May 2020 Request Standard Edition Admin Summary
Initial Post
Release Note Summaries
Authentication
Old Sign-In Experience No Longer AvailableOn 31 October, 2019, SAP Concur introduced a new experience for users signing into SAP Concur.
Since introducing the new sign in experience, users have been able to choose between signing in through the new Sign In page and reverting to the old sign-in experience. Beginning with the May release, the old sign-in experience is no longer available.
Business Purpose / Client Benefit: The new sign-in experience provides better security and is faster and more convenient for users logging in to SAP Concur products and services. This change makes the sign-in experience uniform for all users.
**Ongoing** Deprecation of HMAC Initiates Migration to SSO Self-ServiceThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
SAP Concur will soon begin the deprecation process of removing Hash-Based Message Authentication Code (HMAC) as an SSO option. The replacement service for HMAC is SAML SSO, a self-service method of setup whereby client admins have access within SAP Concur to complete their SAML connections.
Clients currently using HMAC are encouraged to migrate to the SSO self-service tool as soon as it is released (targeted for Q2 2020). The new SSO self-service tool allows multiple portals (Identity Providers) to be added.
The HMAC deprecation includes two phases:
PHASE I:
- Clients must have an Identity Provider (IdP) or a custom SAML 2.0 solution.
- Clients begin testing the new SSO self-service tool.
- Travel Management Companies (TMCs) prepare for onboarding new SAP Concur clients using the new SSO self-service tool, which is targeted for release in Q2 2020.
- Once the SSO tool is available, customers will be notified via release notes about the official deprecation date of HMAC. As of the official deprecation date, no new clients can be onboarded using HMAC; new clients must be onboarded using the new SSO self-service tool.
- Existing clients using HMAC need to be migrated using the new SSO self-service tool.
PHASE II:
- Travel Management Companies (TMCs) continue migrating existing SAP Concur clients from the HMAC service to the new SSO self-service tool.
- Shut down the HMAC service after everyone has migrated from HMAC to the new SSO self-service tool. Phase II is targeted to end mid-year 2020.
Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.
Data Retention
Manage Holds & Purge Users Description Updated (3 April)The description of the Manage Holds & Purge Users data retention feature that appears on the Administration > Company > Data Retention page has been updated.
Business Purpose / Client Benefit: This update provides more accurate information about where a user with the Data Retention Administrator role can find the Hold User, Remove Hold and Purge User buttons.
File Transfer Updates
**Ongoing** SAP Concur Legacy File Move MigrationThis Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.
SAP Concur will begin migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.
Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and the end of 2020. After they are migrated to the more efficient process, clients will see the following improvement:
- With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.
This announcement pertains to the following file transfer DNS endpoints:
- st.concursolutions.com
Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.
Miscellaneous
Modified Home Page Appears When Some Products and Services Are Unavailable (20 March)When a user signs into SAP Concur, if some products or services are unavailable while other products and services are up and running, a modified version of the user’s Home page appears, providing access to the products and services that are up and running.
Prior to implementing this improvement, if a user attempted to sign in to SAP Concur when one or more products or services was not available, a 503 (service unavailable) message appeared, the user’s Home page could not be accessed, and the user had to wait until all services and products were available before signing in to SAP Concur.
Business Purpose / Client Benefit: This enhancement enables users to complete tasks that rely on the products and services that are up and running even when other products and services might be unavailable.
Users Connecting to the US Data Centre Are Redirected to us1.concursolutions.comBeginning in May, users who connect to the US Data Centre through www.concursolutions.com will be redirected to us1.concursolutions.com.
Business Purpose / Client Benefit: This change makes the format of the URL for SAP Concur data centres consistent from one data centre to another. For example, users connecting to the EMEA data centre are redirected to eu1.concursolutions.com.
Product Settings
Custom Fields Page Redesigned (27 May)The Custom Fields page in Product Settings has been redesigned. No existing features or functionality have been removed. Some functionality has moved.
The redesigned Custom Fields page includes the following significant changes:
- The page has been renamed from Manage Custom Fields to Custom Fields.
- The Custom Fields page now includes two tabs, Custom Fields and Fields We Track.
- Some functionality that was previously accessed from the Custom Fields page has been moved to a new page, Manage Visibility.
- Search functionality has been added to the Custom Fields page.
- The Custom Fields tab provides a Basic View and an Advanced View.
- Guided set-up functionality is included on the Manage Visibility page.
In addition to these significant changes, minor and cosmetic changes have also been made to the Custom Fields page.
Business Purpose / Client Benefit: These updates improve custom field management by providing a better end user experience.
**Ongoing** User Accounts Page RedesignedThe User Accounts page in Product Settings is in the process of being redesigned. The functionality remains fundamentally the same.
The redesigned pages are being made available to clients in phases during a trial period. A small number of clients can opt-in now to use the redesigned interface. Between 30 April and 11 June, additional clients will be given access to opt-in to the redesigned interface. On 11 June the new interface will become the only user management interface available to clients.
Business Purpose / Client Benefit: The redesigned user management interface provides a better end user experience.
Security Enhancements
New SSL Certificate for concursolutions.comIn an effort to ensure the ongoing security of our products and services, SAP Concur has issued a new concursolutions.com SSL certificate. The current certificate expired on 14 April, 2020.
Any customer who pinned the expired certificate needed to update to the new certificate prior to 14 April, 2020. If the pinned certificate was not updated prior to 14 April 2020, your organisation and users will experience disruption to SAP Concur products and services.
Customers who have not pinned the certificate do not need to take any action as the new certificate was updated automatically. Most customers do not pin the certificate.
Please be aware: As an enhancement to our Security and Compliance programme, this certificate will be updated on an annual basis.
Business Purpose / Client Benefit: This update provides ongoing security for our products and services.
Planned Change Summaries
The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.
Next Generation (NextGen) Request
**Planned Changes** New User Interface for Concur Request End UsersSAP Concur is dedicated to the consistent improvement of our products, not only the features they provide, but also the experience of using those features. How users interact with technology changes over time, along with needs and expectations. We are constantly listening to our customers and soliciting feedback on how we can improve the user experience.
NextGen Request is the continued evolution of the SAP Concur user experience. It was built and will continue to be informed by what we learn from both user research and behavioural data.
Customers will have the ability to preview and then opt in to NextGen Request before the mandatory cutover.
Business Purpose / Client Benefit: The result is the next generation of the Concur Request user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced UI, but also allows SAP Concur to react more quickly to customer requests to meet changing needs as they happen.
SAP Concur Platform
**Planned Changes** Deprecation of Existing Concur Request APIs (v1.0, v3.0, v3.1) (1 December)SAP Concur will be deprecating the existing Concur Request APIs (v1.0, v3.0 and v3.1) in a future release (targeted for 1 December, 2020). Those APIs will be replaced by the Concur Request v4 APIs.
Business Purpose / Client Benefit: The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.
In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not ISO-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.
Client Notifications
SAP Concur Non-Affiliated Subprocessors
The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)
Monthly Browser Certifications
Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Standard Edition
