Business Functinality and Capabilities Service Features Custmer Respnsibilities Supprted Platfrms and Technical Requirements Hsted Service Sftware Cmpnents Assistance and Technical Supprt Service-Specific Terms N Aut-Renewal Service Cnditins Service Level Objective Definitins SYMANTEC PROPRIETARY PERMITTED USE ONLY 1 Cpyright 2015 Symantec Crpratin. All rights reserved. Symantec, the Symantec Lg and any ther trademark fund n the Symantec Trademarks List that are referred t r displayed in the dcument are trademarks r registered trademarks f Symantec Crpratin r its affiliates in the U.S. and ther cuntries. Other names may be trademarks f their respective wners. The cntents f this dcument are nly fr use by existing r prspective custmers r partners f Symantec, slely fr the use and/r acquisitin f the Services described in this dcument.
Service Descriptin TECHNICAL/BUSINESS FUNCTIONALITY AND CAPABILITIES Service Features Single Sign-On with Strng Authenticatin The Access Cntrl Gateway ( Gateway ) is a virtual sftware appliance, including the Single Sign-On ( SSO ) prtal and the Administratr prtal, that is respnsible fr enfrcing access plicies fr the Service. The Gateway enables Custmer t authenticate against a single r multiple user stres. The Service supprts strng authenticatin and is cmpatible with the Symantec Validatin & ID Prtectin ( Symantec VIP ) service. This enables primary and / r secnd-factr authenticatin t the SSO prtal and Web based applicatins. Symantec VIP is available under separate terms and cnditins and fr an additinal fee. A cmplete list f supprted strng authenticatin prducts is available in the installatin guide. The Service als supprts strng authenticatin thrugh the use f digital certificates and is cmpatible with the Symantec Managed Public Key Infrastructure ( PKI ) service which enables primary authenticatin t the SSO prtal The Service supprts Custmer user stres as defined in the installatin guide, including, but nt limited t Micrsft Active Directry, LDAP,IWA, ADFS, and third-party identity prviders which are SAML enabled, such as Symantec VIP. A list f all Administratr apprved SaaS and Intranet Web applicatins will display after the End User is authenticated t the Service via the SSO prtal, sme f which may nly be accessible thrugh a brwser add-n. Access Management Administratrs can cntrl which clud applicatins an End User may access by defining plicies, based n End User s identity and sessin cntext, which are enfrced by the Service. Administratrs can als cntrl which clud applicatin an End User may access by enfrcing strng authenticatin. User Management Administratrs may invite r enable End Users t self-register fr a persnal prfile and credential in the built-in user directry whereby that credential can be used t access authrized applicatins. Administratrs may enable End Users t manage their prfile and passwrd thrugh self-service in the SSO prtal. Applicatin Management Administratrs can create cnnectrs t varius service prviders frm the Applicatin catalg. These cnnectins are funded thrugh SAML r sign-in frm facilitated by a brwser add-n. The Service als includes a Generic Cnnectr Template t allw integratin with an applicatin nt currently published in the Applicatin catalg. Prductin Envirnment Includes management f fur (4) Gateways where 1 primary Gateway and 3 secndary Gateways make up a single cluster. High Availability fr lgical cluster that cntain multiple gateways in different lcatins. High Availability is available fr the SSO prtal and ther hsted cmpnents nly, and may perfrm with reduced capability until the primary nde is restred. Disaster Recvery fr multiple clusters f gateways and internal data replicatin acrss lgical clusters. Disaster Recvery is available fr the SSO prtal and the Administratr prtal. SYMANTEC PROPRIETARY PERMITTED USE ONLY 2 Cpyright 2015 Symantec Crpratin. All rights reserved. Symantec, the Symantec Lg and any ther trademark fund n the Symantec Trademarks List that are referred t r displayed in the dcument are trademarks r registered trademarks f Symantec Crpratin r its affiliates in the U.S. and ther cuntries. Other names may be trademarks f their respective wners. The cntents f this dcument are nly fr use by existing r prspective custmers r partners f Symantec, slely fr the use and/r acquisitin f the Services described in this dcument.
