Identity Access Management System

Agency: State Government of North Carolina
State: North Carolina
Type of Government: State & Local
NAICS Category:
  • 541511 - Custom Computer Programming Services
  • 541512 - Computer Systems Design Services
  • 541519 - Other Computer Related Services
Posted Date: Mar 3, 2020
Due Date: Apr 29, 2020
Solicitation No: 41-100358-001
Bid Source: Please Login to View Page
Contact information: Please Login to View Page
Bid Documents: Please Login to View Page
Bid Number Description Date Issued Bid Opening Date Bid Opening Time Help
41-100358-001 Identity Access Management System
Vendor Questions due by March 16, 2020 at 10:00am EST
3/2/2020 4/29/2020 2:00 PM ET 41-

Attachment Preview

STATE OF NORTH CAROLINA
Department of Information Technology
Refer ALL inquiries regarding this RFP to:
Leroy Kodak]
leroy.kodak@nc.gov]
[919-754-6665]
REQUEST FOR PROPOSAL
NO. 41-100358-001
Offers will be publicly opened: April 29, 2020 at
2:00pm EST
Issue Date: March 2, 2020
Commodity Number: 920
Description: Identity Access Management System
Using Agency:
Technology
Department of Information
Requisition No.: None
OFFER
The State solicits offers for Services and/or goods described in this solicitation. All offers and responses received
shall be treated as Offers to contract.
EXECUTION
In compliance with this Request for Proposal, and subject to all the conditions herein, the undersigned offers and
agrees to furnish any or all Services or goods upon which prices are offered, at the price(s) offered herein, within
the time specified herein. By executing this offer, I certify that this offer is submitted competitively and without
collusion.
Failure to execute/sign offer prior to submittal shall render offer invalid. Late offers are not acceptable.
OFFEROR:
STREET ADDRESS:
P.O. BOX:
ZIP:
CITY, STATE & ZIP:
TELEPHONE NUMBER: TOLL FREE TEL. NO
PRINT NAME & TITLE OF PERSON SIGNING:
FAX NUMBER:
AUTHORIZED SIGNATURE:
DATE:
E-MAIL:
Offer valid for one hundred twenty (120) days from date of offer opening unless otherwise stated here: ____
days
ACCEPTANCE OF OFFER
If any or all parts of this offer are accepted, an authorized representative of the Department of Information
Technology shall affix their signature hereto and any subsequent Request for Best and Final Offer, if issued.
Acceptance shall create a contract having an order of precedence as follows: Best and Final Offers, if any, Special
terms and conditions specific to this RFP, Specifications of the RFP, the Department of Information Technology
Terms and Conditions, and the agreed portion of the awarded Vendor’s Offer. A copy of this acceptance will be
forwarded to the awarded Vendor(s).
FOR DIT USE ONLY
Offer accepted and contract awarded this date
by
Technology).
, as indicated on attached certification,
(Authorized representative of Department of Information
Page 1 of 54
Rev. 2019/07/01
Table of Contents
1.0 Procurement Schedule................................................................................................................4
2.0 Purpose of RFP...........................................................................................................................4
2.1 Introduction .............................................................................................................................. 4
2.2 Contract Term .......................................................................................................................... 5
2.3 Contract Type .......................................................................................................................... 5
2.4 Agency Background.................................................................................................................5
2.5 Problem Statement .................................................................................................................. 5
3.0 RFP Specifications ...................................................................................................................... 6
3.1 General Specifications ............................................................................................................. 6
3.2 Security Specifications ........................................................................................................... 10
3.3 Enterprise Specifications ....................................................................................................... 11
3.4 Business and Technical Specifications .................................................................................. 12
4.0 Cost of Vendor’s Offer...............................................................................................................18
4.1 Offer Costs.............................................................................................................................18
4.2 Travel Expenses .................................................................................................................... 18
4.3 Milestone Payment Schedule ................................................................................................ 18
5.0 Evaluation ................................................................................................................................. 18
5.1 BEST value ............................................................................................................................... 18
