December 2020 Expense Standard Edition Admin Summary
Initial Post
Release Note Summaries
API
List Item v4 API AvailableA new version of the List Item API is available. The List Item v4 API provides solutions to retrieve and manage list items.
Business Purpose / Client Benefit: The List Item v4 API uses more secure and modern, fine-grained methods. This API uses Universal Unique Identifiers (UUIDs) and uses JSON instead of XML. Also, authentication to the List Item v4 API may be performed with a User or Company access token, providing the opportunity to apply the principle of least privilege.
List v4 API AvailableA new version of the List API is available. The List v4 API allows you to view your configured lists and create new lists within SAP Concur products.
Business Purpose / Client Benefit: The List v4 API uses more secure and modern, fine-grained methods. This API uses Universal Unique Identifiers (UUIDs) and uses JSON instead of XML. Also, authentication to the List v4 API may be performed with a User or Company access token, providing the opportunity to apply the principle of least privilege.
Authentication
**Ongoing** Deprecation of Director SAML Service and Migration to SAML v2These changes are part of the SAP Concur continued commitment to maintaining secure authentication.
Support for the Director SAML service is being deprecated. Travel Management Companies (TMCs) and SAP Concur personnel will soon begin assisting customers who currently use Director SAML to migrate to SAP Concur SAML v2 SSO (SAML v2).
Clients currently using Director SAML are encouraged to migrate to SAML V2 as soon as possible.
Deprecation of support for the Director SAML service is dependent on the following requirements:
SAP Concur technicians and TMCs assist existing SAP Concur clients to migrate from the Director SAML service to SAML V2.
All clients that currently rely on the Director SAML service have migrated from Director SAML to SAML V2.
Migration from Director SAML to SAML V2 requires the following general steps:
The client identifies an admin to act as the SSO admin and assigns the proper permission/role.
The SSO admin coordinates with their SAP Concur technician to obtain the SAP Concur SP metadata.
The SSO admin configures the SSO settings at the IdP based on information from SP metadata.
The SSO admin retrieves IdP metadata from the IdP and delivers the metadata to the SAP Concur technician.
The SSO admin adds a few testing users and tests the new SSO connection.
With successful testing, the company rolls out SSO to their SAP Concur users.
For more information about the Single Sign-On self-service option, refer to the Shared: Single Sign-On Overview (English Only) and the Shared: Single Sign-On Setup Guide (English Only).
Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.
**Ongoing** Deprecation of HMAC and Migration to SAML v2 and the SSO Self-Service ToolThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
SAP Concur support for Hash-Based Message Authentication Code (HMAC) is being deprecated. Travel Management Companies (TMCs) and SAP Concur personnel are currently assisting customers who use HMAC to migrate to SAP Concur SAML v2 SSO (SAML v2).
SAP Concur provides a Single Sign-On self-service option that enables client admins to setup their SAML v2 connections without involving an SAP Concur support representative.
The HMAC deprecation includes two phases:
PHASE I:
Clients must have an identity provider (IdP) or a custom SAML 2.0 compliant solution.
Clients begin testing authentication using SAML v2.
TMCs prepare to onboard new SAP Concur clients to SAML v2.
Customers will be notified via release notes about the official deprecation date of HMAC. As of the official deprecation date, no new clients can be onboarded using HMAC; new clients must be onboarded to SAML v2.
Existing clients using HMAC must migrate to SAML v2.
PHASE II:
TMCs have migrated all existing SAP Concur clients from the HMAC service to SAML v2.
The HMAC service is deprecated. Phase II is targeted to end mid-year in 2021.
Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.
Authentication Administration
Company Request Token Self-Service ToolOn 8 December 2020, SAP Concur released a new Company Request Token self-service tool that enables clients to generate the Company Request Token that is required to request a JSON Web Token (JWT) when connecting to APIs in the SAP Concur platform.
Requirements for generating a Company Request Token:
The client must obtain a link to the new tool from SAP Concur Client Web Services (CWS).
The client must obtain a Client ID from CWS.
A company admin must have the Web Services Administrator permission to access the Company Request Token self-service tool through the provided link.
