RFP #3142-10 ADDENDUM #1 & ACKNOWLEDGMENT OF ...

RFP #3142-10 ADDENDUM #1&ACKNOWLEDGMENT OF RECEIPTDescription: Federated Single Sign OnRFP #: 3142-10 Addendum #1Date: October 9, 2012This addendum includes the following information:Below are responses to some of the questions that were received. If your question was not specifically answered it isbecause we felt the question was not pertinent to your ability to respond to the RFP, it did not address what we arerequesting in the RFP, it is information that only the successful proposer will need and can be obtained when theystart working on the project, and/or the answer is already in the RFP package or available on our web site. NOFURTHER QUESTIONS WILL BE ACCEPTED OR ANSWERS PROVIDED.A. Responses to some of the questions received are as follows:Q: 4.2.4 Describe how the solution can provide Single Sign-On to Windows and Macintosh workstations. Is singlesign-on required to Windows and Macintosh Workstations or from the workstations to end points?A: The solution should be able to use the OS login as the entry to the single sign-on domain which then can beleveraged to authenticate web based services.Q: 4.2.8 Describe how the proposed solution can provide integrated Single Sign-On to MCCCD’s primary studentfacing applications: Are all applications web based, or are some of them thick apps?A: Excluding OS logins, all apps are web based.Q: 4.2.8.5 Windows desktop computers. Please describe in what way you want to Single Sign-On to a Windowsdesktop computers. Are you wanting to single sign on from one desktop to another?A: The solution should be able to use the OS login as the entry to the single sign-on domain which then can beleveraged to authenticate web based services.Q: 4.2.9 Describe how the system can provision accounts with SaaS providers such as Google, SirsiDynix, andInstructure. Can SirsiDynix and Instructure leverage web services? Can either solution dump a feed to something like aCSV file and take modification inputs back through the same file?A: SirsiDynix can do CSV feeds and will do web services in the near term. Instructure does both now.Q:Are the 11 different AD instances totally separate domains? Are there any connectivity issues or concernsbetween them?A: They are totally separate domains currently with trusts to the domain that his the system of record for accounts. Thisis a typical user domain-resource domain model. No connectivity problems as we have high speed redundant networks.Our desire is to not consolidate the domains due to management and coordination costs.· Q: What are the Operating Systems that MCCCD typically uses/provides for their VMs?A: Redhat Linux (5-6) and Windows (flavors of 2008).·Q: Are there any other Identity and Access Management products deployed in the MCCCD environment? If yes, whatproduct, vendor and version? If not, are there any current projects that will depend or introduce dependence on theFederated SSO project?A: The central system of record is based on AD and FIM.

·Q: Are there any fraud prevention and/or audit requirements that the project needs to account for in the solution design?A: Other than logging that would be standard for an authentication system, there are no special requirements needed inthe solution.Q: Section 4.2, Item 4.2.1 - Is the LDAP directory referred to in the RFP OpenLDAP?A: No. LDAP interface to ADQ: How many OpenLDAP directories are currently supported?A: No OpenLDAP.Q: How many Active Directory Directories (Forests) are currently supported?A: 1 Central Directory with user and group information. There are eleven independent AD Directories (in their ownforests) that will map resources to the central directory users. Some number of users may exist in the remote directories.Q: How may identities (in total) require SSO?A: 2.5 millionQ: Are identities synchronized between directories, if so which directories are synchronized?A: Identities are generated in the central directory and retained there.Q: Are OpenLDAP and AD directories under central management or do they have separate owners?A: All have separate owners.Q: During the Oral Presentation (if required), does MCCD expect vendors to provide a live productdemonstration?A: NoQ: How does the Signal Sign On initiative relate to MCCDs current environment that already has single identitymanagement system based on Microsoft Active Directory (AD) and Identity Lifecycle Management (ILM) containingall students, faculty, and staff? Will this be a replacement or advancement in features to current solution?A: Extension of feature set to include diverse SSO optionsQ: What resources will MCCCD make available to manage the project?A: A part time PM will be assignedQ: What kinds of hosting services are expected to be supported by the project iniative (i.e. cloud versus dedicated)? Itis anticipated that the number of SaaS offerings from diverse providers will grow in the future, can MCCCD provide alist of projected SaaS solutions?A: The goal is to as flexible as possible. Specific SaaS has not been identified beyond that listed in the RFPQ: Are offshore resources acceptable for the "Additional Services" component?A: NoQ: Was there any outside influence from vendors in the development of the RFP?A: NoQ: If a vendor desires, can it leverage MCCCD's existing Microsoft EA licenses?A: Identify any dependencies on MCCCD licensing in response.Q: Can MCCCD provide the current version of the SirsiDynix Symphony that is being used within theenvironment?A: 5.0.18Q: Where is MCCCD Canvas data located/hosted?A: InstructureQ: Are there enterprise licenses or enterprise standards that the vendor must comply with, ie Microsoft EnterpriseAgreements, Canvas Agreements, Google Agreemtents and/or SirsiDyniz?A: NoQ: If a vendor implemented a product in a country outside of the USA, can this implementation beused to meet minimum qualifications?A: Yes

