Statement of work for SailPoint

IdentityNow Implementation

EnH iSecure Pvt. Ltd.

Proposal Number:

Confidential: EnH iSecure – <<Customer Name>> 1

Contents
Introduction ........................................................................................................................................................................... 4
ENH iSecure ....................................................................................................................................................................... 4
Solution areas .................................................................................................................................................................... 4
Product Focus ................................................................................................................................................................... 4
Key Contacts ................................................................................................................................................................ 4
EnH Group ......................................................................................................................................................................... 4
My Customer ......................................................................................................................................................................... 5
Understanding thy customer! .......................................................................................................................................... 5
Business Challenges .......................................................................................................................................................... 5
Proposed Product / Platform ........................................................................................................................................... 5
SailPoint Overview ............................................................................................................................................................ 6
IdentityNow – Cloud SaaS Platform ................................................................................................................................ 6
Useful features ................................................................................................................................................................... 6
the access certifications in place.
.............. 6
Sailpoint IdentityNow Platform Overview ...................................................................................................................... 7
Roadmap with IdentityNow ............................................................................................................................................ 7
Analysts Feedback ........................................................................................................................................................... 7
Gartner’s Magic Quadrant ......................................................................................................................................... 8
............................................... 8
Kupinger Cole Leadership Compass ......................................................................................................................... 8
ENH iSecure solution.............................................................................................................................................................. 9
<<Customer Name>> - IdentityNow Solution Architecture ......................................................................................... 9
<<Customer Name>> - IdentityNow Solution Scope.................................................................................................... 9
Functionality in scope .................................................................................................................................................. 9
Applications in scope ................................................................................................................................................ 10
Environment Commissioning ......................................................................................................................................... 10

.......................................................................................................................................................................................... 11
Implementation activities .............................................................................................................................................. 11
Foundational activities .............................................................................................................................................. 12
Automation ................................................................................................................................................................. 12
Compliance ................................................................................................................................................................ 13
Team Structure & responsibilities ................................................................................................................................... 13
Roles and Responsibilities .......................................................................................................................................... 14
Project Planning & Timelines .......................................................................................................................................... 14
Warranty & Post-Production Support............................................................................................................................ 14
ENH iSecure Delivery Methodologies................................................................................................................................ 16
Change Management .................................................................................................................................................. 16
Helpdesk .......................................................................................................................................................................... 16
Escalation Matrix ............................................................................................................................................................. 16
Technical Assumptions, Terms & Conditions .................................................................................................................... 17
General Terms & Conditions .............................................................................................................................................. 18

Confidential: EnH iSecure – <<Customer Name>> 2

Investment ........................................................................................................................................................................... 19

Confidential: EnH iSecure – <<Customer Name>> 3

Introduction
ENH iSecure
EnH is a brand synonymous for trust and quality. ENH iSecure helps all varieties of enterprises in design, deploy,
effective Identity & Access Management and GRC solutions. iSecure is proud to be associated with the world’s
best OEMs in this space.
iSecure believes that for any technology to grow, evangelism is the key. The Professional Training and Support
division is key in creating highly effective courseware,

Solution areas
We expertise in the following services
• Identity Management
• Access Management
• Privileged Account Management
• Governance, Risk and Compliance
• SOx, HIPAA Consulting/COBIT implementation

Product Focus
• SailPoint IdentityNow
• SailPoint IdentityIQ
• Cyber Ark
• Okta
• Splunk
www.enhisecure.com
[email protected]

Key Contacts
Esesve Digumarthi Founder & Director [email protected] +919959800400

Prema Basetti VP – Operations [email protected] +919703509644

EnH Group
EnH also works on the broader domains of Customer Relationship Management & Cloud Solutions under its
flagship companies ENH Customer Centric & ENH SMAC Solutions respectively.

Please visit www.enhcorp.com for further details.

Confidential: EnH iSecure – <<Customer Name>> 4

My Customer
Understanding thy customer!
Customer is a ________________ with a footprint of 1000+ employees.

Business Challenges
My Customer is currently facing the following challenges.
1) Delays in providing day 1 access due to manual process.
2) Security risks because users having access even after they are terminated.
3) Compliance failures and access creep due to improper access reviews.
4) Joiner, Mover & Leaver hassles.
5) Access Requests which are currently being handled by the User access management/Access control
teams, manually.
As a visionary leader, the CISO/CIO would like to implement an Identity governance solution which is capable of
solving the business challenges encountered, without adding additional burden on IT teams, by adopting SaaS
solutions.