For a request token to be issued, the Client ID (App ID) must be allowed to connect to the company.
Requirements for obtaining a JWT:
The Client ID provided by SAP Concur CWS
The client secret provided by SAP Concur CWS
The Company UUID generated by the Company Request Token tool
The Company Request Token generated by the Company Request Token tool
An admin with the Web Services Administrator permission can navigate to the Company Request Tokens page through the link provided by CWS, enter the Client ID they obtained from CWS into the App ID field, and then click Submit to generate a Company Request Token. They will also be able to generate a replacement token if one is needed.
Business Purpose / Client Benefit: The new self-service tool enables an admin with the required permissions to generate a Company Request Token without relying on SAP Concur internal staff. The new tool also enables the admin to generate a replacement Company Request Token without assistance from SAP Concur support if their Company Request Token expires or is lost.
Authorised Support Contacts
Security / Data Protection Contact Option to be Added to SAP Concur Support Portal Profile (Dec 3)SAP Concur has added an option to the SAP Concur support portal that enables Authorised Support Contacts (ASCs) to designate whether they should be contacted regarding a security or data protection topic.
Business Purpose / Client Benefit: This enhancement gives clients more control over who in their company is contacted regarding security or data protection topics, and provides greater control over which notifications an ASC receives.
Expense Assistant
Delegates Can Receive Expense Assistant Emails (16 Nov)On November 16, 2020, if claims were auto-created using Expense Assistant, delegates who have the appropriate permissions were copied on the weekly Claim Summary emails.
Business Purpose / Client Benefit: This update enhanced the delegate functionality by allowing delegates to receive the weekly Claim Summary email.
File Transfer Updates
**Ongoing** SAP Concur Legacy File Move MigrationThis Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.
SAP Concur will begin migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.
Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and the end of 2020. After they are migrated to the more efficient process, clients will see the following improvement:
With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.
This announcement pertains to the following file transfer DNS endpoints:
st.concursolutions.com
Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.
Financial Integration Service Now AvailableThe Financial Integration Service (FIS) allows an external system to interact with financial documents generated from SAP Concur, for financial postings into their financial system.
This service provides an automated solution to request available data objects such as approved expense claims, cash advances and invoices. The objects can be imported to the client internal ERP, then the integration can send posting confirmation back into Concur Expense and/or Concur Invoice.
The Financial Integration Service works with custom connectors, applications from the SAP Concur App Centre, and client-built integrations.
For more information, refer to the Shared: Financial Integration Service Setup Guide.
Business Purpose / Client Benefit: With FIS there are several benefits:
A complete end-to-end workflow of the expense claim and spend visibility between SAP Concur and ERP.
The client ERP can now send posting feedback to SAP Concur via bi-directional communication.
Posting feedback is captured in SAP Concur where claims can be either modified or sent back to employee for correction, and reposted to the ERP.
Improved accuracy and synchronisation between systems.
No more overnight processing as this process provides the client with near real-time posting and feedback.
NextGen UI
**Ongoing** Updated User Interface (UI) for Concur Expense End UsersThe continued evolution of the Concur Expense solution user interface experience is the result of thoughtful design and research that provides a modern, intuitive and streamlined experience for creating and submitting expense claims.
Concur Expense customers have the ability to preview and then opt in to the NextGen UI before the mandatory move.
Business Purpose / Client Benefit: The result is the next generation of the Concur Expense user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced user interface, but also allows us to react more quickly to customer requests to meet changing needs as they happen.
Release Notes
Preview Release Notes No Longer PublishedStarting with the January 2021 release, SAP Concur Technical Publications will no longer publish the preview release notes. This change is being made to streamline our client communication. With this change, only two sets of release notes will be published for each monthly release cycle: draft release notes and final release notes.
The 2021 Release Calendar (English Only) will be updated to reflect this change.
Business Purpose / Client Benefit: This change simplifies the release notes communications.
Security
New Warning Message When Printing An Expense Claim (Nov)Beginning with the November release, when a user prints an expense claim, a warning message now appears to inform the user that their web browser might cache some sensitive information contained in the expense claim. The message recommends clearing browser cache and deleting downloaded expense claims when they are no longer needed.
