Bechtle direct Ltd.

I Am Cloud

IAMCloud centralizes the security and administration of IT, and offers a range of enterprise features including intelligent identity management, enterprise single sign-on, automated Microsoft licensing, MFA and lots more. IAM Cloud is wholly-hosted on Azure, doesn’t require any on-premises equipment. It also replaces the need for ADFS, Dirsync and FIM.


  • Intelligent enterprise grade Identity Access M and user lifecycle management
  • Full identity integration with Information Systems (MIS) like Workday
  • Selfservice password reset in the cloud full on-premise synchronisation
  • Enterprise desktop single signon and SSO from unfederated environments
  • Smart automated Microsoft SKU licensing including Office 365 and Dynamics
  • Cloud Drive Mapping to OneDrive for Business and SharePoint Online
  • Friction Free Active Directory (AD) Migration
  • Customer and supply chain identity management
  • EnterpriseGrade MultiFactor Authentication co-created with GemaltoSafeNet
  • Fully Azure hosted: no need for servers, ADFS, Dirsync FIM


  • IAMCloud can be deployed in minutes is simple to use
  • IAM Cloud increases security and control while simplifying IT administration
  • IAM Cloud helps organizations to rapidly onboard new applications
  • IAM Cloud removes the need for manual provisioning and licensing
  • IAM Cloud removes the need for expensive network storage
  • IAM Cloud's SSO improves productivity across any device and platform
  • Customer Identity Management helps build strong integration with customers
  • SelfService Password Reset reduces a major burden on IT helpdesks
  • Our Active Directory Migration is unbeatable on speed, simplicity cost
  • IAMCloud is infinitely customizable making ideal for customers and partners


£500 per licence

Service documents

G-Cloud 10


Bechtle direct Ltd.

Ajay Arithoppah

01249 467944

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints IAM Cloud's identity management platform has no notable constraints.
System requirements
  • Cloud Drive Mapper is a Windows 7,8,8.1and10 client
  • That works with OneDrive for Business and SharePoint Online.
  • IAM Cloud Agent requires Windows Server 2012/2016
  • The Migrations Service works with Office 365
  • The Migrations Service works with Office 365
  • Google G-Suite and Active Directory.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our SLA for response time is 1 hour urgent priority, 4 hours high priority, 8 hours medium priority, 24 hours low priority. Our service operates between 8am-10pm UTC+0 (UK), but critical support is available 24/7 for major outage events.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Users can type simple plain text messages to communicate simple issues to our service agents via our main website. This plugin is provided by Freshdesk.
Web chat accessibility testing We haven't done any testing as we are using an industry leading service system Freshdesk - not something of our own design.
Onsite support Yes, at extra cost
Support levels Our standard support model covers most customers, and includes onboarding, set-up, a customer success program, ongoing maintenance, ongoing support, ongoing configuration, feature requests, and service audits. Our enhanced support is custom to customer requirement, but can included dedicated resources, enhanced SLAs, weekly updates, face-to-face support and training and consultation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We onboard customers to our platform ourselves, and for tasks that require customer involvement we provide a Knowledge Base, user guides, and direct web-conference and screensharing sessions to offer real-time assistance.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data is synchronised from the customer systems - so there is typically no need to 'extract' data at the end of a contract. We've never encountered this scenario before, but custom data retrieval is technically achievable through either connecting to a customer SQL database or via CSV.
End-of-contract process If a customer contract comes to an end and isn't renewed, we normally retain data for 12 weeks unless otherwise requested by the client. The off-boarding process doesn't normally require our intervention, but we sometimes we are asked to support it due to our general expertise in identity and access management. The client would simply reconfigure their applications to point to a new identity management service at their own convenience. They can then uninstall our Agent software from their network servers, and if they are using Cloud Drive Mapper they can de-provision it using Active Directory GPO in the same way as they would have deployed it in the first place.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The only difference is with domain-joined devices and non-domain joined. Both are serviced with federation, but the authentication flow is slightly different.
Accessibility standards None or don’t know
Description of accessibility Our service is principally a back-end service. The only interface a user would interact with is the login screen, which is customised by each customer - so compliance with accessibility standards is down to each customer's discretion.
Accessibility testing As above - we don't customise the interfaces, so the customers would be responsible for their own testing.
What users can and can't do using the API API is primarily used by IAM Technology Group Ltd for the purposes of integration with third party services. Normal users are not granted access to our API. We have built several frameworks that selected technology partners may work with.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation IAM Cloud is an identity management platform - so it is designed to be customised to each customer's requirements. Customisations include a rules engine, which allows organisations to classify and group users based on any available attribute (e.g. department name). Each classified group can then have different security features applied to them. The login UI can be customised to look like the customer's website, alert email notifications can be customised, and the federation URL is CNamed to the customer domain to give a fully custom feel.


