Identity and Authorization
What is it?
The SIL Identity Management Identity Provider service is an enterprise SAML identity management solution designed for end user ease of use, high availability, and low operational cost.
Who is it for?
SIL and organizations in the Bible translation movement who
- already have their own IdP OR
- have their identities already in SIL GTIS IdP (SIL and its "Insite" partners)
- Service Provider - Refers to the party providing the Identity Provider service, specifically SIL GTIS.
- Customer - Refers to the individual, department, or organization that is subscribing to the Identity Provider service.
Who do I contact?
GTIS Application Development Manager, Phillip Shipley, phillip_shipley at sil dot org
- SAML 2.0 Identity Provider - Web interface for end user authentication and SAML handshake process.
- Self-service password recovery - Web interface for users to reset lost passwords using various recovery methods as well as change current password.
- Identity Sync automation - Backend process to synchronize identity information from a personnel system into the IdP.
Uptime - 99.95%
99.95% uptime, or “three and half nines”, translates to about 22 minutes of downtime per month. GTIS has designed and architected the system to exceed this level, but will measure uptime SLA based on 99.95% as measured by a third party monitoring service. GTIS cannot guarantee this uptime, but 99.95% is the service level goal and intention that SIL GTIS has designed this system to meet. SIL GTIS will make a best-effort attempt to meet these goals.
Historical as well as links to real-time uptime metrics is available on status page: http://status.sil.org
Service Provider will make a best effort attempt to resolve end-user impacting issues as quickly as possible. Service Provider understands the impact of login issues and will consider them of the highest priority.
Updates that affect the end-user’s experience will be communicated to all Customers at least one week in advance. Customers may request a reasonable delay to ensure no impact to other business operations occurring during the change period.
Updates including enhancements, bug fixes, and security patches which do not affect end-user experience may be made at any time. Customers will be notified of any notable updates after they are completed.
Urgent issues that may or may not affect end-user experience may be made at any time. Follow up communications will be made to notify Customers of the change and status of resolution.
The IdP service is designed to experience zero downtime during an update. It is possible for some types of updates to experience a few minutes of downtime though and if any downtime is expected during a release it will be communicated as part of the announcement.
IdP metadata is maintained in a private Git repository. The Service Provider may manage the metadata on behalf of the Customer, but the Customer is responsible to review and approve any updates. The Customer is also able to update metadata themselves if they want, and the Service Provider can review and approve if requested. When a change is created and awaiting approval, one business day will be given for the approval after which approval is implied and the change may be merged and applied. Metadata updates do not fall within the scope and processes for System Updates. Customer specific documentation will be developed to detail processes and procedures for updating Metadata.
Customer Rights & Responsibilities
The Customer has the right to discontinue use of this service at any time for any reason. They are also entitled to an export of identities (excluding passwords) from the system with reasonable notice of time. The Customer may also choose to engage our Identity Hub service at no additional cost which allows their IdP to be used by a broader set of service providers (applications). The Identity Hub has a separate agreement available at <link coming soon>.
The Customer is responsible for:
- End user training and communications
- First level of end-user support
- Responding to communications from Service Provider in a timely manner
- Providing ongoing feedback and suggestions to Service Provider on how to improve service.
- Metadata review / approval
Service Provider Rights & Responsibilities
The Service Provider may terminate operations of this service provided six months of notice to customer. The Service Provider may choose to move and/or change infrastructure operations to a different location and/or cloud service provider. Such a change will be made at no additional cost to the Customer and any impact to end-user experience will be communicated and scheduled with the Customer. While a best effort will be made by the Service Provider to communicate any and all system updates and changes in advance, the Service Provider reserves the right to make urgent changes without prior notification.
The Service Provider is responsible for:
- Software development
- Infrastructure operations
- Issue resolution
- System uptime
- Overall security
- Escalated end-user support
GTIS - Virginia
$600/yr* + any travel for Service Provider to work with customer on establishing IdP.
*Customer pays their own AWS bills.