The National Indigenous Australians Agency (NIAA) has released a request for quote (RFQ), seeking a specialist ICT supplier to design, implement, and transition an Identity and Access Management (IdAM) capability as part of its transition from the Department of the Prime Minister and Cabinet's (PM&C) shared ICT services.
The procurement aims to establish a secure, sovereign, and NIAA-controlled IdAM capability within NIAA’s Azure environment, replacing the current highly customised and partially legacy identity environment and removing dependencies on PM&C-managed identity services.
The engagement requires the supplier to deliver end-to-end IdAM services, including current-state assessment, requirements definition, solution design, implementation, integration, migration, testing, and transition to business-as-usual operations.
NIAA said the migration is not like-for-like but instead requires the supplier to assess the current infrastructure and design and build one for a "future state capability", including options analysis and recommendation of an appropriate identity solution.
The future capability must support a cloud-native, scalable identity architecture, aligned with Microsoft technologies (including Entra ID where appropriate), and designed to meet Australian Government security and compliance requirements for a PROTECTED environment, including PSPF, ISM, and Essential Eight Maturity Level 2.
Key requirements include safely removing NIAA’s dependency on PM&C identity infrastructure and services while maintaining continuity of access across corporate and line-of-business systems; analysing identity sources, lifecycle processes, integrations, and dependencies and providing solution options with costings and recommendations; and the development of a future-state identity architecture and detailed design, including identity data flows, role and attribute strategy, governance controls, and a plan to modernise Single Sign-On and retire legacy ADFS dependencies.
Further requirements include implementing an Identity Governance and Administration (IGA) capability, including automated provisioning and deprovisioning, access requests and approvals, privileged access controls, and audit logging; as well as integrating with a diverse portfolio of corporate and business systems using appropriate methods (e.g. API, SCIM, SFTP, orchestration), and deliveringa detailed migration and sequencing strategy to support safe transition.
The successful supplier will also be tasked delivering testing, pilot and phased onboarding, cutover planning (including rollback), and post-implementation hypercare support; plus providing documentation, training, support processes, and knowledge transfer to enable NIAA to operate and sustain the capability in a BAU environment.
Delivery must follow a structured three-phase approach (Design, MVP, Optimisation), including defined deliverables and formal acceptance at each stage to ensure effective governance, risk management, and value for money.
The estimated start date of the 12 month contract is 10 July 2026, with the possibility of two six-month extensions.
The RFQ closes on Friday 12 June.
_(25).jpg&h=142&w=230&c=1&s=1)
_(30).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0)
.jpg&w=100&c=1&s=0){kind=logo}
.jpg&w=100&c=1&s=0)
