Managed Cloud Solution

The vendor is required to provide managed cloud solution a hybrid on-prem and cloud-based, wireless onboarding, mobile-friendly portal to streamline the onboarding process for our managed, faculty and staff devices and unmanaged student devices.
- The system must fully support the following capabilities:
•    Automatic device 802.1x configuration software compatible with every OS, which includes guided user flow where necessary.
•    Configure for device or user certificates.
•    Enables easy configuration for server certificate validation.
•    From start to finish, configuration takes only a minute or two.
•    Support for iOS, windows, macOS, android, ChromeOS, Linux, and kindle.
•    Restrictive browser support.
•    SSL inspection for BYODs
•    Fully customizable onboarding page that can be edited as necessary, including the design, instructions, and which operating systems are supported.
•    Ability to create multiple landing pages for various types of access, such as for our guest network or Eduroam.
•    Onboard for whichever protocol we need, including PEAP, EAP and TTLS-pap, or EAP-TLS.
•    Connection reporting, device analytics, and remote troubleshooting.
•    Give your helpdesk access to reporting, with reports on onboarding logs, radius logs, and more.
•    Integrate with multiple identity engines including SAML, ad, ENTRAID, LDAP, etc.
•    API gateways – universal SCEP, ad and Intune API, JAMF integration.
•    Zero-touch certificate distribution and renewal via extensive APIs including SCEP, json, WSTEP, Est, and more
•    Auto-revoke certificates through our MDM when a user and device leaves the organization. 
•    Proven integration with all major MDMS including JAMF, Intune, ad domain, workspace one, Mobileiron, Meraki,
•    Completely customizable certificate authorities and templates for all user and machine certificates.
•    Integration with acme for automation to ensure only a trusted device connects to the network.
•    Guest wi-fi access – self-registration, device-registration, encrypted guest via Gmail id and SMS, sponsored and trusted guest ids.
•    Individual client and cs creation via CSR.
•    Extended key usage (EKU) – client and server authentication, application access, code-signing, email protection, KDC authentication, IKE IP security.
•    External SSO login.
•    Full-fledged API support.
•    Third party ca support.
•    Real-time intelligence for all our services.
•    Intuitive single-pane management with granular control of certificate lifecycles.

- Contract Period/Term: 1 year