Description
Based on Microsoft Active Directory, the OTIS Managed Active Directory service provides customers with a centralized, authoritative directory of network-based resources, such as computers, printers, applications, file shares and user data. This service allows customers to reduce infrastructure and operating costs while securing access to network resources. It also enables customers to enforce security policies, manage software installations and updates and assist with identity management.
- Key Features and Benefits
- All services are delivered in compliance with the State of South Carolina's information security policies, as presented in SCDIS-200.
- All services are delivered consistent with Microsoft best practices.
- Overall forest and domain architecture, design, maintenance and backup and restore capabilities.
- Privilege accounts are provisioned to perform administrative tasks per state security policy.
- Delegated to customer IT staff to perform administrative tasks such as user provisioning, de-provisioning and server administration.
- Simplified directory management and automation with enterprise tools, including group policy management with advanced group policy management.
- Delegation of group policy management with oversight from OTIS.
- Provides self-service password reset portal.
- Robust monitoring and reporting associated with the health, compliance and security with Active Directory services.
- Directory services integrations with applications (e.g., LDAP, SSO, SAML, etc.).
- Enterprise application authentication environment and public key infrastructure service for internal and private servers, websites and more.
- Proactive maintenance, planning and monitoring with environment reviews that include security, group policy and best practice standards within the enterprise.
- Robust, transparent communication and collaboration between the active directory service team and customer stakeholders.
- Application and operating system patching applied in lower environments prior to production to allow for customer testing.
- Integrated with Microsoft Domain Name System (DNS).
- Distributed file name service management.
- Entra ID privilege access.
- Professionally implemented and managed solutions to ensure the highest reliability and a problem-free environment.
- Secure authentication of any user with a SCID account without additional infrastructure cost or complexity.
Service Scope
- Software
- Change auditing and monitoring software.
- Screen recording of server consoles (link insider threat).
- Self-service password portal.
- Enterprise reporting.
- Privilege access management tools.
- Installation and Configuration
- Domain controller and active directory installation and upgrades.
- Creation and management of domain trusts.
- Support and Administration
- Troubleshooting and diagnosis of directory services.
- Exclusions
- Customer IT staff will perform user provisioning, de-provisioning and server administration tasks.
- Day-to-day object management requests from customer users.
- OTIS is not responsible for the customer day-to-day operations, but OTIS will ensure customer is delegated the necessary permissions or management tools to perform daily business functions. Customer can submit requests for OTIS to assist with troubleshooting issues, customer outages, policy exceptions, integrations and other directory service escalation matters.
- Prerequisites
- Required service(s) for eligible customers:
- Managed server
- MetroNet
- Required service(s) for eligible customers:
Responsibilities
OTIS and Customer Responsibilities
| Responsibilities | OTIS | Customer |
|---|---|---|
| Schema Administrator. | Image
| |
| Enterprise Administrator. | Image
| |
| Domain Administrator. | Image
| |
| Manage domain controllers. | Image
| |
| Directory services auditing, management, identity and access management (IAM), and reporting. | Image
| |
| Manage health and operations of directory services. | Image
| |
| Group policy administration (linked at root and domain controllers organizational Unit (OU)). | Image
| |
| Provisioning of privileged accounts. | Image
| |
| Provisioning of privileged roles; delegating permissions to agency. | Image
| |
| Manage built-in groups. | Image
| |
| Directory services integrations with applications (e.g., LDAP, SSO, SAML, DFS, Entra AD, Connect, etc.). | Image
| |
| Group policy (link/un-link). | Image
| |
| Organizational unit (create/delete). | Image
| |
| User object management (non-privileged). | Image
| |
| Group object management (non-privileged). | Image
| |
| Computer object management (non-privileged). | Image
| |
| Group policy administration (create/manage). | Image
| |
| Server administrators (non-DS related). | Image
| |
| Desktop administrators. | Image
| |
| Operational standards and conventions. | Image
|
Service Level Objectives
| Service Level Name | Description | Target Service Level |
|---|---|---|
| Incident Response – Severity 1 and 2 | Means the percentage of time it took for a Severity Level 1 and Level 2 Incidents to be acknowledged and worked by OTIS within the applicable timeframes in the Service Level Definition. | 99.00% |
| Incident Response – Severity 3 and 4 | Means the percentage of time it took for a Severity Level 1 and Level 2 Incidents to be acknowledged and worked by OTIS within the applicable timeframes in the Service Level Definition. | 95.00% |
| Service Request Fulfillment Timeliness | Means the percentage of time OTIS successfully completes “Service Requests” (defined as requests that are not automated self-provisioned or that do not require solution proposal development; examples of such requests include provisioning ID access, password resets, Service Catalog requests, IMACDs) within the applicable timeframes. | 96.00% |
Service Rates
Call for pricing.
Service Contacts
To report issues related to this service, customers should contact the Division of Technology Operations (DTO) Service Desk (servicedesk@admin.sc.gov).
For additional information on this service customers should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov).
Estimate Initial Service Delivery Time
Initial service delivery time for new Managed Active Directory customers is dependent on completing a new customer assessment of the customer’s existing domain configuration.
Eligible Customers
| Customer Entity Type | Eligible |
|---|---|
| State Agencies | Yes |
| Local Government Entity including Municipality and County | No |
| Higher Education | No |
How To Order
Customers should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov) to acquire these services.
