EXECUTIVES - Paramount WorkPlace...SSO: This option allows for usage of 3rd party authentication services such as Windows Live, Google and custom providers. When hosting WorkPlace

01

HQ: Metro Detroit Area

Offices: GA, ND, OH, VT, VA, WA,

OR, ON 02

03Mobile & Web-Based

Cloud-Based & On-Premise

Spend Management Solutions

04

05

Founded

1995

Identifying and confirming the WorkPlace implementation scope and deployment model

Kick off meeting materials

Identifying the client’s WorkPlace Project Team Installation planning and requirements

Integrating WorkPlace project tasks into your ERP implementation Pre-requisites for WorkPlace installation

Pre-requisites for WorkPlace configuration and training sessions

Preparing for setup and configuration sessions through data gathering Review the organizational chart

Identify departments, user groups and responsibility centers

Identify users and their roles

Approval requirements and policies

Preparing your initial configuration approach and design from data gathering

Confirming and expanding the WorkPlace configuration design during KUT

Identifying and communicating client requests for additional functionality

Open Q&A

Paramount Confidential 3

WorkPlace Project Implementation Planning

Collect Pre-Sales Documentation and Client Requirements

Review WorkPlace Deployment Model– ERP and Integration Model (i.e. Direct, EAIC)

– WorkPlace Solutions

– WorkPlace Modules and Interfaces

– WorkPlace User Counts

Key Client Contact Introductions

Kick Off Meeting Materials

– Statement / Scope of Work

– Project Team and Environment Information Sheet(s)

– WorkPlace System Requirements

– Data Gathering Discussion Points and/or Worksheets Test/Production Infrastructure Details

WorkPlace Authentication Methods

WorkPlace Companies, Departments, Users, Roles

Process Workflows and WorkPlace Approval Requirements



Project Definition

– Project Kick Off Meeting

– Define project team, Review and Confirm Scope

– Complete Contact Information Sheet and assign Responsibilities

– Document Hardware Infrastructure (Test / Production)

– Introduce Data Gathering Requirements

– Detailed Project Plan and Schedule

Preliminary Design

– Requirements confirmation and process walk-throughs

– Complete Data Gathering Requirements (Users, Roles, Departments, Approvals)

Conference Room Pilot [CRP]

– Installation/Training in Test Environment

– Test Environment Setup and Configuration Key User Training

– WorkPlace Functional Key User Training

– CRP Process Testing with Core Project Team



– Identify and Document Gaps and Remediation items

– Training Sign-off

User Acceptance Testing (Client Phase)

– End User Training and Documentation

– UAT Test Plan Documentation and Execution

– Go Live Readiness Assessment

Prepare Production Environment (if applicable)

– Production installation

– Migration of Test environment configuration to Live Database

Post Implementation Support

– Project Completion

– Support Hand Off

Project Management (Ongoing)

– Perform overall resource, task, and schedule management. Conduct quality assurance reviews with project team members to provide objective oversight upon completion of key milestones.

– Regular Status Reports and/or Meetings



Installation Requirements

– Hardware and Infrastructure Availability

SQL Server – Instance Name / IP Address

IIS Server – Machine Name / IP Address

– WorkPlace Authentication Method

– WorkPlace Installation Package(s) Downloaded and Extracted

– WorkPlace License Request Planning

– Infrastructure Review (Test/Production) based on System Requirements

– ERP and Supporting Products Installed and Initiated

– Administrative Client Users or Access for SQL/AD account administration

Setup and Configuration Key User Training Readiness

– WorkPlace Installation Completed

– Key Data Gathering Activities Completed and Reviewed

– Preliminary WorkPlace Design based on Data Gathering Feedback

– Supporting ERP Functional Areas Configured and Validated



SSO:This option allows for usage of 3rd party authentication services such as Windows Live, Google and custom providers. When hosting WorkPlacein the cloud or in a DMZ outside of the internal network this option can provide access to the local Active Directory via Active Directory Federation Services (AFDS). All SQL backend operations are performed using a shared user account. Under this option the user names are the email addresses of the user.

SQL (Recommended for Partner Testing and Demonstration Environments)

SQL Name and Password are used and passed directly through to the SQL Server. This requires the user to be setup on the SQL server as a physical user and the user must have access to all databases that WorkPlace requires access. It is recommended that the SQL password encryption option is enabled in WorkPlace when using this method. Since the users have access to the databases a user could use excel or other connectable applications to access WorkPlace data if non-encrypted passwords are allowed.

SQLSHAREDSQL Name and Password for authentication only. All backend SQL operations are performed using a shared SQL user account. This method secures access to the physical database as the user account does not have access to any of the physical databases. This method is ideal in environments where other SQL applications are used and a shared SQL name and password are desired.

NTThe Active Directory user name that the user logged into Windows with (Integrated Authentication) or the Active Directory user that was entered on the Basic Authentication window (Non-Integrated Authentication) is simply passed through to the SQL Server. This method as well as the SQL option both have the same drawbacks in that the user could use an external application to get access to the SQL databases unless a firewall is enabled. This method also suffers from the Double-Hop syndrome whereas the SQL Server, Web Server and Client machines must all be enabled for delegation at the Active Directory level as standard Kerberos authentication does not allow the client browser to authenticate to the web server and then allow the web server to impersonate the credentials to the SQL server.

NTSHARED (Recommended for Client Environments)The Active Directory user name that the user logged into Windows with (Integrated Authentication) or the Active Directory user that was entered on the Basic Authentication window (Non-Integrated Authentication) is used to identify the user to WorkPlace. The SQL backend operations are all performed using a shared SQL account. This method is the preferred model in larger organizations as the user cannot access the databases via external applications and all password and account management is at the Active Directory level. This option also eliminates the double-hop issue with Active Directory.

8


Forms

The Active Directory user name that the user logged into Windows with is used to authenticate against the WorkPlace Web Server using IIS

Forms Authentication. Once authenticated against the web site, the user’s credentials are passed to the WorkPlace solution which will

authenticate against the application level security. All SQL backend operations are all performed using a shared SQL account. This method is a

preferred model in larger organizations as the user cannot access the databases via external applications and all password and account

management is at the Active Directory level. This option also eliminates the double-hop issue with Active Directory.

APPUser accounts and passwords are managed by WorkPlace exclusively and all SQL backend operations are performed using a shared user

account. Under this option the user names are the email addresses of the user. The key benefit with this method is that if users forget their

passwords they can simply click a “forgot password” button on the logon page and reset their own passwords. This method is ideal for

environments where account management at the SQL or NT level is not ideal or empowering the user to manage their own password cuts

administrative overhead.

9


Sample Data Gathering Organizational Chart



Sample Business Process and Approval Requirements

General

– All Managers report directly to the Controller

– All computer items must be approved by the IS Department Manager

– All Time and Expense Transactions must be approved by the respective

Department Manager

Information Systems Department

– Line items on a requisition > $10 must be approved by the Department Manager.

Quality Assurance Department

– Line items on a requisition > $10 must be approved by the QA Department

Manager.

– Line items on a requisition > $500 must be approved by the Controller.




Questions

Our Goal

To help people transform spend management and enhance efficiency, collaboration,

and ROI across their entire organization.

Develop intuitive and advanced web-based & mobile spend management solutions.

ParamountWorkPlace.com

Our Mission

Documents

EXECUTIVES - Paramount WorkPlace...SSO: This option allows for usage of 3rd party authentication services such as Windows Live, Google and custom providers. When hosting WorkPlace