Capture Analytics security enables you to control the following:
The most common approach is to base security on user groups. You set up user groups, specify the access you want each group to have, and assign each individual user to the appropriate group. If you decide to provide access to Capture Analytics data for some users based on an alternate field, you specify that access on a user-by-user basis. No security information is extracted from GovWin Capture Management. You set up the user groups and users for Capture Analytics by entering them in Microsoft® Excel spreadsheets. |
In this topicAbility to Run Capture Analytics Access to Data Based on Organization Access to Data Based on an Alternate Field Ability to Modify Capture Analytics |
Capture Analytics fully supports “single sign on” authentication with Microsoft® Windows® Active Directory Services (ADS). Currently, the product does not support single sign on with directory services other than ADS. It also does not support any authentication other than single sign on.
When you set up Capture Analytics security, you provide each user’s network user ID. Then, when someone runs Capture Analytics, the system confirms that network user corresponds to a user set up in Capture Analytics. If that is the case, Capture Analytics opens without requiring an additional log-on procedure.
If Capture Analytics cannot find a user with a matching network user ID, that person cannot open Capture Analytics.
For each user group, you can do either of the following:
Give the group complete access to all of the Capture Analytics tabs.
Give or deny the group access to each of the tabs individually.
If your firm does not want to monitor one of the analytic areas that Capture Analytics provides, you can essentially remove that area by denying all groups access to the corresponding tab. Capture Analytics does not display a tab to which the user does not have access.
If you assign opportunities to organizations, you can control access to data in Capture Analytics by specifying the organizations for which each user group can view data.
For each user group, you can do either of the following:
Give the group complete access to the data for all organizations.
Restrict the group’s access to selected organizations only.
Because Capture Analytics is primarily intended for executives, the default way to control access to the analytic data is based on the organizations to which opportunities are assigned. However, some firms want to provide Capture Analytics to managers and supervisors for whom security based on organization may not provide the necessary access. For example, you may want a project manager to have access to data for the opportunities assigned to him or her, but those opportunities may be assigned to more than one organization. In addition, some firms do not assign opportunities to organizations, or do so inconsistently, making organization-based security unworkable.
In these cases, you can specify an opportunity field other than organization on which you want to base security for some or all Capture Analytics users. For more information on this option, see Security Based on an Alternate Field: Key Concepts and related topics.
Capture Analytics is designed to be modified to provide the analysis that your firm needs. However, you need to control carefully the users who are allowed to add or modify analytical objects and tabs. To do that, you specify for each user group whether or not members of that group have modification rights.
During implementation of Capture Analytics, as you are loading data and verifying that the product is functioning as you want it to, having security in place can slow that process. You have two options for disabling or partially enabling security to facilitate implementation:
No security — In Capture Analytics Configuration, select No in Apply Security. This disables all Capture Analytics security. Anyone with network access to the Capture Analytics files can open Capture Analytics, display all tabs, and view all available data.
Non-SSO security — In Capture Analytics Configuration, select Yes in Apply Security and select Yes in Prompt Users for Login and Password under Single Sign On. You may want to do this while you are testing security settings. Because it bypasses single sign on authentication, it enables you to log into Capture Analytics more quickly using various user IDs to confirm that they have the correct access. If you instead implement single sign on, you will have to log out of the network and log back on each time you want to test another user ID.
Deltek strongly recommends that you implement single sign on user authentication when you are ready to make Capture Analytics generally available to your users. Deltek does not recommend or support making the analytics available without single sign on authentication.
The standard procedure for setting up security during implementation of Capture Analytics commonly involves the following basic steps:
Edit the security setup files to provide the users and user groups with the access that you want them to have.
Use the security-related configuration options to activate security in Capture Analytics.
Run an update process to apply the access specified in the security setup files to Capture Analytics.
For detailed instructions, see Set Up Security.
To control access to the security information, be sure you take the steps necessary to secure the following files:
CostpointAnalyticsOrgSecuritySetup.xlsx
CRMAnalyticsEmployeeSecuritySetup.xlsx
Capture Analytics provides no internal security for the configuration applications and related files. Be sure that only the appropriate persons have access to the network folders in which you installed Capture Analytics.