Idaptive App Gateway Service
Idaptive strengthens enterprise security by managing and securing user identities from cyber threats. With Idaptive platform of integrated software and cloud-based services, Idaptive uniquely secures and unifies identity for both privileged and end users across today’s hybrid IT world of cloud, mobile and data centre.
Features
- Single Sign-On
- Adaptive MFA for cloud and on-premise apps, endpoints and infrastructure
- Workflow & Lifecycle Managemen
- Mobility Management
- Smartcard & Derived Credentials
- Identity Broker
- Privilege Elevation
- Shared Account Password Management
- Secure Remote Access
- Session Recording & Auditing
Benefits
- Centralized identity and access management
- MFA everywhere
- Risk-aware access
- Consolidate identities
- SSO everywhere (apps, endpoints, infrastructure)
- Mitigate VPN risk
- Grant just enough privilege (least privilege access)
- Grant just in time privilege (require access approvals)
- Risk analytics
- Complete automation
Pricing
£29.94 a user a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
2 5 5 1 3 4 3 1 4 3 1 4 0 6 3
Contact
Avari Solutions
Ross Garman
Telephone: 08450360040
Email: ross.garman@avari.solutions
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
Idaptive Identity Platform provides Federated Authentication for Cloud/SaaS applications e.g Office365.
Active Directory
UNIX/Linux/MacOS
Hadoop
NOSQL
Apache Web Servers
SAP
IBM DB2 - Cloud deployment model
- Hybrid cloud
- Service constraints
- A list of supported browsers, applications and operating systems is available
- System requirements
- Appropriate Licensing for services accessed through Idaptive Identity Platform
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 1 Hour First Response SLA - Mon to Fri 9am-5:30pm excl bank holidays
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
We support P1-P4 incidents remotely or on site at a further cost (varies depending on the time required to resolve an issue.)
A technical account manager is supplied FOC to any business or organisation acquiring Avari software or services.
You have access to a cloud support engineer Mon-Fri 9am-5:30pm (not dedicated.) - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Avari Professional Services are available to assist in implementing the solution and provide on-site training. Additionally online training is available along with comprehensive user documentation.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data can be extracted via the RestfulAPI and reporting toolset.
- End-of-contract process
- Customers are notified towards the end of their contract. Should the contract end, portal access will be removed. There is no additional cost to end the contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Additional mobile features include enterprise mobility management. The mobile device application can be utilised as a further authentication mechanism for MFA
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
- Idaptive RestfulAPI provides full functionality to setup and make changes to all functions of the cloud service. Where relevant there are command line tools available for direct configuration and querying of all parts of the Service.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The front end user and administrative interface is fully customisable and exposed via RestfulAPI. Some customisation options are included within the administrative portal
Roles, rights and auditing features can be fully customised to client requirements.
This can be conducted either via the console or the command line if the user has the required access level.
Granular access can be granted to discrete parts of the environment.
Scaling
- Independence of resources
- Various deployment options, self-hosted and public cloud. The Idaptive public cloud option is a fully managed multi-tenanted cloud deployment and the service is automatically scaled upon customer demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Metrics include but not limited to: number of audited systems and sessions.
Location based user access of successful and denied access.
Use of applications, application installation states
Mobile device metrics including number of devices, types of devices in the estate and compliance levels.
Use of multi-factor authentication for application access, infrastructure and service access. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Idaptive, Centrify, Okta, Cynet, Ping, OneLogin, Auth0
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Idaptive provide a REST API to query data,
Data can also be exfiltrated via reporting mechanisms - Data export formats
-
- CSV
- Other
- Other data export formats
- Rest API Extract
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Idaptive have three layers of redundancy to provide the highest levels of availability:
All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.
All customer data is additionally backed up to another datacenter within the same continent, for global failover if needed.
Idaptive leverages Microsoft Azure datacenters, to take advantage of their best practices for fault tolerance and always-on availability - Approach to resilience
-
Idaptive have three layers of redundancy to provide the highest levels of availability:
All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.
All customer data is additionally backed up to another datacenter within the same continent, for global failover if needed.
Idaptive leverages Microsoft Azure datacenters, to take advantage of their best practices for fault tolerance and always-on availability
Further information is available on request - Outage reporting
-
Idaptive provide a public dashboard to their cloud availability status https://www.idaptive.com/support/idaptive-trust/trust/
Should an outage occur customers will be informed via email.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
Delegated administrative access via role based control.
Idaptive support can be granted read access for a specified limited time period in order to troubleshoot issues - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Common Criteria certification listed at EAL 2+
- SOC II Certification
- Idaptive is validated FIPS 140-2 Level
- Cloud Security Alliance Cloud Controls Matrix
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- Other
- Other security governance standards
- FedRAMP, FIPS 140-2 Level 1, SOC II, Common Criteria certification
- Information security policies and processes
- Idaptive maintains a security program that includes policies and procedures, defined roles and responsibilities, and mandatory new-hire and annual training. Idaptives program is based on ISO 27001/2 and SSAE 16 standards. Employees are subject to disciplinary action including termination for failure to comply with security policies. Idaptive is audited annually by an independent 3rd party to assess the design and effectiveness of the security program and controls; the results are in the SOC II Type 2 report, available upon request with a fully-executed MNDA. Centrify’s privacy program and controls are also audited annually for compliance with relevant security requirements; the policy and results are available at: https://www.idaptive.com/privacy
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Production changes are documented in a ticket system and undergo review and approval by operations management.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Idaptive tests for vulnerabilities through multiple channels, including 3rd party application vulnerability testing, bug bounty programs, 3rd party source code security testing, active network scanning, monitoring of vendor and industry security alerts, and annual risk assessments. Microsoft also maintains additional controls to manage physical, OS and network-level threats to the Azure platform. Identified vulnerabilities and risks are tracked in an internal ticketing system from identification through resolution. Patches and relevant information releases to customers are made with expedience, according to the risk of the identified vulnerability.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Idaptive monitors application and platform components of the service for potential issues. Cloud Operations staff monitor alerts and logs for issues, and log a ticket for issues that require remediation. In the event of application or data compromise affecting customer data, the customer is notified immediately and remains in contact with the remediation team until resolution. More information on response times are provided in the EULA or SLSA.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Idaptive maintains an incident response policy and program, with defined processes, roles and responsibilities. Customers may submit security issues through the normal support channels or any additional channels as provided in the EULA or SLSA. Incident reports are provided through the support channel to the primary support contact for the customer, or through security channels as provided in the EULA or SLSA.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £29.94 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
30 day fully featured free trial or Express version with limited functionality, optionally supported with Pre-Sales Support.
Excluded are professional services and training - Link to free trial
- https://www.idaptive.com/free-trial/