January 2021 Request Standard Edition Admin Summary
Update #1
Release Note Summaries
NextGen UI for Concur Request
**Ongoing** Updated User Interface (UI) for Concur Request End UsersThe continued evolution of the Concur Request solution user interface experience is the result of thoughtful design and research that provides a modern, intuitive, and streamlined experience for the request process.
Concur Request customers will have the ability to preview and then opt in to the NextGen UI before the mandatory move.
Business Purpose / Client Benefit: The result is the next generation of the Concur Request user interface designed to provide a modern, consistent, and streamlined user experience. This technology not only provides an enhanced user interface, but also allows us to react more quickly to customer requests to meet changing needs as they happen.
Attendees
Enhanced Employee Attendee SearchThese changes are also part of the NextGen UI experience. The production deployment of this change will be conducted in phases over the next few weeks. Individual customers will start seeing this change between January 15 and January 30. Production deployment to the EMEA datacenter has already been completed. The production deployment to the US and China datacenters is still planned.
Users searching for employees to add as attendees to an expected expense now have additional filter options that can be used to narrow search results, helping make the identification of employees accurate and efficient.
Searching for employee attendees has proven difficult as there may have been no fields available to search by other than first name and last name.
With this update, the default advanced search view for employee attendees automatically includes the addition of email addresses and country filters.
This feature update includes the following benefits:
- Accurate identification of employees, particularly for those with the same first and last name
- Improved efficiency for employee searches by providing filters that help narrow relevant search results
- Optional inclusion of inactive employees in attendee searches
Business Purpose / Client Benefit: This update helps make searching for employee attendees more efficient.
Authentication
**Ongoing** Deprecation of Director SAML Service and Migration to SAML v2These changes are part of the SAP Concur continued commitment to maintaining secure authentication.
Support for the Director SAML service is being deprecated. Travel Management Companies (TMCs) and SAP Concur personnel will soon begin assisting customers who currently use Director SAML to migrate to SAP Concur SAML v2 SSO (SAML v2).
Clients currently using Director SAML are encouraged to migrate to SAML V2 as soon as possible.
Deprecation of support for the Director SAML service is dependent on the following requirements:
- SAP Concur technicians and TMCs assist existing SAP Concur clients to migrate from the Director SAML service to SAML V2.
- All clients that currently rely on the Director SAML service have migrated from Director SAML to SAML V2.
Migration from Director SAML to SAML V2 requires the following general steps:
- The client identifies an admin to act as the SSO admin and assigns the proper permission/role.
- The SSO admin coordinates with their SAP Concur technician to obtain the SAP Concur SP metadata.
- The SSO admin configures the SSO settings at the IdP based on information from SP metadata.
- The SSO admin retrieves IdP metadata from the IdP and delivers the metadata to the SAP Concur technician.
- The SSO admin adds a few testing users and tests the new SSO connection.
- With successful testing, the company rolls out SSO to their SAP Concur users.
For more information about the Single Sign-On self-service option, refer to the Shared: Single Sign-On Overview (English Only) and the Shared: Single Sign-On Setup Guide (English Only).
Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.
**Ongoing** Deprecation of HMAC and Migration to SAML v2 and the SSO Self-Service ToolThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
SAP Concur support for Hash-Based Message Authentication Code (HMAC) is being deprecated. Travel Management Companies (TMCs) and SAP Concur personnel are currently assisting customers who use HMAC to migrate to SAP Concur SAML v2 SSO (SAML v2).
SAP Concur provides a Single Sign-On self-service option that enables client admins to setup their SAML v2 connections without involving an SAP Concur support representative.
For more information about the Single Sign-On self-service option, refer to the Shared: Single Sign-On Overview (English Only) and the Shared: Single Sign-On Setup Guide (English Only).
The HMAC deprecation includes two phases:
PHASE I:
- Clients must have an identity provider (IdP) or a custom SAML 2.0 compliant solution.
- Clients begin testing authentication using SAML v2.
- TMCs prepare to onboard new SAP Concur clients to SAML v2.
- Customers will be notified via release notes about the official deprecation date of HMAC. As of the official deprecation date, no new clients can be onboarded using HMAC; new clients must be onboarded to SAML v2.
- Existing clients using HMAC must migrate to SAML v2.
PHASE II:
- TMCs have migrated all existing SAP Concur clients from the HMAC service to SAML v2.
- The HMAC service is deprecated. Phase II is targeted to end mid-year in 2021.
Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.
Authentication Administration
Company Request Token Self-Service ToolOn December 8, 2020, SAP Concur released a new Company Request Token self-service tool that enables clients to generate the Company Request Token that is required to request a JSON web token (JWT) when connecting to APIs in the SAP Concur platform.
Requirements for generating a Company Request Token:
- The client must obtain a link to the new tool from SAP Concur Client Web Services (CWS).
- The client must obtain a Client ID from CWS.
- A company admin must have the Web Services Administrator permission to access the Company Request Token self-service tool through the provided link.
- For a request token to be issued, the Client ID (App ID) must be allowed to connect to the company.