Proposed Product / Platform

ENH iSecure would like to propose SailPoint’s IdentityNow, a unique SaaS based Identity Governance product as
a solution for customer’s identity governance requirement. SailPoint is the market leader in Identity Governance
Service Providers and IdentityNow is the SaaS solution. The next sections provide clear understanding of SailPoint
and the customer’s roadmap with proposed solution.

Confidential: EnH iSecure – <<Customer Name>> 5

Why SailPoint IdentityNow?
SailPoint Overview
SailPoint is a company established in 2005 with a complete focus on Identity based products and currently
stands as an undisputed leader in the market for Identity Management solutions.

IdentityNow – Cloud SaaS Platform

IdentityNow is the SaaS solution offered by SailPoint on a subscription basis. The following are the key
advantages with the IdentityNow platform.
1. Only cloud based Identity Governance platform in the market.
2. Faster deployment life cycle for solution.
3. Continuous innovation because of cloud platform. Platform updates are rolled out almost for every 2
weeks.
4. Minimal infrastructure overhead.
5. Minimum maintenance overhead.

Useful features
The current section describes about features of IdentityNow that can help the customer.

User LifeCycle Management

• Provision/De-Provision right access at the right time to the users.
• Provision Day 1 access to the users without any delays.
• Revoke user access for all the terminated users.
• Provision required access for rehires.

Role Based Access Control

• Provision right access in the applications based on governance data.For
example, provision Active Directory groups based on the department,
designation / location.
• De-Provision access in the applications based on governance data. For
example, previously assigned groups based on the department, designation
/ location will be removed when they are no longer required.

Access Requests
• Users can request for any additional access in the applications from single
pane view using a shopping cart approach.
• Necessary levels of approvals can be configured to ensure Zero trust while
provisioning access.
Access Certifications
• Regular access audits can be performed easily using the access
certifications features of IdentityNow. Compliance is going to be really with
the access certifications in place.

Confidential: EnH iSecure – <<Customer Name>> 6

Sailpoint IdentityNow Platform Overview
SailPoint IdentityNow is a powerful Identity Platform. It is highly extensible and modular in nature. The following
schematic helps us gain an oversight of the entire Identity Platform.

The solution can easily scale to provide the following benefits in the future.

Roadmap with IdentityNow

The following schematic helps in understanding expected journey for customers with SailPoint.

Analysts Feedback
SailPoint is a pioneer in Identity Governance solutions and the next sections brief about the rating / review from
market analysts.

Confidential: EnH iSecure – <<Customer Name>> 7

Gartner’s Magic Quadrant

Kupinger Cole Leadership Compass

Confidential: EnH iSecure – <<Customer Name>> 8

ENH iSecure solution
ENH iSecure understands the customer’s requirement to implement comprehensive identity management
solution. ENH iSecure being an expert solution provider for IAM solutions especially using products like SailPoint
IdentityNow, proposes the following solution.

<<Customer Name>> - IdentityNow Solution Architecture

The below schematic provides a very high level overview of the Solution architecture and various components
that shall be present as part of the solution.

IdentityNow Tenant
IdentityNow Tenant allotted to the customer.
VA (Virtual Appliance)
Virtual appliance is a virtual machine which acts as a connectivity gateway between customer environment
and IdentityNow Tenant. It is to be noted that the deployment of virtual appliance is fairly straightforward
process akin to deployment of any virtual machine. The maintenance of the virtual appliance is amongst the
easiest as it is configured to receive all the general and security updates automatically from SailPoint and no
manual intervention would be required in this.
VA Cluster (Virtual appliance cluster)
Virtual appliance cluster refers to a cluster of SailPoint IdentityNow Virtual appliances. This can be used for HA
(High availability) and DR (Disaster recovery) purposes. It is to be noted that VA Cluster deployment is also a
fairly straightforward process.
Miscellaneous components
As part of the solution, there are 2 other components required by the IdentityNow solution.
1. IQService: A component used during the Active Directory integration to perform provisioning on Active
Directory. This helps in provisioning various Windows/Microsoft specific infrastructure like provisioning files
shares and similar.

<<Customer Name>> - IdentityNow Solution Scope

Functionality in scope
The following is a list of IdentityNow features that will be part of the Identity management implementation.
1. Building Identity Vault
2. Automated Life Cycle Management
3. Role Based Access Control
4. Access Requests
5. Access Certifications

Confidential: EnH iSecure – <<Customer Name>> 9

Applications in scope
The following are the details of applications in scope and corresponding modules under scope.

