API

Our API deprecation policy has changed to further align with SAP.

For more information, refer to the SAP Concur Developer Centre release notes.

App Centre

With this release, SAP Concur solutions is excited to announce that Amazon Business is now integrated with SAP Concur. With this integration, companies are now able to offer their employees, who purchase items through Amazon Business, the ability to add their expenses to an expense claim, view the e-receipt and then submit, rather than needing to import receipts or filling out forms for each expense.

Business Purpose/Client Benefit: This integration allows employees to easily purchase items through Amazon Business and then submit their expenses in Concur Expense.

Authentication

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

SAP Concur support for Hash-Based Message Authentication Code (HMAC) has been deprecated.

SAP Concur provides a Single Sign-On self-service option that enables client admins to set up their SAML v2 connections without involving an SAP Concur support representative.

For more information about the Single Sign-On self-service option, refer to the Shared: Single Sign-On Overview (English Only) and the Shared: Single Sign-On Setup Guide (English Only).

SAML v2 supports the use of multiple identity providers (IdPs).

Business Purpose/Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.

Authentication Administration

In late August, a new Company Request Token self-service tool will be available to SAP Concur admins who have been assigned the Company Admin or Web Services Admin role.

The Company Request Token self-service tool enables clients to generate the Company Request Token that is required to request a JSON web token (JWT) when connecting to APIs on the SAP Concur platform.

Business Purpose/Client Benefit: The Company Request Token self-service tool enables clients to generate Company Request Tokens without contacting SAP Concur support. This tool also enables clients to generate a replacement Company Request Token without assistance from SAP Concur support if their Company Request Token expires or is lost.

Client Web Services

On 21 August, the Register Partner Application page will no longer be active and all new authentication applications must use the new application management self-service tool.

The new application management self-service tool replaces the Register Partner Application page.

For more information, refer to the Self-Service Tool for Application Management (English only) release note.

Business Purpose/Client Benefit: The new application management tool enables clients who have SAP Concur Client Web Services to generate Client IDs (App IDs) and Client Secrets without contacting SAP Concur support.

The new self-service tool for application management also enables clients to create OAuth 2.0 compliant applications.

OAuth 1.0 was deprecated on 4 February 2017. Refer to the SAP Concur Developer Portal for more information.

Beginning in late August, clients who have SAP Concur Client Web Services can request access to a new application management self-service tool. The application management self-service tool can be enabled by the Client Web Services team for SAP Concur Web Services clients who request it.

When enabled, the tool will be available in the SAP Concur web UI to admin users who have been assigned the Web Services Admin role.

Business Purpose/Client Benefit: The application management tool enables clients to generate Client IDs (App IDs) and Client Secrets without contacting SAP Concur support.

Expense Pay

Instances of partner have been updated to use the term provider.

Business Purpose/Client Benefit: This change aligns with planned changes for richer integration.

File Transfer Updates

This release note is intended for technical staff responsible for file transmissions with SAP Concur products. For SAP Concur customers and suppliers participating in data exchange through various secure file transfer protocols, SAP is making changes that provide greater security for those file transfers.

As of 10 April, 2021, non-SFTP (Secure File Transfer Protocol) protocols and SFTP password authentication are not allowed to connect to SAP Concur for file transfers:

• Non-SFTP file transfer accounts must switch to SFTP with SSH Key Authentication.

• SFTP file transfer accounts that use password authentication must switch to SSH key authentication.

• SFTP password reset requests require the client to provide an SSH key for authentication.

On 12 April 2021, SAP started disabling non-compliant file transfer connections. The process of disabling non-compliant accounts will continue throughout 2021. If you have multiple file transfer connections configured, this change applies to all of your file transfer connections.

This announcement pertains to the following file transfer DNS endpoints:

• st.concursolutions.com

• st-eu.concursolutions.com

• vs.concursolutions.com

• vs.concurcdc.cn

Business Purpose / Client Benefit: These changes provide greater security for file transfers.

This Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.

SAP Concur is in the process of migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.

Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and 24 January 2022. After they are migrated to the more efficient process, clients will see the following improvement:

• With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.

This announcement pertains to the following file transfer DNS endpoints:

• st.concursolutions.com

Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.

Files transferred to SAP Concur products must be encrypted with the SAP Concur public PGP key, concursolutionsrotate.asc.

concursolutionsrotate.asc

• Key file is available in client’s root folder

• Key ID 40AC5D35

• RSA 4096-bit signing and encryption subkey

• Key expires every 2 years

• Client is responsible for replacing the key before it expires

  • Next expiry date: 4 September 2022

  • SAP Concur plans to replace the current rotating public PGP key in the client’s root folder 90 days before the expiration date

The SAP Concur legacy PGP key (key ID D4D727C0) remains supported for existing clients but will be deprecated in the future.

SAP Concur strongly recommends that clients use the more secure rotating public PGP key for file transfers. To facilitate the use of the more secure rotating public PGP key for file transfers, SAP Concur added the key to existing client’s home folders on Friday 15 January 2021.

This announcement pertains to the following file transfer DNS endpoints:

• st.concursolutions.com

• mft-us.concursolutions.com

• vs.concursolutions.com

• st-eu.concursolutions.com

• mft-eu.concursolutions.com

Business Purpose / Client Benefit: The rotating public PGP key provides greater security for file transfers.

Miscellaneous

As of 1 August 2021, Concur Expense end users who are using the NextGen UI see a new survey when submitting expense claims. As of 19 August, all Concur Expense end users will see the new survey. The short survey appears intermittently and it enables the user to provide feedback on their experience with Concur Expense.

Previously, after submitting an expense claim, a message appeared intermittently asking the user to rate their experience from 1 to 5 stars.

Business Purpose/Client Benefit: The new survey collects more actionable feedback that can be used by the SAP Concur product teams to prioritise and improve the features they deliver.

Beginning with the August release, clients can configure a link to their company’s privacy statement. The link will appear in the footer of their SAP Concur site with the text “Customer Privacy Statement”.

Business Purpose/Client Benefit: This change enables clients to meet GDPR and other legal requirements to provide their privacy statement to their customers.

NextGen UI

These changes are part of the NextGen UI experience.

Net-new customers that use NextGen Expense and Japan Public Transportation (JPT) users can leverage the features of the JPT on NextGen UI feature for a modern, consistent, streamlined user experience for JPT expenses incurred in Japan.

Business Purpose/Client Benefit: JPT on NextGen UI allows users to expense JPT using robust route searches to search for and select their applicable journeys for reimbursement, add a commuter pass to their profile and create and save a regular journey for easier searching when creating and submitting a JPT expense.

The continued evolution of the Concur Expense solution user interface experience is the result of thoughtful design and research that provides a modern, intuitive and streamlined experience for creating and submitting expense claims.

Concur Expense customers have the ability to preview and then opt in to the NextGen UI before the mandatory move.

Business Purpose / Client Benefit: The result is the next generation of the Concur Expense user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced user interface, but also allows us to react more quickly to customer requests to meet changing needs as they happen.

Profile

For users receiving Expense Pay reimbursements in Indian Rupees (INR), the SWIFT/BIC field is now required. Users who enter or update their Bank Information page in Profile will need to provide this information moving forward. This change is required for future provider-based pay solutions for this currency and compliance with local banking regulations.

The following field is impacted by this change:

• SWIFT/BIC (required, masked and encrypted)

Business Purpose/Client Benefit: Concur Expense must contain all information that may be required for payment processing.

SAP Concur has updated the Mobile Phone field in the Profile > Personal Information user interface to contain only digits, dashes, spaces and brackets (released July 2021). Previously, brackets were not allowed and resulted in an error. No other phone number fields, such as Work Phone and Home Phone, have been modified in this manner.

