The District is requesting proposals Multi-factor Authentication (MFA) Technical Solution for a period of three (3) years. Services will be delivered to Waco Independent School District at 501 Franklin Avenue, Waco, TX 76701. Summary of Proposed Services should include the following: Authentication Methods - Must support multiple authentication methods, including but not limited to: - Push notifications via mobile app - Time-based One-Time Passwords (TOTP) - SMS and voice call authentication Integration & Compatibility - Must integrate with the following systems and services: - On Prem Active Directory/Microsoft Entra ID - Google Workspace authentication - Windows and macOS endpoints for workstation login protection - VPN solutions (Palo Alto GlobalProtect) - Remote Desktop Protocol (RDP) authentication - Web-based applications (e.g., Learning Management Systems, administrative portals, etc.) User Enrollment & Management - Must support self-service enrollment and management for users. - Must offer bulk enrollment options for IT administrators. - Must integrate with existing Active Directory, LDAP, and Google Workspace user directories for automated provisioning and deprovisioning. - Should support role-based and group-based policies for enforcing MFA requirements. - Must provide a low-friction authentication experience with minimal user disruption. - Should allow for offline authentication options for scenarios where users have no internet access. - Must be compatible with a wide range of devices, including iOS, Android, Windows, macOS, and Linux. Security & Compliance - Must comply with industry security standards - Must support encryption of authentication data both in transit and at rest. - Must include protections against phishing and man-in-the-middle (MITM) attacks. - Should provide adaptive authentication based on risk factors such as location, device, and login behavior. Policy & Customization - Must support customizable MFA policies - Must allow IT administrators to enforce MFA selectively for different user groups or access scenarios. - Should support time-based or temporary access exemptions for emergency situations. Logging & Reporting - Must provide detailed logging of authentication events, including successful and failed attempts. - Must integrate with SIEM solutions for centralized log collection and analysis. - Should provide customizable dashboards and reports for auditing and compliance. - Must offer real-time monitoring and alerting for suspicious login activity. Cost Considerations - Must include pricing for 150 users