Service Descriptin Sandbx Optin A pre-prductin envirnment ( Sandbx ) ptin is available t allw Custmer t test prduct functinality with the Service. Custmers may leverage the Sandbx instance t stage new deplyments t a limited set f End Users, r assess the stability f the new deplyment befre rlling ut t the rest f the End Users r the prductin envirnment. The Sandbx may nly be hsted by Symantec. The fllwing restrictins will apply whether Custmer purchases a Sandbx in additin t a prductin Service, r a Sandbx-nly instance fr testing. The Sandbx is limited t fifty (50) users and fr use up t twelve (12) mnths. Only ne (1) primary Gateway will be assigned t the Sandbx. The Sandbx ptin may nt be renewed withut purchase f the Service. A Sandbx instance is eligible fr Technical Supprt, hwever such supprt des nt include Severity 1 r Severity 2 respnse and reslutin cmmitments. High Availability and Disaster Recvery d nt apply t the Sandbx. Sandbx envirnments are nt eligible fr service level cmmitments. General Features APIs are available t allw Custmer t place the SSO prtal lgin feature within ther custm applicatins. Available updates t the Service will be cmmunicated t Administratrs via email alerts r made visible via the Administratr dashbard. Symantec will make additinal relevant Service dcumentatin available nline thrugh the Administratr prtal. Basic reprting fr the Service is available thrugh the Administratr prtal. The Service recrds imprtant security events t create audit trails that can be transmitted t a lg management and SIEM slutin. Custmer can archive the lgs accrding t its requirements and internal plicies. The Service is managed n a twenty-fur (24) hurs/day by seven (7) days/week basis and is mnitred fr hardware availability, service capacity and netwrk resurce utilizatin. The Service is regularly mnitred fr service level cmpliance and adjustments are made as needed. Symantec als ffers prfessinal services t assist Custmer with the Services under separate terms and cnditins and fr an additinal fee. Custmer Respnsibilities Symantec can nly perfrm the Service if Custmer prvides required infrmatin r perfrms required actins. If Custmer des nt prvide/perfrm per the fllwing respnsibilities, Symantec s perfrmance f the Service may be delayed, impaired r prevented, and/r eligibility fr Service Level Agreement benefits may be vided, as nted belw. Setup Enablement: Custmer must prvide infrmatin required fr Symantec t begin prviding the Service. Adequate Custmer Persnnel: Custmer must prvide adequate persnnel t assist Symantec in delivery f the Service, upn reasnable request by Symantec. See the nline help fr mre infrmatin n each required rle. An Administratr must install the Bridge as instructed in the License Certificate email and cnfirm that it is jined t the cluster. An Administratr must update t the mst current versin f the Bridge. Technical Supprt is nly available fr the mstcurrent versin and the immediate prir versin f the Bridge. Custmer must cmmunicate if it is their preference fr an Administratr t perfrm updates t the Gateway, therwise Symantec will perfrm such updates as they becme available. Custmer must cnfigure the Service t begin use with supprted applicatins. Custmer Cnfiguratins vs. Default Settings: Custmer must cnfigure the features f the Service thrugh the Administratr prtal, if applicable, r default settings will apply. Cnfiguratin and use f the Service(s) are entirely in Custmer s cntrl. SYMANTEC PROPRIETARY PERMITTED USE ONLY 3 Cpyright 2015 Symantec Crpratin. All rights reserved. Symantec, the Symantec Lg and any ther trademark fund n the Symantec Trademarks List that are referred t r displayed in the dcument are trademarks r registered trademarks f Symantec Crpratin r its affiliates in the U.S. and ther cuntries. Other names may be trademarks f their respective wners. The cntents f this dcument are nly fr use by existing r prspective custmers r partners f Symantec, slely fr the use and/r acquisitin f the Services described in this dcument.
