Awarded to Methods Business and Digital Technology Limited

Start date: Monday 30 September 2019
Value: £1,800,000
Company size: SME
Department for Education

Agile Delivery and CI of the departments strategic Identity and Access Management System

11 Incomplete applications

8 SME, 3 large

15 Completed applications

12 SME, 3 large

Important dates

Wednesday 19 June 2019
Deadline for asking questions
Wednesday 26 June 2019 at 11:59pm GMT
Closing date for applications
Wednesday 3 July 2019 at 11:59pm GMT


Summary of the work
We are seeking a partner to develop, support and continously improve our strategic in-house developed Identity and Access Management service through Beta phase, until able to pass the digital service standard for live services. Discovery and Alpha phases have been completed.
Latest start date
Monday 2 September 2019
Expected contract length
Up to 2 years
West Midlands
Organisation the work is for
Department for Education
Budget range
The budget could range up to a maximum of £1.8m per year consisting of multiple SoWs, but that scope could expand or contract. DfE does not commit to any minimum spend at this point. A pricing template will be given at the proposal stage to those suppliers we shortlist.

About the work

Why the work is being done
To continue delivering DfE a strategic secure identity & access management service for all education users. Deliver a service that meets the Digital Service Standard. Provide a migration path from our legacy IDAMs arrangements.
Problem to be solved
Users in organisations like schools and training providers that have to (or need to) use DfE services have demonstrated that a fragmented Identity and Access Management solution for access to those systems creates a less than satisfactory experience and reduces the organisations ability to succesfully interact with with the department and its services. As such the strategic approach is to provide external users of DfE services with a single sign on solution that allows a user to retain a single set of credentials that hold a single set of access rules.
Who the users are and what they need to do
As a school employee, teacher or other DfE user, I want a single sign-on so that I can seamlessly access DfE services. I need to have a consistent and clear user experience so that my burden is reduced and I can spend less time on administration. As a Service Owner I want a simplier access journey for my users and confidence that inappropriate access requests are refused.
Early market engagement
Any work that’s already been done
The service is in beta. Ther are currently 85,000 users on the service and it is now in a period of migrating/onboarding users from DfE services and continous improvement.
Existing team
The existing team consists of a number of 3rd parties which have developed the product into public beta. Effective ways of (agile) working have already been developed and honed during the delivery. The new supplier will be expected to provide resources across Developer, Tech Lead, Content Design, Business Analysis, User research, DevOps roles according to the business need for the initiative. The team will be expected to work alongside a Delivery Manager and Product Owner (Civil Servants).
Current phase

Work setup

Address where the work will take place
Cheylesmore House, Quinton Road, Coventry.
Working arrangements
This will be a 5 day week, Monday to Friday. A minimum of 4 days on-site each week for face-to-face working. Meetings will be face to face, via Skype or other VC facilities. Day to day delivery will be governed by standard agile delivery techniques. The Delivery Manager and Product Owner will be responsible for prioritising backlogs in refinement sessions.
Security clearance
Personnel from the Service provider need to have both BPSS and an enhanced DBS check maintained for the life of the contract.

Additional information

Additional terms and conditions
All expenses must adhere to the DfE Travel and Subsistency Policy. No parking is available on site.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Experience of creating services built around:
  • NodeJS, Ruby, OpenID Connect, SAML 2.0, Azure PaaS, Open Source
  • Experience of succesfully delivering an identity & access management service
  • Extensive knowledge of GDS approach to service delivery
  • Experience of Agile software delivery
  • Experience of delivering services in the Public Sector
  • Experience of working in Multi-disciplinary teams
  • Experience of building and testing an end to end digital service demonstrating a high level of quality
  • Experience of DevOps engineering - particularly deploying builds,increments and releases through continuous integration and deployment pipelines
  • Experience of scripting environment builds and changes
Nice-to-have skills and experience
  • Qualification in NodeJS
  • Experience of passing GDS assessments
  • Experience of working in public sector in the UK

