April 2019 Request Standard Edition Admin Summary
Initial Post
Release Note Summaries
Request
**Ongoing** Email Infrastructure Change - Add IP Addresses to Safe Sender ListSAP Concur is transitioning to a new email infrastructure for outbound email from our services to SAP Concur users. Because of this, companies who filter inbound email based on the sending IP address must add new IP addresses to their Safe Sender list to ensure that their users receive email from SAP Concur.
Initially, the issue described here affected only companies that use Concur Expense. Starting in January, email from other SAP Concur services (such as Travel and Concur Pay) will move to the new email infrastructure.
We will continue to add other services. Please monitor the release notes for more information about the timing of the additional changes.
Reminder: No Personal or Sensitive Data in Custom FieldsAll companies must take all reasonable steps to protect the personal and sensitive information of their employees. As per recommended security-related best practices, remember that custom fields should not contain personal and sensitive data.
NEXT STEPS
If your company is currently using custom fields to store personal or sensitive data (for example, Social Security numbers, family member names or any other personally identifying information), you should plan to remove this information from your existing fields within the service and modify your current configuration.
Refer to the FAQ (English Only) for additional information.
Planned Change Summaries
Request
**Planned Changes** Authentication: Forgot Password Feature, Security Questions and Password Custom TextThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
In a future release, SAP Concur will add a new Forgot Password feature to the SAP Concur Sign In page, providing an updated experience for users who log in with user name and password credentials.
Currently, depending on a company's configuration, there may be several other options available for the forgotten password process. When the new Forgot Password feature becomes available (targeted for 11 May), those additional options will be removed. They are:
- Security Questions: Users will no longer receive security question prompts for login authentication.
- On-page text: Company custom text will no longer display.
- Password hints: The Send me an email with my password hint option will no longer be available.
Business Purpose / Client Benefit: This feature provides greater security for user passwords and streamlines the user experience.
**Planned Changes** Authentication: New SAP Concur Sign In PageThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
SAP Concur is planning to add a new Sign In page, providing an updated login experience for users who log in with a user name and password credentials. Current Single Sign-On (SSO) users will be able to start the SSO login process at https://www.concursolutions.com. This feature is planned for 2019.
The new Sign In page feature includes the following:
Two-step login: provides enhanced security, meets current industry standards and provides a better login success rate
Multi-account login: allows administrators to log in with multiple accounts (planned for a future release)
User avatar: enhances the user experience (planned for a future release)
Business Purpose / Client Benefit: This feature provides better security and a faster, convenient experience for users logging in to SAP Concur products and services.
**Planned Changes** Authentication: No Future Bulk Password Resets or Updates via Import FileThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
The password field in the 100, 300, 305 and 310 record sets will no longer be used to update or bulk reset user passwords. SAP Concur will change the functionality in imports such that the password field is only used when a user account is created. The field will no longer be used to update or bulk reset user passwords. The update and replace password features on the 100 record will no longer be used.
This change impacts the employee import and the user import features.
EMPLOYEE IMPORT
The password field will remain available in the 100, 300, 305 and 310 record sets, but will only be read during an initial import of the file or when creating a new user in the system. Subsequent uses of the field will be ignored by the system. The update and replace password features on the 100 record will no longer be used.
For general information about this functionality, refer to the Shared: Employee Import User Guide for Concur Standard Edition (English Only).
USER IMPORT
The password field will remain available in the downloadable Excel template, but will only be read during an initial import of the file or when creating a new user in the system. Subsequent uses of the field will be ignored by the system.
For general information about this functionality, refer to the Shared: User Setup Guide for Concur Standard Edition (English Only).
Business Purpose / Client Benefit: This change provides greater security for user passwords.
**Planned Changes** Authentication: Single Sign-On (SSO) Self-Service Option Coming to SAP ConcurThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
Single Sign-On allows users to access multiple applications using one set of login credentials. Currently, SAP Concur has two methods for signing in: with a user name and password or using SSO with identity provider (IdP) credentials, such as a user's login credentials for their organisation.
SAP Concur is planning to add a Manage Single Sign-On (SSO) feature to SAP Concur products that provides clients with a self-service option for setting up SSO for their organisation. SSO is currently supported for Concur Expense, Invoice, Request and Travel.
The new Manage Single Sign-On (SSO) feature is a replacement tool for clients using existing SSO configuration and a new tool for clients that now want to implement SSO at their organisation. Existing SSO configuration and the new SSO Self-Service tool will both be available until everyone has migrated to the new SSO Self-Service tool.
Other SAP Concur products and services are outside the scope of this initial release.
Business Purpose / Client Benefit: This feature provides SAP Concur clients with a self-service option for setting up SSO.
**Planned Changes** SAP Concur Product Access ChangesCustomers will need to access SAP Concur products and services via the following domains:
- *.concursolutions.com
- *.concurcdc.cn
This change is targeted for 8 June 2019.
SAP Concur recommends clients migrate to one of the domains at their earliest convenience, if they are not already using one of them.
Please contact appsec@sap.com for any questions regarding this change.
Business Purpose / Client Benefit: This change will allow customers to access SAP Concur services in a consistent, secure manner.
Client Notifications
SAP Concur Non-Affiliated Subprocessors
The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)
Monthly Browser Certifications
Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Standard Edition