Independence of resources Our platform is built in Microsoft Azure and uses highly performant Azure Functions and Service Fabric (the Azure micro-service architecture) to be able to scale to enormous levels far exceeding the maximum demand. Our platform also has been designed to maximise interoperability to avoid consumption of one resource to have a knock-on affect to others.


Service usage metrics Yes
Metrics types We provide service status metrics and dashboards, logging of all user activity which can be extracted via an API or Webhooks, and custom service reports on demand.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold I Am Cloud

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data is typically synchronised from a customer's source system in the first place - so there is normally no need to export data. However a data export could be achieved through integration with a desired destination SQL database or via CSV export.
Data export formats
  • CSV
  • Other
Other data export formats
  • SQL
Data import formats
  • CSV
  • Other
Other data import formats
  • SQL

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability We provide a 99.9% up-time SLA. Additional days of free usage - up to 14 days per month - is provided as service credit if we don't meet the SLA. If we fall below 99% service in a month then 14 days is offered, if we fall between 99-99.9% in a given month, then 7 days credit is offered.
Approach to resilience Our platform runs across two Azure data centres with interoperability and no single points of failure to enable true fail-over. Our platform has been designed to scale intelligently with micro-services to ensure that load and peak demand don't impact service performance.
Outage reporting We have a public dashboard and customers can subscribe to email and/or text message alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Our admin interfaces all use RBAC - role-based access control, as does our support channel. The levels of this are defined by the Master Administrator of each customer.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 13/05/2016
What the ISO/IEC 27001 doesn’t cover ISO 27001 covers the full scope of our technology and main UK-based team. Out of scope is a small number of non-UK based employees whom we only allow restrictive access to our systems.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO 27001 certified, and run a monthly Security Group meeting to ensure compliance with the ISO 27001 standard is adhered to and continual business improvement around information security is achieved. This meeting is chaired by the IAM Technology Group Ltd Chief Operating Officer, Leon Mallett.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We document all security changes at a monthly Security Group meeting, and undertake internal security audits in compliance with ISO27001. We also have a stringent change-control for all updates to our technology, and a strict acceptance path for quality-assured software releasing.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have a number of advanced monitoring services detecting anomalous activity with our system and alerting systems to highlight them to our team. Security threats are treated as the highest possible priority, and we have adopted a model of continuous integration cloud-releasing model which means that releases can be pushed out to our whole cloud infrastructure in minutes.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our monitoring systems detect a range of different threats and our own internal logging system provides rich audit data for diagnostic threat analysis. If a thread is discovered it is registered in our Technical Service system as an 'urgent' bug, and development on lower priority tasks is suspended until the threat is fixed. We also conduct our own internal penetration testing as well as period tests from a third party pen testing specialist.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach In accordance with ISO 27001, we have pre-defined process for both incident management and business continuity. We have a customer support system that has pre-defined escalation paths for issues that fit a pre-defined 'incident'. We have several service-events that constitute an incident. If one of these events should occur, our Chief Customer Officer would assemble the incident management team. After an incident, such as a service outage, we provide a full RCA report to customers to describe the issue, the cause, the resolution and associated timelines.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £500 per licence
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We provide our storage integration service Cloud Drive Mapper free for a limited time period, typically 7 days but extendable on request.
Link to free trial


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