How suppliers will be evaluated

How many suppliers to evaluate
Proposal criteria
  • Demonstrate technical competence in the identified technologies and agile practices, including representative CVs of key roles
  • How you will balance being responsive & flexible to changing work demands (in terms of skills and capacity) as it progresses with the benefits of a stable and consistent team
  • Experience and methodology in your approach to agile ways of working
  • Demonstrable experience of working alongside clients in co-located, integrated teams
  • Demonstrate approach to knowledge and skills transfer
  • Demonstrate understanding/ability to deliver digital products/services to government Digital Service Standards
  • Demonstrate understanding of the challenges of implementing user centred design in a government agile environment
  • How you will identify and keep the organisation informed of risks, dependencies, issues and other considerations relevant to planning
  • How you will optimise costs for the DfE and deliver value for money through the development and the lifetime of the service (total cost of ownership of the service)
  • Demonstrate experience of delivering an identity & access management solution through a development lifecycle in a large organisation
Cultural fit criteria
  • Work as a team within our organisation and other suppliers:
  • Be transparent and collaborative when making decisions and problem solving
  • Evidence of a willingness to take ownership of problems and use initative to ensure a successful outcome
  • Have a no-blame culture and encourage people to learn from their mistakes
  • Evidence of working with organisations and stakeholders with differing levels of technical expertise
  • Build capabilty - encourage learning, share knowledge, address capability gaps, act on feedback
  • Transition process - there will be a period of shadowing for the successful suppliers team to work alongside the existing team to allow for a robust knowledge transfer
Payment approach
Capped time and materials
Assessment methods
  • Written proposal
  • Case study
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Is there a current incumbent?
Yes, there are multiple suppliers currently working across this project – they are e-Synergy, Parity and Digi2al. These suppliers may choose to bid for this work but we will not know this until the advert date has closed.
2. Please can you tell us if there is an incumbent supplier who will be eligible to bid for this work?
Please see earlier response.
3. Which suppliers have been involved in earlier stages of this project?
Please see earlier response.
4. Is this an option for one of the current 3rd parties to extend? Who are the current 3rd parties?
Please see earlier response.
5. For the first 2 Essential skills and experience criteria as below, would they be treated as one response with two hundred words?
• Experience of creating services built around:
• NodeJS, Ruby, OpenID Connect, SAML 2.0, Azure PaaS, Open Source
Yes, there is a 100 word limit for each bullet point. As this has been split into two bullet points, this is one criteria and will have a 200 word limit.
6. Do you use an IDAM tool like KeyCloak?
No, DfE sign-in is a bespoke Idams solution based on a number of open source technologies.
7. Does the development and test team need to be co-located at the client premises?
Can parts of the team reside elsewhere?
Are there any restrictions?
As stressed in the summary, there is an expectation the delivery and testing resources co-locate in Coventry for at least 4 days per working week.
8. Can you please confirm if the system is premise based or hosted in a public cloud service?
Public Cloud.
9. Regarding DFE's answer to question 5, are we able to use multiple examples for the increased word count and multiple technologies listed?
There are six technologies listed - please keep your response as concise as possible within the 200 word limit.
10. Considering the essential skill/experience of "Expertise of scripting environment builds and changes is this concerned with:
Provisioning infrastructure for a release environment using scripts?
Provisioning infrastructure for a CI build environment using scripts?
Scripting the execution steps of a CI Build?
Yes - all three of the examples given are applicable.
11. Can you please provide further details of your Identity and Access Management System in terms of: COTS packages / technologies deployed and any Integration or bespoke develoments applied to the system?
The DfE Sign-in product is an open source Identity and Access (IDAMS) Management system based on a popular open source OpenID Connect component called "node-oidc-provider" ( This component provides the core Identity protocol functionality and is wrapped by a number of other open source projects to create a complete IDAMS solution. These open source projects can be found in the DfE Digital GitHub organisation (✓&q=login.dfe).

Integration with a number of other Open Source, COTS and BEspoke (Closed Source) services will be required as part of the continued rollout and improvement of the Strategic IDAMS solution across the DfE.
12. Please could you confirm what evidence you are seeking in response to the question:
• Qualification in NodeJS
We are seeking demonstrable evidence of competency/experience in working with projects where NodeJS is used rather than examples of any formal qualifications.