Identity and Access Management Solution

The vendor is required to provide identity and access management solution a secure and efficient digital learning environment.
- Identity and access management (IDM) solution is critical to this mission, ensuring that students, teachers, staff, and parents have appropriate and secure access to the digital resources they need.
- Environment consists of a variety of systems, including but not limited to:
•    Oracle cloud (ERP)
•    Infinite campus student information system (sis)
•    Canvas learning management systems (LMS)
•    Google workspace
•    Microsoft 365
•    Tableau
•    Active directory and azure
•    PowerSchool and performance matters
- Must haves
•    Enhance security: implement a robust security framework that protects student and staff data, and ensures compliance with federal and state regulations, including the family educational rights and privacy act (FERPA) and the children's online privacy protection act (COPPA). 
•    Improve user experience: provide a seamless and user-friendly experience for all users through single sign-on (SSO) and self-service password management. 
•    Increase operational efficiency: automate the user lifecycle management process, from account creation to de-provisioning, to reduce the administrative burden on it staff. 
•    Centralize access control: establish a centralized system for managing access to all district applications and resources, with role-based access control (RBAC) to ensure users have appropriate permissions. 
•    Provide comprehensive reporting and auditing: gain visibility into user access and activity through detailed reporting and auditing capabilities to support security and compliance requirements. 
•    Automated creation, modification, and deletion of user accounts based on data from the district's sis and human resources (HR) systems. 
•    Support for various user roles, including students, teachers, administrators, support staff, parents and guardians, and temporary and substitute staff. 
•    Workflow for managing the entire user lifecycle, from onboarding to offboarding. 
•    A centralized SSO portal for secure and easy access to all district-approved applications. 
•    Support for multiple authentication methods, including multi-factor authentication (MFA). 
•    Integration with the district's existing directory services (e.g., on prem active directory, microsoft Entra id, and google workspace). 
•    Role-based access control (RBAC) to manage user permissions and access to resources. 
•    Granular administrator access roles. 
•    Self-service access request and approval workflows. 
•    The ability to manage access to both cloud-based and on-premises applications. 
•    Self-service password reset and account unlock capabilities for all users. 
•    Enforcement of strong password policies and regular password expiration. 
•    Synchronization of passwords across multiple systems. 
•    Comprehensive logging and reporting of all user access and administrative activities. 
•    Pre-built and customizable reports to support security audits and compliance requirements. 
•    Real-time alerts for suspicious or unauthorized activities. 
•    Staff and student options for IDM 
•    Sandbox environment 
•    Detailed audit trails and log files must be available, and reports must be easily created. 
•    Multiple options for 2 factor authentication, including but not limited to:
o    Authenticator app
o    SMS
o    Pin number
o    Badges
o    Images
o    Security keys.
- Software technical preferred requirements:
1. Implementation and testing
•    Deploy the new platform in a test environment for initial validation.
•    Conduct user acceptance testing (UAT) with aps stakeholders.
•    Implement the platform in the production environment upon successful testing.
•    Any software solution should, at a minimum, include a development and production environment.
2. Post-implementation support
•    Provide post-implementation support for the first year.
•    Monitor system performance and address any issues that arise.
•    Conduct a post-implementation review at 1, 3, and 6 months to identify areas for improvement.
3. Data management and integration
a. Data interoperability: 
•    The software will integrate with the district's existing systems, especially the student information system (SIS) and oracle cloud (ERP). 
•    The data exchange standards the software supports (e.g., one roster, clever, sftp, API).
2. SSO and SAML: 
•    List integration options
3. Data migration: 
•    Provide a detailed plan for migrating data from the district's current system to the new software. 
•    This plan should include a timeline, a description of the data migration process, and a strategy for data validation and cleanup.
4. Data ownership
•    Clearly state that the school district retains ownership of all its data. 
5. Data backup and recovery: 
•    Its data backup and disaster recovery procedures. 
•    Include the frequency of backups, the location of backup storage, and the guaranteed time to recover in the event of data loss.

- Contract Period/Term: 1 year
- Pre-Bid Meeting (Optional) Date: September 09, 2025
- Questions/Inquires Deadline: September 10, 2025