5.2 Source Selection ....................................................................................................................... 18
5.3 Best and Final Offers (BAFO) ................................................................................................ 19
5.4 Evaluation Criteria.................................................................................................................. 19
5.5 PAST PERFORMANCE.........................................................................................................19
5.6 EVALUATION METHOD........................................................................................................19
6.0 Vendor Information and Instructions ......................................................................................... 20
6.1 General Conditions of Offer ................................................................................................... 20
6.2 General Instructions for Vendor ............................................................................................. 21
6.3 Instructions for Offer Submission ........................................................................................... 23
7.0 Other Requirements and Special Terms ................................................................................... 27
7.1 Vendor Utilization Of Workers Outside of U.S. ...................................................................... 27
7.2 Financial Statements ............................................................................................................. 27
7.3 Financial Resources Assessment, Quality Assurance, Performance and Reliability ............. 27
7.4 Vendor’s License or Support Agreements ............................................................................. 27
7.5 ResellerS ............................................................................................................................... 28
7.6 Security and Background Checks .......................................................................................... 28
7.7 Assurances ............................................................................................................................ 28
7.8 Confidentiality of Data and Information .................................................................................. 28
Attachment A: Definitions....................................................................................................................32
Attachment B: Department of Information Technology Terms and Conditions.................................... 34
Attachment C: Agency Terms and Conditions - Reserved .................................................................. 46
Attachment D: Description of Offeror .................................................................................................. 47
Attachment E: Cost Form....................................................................................................................49
Attachment F: Vendor Certification Form ............................................................................................ 50
Attachment G: Location of Workers Utilized by Vendor ...................................................................... 51
Attachment H: References .................................................................................................................. 52
Page 2 of 54
Rev. 2019/07/01
Attachment I: Financial Review Form ................................................................................................. 53
Attachment J: Firm’s Tax Identification Information ............................................................................ 54
Page 3 of 54
Rev. 2019/07/01
1.0 PROCUREMENT SCHEDULE
The Agency Procurement Manager will make every effort to adhere to the following schedule:
Action
RFP Issued
Written Questions Deadline
Responsibility
DIT
Potential Vendors
Agency’s Response to Written Questions/
RFP Addendum Issued
Offer Deadline / Bid Responses Due
DIT
Vendor(s)
Offer Evaluation
Selection of Finalists
Oral Presentations and/or Product Demonstrations by
Finalists
Negotiations with Finalists
Best and Final Offers Deadline from Finalists
Contract Award
Protest Deadline
DIT
DIT
Selected Vendors
DIT and Selected
Vendors
Selected Vendors
DIT
Responding Vendors
Date
3/2/2020
3/16/2020 at
10:00am EST
3/31/2020
4/29/2020 at
2:00pm EST
5/1/2020
6/1/2020
6/12/2020
6/19/2020
6/30/2020
7/1/20200
15 days after
award
2.0 PURPOSE OF RFP
2.1 INTRODUCTION
The purpose of this RFP and any resulting contract award is to solicit proposals for an Identity and Access
Management Managed Service (IAM-MS) for the State of North Carolina government. The service will
provide citizens of the state of North Carolina, as well as others who may have a need to interact with state
government resources, an account that will enable authenticated access to on-premise and cloud-based
resources. The IAM-MS will have three major components: a data repository with all user identity information
collected, a directory service that provides a master authentication and authorization resource, and
federation software that enables single sign-on (SSO) functionality for users.
The NC DIT is seeking proposals and pricing from qualified firms for providing the services described in
this RFP. DIT desires a single vendor contract for these services using its own resources or through
