RFP/RFQ- Identity and Access Management (IAM)


Community Action Partnership of San Luis Obispo County, Inc. (CAPSLO) is requesting proposals from qualified firms to establish a pricing agreement (contract) with a Vendor to provide CAPSLO with an Identity and Access Management solution with a minimum of administrative effort and at the lowest delivered overall cost.


Central Administration Office at 1030 Southwood Drive, San Luis Obispo, CA 93401


• RFP posted: April 30, 2021
• RFP submission deadline: May 31, 2021 4:00 PM
• Follow-up questions answered and demonstrations completed: On or before May 24, 2021
• Contract awarded: On or before June 18, 2021
• Identity Security (MFA) must be implemented no later than 60 days after contract award date
• Project fully implemented and invoiced no later than: December 28, 2021

Statement of Purpose:

CAPSLO’s IT Department is seeking a replacement of its current Identity and Access Management (IAM) system.

Preference will be given to solutions with little or no on-premise dependencies. CAPSLO will accept proposals from single party providers as well as multiple vender solutions from Managed Service Providers.

The IT Department is looking to modernize and enhance its IAM capabilities while removing much of the outdated components as well as enhance current IAG capabilities.

Frequently Asked Questions (FAQ)

How many service providers are there in total for SSO?

Google is our only SSO SAML Service Provider with 7 SAML apps.

Is Active Directory the only target for Password writeback?

We currently use Microsoft Active Directory for Workstation & Access Management, for LDAP lookups, Radius authentication, Application and IT Resource Access, and syncs/provisions Google, AirWatch MDM and Microsoft Office 365 user accounts. If the proposed solution provides all these services in addition to the services outlined in the RFP and the resources necessary to migrate our entire infrastructure to that service are included in the proposal, we would entertain looking at other options besides Active Directory, otherwise, Yes, Active Directory writeback is our only target for password writeback as long as it does not decrease the default level of encryption.

Current services available - is this a full list of target systems for lifecycle management?

The list of current services is a list of services we currently subscribe to so you do not need to quote costs of these services if you plan to use any of them during the implementation stage or in your proposal, but would be helpful for you to state which one(s) will be used.

Can you expand on the requirement for integration with an MDM solution?

We currently use our MDM for iOS devices only to push out the configuration profile, to provision the device using username/password, manage the email profile and manage VPP apps. AirWatch currently interfaces well with Google and Active Directory directly, but depending on the nature of the solution offered, additional steps may need to be addressed throughout the implementation process.
By having experience, successfully migrating agencies like ours with AirWatch or similar MDM products in-place, would be greatly preferred.

How many policies or roles will be leveraged for provisioning and deprovisioning?

Other than the built-in systems in our Sync software, many of the provisioning/deprovisioning processes are currently handled manually. We may use at most 10 criteria to determine whether or not to give access to email or other applications.

Are the 1200 users internal (employees/staff) of CAPSLO? Do you have any guest identities you would like to manage?

Given the opportunity, we may in the future, but not during this phase of implementation.

The description mentioned an existing IAM infrastructure. Is CAPSLO migrating from an in house developed solution or a previous COTS solution?

Our current IAM is Google’s COTS solution.

Which MDM does CAPSLO integrate with?

VMware AirWatch MDM (SaaS).

Donate Now