S.No Application Comments Modules

1 My Enterprise 1 domain structure 1. Automated Life Cycle Management

Directory with 1 OU shall be 2. Role Based Access Control
considered for JML 3. Access Requests
4. Access Certifications

2 My Email Only 1 tenant / 1 1. Automated Life Cycle Management

domain shall be 2. Role Based Access Control
considered. 3. Access Requests
4. Access Certifications

3 My IT Service Only 1 tenant shall be 1. Automated Life Cycle Management

Management considered. 2. Role Based Access Control
(Ticketing) 3. Access Requests
Application 4. Access Certifications

4 My Business App Only 1 tenant shall be 1. Automated Life Cycle Management

considered 2. Role Based Access Control
3. Access Requests
4. Access Certifications

5 My HRMS A regular file feed shall 1. Read Only Integration

be uploaded to
IdentityNow on a
regular basis or a
supported connector
shall be used.

Environment Commissioning
The environment commissioning shall adhere to best practices thoroughly recommended by SailPoint for
IdentityNow deployments. As per the common norms, every SailPoint IdentityNow customer is provided with 2
instances i.e., sandbox and production instances of IdentityNow product.

The following diagram provides an understanding of the environment commissioning practices that shall be
followed during the implementation.

Confidential: EnH iSecure – <<Customer Name>> 10

 Production
•Connects to production
environments of target
applications
•Virtual appliances as per HA &
DR policy
Sandbox •Serves end-user base
•New IdentityNow features will
•Connects to test environments be releases into production
of target application after 2 weeks of testing in
•Needs separate Virtual sandbox.
appliances
•Implementation
•System & UAT Testing
•Limited environment.
•New IdentityNow features shall
be deployed first to sandbox

Implementation activities
The following provides a quick overview of all the implementation activities planned for this implementation.

Foundational
Automation Compliance
activities

Manager
Infrastructure User life cycle
Certifications
provisioning. management
Configuration.

IdentityNow Source Owner

Role based
product level Certification
access control.
configurations. Configuration.

Building Identity Self Service

Vault. Access Requests

Application Ticketing
onboarding. Integration

Confidential: EnH iSecure – <<Customer Name>> 11

Foundational activities
Foundational activities refer to the initial set of activities required for a successful implementation of
IdentityNow.
The following is a summary of the foundational activities.
1. Infrastructure provisioning.
2. IdentityNow product level configurations.
3. Building Identity Vault.
4. Target Application onboarding.
Infrastructure provisioning:
Infrastructure elements will be provisioned as the first step of the implementation.
The following are the various infrastructure components that will be addressed.
1. Sandbox virtual appliances configuration.
2. Production virtual appliances configuration.
3. Deploying IQService.
4. Deploying File Upload Utility
IdentityNow product level configurations.
IdentityNow as an application has various global configurations at the application level.
The following provides a brief overview of activities that shall be performed as part of the IdentityNow product
level configurations.
1. Branding.
2. IP Address whitelisting.
3. Geographical restrictions.
4. Single sign on configuration.
5. Configuring application alerts.
6. Lockout and session management.
7. Allowed security questions.
Building Identity Vault
The very first step on a functionality perspective for any Identity Management project shall be building an
Identity vault. A central repository of identities and their access shall be built as part of the Identity vault
configurations. The following is a list of activities that shall be present.
The following are the activities involved in building identity vault.
1. Truth sources onboarding.
2. Identity Profiling.
3. Target applications onboarding.
Truth sources onboarding
Truth sources are the application in the customer environment that we will trust to build a central repository of
users along with their profiles.
Identity Profiling
Identity profiling is profiling various types of users like employees and contractors with respect to the following
configurations.
1. ETL operations on data provided by truth source.
2. Authentication mechanism for the users.
Target applications onboarding
Target applications shall be integrated enabling IdentityNow to perform the following operations for each
application.
1. Scheduled reconciliation of accounts and groups.
2. Provisioning meta-data.

Automation
The following activities shall be automated.

Confidential: EnH iSecure – <<Customer Name>> 12

User Life cycle management
Joiner and leaver processes shall be part of this activity. Employees, contractors and other types of users shall
receive birth right access as per the organizational policy. Similarly, all the accounts shall be disabled when
users are terminated from the organization.
Role based access control
Provisioning access to the users based on their governance attributes such as department, designation, cost
center, location in various applications shall be part of the role based access control.
Note: A set of 5 role based access control policies shall be part of the implementation. Customer teams shall be trained over 2 to 3 sessions to
make use the intuitive interfaced of IdentityNow so that they can implement all the role based access policies.