subcontracts with other vendors. However, the vendor remains solely responsible for the work
performed by its subcontractors. Vendors are encouraged to suggest any creative approach to meet the
IAM-MS requirements while keeping costs low and allowing for long term fiscal and operational
sustainability.
It is important to note that in addition to the scope of work outlined below, the State is looking to the
future and planning for the next generation of identity management. Long-term, the State is seeking to
implement a distributed identity store with a token-based claim process and cryptographically signed
permissions. Further, the State seeks to authenticate citizens as they interact with services in a way that
captures and validates micro-credentials. For instance, a citizen who has passed the driver's test can
Page 4 of 54
Rev. 2019/07/01
hold a driver's license credential, a citizen who holds a verifiable education degree and who has passed
certain licensure exams can hold a teaching license, and so on.
2.2 CONTRACT TERM
A contract awarded pursuant to this RFP shall have an effective date as provided in the Notice of Award.
The term shall be Five (5) year(s), with Two (2) optional two (2) year renewals, and will expire upon the
anniversary date of the effective date unless otherwise stated in the Notice of Award, or unless terminated
earlier.
2.3 CONTRACT TYPE
Definite Quantity Contract - This request is for a close-ended contract between the awarded Vendor and the
State to furnish a pre-determined quantity of a good or service during a specified period of time.
The State reserves the right to make partial, progressive or multiple awards: where it is advantageous to
award separately by items; or where more than one supplier is needed to provide the contemplated
specifications as to quantity, quality, delivery, service, geographical areas; and where other factors are
deemed to be necessary or proper to the purchase in question.
2.4 AGENCY BACKGROUND
NCID is the current identity management and access service provided to State employee, local government,
business, and citizen users by the Department of Information Technology. NCID provides a provisioning
environment for managing application access. The service infrastructure provides a unified platform for
business authentication and authorization. The purpose of this RFP is to decouple citizen identity
management from NCID.
The NCID service utilizes NetlQ Identity Manager as the identity store and primarily provides authentication
services to applications custom developed for NC agencies. The service is currently utilized by approximately
Eighteen (18) different State agencies with more than One hundred-twenty (120) applications. Integration
methodologies include: web services, Security Assertion Markup Language (SAML), proxy, and directory
synchronization.
Business and individual citizen NCID users self-register through a registration portal. Authorization for
applications typically is handled by the application owner. It may be set up so that everyone with a particular
attribute can access an application, or the application owner may allow specific identities only.
2.5 PROBLEM STATEMENT
The NC Department of Information Technology (DIT) is seeking a SaaS solution that can scale to handle
millions of identities. The solution should support BYOID to allow citizens to register existing identities and
should provide identity proofing/verification or support outsourcing this functionality to a third party. The
solution must be able to be configured to comply with all current and future privacy regulations, such as the
California Consumer Privacy Act. The solution should also support relationships between identities, such as
parent/child, verifiable through identity proofing or other means. DIT intends to leverage the chosen solution
as a global citizen identity, allowing access to resources owned by any state or local government entities.
The anticipated work effort needed to modernize the Identity Access Management Service for citizens is
complex and has many key aspects that can be executed in parallel or sequentially depending on
requirements, resources, cost, user impact, etc. The vendor proposal must identify how and when these
anticipated work efforts will be delivered. If the proposed solution will have a new architecture and/or
simplified processes and tooling, please note accordingly. Initial scoping of the solution should be for
approximately one million users, with scalability to ten million or more users.
Key aspects of modernizing the Identity Access Management service include, but are not limited to the
following:
Page 5 of 54
Rev. 2019/07/01

Sign-up for a Free Trial, Government Bid Alerts

With Free Trial, you can:

You will have a full access to bids, website, and receive daily bid report via email and web.

Try One Week FREE Now

See Also

Bid Number Description Date Issued Bid Opening Date Bid Opening Time Help SCO-18-18515-02A-11

State Government of North Carolina

Bid Due: 7/07/2020

Bid Number Description Date Issued Bid Opening Date Bid Opening Time Help 40-RQ22733979

State Government of North Carolina

Bid Due: 6/26/2020

Bid Number Description Date Issued Bid Opening Date Bid Opening Time Help 63-DMP716279

State Government of North Carolina

Bid Due: 6/10/2020

Bid Number Description Date Issued Bid Opening Date Bid Opening Time Help 367-OC5287

State Government of North Carolina

Bid Due: 6/26/2020