ORIGIN8TIVE CLOUD IDENTITY AND ACCESS MANAGEMENT SERVICES
Origin8tive have experience in securely configuring Microsoft Entra ID and integrating this with multiple Software as a Service (SaaS) applications, cloud providers and on-premises systems. We have integrated with AWS IAM Identity Center to provide federated access to AWS services and accounts for our customers.
Features
- Secure configuration of Microsoft Entra ID for various applications.
- Integration with AWS IAM Identity Center for federated access.
- Implementation of internet-scale identity management with AWS Cognito.
- Streamlined sign-up and sign-in process for mobile-centric applications.
Benefits
- Enhanced security with robust identity and access management solutions.
- Simplified access to AWS services and accounts with federated access.
- Efficient authentication flow for mobile-centric application users.
Pricing
£400 to £1,500 a unit a day
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 9 8 9 6 3 0 9 9 9 5 9 2 3 1
Contact
Origin8tive Ltd
Andrew Davies
Telephone: 01242 290320
Email: tenders@origin8tive.com
Service scope
- Service constraints
- Constraints defined by the selected cloud provider, these will be discussed with the customer during the initial phase.
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Priority 1 Support - for production system outages, 09:00 to 17:00 (UK time), Monday to Friday coverage and 2-hour response.
Priority 2 Support - for non-urgent production system incidents, 09:00 to 17:00 (UK time), Monday to Friday coverage and 5-hour response.
Priority 3 Support for non-production support incidents, 09:00 to 17:00 (UK time), Monday to Friday coverage and 8-hour response. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
-
Origin8tive will use the ITIL process for providing service management.
Priority 1 Support - for production system outages, 09:00 to 17:00 (UK time), Monday to Friday coverage and 2-hour response.
Priority 2 Support - for non-urgent production system incidents, 09:00 to 17:00 (UK time), Monday to Friday coverage and 5-hour response.
Priority 3 Support for non-production support incidents, 09:00 to 17:00 (UK time), Monday to Friday coverage and 8-hour response. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Origin8tive will work with you to understand your requirements and support you during the initial phase of the engagement. We will provide applicable training and documentation where required. Please see our service definition for further details.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
- Origin8tive will work with you to securely remove all data from the providers platform and ensure that all resources consumed are removed in the most suitable way for regulatory compliance.
- End-of-contract process
- As part of our initial planning activities, Origin8tive work with you to define what activities will be required at the end of the contract and this will form the basis of our quote and charges to you. The closure plan will detail transition activities such as data, access, and onward migration, including key dates and required milestones. Origin8tive Terms and conditions provide details of termination outside of the above standard planning and management services.
Using the service
- Web browser interface
- Yes
- Using the web interface
- The users will use the service via the selected public cloud providers web console.
- Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
- Users will be able to use all of the selected pubic cloud provider APIs for deploying, configuring and managing cloud resources.
- API automation tools
-
- Ansible
- Chef
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- Users will be able to use the selected cloud providers cli to deploy, configure and manage all support cloud resources.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Origin8tive work with you to understand your requirements, we then design a solution that is scalable to meet those requirements. We will ensure that your resources are distributed across the provider availability zones and regions and ensure that appropriate routing, load balancing and caching are configured to ensure that spikes in provider demand do not impact your service.
- Usage notifications
- Yes
- Usage reporting
-
- API
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- Memory
- Network
- Number of active instances
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- AWS and AZURE
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- Backup controls
- Origin8tive will provide detailed documentation on how to configure the backup service using the chosen cloud providers console and any customisations that have been provided as part of the delivery. Configurable policies are used to control what and when is backed-up.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- Origin8tive provide compute hosting and storage from multiple public and private cloud providers. We work with you to select the most suitable provider for your requirements, once this selection has been made we can discuss the SLAs from that provider and ensure this meets with your requirements.
- Approach to resilience
- Origin8tive provide compute and storage hosting from many public and private cloud providers. During the design phase we will work with you to ensure the solution is resilient to various outages that are applicable to your requirements. This could involve distributing resources across many availability zones, regions, ensuring the correct placement within a zone, having appropriate load balancing, and many other considerations.
- Outage reporting
- Origin8tive will work with you ensure that you are informed of all outages in the most appropriate manor for your requirements. All public and private cloud providers will detail any outages that they are experiencing, Origin8tive will then notify you of these.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Origin8tive uses the principle of least privilege along with Role Based Access Control (RBAC) or Attribute Based Access Control (ABAC) to restrict access to management and support interfaces. Only resources that require access to those interfaces are added to the appropriate groups.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Cyber Essentials and Cyber Essentials Plus
- Information security policies and processes
-
At Origin8tive we take the security and the responsibility of protecting your data seriously. With our roots in Secure Government contracts, we are familiar with the rigour and adherence to policy required to ensure our infrastructure and customer data remains safe and secure.
Origin8tive use the National Cyber Security Centre (NCSC) 14 cloud security principles throughout our product lifecycle, through design, implementation, support and retirement, ensuring our products and solutions are on a secure footing.
All changes to our infrastructure and customer solutions must follow our Information Technology Infrastructure Library (ITIL) services management change control process where changes are evaluated against appropriate hardening and quality standards including the NCSC platform guidelines. The change process provides a formal control point to ensure compliance to Origin8tive and customer requirements.
Origin8tive mandates that labelling for any data held within our platforms ensures that the appropriate protections to be put in place. This is within our wider adoption of the NCSC Cyber Assessment Framework (CAF).
