University of North Carolina at Charlotte REQUEST FOR INFORMATION
RFI #66-140025 SB
Identity Management Project UNC Charlotte Information Technology Services
Issue Date: November 26, 2013
Submissions will be received until 2:00 PM, Thursday, December 19, 2013
Direct ALL inquiries concerning this RFI to:
Scott Brechtel, Purchasing Manager
[email protected]
SEND ALL INFORMATION TO THE BELOW ADDRESS: RFI # 66-140025 SB UNC Charlotte Purchasing Department (Reese Bldg.) 9201 University City Blvd Charlotte, NC 28223
1
Instructions to Respondents 1. UNC Charlotte is not obligated to any course of action as the result of this RFI. Issuance of this RFI does not constitute a commitment by UNC Charlotte to issue a Request for Proposal or to award any contract. 2. All responses, inquiries, or correspondence relating to or in reference to this RFI, and all other reports, charts, displays, schedules, exhibits, and other documentation submitted by respondents shall become the property of the University when received. 3. UNC Charlotte will not pay for any information herein requested, nor will it be liable for any other costs incurred by any respondent related to the preparation or delivery of the response to this RFI. 4. By submitting a response, respondent agrees that UNC Charlotte may copy the response information for purposes of facilitating review or to respond to a formal public records request. The respondent consents to such copying by submitting a response and warrants that such copying will not violate the rights of any third party. UNC Charlotte will have the right to use ideas or adaptations presented in the response. 5. Any request for confidential treatment of information must be included in a cover letter with the respondent’s RFI response. The request must also include the name, address, and telephone number of the person authorized by the respondent to respond to any inquiries concerning the confidential status of the materials. All materials which are requested to be held confidential are to be marked confidential. 6. Ideas, approaches, and options presented by respondent may be used in whole or in part by the University in developing a Request for Proposals (RFP) should the University decide to move forward with seeking outside services. Further, combinations of ideas from various respondents may also become part of an RFP, based on the consideration of the various submissions and the needs of the University, which may differ from respondent’s experiences in other places. 7. This solicitation is simply a request for information that addresses the questions posed below. Please do not submit any proposed solutions or pricing with your response to this RFI. 8. As part of your response to this RFI, please feel free to include any additional comments or suggestions that your company believes would be helpful.
2
Section I: Introduction The University of North Carolina at Charlotte was established in 1965 by the North Carolina General Assembly which transformed Charlotte College, with beginnings in 1946, into a campus of The University of North Carolina. It is organized into the following seven colleges: College of Arts & Architecture, College of Liberal Arts & Sciences, College of Business, College of Education, College of Engineering, College of Health and Human Services, and the College of Computing and Informatics. It offers a broad array of degree programs at the undergraduate, graduate, and doctoral levels and also in graduate certificate programs Enrollment is approximately 25,000 with 19 % of the students pursuing graduate degrees. The university is expected to reach enrollment of thirty thousand students by the year 2020.
Section II: Purpose The University of North Carolina at Charlotte, hereinafter referred to as ‘University,’ seeks information through this Request for Information (RFI) to define the methodology, time, resources, tools, etc. that should be included in a future Request for Proposals (RFP) that will be issued to address identity management on campus. The University may choose to issue an RFP to obtain these services, however, this RFI is not a guarantee that an RFP will be issued for some or all of the services about which ideas and approaches are being sought. This is a request for information only and not an offer to contract; an RFP may or may not follow this RFI. Section III: Scope The University is interested in collecting information from external respondents, also referred to as ‘respondents,’ about how best to meet the objective and goals stated below. Respondents should submit information that will meet or exceed requirements stated in this document. Background Identity and access management are the policies, tools, and processes with which access to university resources are controlled. In other words, “Who has access to what, where and when?” At UNC Charlotte, this includes access to digital resources (systems and data), but also can include access to physical resources (building access, library and departmental resources, etc.). The overall identity management framework attempts to manage the intersection of relevant departmental, university, state and federal rules, laws and policies with individuals based on their defined affiliation with the university. One of the software components of UNC Charlotte’s current identity management infrastructure, WaveSet (also referred to as Password Manager), is nearing the termination of its support contract, with de-support anticipated no later than Dec 31, 2014. Thus, an alternative solution will be required. It is important as we review alternatives that we understand the functional business requirements associated with provisioning, updating and de-activating accounts, and the needs of the institutional and departmental resources that depend upon the identity management framework.