Self Service Access Request

A single pane view to all the access shall be configured. End users of IdentityNow can directly request and gain
access from IdentityNow. The following key activities shall be part of the Self-service access request task.
1. Identifying relevant access that can be requested in the applications.
2. Configuring approval workflow policies for the identified access.
Note: A set of 3 applications shall be configured for self-service access request as part of the implantation. Customer teams shall be trained
over 2 to 3 sessions to make use the intuitive interfaced of IdentityNow so that they can implement all the self-service access request by
themselves.

Ticketing integration
In situations where there is no recommended mode of connectivity, tickets shall be raised by IdentityNow in the
customer’s ITSM application like ServiceNow, BMC Remedy when there is need for provisioning access.
IdentityNow shall be configured to create tickets automatically in IdentityNow as required for the provisioning
operations.

Compliance
Certifications help in compliance by helping validate access present with the users.
The following certifications shall be implemented.
Manager Certifications Configuration
A managed certification is the process where manager validates the access of users directly reporting to
him/her across various applications. Invalid access shall be automatically revoked by IdentityNow in the target
applications based on the decisions from the Managers. One Manager certification shall be configured along
with email notifications and required filters.

Source Owner Certification configuration

A Source owner certification is the process where application owner validates the specific application level
access provided to the users. Invalid access shall be automatically revoked by IdentityNow in the target
application based on the decisions from the Source Owner. Source Owner certification configuration shall be
configured along with email notifications and required filters.

Team Structure & responsibilities

ENH iSecure has planned for the following team structure.

IdentityNow Architect Project Manager Engagement Manager

IdentityNow Senior
Implementation Engineer

Confidential: EnH iSecure – <<Customer Name>> 13

Roles and Responsibilities
Role Experience Number Responsibilities

Engagement Engagement manager shall be responsible for overall

8+ Years 1
Manager delivery from the ENH iSecure Team

Project manager is responsible for overseeing

Project Manager 8+ years 1
project planning and remaining at ground
level to ensure the success of the project.

Architect is responsible for the overall design and business

IdentityNow requirement gathering. Architect is also responsible for
8+ Years 1
Architect production instance creation and deployment. Architect
shall deliver the High-Level Design.

IdentityNow Sr.
Senior Implementation Engineer is responsible to develop all
Implementation 4+ Years 1
major & minor components.
Engineer

Project Planning & Timelines

The following metrics provide a brief overview of the implementation plan.
Total project time: 11 weeks.
Number of releases: 1

The following Gantt chart provides a high level understanding of the project plan.

Note: It is to be understood that the timelines majorly depend on the complexity of the applications to be
integrated.

Warranty & Post-Production Support

ENH iSecure shall provide the following kinds of support as a part of the implementation proposal.

Phase Begins Ends Responsibilities

One week after 45 days This support is for all code level issues only. Use
Warranty
production deployment after start case changes will not be implemented

Confidential: EnH iSecure – <<Customer Name>> 14

 Post Production
Post Warranty 1 Year Environment support is provided during this time.
Support

Confidential: EnH iSecure – <<Customer Name>> 15

ENH iSecure Delivery Methodologies
Change Management
Any modifications/updates or deletion to the implementation or existing changes (as defined in the SOW) will
be taken up as per the change management process.

Helpdesk
Customer may provide access to their help desk software to raise tickets. The URL agreed upon can be
leveraged for tracking as well. ENH iSecure engineers assigned for the project will be available 24/7 to provide
technical assistance if needed. The team can be contacted over e-mail & phone

Escalation Matrix
ENH iSecure has a streamlined Issue Escalation and resolution process built in within the organization. The
development and implementation teams along with project manager will escalate the issue for resolution at
various level within the organization based on the level of escalation. The team follows issue resolution,
escalation procedure during all the phases of the project lifecycle. The approach consists of issue control
mechanisms and a well-defined process that enables the project team and customer to identify, address, and
prioritize problems and issues. An escalation process ensures that the next level of management is informed
(often within a specific period of time) if an issue cannot be resolved at the lower level. Based on the level of
escalation the Project manager will address to the higher management of ENH iSecure.

