Centerprise International Ltd

Centerprise ID-as-a-Service by Idaptive

The Centerprise ID-as-a-Service by Idaptive delivers comprehensive AI-based, security-first approach to managing identities that’s adaptive and context-aware, and architected on Zero-Trust and least privilege access which dramatically reduces risk. The ability to manage and protect identities with various levels of privileges in multi-cloud environments improves overall security posture.

Features

  • Application Federation enables SSO without passwords
  • Password vaulting Not all applications support Federation.
  • Idaptive solutions can still deliver SSO
  • On-Premises Application Access support
  • Directory Integration for most applications
  • Authentication Methods Strong Identity Assurance
  • Conditional access goes beyond authentication
  • Identity Analytics uses machine learning to define individual user behaviour
  • End users can request app access directly from the owners
  • Application Provisioning User accounts are created with the appropriate access

Benefits

  • Has a robust catalogue with thousands of pre-integrated apps
  • Support custom apps through protocols
  • Provides desktop SSO for both PCs and Mac workstations
  • Provides external users with access to on premises web apps
  • Admin can prevent the user from adding their own apps
  • Quickly add username/password applications, without Vendor support
  • Broad range of authentication factors
  • Configurable to allow or block access
  • Request access while providing justification
  • Automatically provision application clients to end user devices

Pricing

£20.29 to £36.52 a person a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersteam@centerprise.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 5 7 8 4 9 6 5 6 5 8 1 1 1 6

Contact

Centerprise International Ltd Tenders Team
Telephone: 01256 378 000
Email: tendersteam@centerprise.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Most that support federation
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
15 minute response, 1 - 8 hour fix depending on priority (P1-3) Monday-Friday 8:00 to 18:00 UK time. Excludes weekends and Bank Holidays
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Overview. There are 3 Service Desk packages: Silver, Gold and Platinum. Silver Service Hours are 09:00 to 17:30 Monday to Friday (excluding UK Bank Holidays); Gold Service Hours are 08:00 to 20:00 Monday to Friday (excluding UK Bank Holidays); and Platinum Service Hours are 24x7x365. 2. Incident Target Resolution. Priority 1 - High. Service is completely unavailable or there is a critical impact on the Customer’s business operation: 4 hours. Priority 2 - Medium. The Service is severely degraded or there is a significant impact on the Customer’s business operation: 8 hours. Priority 3 - Low. The quality of the Service is degraded and is affecting one or more users: 16 hours. Priority 4 - Service Request. Customer is seeking a change to the Service: 5 working days. Service Credits. A Service Credit regime is used to recompense the Customer for failures to meet the agreed Service Level. Service Credits are valued as a percentage of the related Service Charges for the month.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Support for initial setup and configuration by providing virtual training and written documentation
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted via the RestfulAPI and reporting toolset.
End-of-contract process
Customers are notified towards the end of their contract. Should the contract end, portal access will be removed. There is no additional cost to end the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Additional mobile features include enterprise mobility management. The mobile device application can be utilised as a further authentication mechanism for MFA
Service interface
No
API
Yes
What users can and can't do using the API
Idaptive RestfulAPI provides full functionality to setup and make changes to all functions of the cloud service. Where relevant there are command line tools available for direct configuration and querying of all parts of the Service.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The front end user and administrative interface is fully customisable and exposed via RestfulAPI. Some customisation options are included within the administrative portal

Roles, rights and auditing features can be fully customised to client requirements.

This can be conducted either via the console or the command line if the user has the required access level.

Granular access can be granted to discrete parts of the environment.

Scaling

Independence of resources
Various deployment options, self-hosted and public cloud. The Idaptive public cloud option is a fully managed multi-tenanted cloud deployment and the service is automatically scaled upon customer demand.

Analytics

Service usage metrics
Yes
Metrics types
Metrics include but not limited to: number of audited systems and sessions.
Location based user access of successful and denied access.
Use of applications, application installation states
Mobile device metrics including number of devices, types of devices in the estate and compliance levels.
Use of multi-factor authentication for application access, infrastructure and service access.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Idaptive

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Idaptive provide a REST API to query data,
Data can also be exfiltrated via reporting mechanisms
Data export formats
  • CSV
  • Other
Other data export formats
Rest API Extract
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Idaptive have three layers of redundancy to provide the highest levels of availability:
All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.
All customer data is additionally backed up to another datacenter within the same continent, for global failover if needed.
Idaptive leverages AWS datacentres, to take advantage of their best practices for fault tolerance and always-on availability
Approach to resilience
Idaptive have three layers of redundancy to provide the highest levels of availability:

All customer data is encrypted and backed up in three redundant local systems, for immediate local failover to hot backup.

All customer data is additionally backed up to another data-centre within the same continent, for global failover, if needed.

Idaptive leverages Microsoft Azure datacentres, to take advantage of their best practices for fault tolerance and always-on availability

Further information is available on request
Outage reporting
Idaptive provide a public dashboard to their cloud availability status https://www.idaptive.com/support/idaptive-trust/trust/
Should an outage occur customers will be informed via email.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
N/a
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ISOQAR
ISO/IEC 27001 accreditation date
12/02/2018
What the ISO/IEC 27001 doesn’t cover
N/A - Everything is covered by our ISO 27001 certification
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
SecurityMetrics
PCI DSS accreditation date
10th November 2018
What the PCI DSS doesn’t cover
N/A - everything is covered by our PCI DSS certification
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
In-line with the requirements of ISO 27001 and 20000, we've developed policies and procedures to support both standards and comply with the requirements of ISO 9001. E.g, our Information Security Policy includes the following internal policies/procedures: •IT Security Business Continuity Policy •Information Security Policy – Suppliers •CCTV Policy •CI Forensic Policy •Corporate Hospitality and Bribery Act •Access Control Policy •Policy Against Malicious Code •Child Protection Policy •Policy on the Secure Handling, Use, Storage, Retention and Destruction of Disclosure Information •Clear Desk Policy •Cryptographic Policy. The Information Security Policy has been produced and accepted by the Board. The policy is visible to all staff on SharePoint and all staff sign Appendix E of the policy, which is retained in the employee’s HR file. The importance of Information Security and the policy is covered in employee inductions and the Staff handbook. Security responsibilities are defined within our Information Security policy, which records the following managers: •Service Delivery Manager (Information Security Manager) •Security Controller •Group Quality Manager •Users – to comply with the IT Security Policy. Security Responsibilities are defined in the individual’s job description and employment contract.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All Change Management procedures are audited as part of our Information Security accreditations and all change logs are kept and audited as part of this process. We have clearly defined procedures for both customer and supplier initiated changes and all change requests are available for real-time review via our service management system.Responsibilities are defined in the individual’s job description and employment contract.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Multiple tools are used to block and monitor potential threats to the environment. If patches are required they are rolled out via automation tools to the environment through change control process where the criticality and impact is assessed and approved.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises will be detected by the SIEM. An alert will be created should the SIEM directives be triggered by various correlated events. Upon receipt of alert, the SOC team will investigate the incident. Depending on the criticality, a level 1 (highest) is investigated within 15 minutes.
Incident management type
Supplier-defined controls
Incident management approach
We follow ITIL V3 for our incident management. Incidents can be reported via phone, web or email into our ticketing system. Incident reports are provided through the ticketing system with details provided around root cause analysis and remediation steps.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£20.29 to £36.52 a person a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Contact Centerprise for details

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersteam@centerprise.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.