The University of Queensland (UQ) is a premier Australian tertiary education institution, headquartered in Brisbane, Queensland. A member of the prestigious “Group of 8”, UQ has established itself as a destination of choice for both domestic and international students pursuing a higher education. The University has over 53,000 enrolled students and over 7,500 staff across its three campuses: St Lucia, Herston, and Gatton. Each year, UQ welcomes over 19,000 new students.
The premise of multi-factor authentication in a UQ scenario is to protect data and access to IT systems. Protection against unauthorised access to critical applications (Tier 1) is fundamental to the business to provide confidentiality and integrity of those applications and the data they hold. In addition, attacks such as brute force attacks on passwords, are mitigated against with multi-factor authentication.
The procurement objective is to source a fit for purpose solution to enable multi-factor authentication for UQ applications and IT infrastructure.This tender is by invitation only. Other suppliers interested in this tender and are able to meet the following high level requirements should contact the ITO Officer - Winston.Woo@uq.edu.au.
High-Level requirements:
1. The solution will provide the following options for the second factors:
a. Push to a mobile application on a supported smartphone
b. One-time password (OTP) presented in a mobile application on a supported smartphone which can be used without the smartphone being connected to the Internet.
c. Hardware tokens: OTP and U2F
2. The mobile application enables the user to quickly and easily open the application when an authentication request is received and respond positively or negatively to the authentication attempt. Information is displayed during the push-login authentication process to mitigate the risk of a man-in-the-middle attack.
3. The solution has a web API or alternative integration mechanism to support the following functions:
a. Authenticating a user against a second factor
b. Onboarding a user
c. Offboarding a user
4. The solution provides a self-service portal for users to register and de-register second factors.
5. The solution supports methods for users to recover from the loss of a token or device used as a second factor, such as bypass codes.
6. The solution can be integrated with Cisco VPN systems.
7. The solution can be integrated with Palo Alto Global Protect VPN systems.
|