Requirements for obtaining a JWT:
- The Client ID provided by SAP Concur CWS
- The client secret provided by SAP Concur CWS
- The Company UUID generated by the Company Request Token tool
- The Company Request Token generated by the Company Request Token tool
An admin with the Web Services Administrator permission can navigate to the Company Request Tokens page through the link provided by CWS, enter the Client ID they obtained from CWS into the App ID field, and then click Submit to generate a Company Request Token. They will also be able to generate a replacement token if one is needed.
Business Purpose / Client Benefit: The new self-service tool enables an admin with the required permissions to generate a Company Request Token without relying on SAP Concur internal staff. The new tool also enables the admin to generate a replacement Company Request Token without assistance from SAP Concur support if their Company Request Token expires or is lost.
Authorized Support Contacts
Security / Data Protection Contact Option Added to SAP Concur Support Portal Profile (December 3)SAP Concur has added an option to the SAP Concur support portal that enables Authorized Support Contacts (ASCs) to designate whether they should be contacted regarding a security or data protection topic.
Business Purpose / Client Benefit: This enhancement gives clients more control over who in their company is contacted regarding security or data protection topics and provides greater control over which notifications an ASC receives.
File Transfer Updates
**Ongoing** SAP Concur Legacy File Move MigrationThis release note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and vendors participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.
SAP Concur is in the process of migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.
Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and July 31, 2021. After they are migrated to the more efficient process, clients will see the following improvement:
- With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.
This announcement pertains to the following file transfer DNS endpoints:
- st.concursolutions.com
Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.
Rotating PGP Key Available for File Transfers (January 15)Files transferred to SAP Concur solutions must be encrypted with the SAP Concur public PGP key, concursolutionsrotate.asc.
concursolutionsrotate.asc
- Key file is available in client’s root folder
- RSA 4096-bit signing and encryption subkey
- Key expires every 2 years
- Client is responsible for replacing the key before it expires
- Next expiry date: September 4, 2022
- SAP Concur plans to replace the current rotating public PGP key in the client’s root folder 90 days before the expiration date
The SAP Concur legacy PGP key remains supported for existing clients but will be deprecated in the future.
SAP Concur strongly recommends that clients use the more secure rotating public PGP key for file transfers. To facilitate the use of the more secure rotating public PGP key for file transfers, SAP Concur added the key to existing client’s home folders on Friday, January 15, 2021.
Business Purpose / Client Benefit: The rotating public PGP key provides greater security for file transfers.
Release Notes
Preview Release Notes No Longer PublishedStarting with the January 2021 release, SAP Concur Technical Publications will no longer publish the preview release notes. This change is being made to streamline our client communication. With this change, only two sets of release notes will be published for each monthly release cycle: draft release notes and final release notes. Starting with the January 2021 release, SAP Concur Technical Publications will no longer publish the preview release notes. This change is being made to streamline our client communication. With this change, only two sets of release notes will be published for each monthly release cycle: draft release notes and final release notes.
The 2021 Release Calendar (English Only) will be updated to reflect this change.
Business Purpose / Client Benefit: This change simplifies the release notes communications.
For more information about the publishing dates for the draft and final release notes, refer to the 2021 Release Calendar (English Only).
SAP Concur Platform
**Ongoing** Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1) (June 1, 2021)SAP will be retiring the existing Concur Request APIs (v1.0, v3.0 and v3.1) in a future release (targeted to begin June 1, 2021), in accordance with the SAP Concur API Lifecycle & Deprecation Policy. These APIs are replaced by the Concur Request v4 APIs. SAP will no longer support these APIs after retirement.
Decommissioning of the v1.0, v3.0, and v3.1 APIs will start three months after retiring the APIs. The specific dates for decommissioning are dependent on the individual client's API migration.
API Timeline for v1.0, v3.0, v3.1:
- Deprecation – March 1, 2020 – May 31, 2021
- Retirement – June 1, 2021 – November 30, 2021
- Decommission – starts after 3 months of inactivity at the retired state
Business Purpose / Client Benefit: The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.
In addition, SAP has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.
User Administration
**Ongoing** New User Administration PagesOn January 21, SAP plans to implement new Add User and Edit User pages. The implementation of these pages will occur over time. The functionality of these pages is the same as the functionality of the current Create User and Edit User pages. The format of the pages has changed and the fields on these pages have been reorganized.
In the initial phase of the release, which begins on January 21, a select group of clients will see the new Add User and Edit User pages when they navigate to the Product Settings page and click User Accounts > Create New User or when they click on an existing user on the Users page.
These clients will have the option to revert to the current page format and will also have the option to provide feedback on the new pages through a survey.
After the initial phase of the release is complete, all clients will have the ability to opt in to use the new Add User and Edit User pages or to continue using the current Create User and Edit User pages.
Clients who opt in to use the new pages will also have the option to provide feedback on the new pages through a survey.
During the final phase of the release, the new Add User and Edit User pages will replace the current Create User and Edit User pages for all clients.
Business Purpose / Client Benefit: These changes provide a simpler, more efficient experience for user administrators.
Planned Change Summaries
The items in this section are summaries of the changes targeted for future releases. SAP reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.
There are no planned changes this month.
Client Notifications
SAP Concur Non-Affiliated Subprocessors
The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)
Monthly Browser Certifications
Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Standard Edition
