Section one: Contracting authority
one.1) Name and addresses
UK Research and Innovation
Polaris House ,North Star Avenue
SWINDON
SN21FF
Contact
DDaT Procurement
Telephone
+44 1793867005
Country
United Kingdom
NUTS code
UKK14 - Swindon
Internet address(es)
Main address
one.3) Communication
The procurement documents are available for unrestricted and full direct access, free of charge, at
https://uksbs.delta-esourcing.com/
Additional information can be obtained from the above-mentioned address
Tenders or requests to participate must be submitted to the above-mentioned address
one.4) Type of the contracting authority
Body governed by public law
one.5) Main activity
General public services
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
DDaT21551 - URKI Identity & Access Management
Reference number
DDaT21551
two.1.2) Main CPV code
- 72000000 - IT services: consulting, software development, Internet and support
two.1.3) Type of contract
Services
two.1.4) Short description
UKRI Identity & Access Management Solution
two.1.5) Estimated total value
Value excluding VAT: £15,000,000
two.1.6) Information about lots
This contract is divided into lots: No
two.2) Description
two.2.3) Place of performance
NUTS codes
- UK - United Kingdom
two.2.4) Description of the procurement
The final date and time for the submission of bids is 04/02/2022 at 14:00
DO NOT apply directly to the buyer.
All tender information MUST be submitted through the Delta eSourcing Portal.
Brief Description of Requirement
Launched in April 2018, UK Research and Innovation (UKRI) is a non-departmental public body sponsored by the Department for Business, Energy and Industrial Strategy (BEIS). UKRI brings together the nine councils, working together in innovative ways to deliver an ambitious agenda, drawing on our great depth and breadth of expertise and the enormous diversity of our portfolio.
Through our councils we maintain and champion the creativity and vibrancy of disciplines and sector-specific priorities and communities. Our councils shape and deliver both sectoral and domain-specific support.
We work with our stakeholders to understand the opportunities and requirements of all the different parts of the research and innovation landscape, maintaining the health, breadth, and depth of the system. The UKRI Digital, Data and Technology (DDaT) strategy has a vision to deliver services that maximise user productivity and empower effective decision making by unlocking UKRI business data and information.
Flexible and Secure is one of the strategic themes of the DDaT strategy to provide the enterprise grade Security that ensures that our assets are protected, and our legal obligations are met.
Identity Access Management (IAM) is the strategic initiative under Flexible and Secure theme of the DDaT strategy.
Aims
IAM Project Vision
The vision for the UKRI IAM Project is 'to deliver a modern intelligent identity and access management platform which provides Identity Governance and Administration (IGA) and Access Management (AM) services that encompass the entire organisation.'
To achieve the vision, the project will focus on delivering the following benefits:
• Reduced Risk
• Reduced Operational Costs
• Improved User Experience
• Improved Efficiency
Objectives
The objective of UKRI IAM Project is to deliver the strategic Identity Access Management (IAM) capabilities. To avoid ambiguity, the industry standard terminology is used to describe Identity Governance and Administration (IGA) and Access Management (AM) capabilities. The low-level requirements can be found in the "IAM Technical Compliance Requirements":
Identity Governance and Administration (IGA) Identity Policy management
Identity life cycle management
Roles and Entitlements management
Access requests and Workflow management
Provisioning and Fulfilment
Access certification
Identity Governance and Auditing
Identity analytics and reporting
Access Management (AM) Support internal and external identities
Directory and identity synchronization, including identity repository services
User self-service capabilities, including registration, password management, profile management and delegated administration
User authentication methods, multifactor authentication (MFA) and single sign-on (SSO)
Support advanced user authentication methods, such as Fast IDentity Online (FIDO) and Passwordless authentication
Authorisation and adaptive access
Access orchestration for decision tree support of external authentication and authorization methods
Support for UK AMF and modern identity protocols, such as Security Assertion Markup Language (SAML), OAuth, System for Cross-Domain Identity Management (SCIM) and OpenID Connect (OIDC).
Access enforcement for standard and nonstandard target applications
Proxy services, agents, or other mechanisms for nonstandard application enablement
Session management
Event logging, access analytics and reporting
BYOI integration
Developer self-service for application integrations and administration
Project Implementation Approach
As part of UKRI's 'Reforming Our Business' programme, a new environment has been created to deliver a single shared infrastructure for delivery of centralised unified IT services for the whole of UKRI. This environment is often referred to as 'Greenfield' and currently contains Active Directory, Azure AD, Microsoft 365, and other services.
The 'Business IT Unification' programme is migrating each of the councils from their legacy environments into the new 'Greenfield' environment.
The IAM project adopts a simplified implementation approach, which benefits other strategic UKRI programmes/projects.
The project is able to use internal UKRI resources to help the suppliers throughout the implementation phases.
The following table illustrates a phased approach for Financial Year 1 (2022-23), which is flexible. Bidders are encouraged to provide alternate implementation path that satisfies "IAM Technical Compliance Requirements".