1: If the issue(s) are not resolved by the L1/L2/L3 within the defined SLA’s. The customer can contact the Project
Manager and escalate the issue
2: If there is no response by the project manager for 16 working hours, then the issue can be escalated to
Delivery Head
3: In case there is no response by the Delivery Head for 2 working days, then the issue can be escalated to
CEO/VP-Operations

Confidential: EnH iSecure – <<Customer Name>> 16

Technical Assumptions, Terms & Conditions
The current implementation proposal is based on the following assumptions.
1. All the implementation work shall be performed remotely from ENH iSecure Office at Hyderabad.
Necessary VPN support shall be provided by the customer.
2. A dedicated customer team with sufficient functional knowledge about the AS IS processes shall be
continuously available to the ENH iSecure team for any queries.
3. There is only 1 active directory forest and 1 active directory domain to be secured.
4. No delays are expected in provisioning of infrastructure, especially for virtual appliances.
5. Customer agrees to deploy any additional connectivity components required for a few applications like
Active Directory.
6. Compliance processes for governing the applications are already present and need not be developed.
7. Application owner teams for all the applications shall be available to provide support with the following.
• Necessary service account credentials
• Knowledge related to compliance policies for the application.
8. Number of types of identities to be managed (Ex – employees, contractors) will not exceed 2. Hence,
number of identity profiles to be managed does not exceed 2.
9. Number of life cycle states to be configured does not exceed 3.
10. Number of roles to be configured does not exceed 10 per application.
11. Number of certifications to be configured does not exceed 2 per application.
12. Number of campaign filters to be configured does not exceed 3 per application.
13. Number of access profiles to be created does not exceed more than 10 access profiles.
14. Only one application will be integrated using a custom approach like API / WebService / JDBC
connection.

Confidential: EnH iSecure – <<Customer Name>> 17

General Terms & Conditions

1. Quotation is valid for 30 days from date of issue

2. Client is responsible to provide all the requirements promptly to the ENH iSecure team.
3. Customer should designate a single point of contact. No other personnel will be allowed to
contribute/change ideas/make decisions at a later point of time
4. Official emails are the only way to communicate. Any SMS or WhatsApp based messages shall not be
considered as official notes and shall be ignored.
5. Customer shall provide the necessary live and remote access to all the environments. Offshore delivery
should be supported via necessary VPN tokens etc.
6. Customer shall provide access to the Dev & QA environments of target applications like Active
Directory as and when required.
7. A Purchase Order along with the counter-signed ENH iSecure Proposal is a must. The proposal has to be
signed on all pages by the authorized person of Customer.
8. All invoices shall be duly cleared in 15 calendar days upon invoice submission.
9. All payments have to be made to ENH iSecure bank account in USD only. All statutory levies applicable
as per the law of the land.
10. All the stake-holders in the implementation of business processes including the end-users shall be
involved in the project.

Confidential: EnH iSecure – <<Customer Name>> 18

Investment

Sl.
Particulars Investment in INR
No

SailPoint IdentityNow Identity Governance SaaS platform license

for XXXX Identities for (PM/CM/LCM) modules
- Cost provided is per year in USD To Be provided based on
1
- A spot conversion rate with 4% of hedging charges shall be the modules chosen
applied at the time of invoice
- To be paid upfront in full to load the license order

To Be provided based on
2 SailPoint IdentityNow Identity Governance implementation
the modules chosen

Sailpoint Professional Services Hours (10 Hours)

- Mandatory to buy
3 - Mandatory to pay in advance USD
- USD to INR Spot rate conversion + 4% hedging charges
applicable on the date of payment
- Should be paid along with the Purchase Order

Note: All Applicable Taxes extra as per taxation laws of the land.

Milestones for implementation:

Serial Number Milestone Payment %
1 Advance with PO 10
2 Requirement Gathering & Design complete 20
3 Development Completion 40
4 UAT Signoff 20
5 Production Rollout, documentation handover 10

Payment terms:
1. ENH iSecure will duly invoice the customer upon milestone completion.
2. All invoices shall only be emailed. A hard copy shall be provided upon request but the delivery of the
hard copy is not considered for payment deadline.
3. The payment has to be wire transferred to ENH iSecure Private Limited Banking account within 10
calendar days after the invoice is sent via email.
4. Delays might attract penalties.

Confidential: EnH iSecure – <<Customer Name>> 19

 ENH iSecure
5th Floor, Modern Profound Tech Park, White Field Rd,
Kondapur, Hyderabad, Telangana 500 084
Phone: +91 40 4953 9696, +91 40 6834 1000
www.enhisecure.com

20
Confidential: ENH iSecure – <<Customer Name>>