September 2021 Concur Expense Standard Edition Admin Summary
Update #2
Release Note Summaries
Authentication
Support for HMAC Now DeprecatedThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
SAP Concur support for Hash-Based Message Authentication Code (HMAC) has been deprecated.
SAP Concur provides a Single Sign-On self-service option that enables client admins to set up their SAML v2 connections without involving an SAP Concur support representative.
For more information about the Single Sign-On self-service option, refer to the Shared: Single Sign-On Overview (English Only) and the Shared: Single Sign-On Setup Guide (English Only).
Business Purpose/Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.
Authentication Administration
New Company Request Token Self-Service ToolIn late August, a new Company Request Token self-service tool will be available to SAP Concur admins who have been assigned the Company Admin or Web Services Admin role.
The Company Request Token self-service tool enables clients to generate Company Request Tokens without contacting SAP Concur support. This tool also enables clients to generate a replacement Company Request Token without assistance from SAP Concur support if their Company Request Token expires or is lost.
Business Purpose/Client Benefit: The Company Request Token self-service tool enables clients to generate Company Request Tokens without contacting SAP Concur support. This tool also enables clients to generate a replacement Company Request Token without assistance from SAP Concur support if their Company Request Token expires or is lost.
Client Web Services
Register Partner Application Page No Longer ActiveOn 21 August, the Register Partner Application page was deactivated.
With the October release, a new application management self-service tool will replace the Register Partner Application page.
For more information, refer to the **Planned Changes ** Self-Service Tool for Application Management note in the September Final Shared Planned Changes (English only) release notes.
Prior to the release of the new self-service tool, clients with SAP Concur Client Web Services can contact Client Web Services to register new applications.
Clients who do not have SAP Concur Client Web Services can still contact SAP Concur support to obtain an App ID as needed.
Business Purpose/Client Benefit: The Register Partner Application page was used to create OAuth 1.0 (legacy) applications. OAuth 1.0 was deprecated on 4 February 2017.
For more information about the deprecation of OAuth 1.0 and migration to OAuth 2.0, refer to the SAP Concur Developer Portal.
The new self-service tool for application management will enable clients to create OAuth 2.0 compliant applications.
Concur Mobile App
Android / iPhone / iPad – Concur Mobile Registration Page UpdateIn late September, the Concur Mobile Registration page will be updated. To navigate to the updated Concur Mobile Registration page, click Profile > Profile Settings > Concur Mobile Registration. The updated Concur Mobile Registration page includes three new sections:
Mobile Sign-In Policies
Sign-In IDs
Download the App
Business Purpose/Client Benefit: The Concur Mobile Registration page update provides users with more information on their sign-in IDs and their organisation's mobile sign-in policies.
Custom Fields
Existing List Items Included in Downloaded List Import TemplateBeginning with the September release, when an administrator downloads the list import template file from the Custom Fields > Manage List Items > Edit List page in Product Settings, if the list has 1,000 or fewer list items, those list items are included in the downloaded file and they can be updated via the import template when the file is uploaded.
Prior to this change, existing list items were not included in the downloaded list import template.
Business Purpose/Client Benefit: This change enhances the functionality of the list import template.
File Transfer Updates
**Ongoing** Mandatory SFTP with SSH Key AuthenticationThis release note is intended for technical staff responsible for file transmissions with SAP Concur products. For SAP Concur customers and suppliers participating in data exchange through various secure file transfer protocols, SAP is making changes that provide greater security for those file transfers.
As of 10 April, 2021, non-SFTP (Secure File Transfer Protocol) protocols and SFTP password authentication are not allowed to connect to SAP Concur for file transfers:
Non-SFTP file transfer accounts must switch to SFTP with SSH Key Authentication.
SFTP file transfer accounts that use password authentication must switch to SSH key authentication.
SFTP password reset requests require the client to provide an SSH key for authentication.
st.concursolutions.com
st-eu.concursolutions.com
vs.concursolutions.com
vs.concurcdc.cn
Business Purpose / Client Benefit: These changes provide greater security for file transfers.
**Ongoing** SAP Concur Legacy File Move MigrationThis Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.
SAP Concur is in the process of migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.
Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and 24 January 2022. After they are migrated to the more efficient process, clients will see the following improvement:
With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.
This announcement pertains to the following file transfer DNS endpoints:
st.concursolutions.com
Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.
Rotating PGP Key Available for File TransfersFiles transferred to SAP Concur products must be encrypted with the SAP Concur public PGP key, concursolutionsrotate.asc.
concursolutionsrotate.asc
Key file is available in client’s root folder
Key ID 40AC5D35
RSA 4096-bit signing and encryption subkey
Key expires every 2 years
Client is responsible for replacing the key before it expires
Next expiry date: 4 September 2022
SAP Concur plans to replace the current rotating public PGP key in the client’s root folder 90 days before the expiration date
The SAP Concur legacy PGP key (key ID D4D727C0) remains supported for existing clients but will be deprecated in the future.
