Centerprise International Ltd

Centerprise ID-as-a-Service by Idaptive

The Centerprise ID-as-a-Service by Idaptive delivers comprehensive AI-based, security-first approach to managing identities that’s adaptive and context-aware, and architected on Zero-Trust and least privilege access which dramatically reduces risk. The ability to manage and protect identities with various levels of privileges in multi-cloud environments improves overall security posture.

Features

• Application Federation enables SSO without passwords
• Password vaulting Not all applications support Federation.
• Idaptive solutions can still deliver SSO
• On-Premises Application Access support
• Directory Integration for most applications
• Authentication Methods Strong Identity Assurance
• Conditional access goes beyond authentication
• Identity Analytics uses machine learning to define individual user behaviour
• End users can request app access directly from the owners
• Application Provisioning User accounts are created with the appropriate access

Benefits

• Has a robust catalogue with thousands of pre-integrated apps
• Support custom apps through protocols
• Provides desktop SSO for both PCs and Mac workstations
• Provides external users with access to on premises web apps
• Admin can prevent the user from adding their own apps
• Quickly add username/password applications, without Vendor support
• Broad range of authentication factors
• Configurable to allow or block access
• Request access while providing justification
• Automatically provision application clients to end user devices

£20.29 to £36.52 a person a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersteam@centerprise.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

757849656581116

Contact

Tenders Team
01256 378 000
tendersteam@centerprise.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Most that support federation
• Cloud deployment model: Hybrid cloud
• Service constraints: No
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 15 minute response, 1 - 8 hour fix depending on priority (P1-3) Monday-Friday 8:00 to 18:00 UK time. Excludes weekends and Bank Holidays
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Overview. There are 3 Service Desk packages: Silver, Gold and Platinum. Silver Service Hours are 09:00 to 17:30 Monday to Friday (excluding UK Bank Holidays); Gold Service Hours are 08:00 to 20:00 Monday to Friday (excluding UK Bank Holidays); and Platinum Service Hours are 24x7x365. 2. Incident Target Resolution. Priority 1 - High. Service is completely unavailable or there is a critical impact on the Customer’s business operation: 4 hours. Priority 2 - Medium. The Service is severely degraded or there is a significant impact on the Customer’s business operation: 8 hours. Priority 3 - Low. The quality of the Service is degraded and is affecting one or more users: 16 hours. Priority 4 - Service Request. Customer is seeking a change to the Service: 5 working days. Service Credits. A Service Credit regime is used to recompense the Customer for failures to meet the agreed Service Level. Service Credits are valued as a percentage of the related Service Charges for the month.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Support for initial setup and configuration by providing virtual training and written documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted via the RestfulAPI and reporting toolset.
• End-of-contract process: Customers are notified towards the end of their contract. Should the contract end, portal access will be removed. There is no additional cost to end the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Additional mobile features include enterprise mobility management. The mobile device application can be utilised as a further authentication mechanism for MFA
• Service interface: No
• API: Yes
• What users can and can't do using the API: Idaptive RestfulAPI provides full functionality to setup and make changes to all functions of the cloud service. Where relevant there are command line tools available for direct configuration and querying of all parts of the Service.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The front end user and administrative interface is fully customisable and exposed via RestfulAPI. Some customisation options are included within the administrative portal; ; Roles, rights and auditing features can be fully customised to client requirements.; ; This can be conducted either via the console or the command line if the user has the required access level.; ; Granular access can be granted to discrete parts of the environment.

Scaling

• Independence of resources: Various deployment options, self-hosted and public cloud. The Idaptive public cloud option is a fully managed multi-tenanted cloud deployment and the service is automatically scaled upon customer demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics include but not limited to: number of audited systems and sessions.; Location based user access of successful and denied access.; Use of applications, application installation states; Mobile device metrics including number of devices, types of devices in the estate and compliance levels.; Use of multi-factor authentication for application access, infrastructure and service access.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Idaptive

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Idaptive provide a REST API to query data,; Data can also be exfiltrated via reporting mechanisms
• Data export formats:
  • CSV
  • Other
• Other data export formats: Rest API Extract
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Idaptive have three layers of redundancy to provide the highest levels of availability:; All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.; All customer data is additionally backed up to another datacenter within the same continent, for global failover if needed.; Idaptive leverages AWS datacentres, to take advantage of their best practices for fault tolerance and always-on availability
• Approach to resilience: Idaptive have three layers of redundancy to provide the highest levels of availability:; ; All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.; ; All customer data is additionally backed up to another data-centre within the same continent, for global failover, if needed.; ; Idaptive leverages Microsoft Azure datacentres, to take advantage of their best practices for fault tolerance and always-on availability; ; Further information is available on request
• Outage reporting: Idaptive provide a public dashboard to their cloud availability status https://www.idaptive.com/support/idaptive-trust/trust/; Should an outage occur customers will be informed via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: N/a
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 12/02/2018
• What the ISO/IEC 27001 doesn’t cover: N/A - Everything is covered by our ISO 27001 certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SecurityMetrics
• PCI DSS accreditation date: 10th November 2018
• What the PCI DSS doesn’t cover: N/A - everything is covered by our PCI DSS certification
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: In-line with the requirements of ISO 27001 and 20000, we've developed policies and procedures to support both standards and comply with the requirements of ISO 9001. E.g, our Information Security Policy includes the following internal policies/procedures: •IT Security Business Continuity Policy •Information Security Policy – Suppliers •CCTV Policy •CI Forensic Policy •Corporate Hospitality and Bribery Act •Access Control Policy •Policy Against Malicious Code •Child Protection Policy •Policy on the Secure Handling, Use, Storage, Retention and Destruction of Disclosure Information •Clear Desk Policy •Cryptographic Policy. The Information Security Policy has been produced and accepted by the Board. The policy is visible to all staff on SharePoint and all staff sign Appendix E of the policy, which is retained in the employee’s HR file. The importance of Information Security and the policy is covered in employee inductions and the Staff handbook. Security responsibilities are defined within our Information Security policy, which records the following managers: •Service Delivery Manager (Information Security Manager) •Security Controller •Group Quality Manager •Users – to comply with the IT Security Policy. Security Responsibilities are defined in the individual’s job description and employment contract.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All Change Management procedures are audited as part of our Information Security accreditations and all change logs are kept and audited as part of this process. We have clearly defined procedures for both customer and supplier initiated changes and all change requests are available for real-time review via our service management system.Responsibilities are defined in the individual’s job description and employment contract.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Multiple tools are used to block and monitor potential threats to the environment. If patches are required they are rolled out via automation tools to the environment through change control process where the criticality and impact is assessed and approved.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises will be detected by the SIEM. An alert will be created should the SIEM directives be triggered by various correlated events. Upon receipt of alert, the SOC team will investigate the incident. Depending on the criticality, a level 1 (highest) is investigated within 15 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow ITIL V3 for our incident management. Incidents can be reported via phone, web or email into our ticketing system. Incident reports are provided through the ticketing system with details provided around root cause analysis and remediation steps.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £20.29 to £36.52 a person a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Contact Centerprise for details

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersteam@centerprise.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.