The same modification has been made in the Cell Phone field in the 350 Travel Addendum import file. Specifically, when saving information to the database, SAP Concur will strip out any unallowed characters (i.e. anything that is not a digit, space, dash or bracket).

Clients do NOT need to make any changes to their import files. Everything that is currently in the import file itself will continue to be allowed. However, the information saved on import in the SAP Concur database, which is returned in subsequent API calls and displayed to the user, will only include allowed characters in the Cell Phone field.

Business Purpose/Client Benefit: SAP Concur is taking steps to standardise customer data to help reduce errors.

For users receiving Expense Pay reimbursements in Singapore Dollars (SGD), the SWIFT/BIC field is now required. Users who enter or update their Bank Information page in Profile will need to provide this information moving forward. This change is required for future provider-based pay solutions for this currency and compliance with local banking regulations.

The following field is impacted by this change:

• SWIFT/BIC (required, masked and encrypted)

Business Purpose/Client Benefit: Concur Expense must contain all information that may be required for payment processing.

SAP Concur User Assistance

SAP is now publishing the SAP Concur solutions’ online help information on SAP Help Portal (http://help.sap.com). SAP Help Portal has a new look and feel for the help, and additional functionality. The content remains the same.

New functionality:

• Search with advanced options

• Provide feedback on each page

• Change the font size

• Create a custom PDF by selecting a subset of pages in the help

• Share a page via link, email or social media

• Mark pages as favourites, and limit search to only those pages (if logged in to SAP Help Portal, available for free)

Customers can view SAP Concur online help and links to all documentation by accessing the product pages for the relevant product.

Concur Expense:

Concur Invoice:

Concur Request:

Concur Travel:

Business Purpose/Client Benefit: This update increases the functionality available in the online help, and consolidates the SAP Concur solutions documentation with other SAP products on the central SAP Help Portal.

Standard Accounting Extract

The behaviour of the PAID_DATE field has changed with this release. Previously, this field was updated when the following events occur:

1. When a claim’s payment status reaches the end of the payment workflow and is then updated from "Processing Payment/Ready for Extract" to "Paid/Extracted"
2. When a claim’s payment status is updated from "Paid" to "Payment Confirmed"

This field is frequently used by our customers for reporting purposes to determine when a claim was marked as "extracted" and the payment status updated to "paid."

Our customers and partners have requested an enhancement to update the value in this field only for the first event.

Please note that this change will most affect customers working under the following use cases:

• SAE customers who use the Payment Confirmation file import

• SAP ICS customers who use the Payment Confirmation API

• App Centre partners who rely on the value of the date value of "paid_date" as well as their customers using a Payment Confirmation method

Business Purpose/Client Benefit: This change targets improving analytics and other use cases for anyone relying on the value in this field.

Supported Configurations

Because web browsers are frequently updated, for ease of maintenance and to ensure that our documented supported browser information does not become out of date, we no longer publish the specific version data for supported browsers in the Concur Travel & Expense Supported Configurations Guide (English only). In addition, the Monthly Browser Certifications (English only) document is now retired and will no longer be updated with supported browser version information each month.

For the most responsive, reliable and secure user experience with our products, SAP Concur recommends that users implement the most recent technology that is compliant with manufacturer's distribution and your company’s support and security policies.

For more supported browser information, refer to the Concur Travel & Expense Supported Configurations Guide (English only).

Business Purpose/Client Benefit: This change helps to ensure that the supported browser information in the Concur Travel & Expense Supported Configurations Guide (English only) remains up to date.

Providing up-to-date supported browser information to users ensures that they have a better user experience while accessing the web version of SAP Concur.

Test Entities

As per GDPR (General Data Protection Regulation) compliance requirements, clients can submit a Support ticket to request the Right To Be Forgotten (RTBF) for any user in Implementation (Test) entities. A Data Retention Administrator can then follow the steps outlined in the documentation to purge a user from the Test entity.