SAP Concur strongly recommends that clients use the more secure rotating public PGP key for file transfers. To facilitate the use of the more secure rotating public PGP key for file transfers, SAP Concur added the key to existing client’s home folders on Friday 15 January 2021.
This announcement pertains to the following file transfer DNS endpoints:
st.concursolutions.com
mft-us.concursolutions.com
vs.concursolutions.com
st-eu.concursolutions.com
mft-eu.concursolutions.com
Business Purpose / Client Benefit: The rotating public PGP key provides greater security for file transfers.
Financial Integration
Default VAT Reclaim Codes Removed When Connecting an ERPWith the September release, when a client first connects SAP Concur to their ERP accounting software, the default reclaim codes in SAP Concur are removed and must be remapped.
Business Purpose/Client Benefit: This change helps to ensure that the correct VAT reclaim codes are associated with expense types in Concur Expense.
Localisation
Updated Translation for Attendee Term (Traditional Chinese)With the September release, SAP Concur plans to change the following terms in the Traditional Chinese version of the SAP Concur user interface to bring consistency to the translation of Attendee(s):
English Term | Current Traditional Chinese Term | Updated Traditional Chinese Term |
|---|---|---|
Attendee | 出席者 | 參與者 |
Attendees | 出席者 | 參與者 |
Business Purpose / Client Benefit: These revisions provide a more accurate translation and improved user experience.
NextGen UI
**Ongoing** Updated User Interface (UI) for Concur Expense End UsersThe continued evolution of the Concur Expense solution user interface experience is the result of thoughtful design and research that provides a modern, intuitive and streamlined experience for creating and submitting expense claims.
Concur Expense customers are now strongly encouraged to preview and then move to the NextGen UI well before the automatic transition date of 1 October, 2022.
Business Purpose/Client Benefit: The result is the next generation of the Concur Expense user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced user interface, but also allows us to react more quickly to customer requests to meet changing needs as they happen.
Product Settings
Page Design ChangesWith the September release, the design of the Product Settings page in Concur Standard Edition is updated.
Business Purpose/Client Benefit: This update improves the usability of the Product Settings page and prepares the Product Settings page for future enhancements.
Web Services Administration
**Ongoing** Application Connector Username and Password Length Requirements UpdatedTo meet new security requirements, the length of the username and password associated with an application connector must be at least 10 characters long and not more than 50 characters long.
Some clients currently have usernames and passwords configured that do not meet these parameters. In a future release, these parameters will become enforced requirements.
To avoid disruption of callouts through application connections, usernames and passwords that do not meet these requirements must be updated before this change is implemented. SAP recommends updating your application connector username(s) and password(s) as soon as possible.
Application connection usernames and passwords can be updated by an administrator with the Company Admin or Web Services Admin role.
Business Purpose / Client Benefit: Enforcing password and username length restrictions improves the security standards for callouts made through the application connector.
Planned Change Summaries
The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.
IMPORTANT: These Planned Changes may not be all of the upcoming enhancements and modifications that affect this SAP Concur product or service. The Planned Changes that apply to multiple SAP Concur products and/or services are in a consolidated document. Please review the additional Planned Changes admin summaries available in the September 2021 Shared Planned Changes Standard Edition Admin Summary.
Expense Pay Classic
**Planned Changes** Decommission of All Currencies
Currently, SAP Concur is planning to decommission the legacy Expense Pay classic solution effective 01 January 2022. As we move into the next phase of our pay strategy via payment provider solutions, this decommission will require customers using Expense Pay classic to enable alternative solutions. SAP Concur has been pursuing a multi-year effort to transition our portfolio of payment solutions to payment-provider-enabled solutions. This is evidenced by our existing Expense Pay Global solution with Bambora and planned Expense Pay Flex solution with Western Union Business Solutions. Payments for Expense Pay classic for all currencies will discontinue to employees and credit card providers as of 15 December, 2021. Customers using Expense Pay classic have been communicated with directly regarding this change.
Business Purpose/Client Benefit: This change is part of a transition to payment-provider-enabled solutions to support future product enhancements and richer integration.
Product Settings
**Planned Changes** Activation WizardBeginning with the October release, SAP Concur plans to offer an Activation Wizard for some new clients who are implementing Concur Expense Standard Edition. SAP Concur plans to implement the Activation Wizard for all new clients in November 2021.
The Activation Wizard is an in-product, self-service guidance system that enables these clients to implement the core features of Concur Expense without the assistance of an SAP Concur activation coach.
Business Purpose/Client Benefit: This feature enables clients to configure the core features of Concur Expense Standard Edition at their company without requiring the assistance of an SAP Concur activation coach.
Client Notifications
Accessibility Updates
SAP implements changes to better meet current Web Content Accessibility Guidelines (WCAG). Information about accessibility-related changes made to SAP Concur solutions is published on a quarterly basis. You can review the quarterly updates on the Accessibility Updates (English only) page.
SAP Concur Non-Affiliated Subprocessors
The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)
Supported Browsers
Supported browsers are available with the other SAP Concur monthly release notes, accessible from What's New - Standard Edition
