Access Control

Home » Support & Help Resources » Capexplan Security: Frequently Asked Questions » Access Control

Access Control

Q: Do your information systems have access control measures at both the network and application levels? Do you offer a Single Sign-On (SSO) solution? If so, please specify.

A: Yes, we implement access controls at both the network and application levels. Our servers are secured with two-factor authentication (2FA) and authenticators. For our software, we provide SSO using SAML 2.0.

Q: Do your information systems have identity management systems?

A: Yes, we use Azure for infrastructure identity management. The system identification on our platform is custom-built.

Q: Do you periodically review access accounts and assigned permissions? How often? Is the review period the same for standard and privileged accounts? Please specify.

A:

  • For Capexplan software: No, access management is handled by each account’s Super User, who determines user access and permissions. We only track one user per account—the account admin—to ensure the correct individual holds this role. The account admin, by default, has full software permissions.
  • For internal access controls (to our internal systems): Yes, we conduct ongoing monitoring and perform a monthly review to ensure that team members have the appropriate access and permissions.

Q: Is a user access provisioning process defined and implemented to authorize, record, and communicate data and asset access changes?

A: Yes, Capexplan includes detailed permission controls for each user, allowing precise access management. Additionally, all actions are logged and can be reviewed in the activity log dashboard for tracking and auditing purposes.

Q: Are logging and monitoring policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained? If so, please specify or provide them.

A: Yes, logging and monitoring are implemented in our systems. Logs are accessible through the software’s UI for user activity tracking. Server logs are confidential and can only be accessed by our sysadmin technical team to ensure security and compliance.

Q: Can the access control mechanism of your platform be integrated with Neptune’s proprietary Okta solution? If not, what access control mechanism is used?

A: Yes, our platform supports SSO using SAML 2.0, making it fully compatible with Okta.

Q: How are access profiles managed within the platform (through groups, roles, attributes, etc.)? Please specify.

A: In Capexplan, access is managed through a combination of users, profiles, and roles:

  • Each account starts with one user—the account admin, who has full control.
  • The account admin can create super users and regular users, assigning custom permissions to each.
  • For multiple users requiring the same permissions, Profiles can be created. Permissions are assigned to the profile, which can then be applied to multiple users. This simplifies management and makes updates more efficient.
  • The platform also includes Roles, which define specific permissions for individual CAPEX requests. For example, a user can be assigned as a Site Superintendent on a single request, granting them specific permissions for that project only.
  • Additional granular access control functions are available, ensuring that super users have full flexibility in managing who can view and perform specific actions.

Q: Is it possible to create shared access accounts for your platform?

A: Yes, Capexplan is sold on a per-seat basis, meaning each seat requires a unique username and password. However, departments within a customer organization can share an account if needed. For example, a building’s maintenance department could use a single login for the entire team. In such cases, users would need to add a custom field to specify who performed each action for tracking purposes.

Q: What is the URL or URLs of the portals through which users will access the platform?

A: By default, users can access the platform at www.almiranta.com/CapExPlan. However, some companies request a custom URL that includes their company name. This can be accommodated upon request.

Q: Who creates Neptune access accounts and assigns permissions—you or Neptune staff?

A: During implementation, we initially set up the customer account to streamline the process and accelerate the go-live (as we only invoice at go-live). However, we provide training to the customer’s super users, enabling them to create new users and assign permissions independently—no coding required. This training is part of the early implementation phases, ensuring that super users can manage user access early in the process.

Q: How are dormant accounts managed, and what is the process for deactivating unused accounts?

A: There are no dormant accounts. Once a customer stops using our software, their account is deleted to ensure data security and compliance.

Q: Is multifactor authentication (MFA) mandatory for privileged accounts?

A: No, MFA is optional and can be enabled per customer. All customers have access to MFA settings within the software and can enforce it for their users if desired.

Scroll to Top