Section 1: company and contract terms
- Vendor legal entity, registered address, primary regulator if applicable.
- Minimum contract term and renewal mechanism (auto-renew, opt-out window).
- Minimum seat or MAU commitment for the duration of the term.
- Termination for convenience clause and any refund mechanism.
- Data residency options (US, EU, UK, APAC, other).
Section 2: pricing breakdown
- Per-user / per-MAU / per-connection rate at the requested tier.
- Annual minimum or contractual seat floor.
- Volume discount table (published or negotiated).
- List of add-on modules and per-module pricing.
- SMS MFA delivery cost (per message or bundled).
- Sandbox or non-production tenant fee.
- Implementation and professional services rate card.
Section 3: technical capability
- SAML 2.0, OIDC, SCIM 2.0 support and conformance evidence.
- Passkey support (device-bound, synced, cross-device).
- Conditional access policy depth (network, device posture, risk).
- Lifecycle management (joiner, mover, leaver workflows).
- Integration catalogue depth and partner-built connectors.
- API rate limits and webhook support.
Section 4: security and compliance
- SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018 attestations.
- FedRAMP authorisation status if applicable.
- HIPAA business associate agreement availability.
- Incident notification SLA and contractual breach handling.
- Penetration test cadence and summary report availability.
Section 5: support and SLA
- Availability SLA target and credit mechanism.
- Severity 1 response and resolution targets.
- Support tier definitions and pricing for each.
- Named technical account manager availability.
- Quarterly business review cadence.
Last verified June 2026.