Avari Solutions

Idaptive App Gateway Service

Idaptive strengthens enterprise security by managing and securing user identities from cyber threats. With Idaptive platform of integrated software and cloud-based services, Idaptive uniquely secures and unifies identity for both privileged and end users across today’s hybrid IT world of cloud, mobile and data centre.

Features

  • Single Sign-On
  • Adaptive MFA for cloud and on-premise apps, endpoints and infrastructure
  • Workflow & Lifecycle Managemen
  • Mobility Management
  • Smartcard & Derived Credentials
  • Identity Broker
  • Privilege Elevation
  • Shared Account Password Management
  • Secure Remote Access
  • Session Recording & Auditing

Benefits

  • Centralized identity and access management
  • MFA everywhere
  • Risk-aware access
  • Consolidate identities
  • SSO everywhere (apps, endpoints, infrastructure)
  • Mitigate VPN risk
  • Grant just enough privilege (least privilege access)
  • Grant just in time privilege (require access approvals)
  • Risk analytics
  • Complete automation

Pricing

£29.94 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ross.garman@avari.solutions. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 5 5 1 3 4 3 1 4 3 1 4 0 6 3

Contact

Avari Solutions Ross Garman
Telephone: 08450360040
Email: ross.garman@avari.solutions

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Idaptive Identity Platform provides Federated Authentication for Cloud/SaaS applications e.g Office365.
Active Directory
UNIX/Linux/MacOS
Hadoop
NOSQL
Apache Web Servers
SAP
IBM DB2
Cloud deployment model
Hybrid cloud
Service constraints
A list of supported browsers, applications and operating systems is available
System requirements
Appropriate Licensing for services accessed through Idaptive Identity Platform

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 Hour First Response SLA - Mon to Fri 9am-5:30pm excl bank holidays
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We support P1-P4 incidents remotely or on site at a further cost (varies depending on the time required to resolve an issue.)

A technical account manager is supplied FOC to any business or organisation acquiring Avari software or services.

You have access to a cloud support engineer Mon-Fri 9am-5:30pm (not dedicated.)
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Avari Professional Services are available to assist in implementing the solution and provide on-site training. Additionally online training is available along with comprehensive user documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted via the RestfulAPI and reporting toolset.
End-of-contract process
Customers are notified towards the end of their contract. Should the contract end, portal access will be removed. There is no additional cost to end the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Additional mobile features include enterprise mobility management. The mobile device application can be utilised as a further authentication mechanism for MFA
Service interface
No
API
Yes
What users can and can't do using the API
Idaptive RestfulAPI provides full functionality to setup and make changes to all functions of the cloud service. Where relevant there are command line tools available for direct configuration and querying of all parts of the Service.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The front end user and administrative interface is fully customisable and exposed via RestfulAPI. Some customisation options are included within the administrative portal

Roles, rights and auditing features can be fully customised to client requirements.

This can be conducted either via the console or the command line if the user has the required access level.

Granular access can be granted to discrete parts of the environment.

Scaling

Independence of resources
Various deployment options, self-hosted and public cloud. The Idaptive public cloud option is a fully managed multi-tenanted cloud deployment and the service is automatically scaled upon customer demand.

Analytics

Service usage metrics
Yes
Metrics types
Metrics include but not limited to: number of audited systems and sessions.
Location based user access of successful and denied access.
Use of applications, application installation states
Mobile device metrics including number of devices, types of devices in the estate and compliance levels.
Use of multi-factor authentication for application access, infrastructure and service access.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Idaptive, Centrify, Okta, Cynet, Ping, OneLogin, Auth0

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Idaptive provide a REST API to query data,
Data can also be exfiltrated via reporting mechanisms
Data export formats
  • CSV
  • Other
Other data export formats
Rest API Extract
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Idaptive have three layers of redundancy to provide the highest levels of availability:

All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.

All customer data is additionally backed up to another datacenter within the same continent, for global failover if needed.

Idaptive leverages Microsoft Azure datacenters, to take advantage of their best practices for fault tolerance and always-on availability
Approach to resilience
Idaptive have three layers of redundancy to provide the highest levels of availability:

All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.

All customer data is additionally backed up to another datacenter within the same continent, for global failover if needed.

Idaptive leverages Microsoft Azure datacenters, to take advantage of their best practices for fault tolerance and always-on availability

Further information is available on request
Outage reporting
Idaptive provide a public dashboard to their cloud availability status https://www.idaptive.com/support/idaptive-trust/trust/
Should an outage occur customers will be informed via email.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Delegated administrative access via role based control.
Idaptive support can be granted read access for a specified limited time period in order to troubleshoot issues
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
No audit information available
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Common Criteria certification listed at EAL 2+
  • SOC II Certification
  • Idaptive is validated FIPS 140-2 Level
  • Cloud Security Alliance Cloud Controls Matrix

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards
FedRAMP, FIPS 140-2 Level 1, SOC II, Common Criteria certification
Information security policies and processes
Idaptive maintains a security program that includes policies and procedures, defined roles and responsibilities, and mandatory new-hire and annual training. Idaptives program is based on ISO 27001/2 and SSAE 16 standards. Employees are subject to disciplinary action including termination for failure to comply with security policies. Idaptive is audited annually by an independent 3rd party to assess the design and effectiveness of the security program and controls; the results are in the SOC II Type 2 report, available upon request with a fully-executed MNDA. Centrify’s privacy program and controls are also audited annually for compliance with relevant security requirements; the policy and results are available at: https://www.idaptive.com/privacy

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Production changes are documented in a ticket system and undergo review and approval by operations management.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Idaptive tests for vulnerabilities through multiple channels, including 3rd party application vulnerability testing, bug bounty programs, 3rd party source code security testing, active network scanning, monitoring of vendor and industry security alerts, and annual risk assessments. Microsoft also maintains additional controls to manage physical, OS and network-level threats to the Azure platform. Identified vulnerabilities and risks are tracked in an internal ticketing system from identification through resolution. Patches and relevant information releases to customers are made with expedience, according to the risk of the identified vulnerability.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Idaptive monitors application and platform components of the service for potential issues. Cloud Operations staff monitor alerts and logs for issues, and log a ticket for issues that require remediation. In the event of application or data compromise affecting customer data, the customer is notified immediately and remains in contact with the remediation team until resolution. More information on response times are provided in the EULA or SLSA.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Idaptive maintains an incident response policy and program, with defined processes, roles and responsibilities. Customers may submit security issues through the normal support channels or any additional channels as provided in the EULA or SLSA. Incident reports are provided through the support channel to the primary support contact for the customer, or through security channels as provided in the EULA or SLSA.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£29.94 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 day fully featured free trial or Express version with limited functionality, optionally supported with Pre-Sales Support.

Excluded are professional services and training
Link to free trial
https://www.idaptive.com/free-trial/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ross.garman@avari.solutions. Tell them what format you need. It will help if you say what assistive technology you use.