Scope of Project UNC Charlotte is looking to update, modify, or replace the components of its current identity management solution per the following. Please provide information that we should consider with regard to features and characteristics, as well as implementation and maintenance considerations, related to each service or topic. 3
Source Systems: •
Banner (HR and Student) will continue to be the source systems for employee and student information, as well as for many of our guests.
•
As we consider the possibility of other source systems, what characteristics of an identity management solution are important to handle this potential requirement? Please respond not only with respect to the solution features but also related to the implementation and maintenance activities that this feature may entail.
Manage Identity: •
Account provisioning, enabling, disabling, and deleting
•
Password/credentials management and synchronization.
•
What do we need to consider with respect to cloud-based or Software-as-a-Service (SaaS) solutions?
•
What do we need to consider for features such as multi-factor authentication?
Manage Groups and Manage Privileges: •
Privilege management, including role and group administration
•
Auditing, monitoring and reporting
UNC Charlotte needs outside input to be able to confirm the scope and conceptual model of the solution and to develop the project plan for this initiative. Please provide input to help us define the factors we need to consider related to the selection and implementation of an identity management solution. Please comment on the following bullets we anticipate as being included in the scope: •
Account provisioning, enabling, disabling, and deleting
•
Password/credentials management and synchronization
•
Privilege management, including role and group administration
•
Auditing, monitoring and reporting
We do not anticipate including the below in the scope of this project; should we reconsider? •
Modification of our current authentication mechanisms for partner systems and federated partners. While we currently have Shibboleth available for certain federated partners, most authentication is currently done via LDAP against our MS AD. Expanding our capabilities for web-based authentication (e.g., with Shibboleth or CAS) is a separate UNC Charlotte initiative.
Project Success Criteria Provide input related to considerations UNC Charlotte should keep in mind as we develop our project success criteria. Please detail the objectives, the respective criteria that would make each objective a success, and the deliverables related to each.
Constraints All projects have constraints, both internal to the organization as well as those that are dependent upon external factors. UNC Charlotte would like input to help us identify the externally-dependent constraints related to this project. 4
Dependency Linkages Based upon the limited background information we have provided in this RFI regarding our current environment, are there any dependencies that we should consider as we plan for a deployment of a new identity management solution? Organizational Impact At a macro level, identity management impacts the entire university community: over 31,000 users across all departments. Given the scale of this project, what are strategies and techniques we can utilize in order to minimize any potential negative impact? At a more micro level, certain organizations and individuals will be impacted based on potential changes to business processes or workflows. What techniques or considerations should we plan for to identify these areas to ease any transition issues?
Assumptions Please provide input to possible assumptions we might anticipate or should be aware of for this project, by either UNC Charlotte or our future vendor. Please provide enough specific detail about each potential assumption to make the intent clear.
Roles and Project Stakeholders What should be the make-up of the project team? What are the key factors UNC Charlotte should consider in determining project roles for this initiative? In addition to project sponsor and manager, what other roles are important to the success of this type of project? If possible, please provide your estimate of the effort involved for each role as either full time, part time, percentage effort, or FTE.
Project Phases Are there things UNC Charlotte should consider with respect to phasing? Are there options for a phased deployment or should it be all-at-once? If there are phasing options, what are they and what factors should influence our decision-making in this area?
Project Schedule As a university, many projects are scheduled with the academic calendar in mind to minimize the impact to our faculty and students, and the staff who support them. What scheduling considerations should we keep in mind vis-à-vis a typical academic environment?
5
Section IV: Submission Content and Format The University expects concise, detailed, point-by-point responses to each of the questions posed in this RFI. The University is not interested in brochures or boilerplate advertising materials. Instead, vendors are encouraged to submit a response outlining options and approaches the University may wish to consider should it decide to proceed in seeking analysis, design, and implementation of identity management services. Respondents are encouraged to suggest additional options or ideas that should also be considered, even if they are not specifically outlined in the scope of this RFI, if the respondent considers these to be essential to drive innovation, improve performance, and achieve maximum cost savings. Please also include a brief executive summary of your company with your submission. Respondents shall submit their information packet via one (1) paper, hard copy and one (1) electronic copy on a USB thumb drive or CD no later than 2:00 PM, December 19, 2013. Submissions should be clearly labeled with the RFI number and sent to the address listed on page #1 of this document. If the respondent fails to provide pieces of requested information, the University may, at its sole option, ask the respondent to provide the missing information, or may evaluate the submittal without the missing information.
6