Origin8tive personnel hold a variety of security clearances ranging from BPSS to DV.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Origin8tive deliver services and resources using multiple public and private cloud providers. All changes to our infrastructure and customer solutions must follow our ITIL services management change control process where changes are evaluated against appropriate hardening and quality standards including the NCSC platform guidelines. The change process provides a formal control point to ensure compliance to both Origin8tive and your requirements. Where applicable, resources are configured using Infrastructure as Code (IaC) and these are checked-in to an appropriate configuration management system. We also use the cloud providers vulnerability scanning and configuration services to detect potential issues.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Origin8tive deliver services using multiple public and private cloud providers, we implement their native vulnerability scanning capability that reviews virtual machines, container images and source code. We provide notifications from this scanning to ensure that appropriate resources are alerted and remediation can be implemented.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Origin8tive delivers services from multiple public and private cloud providers, each of these deploys monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network or application bandwidth-usage. Devices monitor:
• Port scanning attacks
• Usage (CPU, processes, disk utilisation, swap rates, software-error generated losses)
• Application metrics
• Unauthorised connection attempts - Incident management type
- Supplier-defined controls
- Incident management approach
- Origin8tive's Incident Management Policy is in place to ensure that incidents that arise within the organisation are managed appropriately. This policy covers incidents concerning data loss, data leakage, data handling security incidents, and breaches in Origin8tive policy. Origin8tive has an established and consistent incident management framework to ensure that incidents are identified, managed, contained, and mitigated.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Other
- Other virtualisation technology used
- Public and private cloud provider proprietary
- How shared infrastructure is kept separate
- Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualised operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Origin8tive deliver services from multiple public and private cloud providers each have their own energy-efficiency code of conduct.
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Origin8tive have committed up to £30,000 in staff costs for volunteering within our community, further improving community cohesion and supporting stewardship of the environment. We plan to push the volunteering initiative towards focusing on organisations supporting environmental protection and improvements in social value. As part of our ongoing efforts to be carbon-positive, we strive to deliver cutting edge solutions to all our clients whilst supporting the sustainability of our global environment. For every contract we win and each new member of the team we recruit, Origin8tive will plant hundreds of trees through Ecologi. Origin8tive offers both an electric car scheme and cycle to work scheme for its employees to promote the reduction of impact on our environment through carbon emissions by around a quarter through work related travel and commuting. Origin8tive are committed to reporting on the impact of social value throughout the lifetime of the Framework Agreement and we will report this to customers at a minimum of every 12 months from the Framework Agreement start date.Tackling economic inequality
As a growing organisation, our social value priorities are based on elements which increase our capability and team size. The core belief behind this is the investment in future learners and workers. Origin8tive have established an apprenticeship scheme to create new jobs and new skills and increase our business resilience and capacity. Origin8tive have committed 3% of our revenue to this, and for future financial years, to re-invest through the recruitment of apprentices. This increases community cohesion by supporting our local colleges with Science Technology Engineering and Maths (STEM) and outreach activities. Having signed the Armed Forces Covenant, British Armed Forces Veterans now make up 11% of Origin8tive’s diverse workforce. This number is growing through work with the Career Transition Partnership, further improving our community cohesion and proving new skills and re-training and new jobs within our sector. Origin8tive are an accredited member of the Living Wage Foundation. The real Living Wage is the only UK wage rate based on the cost of living. We pay this voluntarily alongside over 14,000 UK businesses as we believe our staff deserve a wage which meets everyday needs - like the weekly shop, or a surprise trip to the dentist. Origin8tive are an accredited member of the Good Business Charter and commit this behaviour through all our contracts and engagements. This collectively covers care for our employees, suppliers, customers, and the environment whilst paying our fair share of tax. Origin8tive are committed to reporting on the impact of social value throughout the lifetime of the Framework Agreement and we will report this to customers at a minimum of every 12 months from the Framework Agreement start date.Equal opportunity
To redress the balance on workforce equality, one of our priorities in STEM and outreach is supporting women in technology. Origin8tive resources have supported outreach events to encourage around 250 school-aged females to become interested in STEM subjects. Origin8tive attracts talent from diverse groups by offering equal and transparent pay structures, flexible working, and part time roles. Origin8tive are committed to reporting on the impact of social value throughout the lifetime of the Framework Agreement and we will report this to customers at a minimum of every 12 months from the Framework Agreement start date.Wellbeing
Staff retention is key to our ability to grow and develop our workforce. Origin8tive has invested in several areas to improve the health and wellbeing of our staff. We invest £50,000 per annum in providing a weekly wellbeing hour which enables our team to improve their wellbeing and reconnect staff to our environment. Many of our resources choose outdoor exercise or reflection to reconnect to the environment. We offer a cycle to work scheme to promote the reduction and impact on our environment and improve the health and wellbeing of our staff. Origin8tive recruits and trains mental health first aiders, funds our employee assistance scheme and supports staff through longer full-term sickness payments to increase our commitments to customers through a more resilient resource supply chain. All our resources receive corporately funded healthcare and support, ensuring a healthy and capable workforce. Origin8tive are committed to reporting on the impact of social value throughout the lifetime of the Framework Agreement and we will report this to customers at a minimum of every 12 months from the Framework Agreement start date.
Pricing
- Price
- £400 to £1,500 a unit a day
- Discount for educational organisations
- Yes
- Free trial available
- No