Service Descriptin Supprted Platfrms and Technical Requirements Supprted platfrms fr the Service are defined in the Service dcumentatin. Hsted Service Sftware Cmpnents The Service includes the fllwing sftware Service Cmpnents, upn Service Activatin, as defined belw: The Bridge Service Sftware is used t enable cnnectivity acrss netwrk firewalls and authenticatin between the Gateway and a custmer s user stre such as AD/LDAP. The Bridge is available fr Custmer dwnlad per the instructins prvided in License Certificate email. Assistance and Technical Supprt Technical Supprt. The Service includes Symantec technical supprt as described in the License Instrument cnfirming custmer s purchase f the Service. Symantec technical supprt is prvided and perfrmed subject t Symantec s then-current terms, plicies and prcesses ( Supprt Terms ). All references t Sftware in the Supprt Terms shall be deemed references t the Service, as applicable, prvided, hwever, that any terms r deliverables in the Supprt Terms specific t sftware nly shall nt apply t supprt fr the Service. Custmer s technical assistance may be limited if Custmer is using r wrking n an applicatin that is nt identified by Symantec as a supprted applicatin in the Applicatin catalg r if Custmer is using an implementatin f the Service that was nt installed r cnfigured using recmmended practices. Symantec Technical Supprt persnnel may need t access Custmer s Gateway t examine Custmer s deplyment cnfiguratins in rder t fulfill supprt bligatins. Symantec Technical Supprt may require Custmer t prvide certain lg data in rder t fulfill supprt bligatins. SERVICE-SPECIFIC TERMS N Aut-Renewal. Ntwithstanding anything t the cntrary in the Agreement, there is n autmatic renewal f the Service. Befre the Service expires, Custmer must cntact Symantec r a Symantec reseller t renew the Service. Service Cnditins If Custmer purchases directly frm Symantec, the Symantec Qute Ordering Terms fund n the Repsitry will apply. If Custmer purchases thrugh a Symantec reseller, the Additinal Services Order Terms fund n the Repsitry will apply. Custmer will be inviced frm the date n which the Service is available fr use by the Custmer ( Service Activatin ). Symantec will use cmmercially reasnable effrts t activate the Service within thirty (30) days frm the date that Symantec can reasnably begin prvisining the Service. If the Service is terminated r expires, fr any reasn, Custmer will have sixty (60) days t extract any infrmatin that may have been stred in the Service frm the date f Service terminatin r expiratin, then such infrmatin will be deleted. Upn Service Activatin, Custmer shall be respnsible fr all activities that ccur under its Administratr accunts including, but nt limited t, implementing the cnfiguratin ptins in line with Custmer s internal plicies, safeguarding the Sftware and related systems t prtect against unauthrized access t the Service, and retaining any data and/r event lgs generated by the Service. SYMANTEC PROPRIETARY PERMITTED USE ONLY 4 Cpyright 2015 Symantec Crpratin. All rights reserved. Symantec, the Symantec Lg and any ther trademark fund n the Symantec Trademarks List that are referred t r displayed in the dcument are trademarks r registered trademarks f Symantec Crpratin r its affiliates in the U.S. and ther cuntries. Other names may be trademarks f their respective wners. The cntents f this dcument are nly fr use by existing r prspective custmers r partners f Symantec, slely fr the use and/r acquisitin f the Services described in this dcument.
Service Descriptin Custmer may make the Service Sftware and the Service accessible t its authrized IT cntractrs, prvided that Custmer shall be respnsible fr such third party s cmpliance with the terms and cnditins f the Agreement, and any breach theref by such third party shall be deemed t be a breach by Custmer. Custmer may nt disclse the results f any benchmark tests r ther tests cnnected with the Service t any third party withut Symantec s prir written cnsent. The use f any Service Cmpnent in the frm f Sftware shall be gverned by the license agreement accmpanying the Sftware. If n EULA accmpanies the Service Cmpnent, it shall be gverned by the terms and cnditins lcated at (http://www.symantec.cm/cntent/en/us/enterprise/eulas/b-hsted-service-cmpnent-eula-eng.pdf). Any additinal rights and bligatins with respect t the use f such Service Cmpnent shall be as set frth in this Service Descriptin. Except as therwise specified in the Service Descriptin, the Service (including any Hsted Service Sftware Cmpnent prvided therewith) may use pen surce and ther third party materials that are subject t a separate license. Please see the applicable Third Party Ntice, if applicable, at http://www.symantec.cm/abut/prfile/plicies/eulas/. Symantec may update the Service at any time in rder t maintain the effectiveness f the Service. The Service may be accessed and used glbally, subject t applicable exprt cmpliance limitatins and technical limitatins in accrdance with the then-current Symantec standards. SERVICE LEVEL OBJECTIVE 99.5% Service Availability Service Availability fr the Service, nt including the Administratr Prtal, fr any ninety (90) day perid, shall be n less than ninety-nine and ne half percent (99.5%). Service Availability is calculated n a rlling ninety (90) day basis