Q: How and to what degree will the Signal Sign On align to other existing, widely adopted technicalstandards communities?A: We are looking for a SSO solution that supports a broad range of SSO technical standardsQ: What is the long-term governance model for the project, including governance over the code andspecification? What is the long-term business model for supporting, owning, and licensing theselected solution? What are the long-term SaaS hosting options, and therefore the data access and security expectations?A: We are looking for a COTS tool rather than a hosted service or developed software projectQ: MCCCD is asking for experience of implementations, does it have to be K - 12 specific? Will "work-in-progress"implementations be sufficient for meeting these qualifications?A: Higher Ed is preferred but heterogeneous environments are fine; work-in-progress notacceptable.Q: Will parents of students in grades require signal sign on access into a specific MCCCD webdashboard?A: Parents are not within our authentication population.Q: Does MCCCD vision students accessing their data through a web Dashboard and then accessingcontent based on a signal sign on process?A: We are envisioning more of a bookmark strategy though it may default to a future portal project(hence the need for diverse standards)Q: Will MCCCD require a proof of concept phase, meaning that vendors should use MCCCD data? Or,should vendors provide canned data to provide during this phase, if required?A: Canned data is fine. We also have dev systems.Q: Canvas, Google and SirsiDynix Symphony include specification for an Web Based Dashboard surrounding reportingcapabilities. Does the reporting dashboard factor into this bid? If so, how?A: Web based dashboard is not a requirement of this RFPQ: We interpret the requirement for “appropriate staffing to achieve the work identified in the RFP as organized perthese work streams” to mean that the specific number of staff members, based on role & qualifications, may bedetermined by the vendor. Is this accurate?A: YesQ: Will MCCCD leverage the published API to access student-level data, Identity Access Management through SAMLfederation systems? Can MCCCD provide vendors a list of Dashboards with users and roles forpermissions/authentication?A: This is being built for future implementationsQ: During implementation phase, what expectations does MCCCD have regarding vendor productdevelopment/ enhancements? Does MCCCD expect this project to encompass a large amount ofcustomization and development?A: We anticipate minimal customizationQ: What level of SAML 2.0 and OAuth are being used for federated identity (single sign-on) and access authorizationfor teachers to have students' data after students have matriculated beyond the teacher's classroom? Should a teacher beable to access personally identifiable data for students they have taught in the past by leveraging the solution?A: This solution provides authentication for all district wide resources. Authorization is the purview of the specificapplications. The solution should be able to provide role informationB. A Request For Proposal is a document we use when we are looking for companies to submitproposals that explain what their capabilities are, what services they offer, and various pricingschedules for different types of services offered. We have given you, to the best of our ability, anoutline (Scope of Work in Section 5 of the RFP) of what we are looking for. You, not MCCCD, arethe experts in providing these services to organizations like ours and you have the knowledge andexpertise we are looking for. We expect you to submit a proposal that gives specifics of yourcompany and what services you can offer MCCCD in response to the needs expressed in this RFP.

Please fill in the requested information below as acknowledgment that you have received thisaddendum as noted above. Please include a signed copy of this Addendum Acknowledgmentwith your proposal when it is submitted.Name of Firm:Address:Fax # : ( ) Tel. #:( )Name:(Print)Title:Signature:Date:E-Mail:__________________________________________________________________