Enterprise Level Infrastructure & Security

Microsoft Azure Infrastructure

Aproove Work Management is hosted in the Microsoft Azure cloud infrastructure. (Alternative options available)

Ninety percent of Fortune 500 companies trust their business to run on the Microsoft cloud infrastructure, and the general feedback from our customer base was a preference to use Microsoft Azure instead of Amazon Web Services. This was mainly due to competition concerns in the retail, healthcare, and pharmaceutical sectors.

Microsoft Azure gives a robust and scalable hosting platform with global instances to better serve our client base, no matter where they are in the world. Global instances allow us to offer a 99.99% uptime due to our data replication and failover strategy, which are all built into our cloud infrastructure. (For our European customer's local redundant instances ensure GDPR compatibility).

Aproove Work Management Enterprise Edition

Many SaaS companies use a multi-tenant hosted server, even for Enterprise customers. This can be problematic for those seeking a higher level of security, or those that require a true corporate Single Sign-On mechanism.

Not having alternative infrastructure options may require you to compromise your security policies, or not use a system at all. 

Another potential issue is scalability. In a multi-tenant environment, you cannot dictate the size or configuration of your server. For enterprise customers, this can be an issue, especially when they have hundreds or even thousands of users.

Aproove WM understands that Enterprise customers may have even more specific requirements, and therefore, we offer the following deployment options:  

1. Fully hosted and managed, dedicated Microsoft Azure environment (Allowing enterprise customers to deploy individual security settings and SAML 2.0 Single Sign-On (SSO).
   
   
2. Enterprise customers can opt to deploy Aproove WM into their corporate cloud infrastructure. (eg. Amazon Web Services or dedicated on premise hardware).
   
   
3. Deploy a hybrid model with the Web front end in a Microsoft Azure-hosted environment or your dedicated cloud infrastructure. The processing engine (RIP) would get deployed on your local network. (This option is interesting for high volume production facilities who do not want to upload files into the cloud and may want to use hot-folder capabilities.)

Aproove WM can also have multiple RIPs deployed in different regions communicating to one or several web-servers.

Aproove WM will discuss enterprise requirements on a case by case basis and provide bespoke infrastructure and pricing based on specific use and business requirements.  

Single Sign On (SSO)

Aproove WM fully supports SAML 2.0 for single sign-on using dedicated cloud infrastructure for each enterprise customer (not multi-tenant).

Many software as a service platforms offer Single Sign-On for enterprise customers. Typically, the SSO provided is using the Auth0 protocol that points to a multi-tenant infrastructure that is not compliant with many enterprise security policies.

Using SAML 2.0 for Single Sign-On with a dedicated cloud infrastructure ensures that our enterprise clients do not need to compromise on security.

Enterprise customers retain control as the Identity Provider (IDP), with Aproove WM acting as the service provider (SP). This means no passwords ever need to be stored or exposed inside the Aproove Work Management platform.

Aproove Work Management Login Portal

Aproove Work Management comes with one user login Portal, which can be used for SSO or with Aproove's own in-built user management.

Additional user login Portals can get added for scenarios such as;

• The need to add additional clients to your Aproove Work Management instance, and each client requires a dedicated SSO entry point.
  
  
• The need to have SSO for your internal requirements, but locally managed users for clients (or the other way around).

Having the ability to add login portals allows you to uphold the strict SSO compliance regulations and expand your system without having to purchase a full Aproove Work Management license in each scenario, giving you unique flexibility around SSO and deployment. 

Perhaps you want to invite a "guest" user to review a proof, and the user is not registered inside Aproove WM. That user could potentially forward the invite email to someone else who could then log into the system.

Using 2FA, the person who received the invite would receive a second email containing a code required to gain access. This code would only be valid for one session. 

• 2FA can get applied across any, or all users
• 2FA can get applied at specific stages in the workflow; Perhaps you only want to use 2FA when a user makes a decision such as approving a proof. 

This flexibility means that the Two Factor Authentication feature can get used where it is most appropriate to meet your security needs. 

e-signature 21 CFR Part II Compliant

Aproove WM is compliant with the United States Food and Drug Administration (FDA) regulations on electronic signatures. The purpose of this compliance is to ensure electronic signatures can be trusted as much as paper records and ink signatures. 

The e-signature 21 CFR, Part II Compliance, is part of Title 21 of the code of Federal Regulations that establishes the United States Food and Drug Administration (FDA) regulations on electronic signatures. 

For more information, please refer to chapter 11 of the  Code of Federal Regulations.