Business Purpose / Client Benefit: This change improves the security of sensitive information that might be included in an expense claim.
Updated: End of Support for Insecure Protocols and Ciphers in F5 Client SSL Profiles for VIPs (7 Oct)These changes are part of the SAP Concur continued commitment to maintaining secure authentication.
In early October, the SAP Concur networking team noted that their configuration of the Content Delivery System had been blocking the protocols in the list that follows for some time.
As such, the notice to customers that we would be making a change to our F5 Client SSL profile was superfluous, as those aspects of the existing profile were not actually available. SAP Concur made changes to the F5 Client SSL profile on 7 October as well, in the interest of maintaining a strong security profile.
This means that there was no new effect for customers, as the following protocols had already been blocked previously:
SSL v2
SSL v3
TLS v1.0
TLS v1.1
3DES cipher suite
Business Purpose / Client Benefit: This update provides ongoing security for our products and services.
Tax Administration
Delimited Tax GroupsThe ability to allow visibility and maintenance of past and future tax groups using the Tax Administration page of the Concur Expense user interface (UI) is now available.
Business Purpose / Client Benefit: The recent Value Added Tax (VAT) and sales tax changes resulting from the COVID-19 crisis required a fast and flexible check and adjustment of expense types assigned to tax groups, which need to be delimited and set up with new start dates.
Currently, Concur Expense clients can see and maintain tax groups on the Tax Administration page valid for today’s date, but the ability to control and correct assignments of expense types for past and future tax groups is new. With this change, clients can now control the view of the Tax Group Visibility page via a list, allowing clients to select Current or All for their visibility option. The Current selection displays tax groups for today's date, while All displays tax groups for past and future tax groups.
User Interface
Updating Country and Countries LabelsInstances of Country or Countries on the user interface are being updated to Country/Region and Countries/Regions, respectively.
Business Purpose / Client Benefit: This change provides a better global user experience.
Planned Change Summaries
The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.
IMPORTANT: These Planned Changes may not be all of the upcoming enhancements and modifications that affect this SAP Concur product or service. The Planned Changes that apply to multiple SAP Concur products and/or services are in a consolidated document. Please review the additional Planned Changes admin summaries available in the December 2020 Shared Planned Changes Standard Edition Admin Summary.
API
**Planned Changes** Launch External URL v4 Callout – NewThe Launch External URL v4 callout enables Concur Expense to display a field with an attached button that launches a separate browser window when clicked. The window is controlled by an application connector, created by a third-party developer or the client. The application connector is a web server that presents information in the window.
Business Purpose / Client Benefit: The Launch External URL v4 callout gives clients and third-party developers the ability to extend the functionality of the SAP Concur platform, providing a means to deliver custom user interactions, or access functionality found in an external system.
The Launch External URL v4 callout will be available for Concur Expense within SAP Concur’s mobile app and NextGen UI at the Claim Header, Expense Entry or Allocation levels, which expands the locations of the feature as compared to the previous version. The Launch External URL v4 callout will provide enhanced security benefits, such as leveraging the latest SAP Concur API authentication methods. The Launch External URL v4 will also offer additional parameters and will work in conjunction with SAP Concur’s more advanced v4 APIs.
Attendees
**Planned Changes** Enhanced Employee Attendee SearchThese changes are also part of the NextGen UI experience.
Users searching for employees to add as attendees to an expense will soon have additional filter options that can be used to narrow search results, helping make the identification of employees accurate and efficient.
Currently, searching for employee attendees can prove difficult as there may be no fields available to search by other than first name and last name.
With this update, the default advanced search view for employee attendees will automatically include the addition of email addresses and country filters.
This feature update includes the following benefits:
Accurate identification of employees, particularly for those with the same first and last name
Improved efficiency for employee searches by providing filters that help narrow relevant search results
Optional inclusion of inactive employees in attendee searches
Business Purpose / Client Benefit: This update makes searching for employee attendees more efficient.
Client Notifications
SAP Concur Non-Affiliated Subprocessors
The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)
Monthly Browser Certifications
Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Standard Edition
