Skip to main content

Help us improve the Digital Marketplace - send your feedback

Fujitsu Services Limited

Oracle Identity & Access Management

Fujitsu’s Oracle Identity Management Services can help enable the Customer to secure their cloud enterprise applications and data, their on-premise applications and data or a mix of both using common, standards-based authentication approaches. Fujitsu have proven their capability by implementing the UK Public Sectors largest shared service platform .

Features

  • Fujitsu are an Oracle Global Cloud Service Provider
  • We deliver centralised, policy-based authentication for web and cloud services
  • Authentication to enterprise resources from many devices
  • Identity Management Implementations providing secure IDs across applications
  • Enterprise-class external authentication for apps, middleware and databases
  • Deliver integration with Active Directory domains and ERP systems
  • Implement federated cross-domain SSO integrated with client federation services
  • A centralised, policy-based SSO/ZSO for Web and cloud services
  • Implement pre-authentication checks allowing different authentication and access methods

Benefits

  • Increased security by elimination of potential security threats
  • Improved efficiency in integrating solutions with authentication systems
  • Improved productivity through access to key applications
  • Fujitsu help to reduce costs through reduced password management effort
  • We offer improved collaboration without limitations of shared user data
  • We can deliver integrated authentication across hybrid cloud solutions
  • Reduce risk to your organisation by managing access to data

Pricing

£0 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 5 9 7 3 6 6 9 1 5 6 2 1 2 3

Contact

Fujitsu Services Limited Sam Skinner
Telephone: 07867829234
Email: government.frameworks@fujitsu.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Various applications including Oracle ERP, HCM, Sales, CPQ, SCM, Service Cloud, Marketing Cloud
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Oracle licenses for PaaS required
System requirements
  • Oracle or another PaaS service licenses
  • Applications with REST or other APIs

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 : Critical 2 hours
P2 : High 2 business days
P3 : Medium 5 business days
P4 : Low 10 business days
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Application support: Monday – Friday 09:00 – 18:00 UK time (excluding UK bank holidays) Infrastructure support: 24/7 for service affecting incidents (P1), Monday – Friday 09:00 – 18:00 UK time for all other cases. We do provide a technical account manager, a cloud support team, an account manager and escalation contacts.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Customisations to out-of-the box Oracle PaaS and SaaS products are also provided as per Oracle's best practices.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The data does not belong to us but to the customer all along. We can also migrate workloads from Oracle Cloud to other cloud providers if the customer strategy changes.
End-of-contract process
Handover and training can be arrange at an additional cost.

The customer will own the documentation which is produced as part of the contract agreement.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
Service Dependent
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customization to out-of-the box Oracle PaaS and SaaS products are also provided as per Oracle's best practices.

Scaling

Independence of resources
By continuous monitoring usage metrics and capacity planning which is reported to customers on a monthly basis.

Analytics

Service usage metrics
Yes
Metrics types
Service availability, Service usage, running costs.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Oracle

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Depends on the Oracle PaaS and SaaS offering. Different tools will have different export features. A few examples are: database exports, configuration exports, content exports, etc.
Data export formats
  • CSV
  • Other
Other data export formats
  • RMAN
  • CMU Bundles
  • WAR
  • HTML
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The application availability target is 98.5%. Infomentum can only meet this target provided that Oracle Cloud platform meets their target availability of 99.5%
Approach to resilience
To be provided by Oracle Cloud. Infomentum advises high availability and resilient architecture design.
Outage reporting
1) E-mail alerts
2)Monitoring dashboards available to customers

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
ISO27001 standards are applied across all of our management interfaces
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Other
Description of management access authentication
See above

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
06/01/2022
What the ISO/IEC 27001 doesn’t cover
All is covered. The scope is: Consultancy, design, implementation and management of bespoke software and middleware solutions for content, information management, user experience and cloud-based hosting environments.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
All those defined in our ISMS including Access Control, Acceptable Usage, Secure Disposal, Cryptographic Controls, Remote Working, Data Protection, etc. The reporting is done through monthly audits and quarterly management reviews.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ITILv3 based configuration and change management process are followed to ensure that changes are assessed, documented and approved. Configuration items in our CMDB are updated accordingly.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Every change is tested and solution components are regularly tested for security vulnerabilities.

We aim to apply security patches as soon as they are made available following release management process.

We subscribe to security forums and bulletins to keep up to date.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We base our processes on the ITILv3 Event Management and Incident Management processes.

Our response and resolution times are defined in our customer SLAs and as per customer agreement.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Provided on request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Public Services Network (PSN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.

Covid-19 recovery

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.

Tackling economic inequality

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.

Equal opportunity

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.

Wellbeing

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities, covid 19 recovery, equal opportnities, fighting climate change and wellbeing.

Pricing

Price
£0 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.