as a percentage equal t (a) the ttal number f minutes in any such perid that the Service is available and capable f receiving and prcessing data frm custmers, divided by (b) the ttal number f minutes in such perid. Lg-in pages fr the Gateway are subject t the Service Availability bjective, subject t the exceptins belw. Maintenance. Symantec must perfrm maintenance frm time t time. Symantec will utilize planned maintenance windws t perfrm infrastructure changes t the system that will require impact t the prductin service. Symantec will give custmers advance ntice via email f the date and nature f such update, identifying any impacts t the Service and the duratin f thse impacts. Service Level Exceptins Fr purpses f calculating the Service Availability, the Services shall nt be cnsidered unavailable, even if inaccessible, if due t: Custmer s failure t apply required updates received thrugh Service alerts; Maintenance windws that are cmmunicated t custmers in writing (including by Email) at least seventy-tw (72) hurs in advance; Acts r missins f Custmer r third parties, including but nt limited t, individual applicatins and applicatin adapters; Custmer s Internet cnnectivity being unavailable; Internet traffic prblems nt under Symantec s reasnable cntrl; Custmer s failure t meet minimum hardware and/r sftware requirements set frth in the Agreement; Custmer s failure t use current, r immediately prir versin, f updates t Service Sftware; Custmer s infrastructure r ther equipment failure; Failure f any hardware, sftware, service r ther equipment used by an individual user t access the services; r Failure f services prvided by custmer (r a third party under cntract t prvide services t custmer) that are incrprated int the Service in the absence f any fault attributable t Symantec. Custmer s maintenance activity. SYMANTEC PROPRIETARY PERMITTED USE ONLY 5 Cpyright 2015 Symantec Crpratin. All rights reserved. Symantec, the Symantec Lg and any ther trademark fund n the Symantec Trademarks List that are referred t r displayed in the dcument are trademarks r registered trademarks f Symantec Crpratin r its affiliates in the U.S. and ther cuntries. Other names may be trademarks f their respective wners. The cntents f this dcument are nly fr use by existing r prspective custmers r partners f Symantec, slely fr the use and/r acquisitin f the Services described in this dcument.
Service Descriptin DEFINITIONS Capitalized terms used in this Service Descriptin, and nt therwise defined in the Agreement r this Services Descriptin, have the meaning given belw: Administratr means an End User with authrizatin t manage the Service n behalf f Custmer. Administratrs may have the ability t manage all r part f a Service as designated by Custmer. Agreement means the Master Services Agreement r such ther agreement entered int between Symantec and Custmer under which the rdering terms applicable t this Service Descriptin are issued. Custmer means the entity that purchased the Service, including any agents and/r cntractrs it authrizes t install and use the Service n its behalf. End User License Agreement (EULA) means the terms and cnditins accmpanying Sftware (defined belw). End User r User means Custmer s emplyees, cntractrs and external users wh are authrized by Custmer t use the Services n behalf f Custmer. Gateway means gateway in the frm f a virtual sftware appliance installed n a virtual machine fr use by Custmer as part f the Service. Repsitry means the Web site where Custmer may view the mst current terms and cnditins applicable t the Service, namely http://www.symantec.cm/abut/prfile/plicies/clud-services-agreements.jsp r it successr Website. SaaS means sftware-as-a-service. Service Cmpnent means certain enabling sftware, hardware peripherals and assciated dcumentatin which may be separately prvided by Symantec as an incidental part f a Service. Service Sftware means Sftware (defined belw), as may be required by a Service, which must be installed n each Custmer cmputer, in rder t receive the Service. Service Sftware includes the Sftware and assciated dcumentatin that may be separately prvided by Symantec as part f the Service. Sftware means each Symantec r licensr sftware prgram, in bject cde frmat, licensed t Custmer by Symantec and gverned by the terms f the accmpanying EULA, r this Service Descriptin, as applicable, including withut limitatin new releases r updates as prvided hereunder. Subscriptin Instrument means ne r mre f the fllwing applicable dcuments which further defines Custmer s rights and bligatin related t the Service: a Symantec certificate r a similar dcument issued by Symantec, r a written agreement between Custmer and Symantec, that accmpanies, precedes r fllws the Service. END OF SERVICE DESCRIPTION SYMANTEC PROPRIETARY PERMITTED USE ONLY 6 Cpyright 2015 Symantec Crpratin. All rights reserved. Symantec, the Symantec Lg and any ther trademark fund n the Symantec Trademarks List that are referred t r displayed in the dcument are trademarks r registered trademarks f Symantec Crpratin r its affiliates in the U.S. and ther cuntries. Other names may be trademarks f their respective wners. The cntents f this dcument are nly fr use by existing r prspective custmers r partners f Symantec, slely fr the use and/r acquisitin f the Services described in this dcument.