Oracle Identity & Access Management
Fujitsu’s Oracle Identity Management Services can help enable the Customer to secure their cloud enterprise applications and data, their on-premise applications and data or a mix of both using common, standards-based authentication approaches. Fujitsu have proven their capability by implementing the UK Public Sectors largest shared service platform .
Features
- Fujitsu are an Oracle Global Cloud Service Provider
- We deliver centralised, policy-based authentication for web and cloud services
- Authentication to enterprise resources from many devices
- Identity Management Implementations providing secure IDs across applications
- Enterprise-class external authentication for apps, middleware and databases
- Deliver integration with Active Directory domains and ERP systems
- Implement federated cross-domain SSO integrated with client federation services
- A centralised, policy-based SSO/ZSO for Web and cloud services
- Implement pre-authentication checks allowing different authentication and access methods
Benefits
- Increased security by elimination of potential security threats
- Improved efficiency in integrating solutions with authentication systems
- Improved productivity through access to key applications
- Fujitsu help to reduce costs through reduced password management effort
- We offer improved collaboration without limitations of shared user data
- We can deliver integrated authentication across hybrid cloud solutions
- Reduce risk to your organisation by managing access to data
Pricing
£0 a unit
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
8 5 9 7 3 6 6 9 1 5 6 2 1 2 3
Contact
Fujitsu Services Limited
Sam Skinner
Telephone: 07867829234
Email: government.frameworks@fujitsu.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Various applications including Oracle ERP, HCM, Sales, CPQ, SCM, Service Cloud, Marketing Cloud
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- Oracle licenses for PaaS required
- System requirements
-
- Oracle or another PaaS service licenses
- Applications with REST or other APIs
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
P1 : Critical 2 hours
P2 : High 2 business days
P3 : Medium 5 business days
P4 : Low 10 business days - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Application support: Monday – Friday 09:00 – 18:00 UK time (excluding UK bank holidays) Infrastructure support: 24/7 for service affecting incidents (P1), Monday – Friday 09:00 – 18:00 UK time for all other cases. We do provide a technical account manager, a cloud support team, an account manager and escalation contacts.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Customisations to out-of-the box Oracle PaaS and SaaS products are also provided as per Oracle's best practices.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- The data does not belong to us but to the customer all along. We can also migrate workloads from Oracle Cloud to other cloud providers if the customer strategy changes.
- End-of-contract process
-
Handover and training can be arrange at an additional cost.
The customer will own the documentation which is produced as part of the contract agreement.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- Service Dependent
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Customization to out-of-the box Oracle PaaS and SaaS products are also provided as per Oracle's best practices.
Scaling
- Independence of resources
- By continuous monitoring usage metrics and capacity planning which is reported to customers on a monthly basis.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Service availability, Service usage, running costs.
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Oracle
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Depends on the Oracle PaaS and SaaS offering. Different tools will have different export features. A few examples are: database exports, configuration exports, content exports, etc.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- RMAN
- CMU Bundles
- WAR
- HTML
- Data import formats
-
- CSV
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- The application availability target is 98.5%. Infomentum can only meet this target provided that Oracle Cloud platform meets their target availability of 99.5%
- Approach to resilience
- To be provided by Oracle Cloud. Infomentum advises high availability and resilient architecture design.
- Outage reporting
-
1) E-mail alerts
2)Monitoring dashboards available to customers
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- ISO27001 standards are applied across all of our management interfaces
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Other
- Description of management access authentication
- See above
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 06/01/2022
- What the ISO/IEC 27001 doesn’t cover
- All is covered. The scope is: Consultancy, design, implementation and management of bespoke software and middleware solutions for content, information management, user experience and cloud-based hosting environments.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- All those defined in our ISMS including Access Control, Acceptable Usage, Secure Disposal, Cryptographic Controls, Remote Working, Data Protection, etc. The reporting is done through monthly audits and quarterly management reviews.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- ITILv3 based configuration and change management process are followed to ensure that changes are assessed, documented and approved. Configuration items in our CMDB are updated accordingly.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Every change is tested and solution components are regularly tested for security vulnerabilities.
We aim to apply security patches as soon as they are made available following release management process.
We subscribe to security forums and bulletins to keep up to date. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We base our processes on the ITILv3 Event Management and Incident Management processes.
Our response and resolution times are defined in our customer SLAs and as per customer agreement. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Provided on request.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Public Services Network (PSN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.Covid-19 recovery
Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.Tackling economic inequality
Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.Equal opportunity
Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.Wellbeing
Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.
Pricing
- Price
- £0 a unit
- Discount for educational organisations
- No
- Free trial available
- No