All intakes
INTK-2026-0038Due diligenceHighRestricted
Identity provider migration
Migrate from in-house auth to a managed IdP for SSO and SCIM.
- Submitted
- SME review
- Procurement
- Due diligence4
- Assessment5
- Contracting6
- Approved7
Overview
Business owner
Marie Dupontmarie.dupont@company.com
SME reviewer
Alex Chenalex.chen@company.com
Specialist reviews
Security·Approved
Architecture·Approved
Privacy·Approved w/ conditions
Procurement
Mike Johanssonmike.j@company.com
Vendor
Users
350
Annual cost
€72,000
Submitted
14 days ago
Updated
3 days ago
Expected go-live
—
General
- Nature of the service
- SaaS identity provider (SSO / SCIM)
- Proposed vendor (if known)
- Okta
- Estimated contracted value (€)
- 72,000
- Entity signatory
- Acme Group SA
- Beneficiary department
- Security
- Contract type
- New service
- Does the service support a critical or important business function?
- Yes
- If yes, which critical / important function?
- Workforce authentication
- Is the service defined as a material process in the BIA? Select the RTO.
- RTO < 4 hours
Outsourcing
- Is it an outsourcing activity?
- Yes
- Is the supplier critical or important (per DORA / EBA logic)?
- Yes
- Will the supplier subcontract (4th parties)?
- Yes
- Is there a concentration risk (sole provider)?
- Yes
- Is an exit strategy available?
- Yes
Data privacy & AI
- Will the supplier have access to personal data in the delivery of the service?
- Yes
- Estimated volume of personal data processed per annum
- 350
- Estimated volume of sensitive personal data processed per annum
- —
- Will data be transferred outside the EU / EEA?
- Yes
- Will the vendor act as:
- Processor
- Is a DPIA required?
- Yes
- Will the service use AI?
- No
Information security
- Maximum classification of information handled by the supplier
- Secret / restricted
- Will the vendor have privileged access to company systems and/or networks?
- Yes
- Will the vendor have access to the company's restricted zones / premises?
- No access
- Highest confidentiality impact in case of a major data leakage at the vendor
- High
- Highest integrity impact in case of major corruption at the vendor
- High
- Highest availability impact in case of major disruption at the vendor
- Critical
- Will the vendor host data?
- Yes
- Will the vendor access systems remotely?
- No
- Will the vendor connect via API / integration?
- Yes
- Authentication model: SSO / MFA required?
- Yes
- Any cyber certification (ISO 27001, SOC 2, etc.)?
- Yes
Next actions
Waiting for the vendor to return the questionnaire.