Implementation Area Phase 1
(July 2022) Phase 2
(October 2022) Phase 3
(February 2023)
Greenfield / Non-Greenfield Greenfield Greenfield Greenfield and Non-Greenfield
User Population 3000 internal users
5000 external users Additional 3500 internal users
Additional 10000 external users Additional 3500 internal users (total 10,000 users)
Additional 15000 external users (total 30,000 users)
Identity Governance and Administration (IGA) Build IGA Foundational capabilities
Build a central identity vault
Authoritative sources integration for identities having HR record (Oracle HR and Workday)
Authoritative sources integration for identities NOT having HR record (AD, Azure AD)
Automatic provisioning of accounts to Greenfield AD and Azure AD
Lifecycle management of users (New Joiners and Leavers)
Support integration of identity vault with UKRI Staff Directory service Authoritative sources integration for identities from various sources requiring manual data feed (Supplier will configure 1 source per data feed pattern)
Guest Users management
Roles and entitlements management of Greenfield apps (supplier will configure 2 apps per pattern)
Access Catalogue, Access requests, workflows and automatic provisioning/deprovisioning of access (supplier will configure 2 apps per pattern)
Automatic provisioning of accounts to council-specific AD domains (maximum 2) and council-specific Azure AD tenants (maximum 2)
ServiceNow CMDB integration
Lifecycle management of users (Movers)
Access recertification
Roles and entitlements management of Non-Greenfield apps (supplier will configure 2 apps per integration pattern)
Automatic provisioning of accounts to council-specific AD domains (maximum 2) and council-specific Cloud tenants (maximum 2)
ServiceNow Ticketing integration
Segregation of Duties and Toxic combinations
Access Management (AM) Build Access Management Foundational capabilities
Integration of selected pilot apps (maximum 5) with Access Management foundational capabilities Integration of selected Greenfield apps (Supplier will configure 2 apps per integration pattern) with Access Management foundational capabilities Integration of selected Non-Greenfield apps (Supplier will configure 2 apps per integration pattern) with Access Management foundational capabilities
Please ensure you review all attached information to ensure a full understanding of this requirement. All attachments can be found with the Document Uploads tab within the Delta eSourcing Portal and in the associated Contracts Finder Notice.
This contract will be awarded based on the evaluation criteria as set out in the RFP document.
How to Apply
UK Shared Business Services Ltd (UK SBS) will be using the Delta eSourcing Portal for this procurement.
To register on the Delta eSourcing portal please use the link https://www.delta-esourcing.com/ and follow the instructions to register.
If you are already registered on the Delta eSourcing Portal and wish to participate in this procurement, please use the link: https://www.delta-esourcing.com/ and the follow the instructions to 'Log in'
Once you are logged into the system you will be able to link yourself into this procurement using the Access Code: 5DJDP8WMVM
The contract shall be in operation for an initial period of 2 years with the option to extend +1 +1 + 1, for a total of 5 years.
two.2.5) Award criteria
Quality criterion - Name: Technical / Weighting: 75
Price - Weighting: 25
two.2.6) Estimated value
Value excluding VAT: £15,000,000
two.2.7) Duration of the contract, framework agreement or dynamic purchasing system
Start date
21 March 2022
End date
20 March 2024
This contract is subject to renewal
Yes
Description of renewals
The contract can be extended on an annual basis till 2027.
two.2.10) Information about variants
Variants will be accepted: No
two.2.11) Information about options
Options: No
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Open procedure
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: Yes
four.2) Administrative information
four.2.2) Time limit for receipt of tenders or requests to participate
Date
4 February 2022
Local time
2:00pm
four.2.4) Languages in which tenders or requests to participate may be submitted
English
four.2.7) Conditions for opening of tenders
Date
4 February 2022
Local time
2:01pm
Section six. Complementary information
six.1) Information about recurrence
This is a recurrent procurement: No
six.2) Information about electronic workflows
Electronic ordering will be used
Electronic invoicing will be accepted
Electronic payment will be used
six.3) Additional information
All submissions will be assessed in accordance with the Public Procurement Regulations that apply to this opportunity.
Responses must be received by the date and time in the tender documentation; responses received outside of the deadline or not sent via the Delta eSourcing portal will not be accepted or considered by the Contracting Authority further for this opportunity. Interested organisations should ensure that they allow a sufficiency of time, prior to the deadline to allow all sections to be completed in full and any attachments to be uploaded.
As a user of the Delta eSourcing Portal you will have access to the Delta messaging service which facilitates all messages sent to you and from you, as well as other messages and updates in relation to any specific tender event. Please note that any and all information secured outside of the messaging service, shall have no merit or worth and should not be relied upon by any organisation submitting a tender response.
Please note it is your organisations responsibility to access these messages on a regular basis to ensure you have sight of all relevant information applicable to this opportunity.
The Contracting Authority expressly reserves the right:
i. not to award any contract as a result of the procurement process commenced by publication of this notice; and
ii. to make whatever changes it may see fit to the content and structure of the procurement; and under no circumstances as part of your organisations participation in this opportunity, will the Contracting Authority be liable for any costs incurred by any organisation as a result. If the Contracting Authority decides to enter into a contract with any successful organisation(s), this does not mean that there is any guarantee of subsequent contracts being awarded. Any expenditure, work or effort undertaken prior to contract award is accordingly a matter solely for the commercial judgement of your organisation in doing so.
About UK Shared Business Services
UK Shared Business Services Ltd (UK SBS) brings a commercial attitude to the public sector; helping our contracting authorities to improve efficiency, generate savings and modernise.
Where UK SBS is not named as the Contracting Authority within the documentation, UK SBS will be acting as an agent on behalf of the Contracting Authority.
Our broad range of expert services is shared by our customers. This allows our customers the freedom to focus resources on core activities; innovating and transforming their own organisations.
For full details of our partner base please review the following link: http://www.uksbs.co.uk/services/procure/contracts/Pages/default.aspx
six.4) Procedures for review
six.4.1) Review body
UK Shared Business Services Limited
Polaris House
Swindon
SN2 1FF
Country
United Kingdom
Internet address
https://www.uksbs.co.uk/pages/default.aspx
six.4.2) Body responsible for mediation procedures
UK Shared Business Services Limited
Polaris House
Swindon
SN2 1FF
Country
United Kingdom