Requirement: Multi-Factor Authentication on Internet Facing Portals - Proof of Concept
Location: Off-Site
Cost Not to Exceed: EUR 66,375
Period of Performance: 13 August 2026 through 30 December 2026
Required Security Clearance: NATO SECRET
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Introduction
Due to the findings in the Type 4 Security Audit NATO, technical teams have been tasked with planning and implementing a security standardisation for Multi-Factor Authentication for internet facing web-portals throughout the NATO enterprise.
Scope:
- Build a Proof of Concept (POC) environment based on a single Entra ID Identity Provider to a number of MFA technologies as MFA brokers.
- Test and document POC applications against a set test criterion.
- Build and test security logging with the security department.
- Document Service delivery requirements and support documentation.
- Work with Quality teams to align test strategy and test acceptance.
- This SOW will not exceed EUR 73,750 (Deliverables and Travel).
- The identification of the most fit-for-purpose solution is to be validated, confirmed and accredited.
- The solution is to align with other ongoing NCIA efforts, including but not limited to: IT Modernization; NATO Cloud Programs; Protected Business Network; and NATO and NCIA Directives.
- The solution is developed in close coordination with NCSC, NCIA and its technical staff. Coordination meetings shall take place at intervals sufficient to ensure information sharing and technical exchange.
- Due to the criticality and dependencies of follow-on project elements, the solution is to be completed and accepted no later than end of December 2026.
Preparation Phase and Configuration
Business Analysis; Document current production configurations; Full production configuration export; Document current production MFA configuration (if it exists); Document current self-registration, onboarding and user lifecycle process; Screenshot and document current login and logout UI/UX; Inventory all application interfaces; User account audit and mapping; CIS Description; Test strategy; Test scripts created by principal users; Security Pen Testing; Dependency Map; Target Architecture; Training Materials; Runbooks.
Execution Phase: POC Build and Technology Pillar Integration
Create non-production Entra ID app registration; Configure Entra ID branding; Customize Entra ID sign-in and sign-out page text; Configure and map Entra ID MFA registration policy; Design Entra ID self-service signup, browser authentication, and first login flows; Configure Entra ID custom attributes; Customize Entra ID email templates; Configure Entra ID Terms of Use; Configure identity provider attribute mappers; Enable Account Linking strategy; Setup monitoring and alerting; Document rollback procedure.
Technology Pillars: Moodle; SharePoint; Keycloak; Cognito.
Requirements
Qualifications:
Identity and Access Management:
- Minimum 5 years of experience in Identity and Access Management.
- Strong knowledge of authentication protocols (SAML, OIDC).
- Sound knowledge of federated identity management and Single Sign-On (SSO) solutions (Okta, Entra ID, and similar).
- Proven experience designing and rolling out MFA at scale in an enterprise environment (5,000+ users).
- Experience with certificate-based MFA smart cards, YubiKeys, passkeys/WebAuthn, TOTP, and push-based MFA applications (Microsoft Authenticator, Duo, and similar).
- Understanding of risk-based or adaptive authentication strategies.
- Experience in securing web applications and APIs.
- Strong understanding of TLS, client certificates, reverse proxies, and Zero Trust principles.
- Experience with SSO integration of web applications.
- Recent experience configuring MFA technologies on the following platforms (Technology Pillars) as brokers: Moodle; SharePoint; Keycloak; Cognito.
- Demonstrated recent experience configuring Entra ID as an MFA Provider to the above MFA brokers.
- Ability to produce high-standard documentation for testing and service delivery.
- Excellent verbal and written communication skills.
- Full proficiency in English.
- Ability to communicate technical information to non-technical users in a clear and concise manner.
- Strong customer service focus with a commitment to user satisfaction.
- Patience and empathy when dealing with user issues and concerns.
- Attention to detail in documenting support activities and maintaining accurate records.
- Ability to work effectively as part of a team and share knowledge and resources.
- Willingness to collaborate with colleagues to solve complex issues.
- Strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
- Must hold the nationality of one of the NATO member nations.