Business Purpose/Client Benefit: This enhancement is part of the SAP Concur requirement for GDPR compliance.

When end users, approvers, processors and admins logged in to an SAP Concur test entity, they noticed the global banner across the top of the page changed and that the UI web frame had a unique, identifying colour.

Prior to implementing this change, logged-in users saw only a blue global banner across the top of the page. Users might have had issues distinguishing between the test environment and production environment.

Business Purpose/Client Benefit: As of 20 July, all SAP Concur users saw a more distinct difference between a test entity and production entity. These changes helped users to clearly distinguish between test and production entities. These changes might also reduce the likelihood of logging in to the wrong entity and performing critical tasks such as configuration updates and data changes.

Web Services Administration

Starting 04 October 2021, the length of the username and password associated with an application connector must be at least 10 characters long and not more than 50 characters long. To avoid disruption of callouts through application connections, usernames and passwords that do not meet these requirements must be updated before 04 October 2021.

Application connection usernames and passwords can be updated by an administrator with the Company Admin or Web Services Admin role.

Business Purpose / Client Benefit: Enforcing password and username length restrictions improves the security standards for callouts made through the application connector.

Workflows

With this release, the Cash Advance workflow Cash Advance Reviewed step may now be configured to automatically issue a cash advance to the requestor. Doing this systematically replaces the Manual Issuance step and instead automatically processes an approved cash advance request for issue based on configuration of the rule and action underlying the condition for this step.

For example, the associated condition for the step is named and then configured to limit the allowable cash advance issuance to no more than £1,000. Now, when the requestor inputs the cash amount, the amount either below or above this amount drives the logic to issue or reject the cash advance respectively, without the admin needing to review each request for the same purpose.

Business Purpose/Client Benefit: This change saves time and can prevent issuance errors by the Cash Advance admin at high-volume client sites by substituting a systematic step for that of the manual review by the admin.

Employee Import

A new employee import record set, EFT Supplemental Detail Bank Account Import, will be added to the overnight employee import job. This new record set is at the 820-record level, and includes identical records to those found in the 810-level records, with the addition of fields and validations for information that will be required in the future.

The following are the supplemental fields found only in the 820 record:

• Field 20: Phone Number (optional)

• Field 21: Date of Birth (optional)

• Field 22: Bank Branch Postal Address Line 1 (optional)

• Field 23: Bank Branch Postal Address Line 2 (optional)

• Field 24: Bank Branch Postal Address City (optional)

• Field 25: Bank Branch Postal Address Region (optional)

• Field 26: Bank Branch Postal Code (optional)

The following additional currency-specific validations will be added for Canadian Dollar (CAD), Indian Rupee (INR), Mexico Nuevo Peso (MXN), Singapore Dollar (SDG) and Japanese Yen (JPY):

• Personal Address (Fields 11-15) will be required for CAD

• Bank Account Secondary Routing Number (Field 18) will be required for INR and SDG, and should be populated with the bank’s Swift/BIC

• Bank Identification Number (BIN) (Field 4) and TAXID (Field 17) will be required and must be provided for MXN, where BIN is 8- or 11-characters; SWIFT code and the Tax ID are either the RFC code (13 characters – example: MALA780724988) or the CURP code (18 characters – example: GOJO601228HVZRML07).

• SWIFT/BIC (Field 4), Personal Address (Fields 11-15) and Bank Branch Address (Field 6) will be required for JPY.

Business Purpose/Client Benefit: Concur Expense must contain all information that may be required for payment processing.

For more information, refer to the Shared: Employee Import Specification (English only).

Expense Pay Classic

SAP Concur has been pursuing a multi-year effort to transition our portfolio of payment solutions to payment-provider-enabled solutions. This is evidenced by our existing Expense Pay Global solution with Bambora and planned Expense Pay Flex solution with Western Union Business Solutions.

Currently, SAP Concur is planning to decommission the legacy Expense Pay classic solution effective 31 December 2021. As we move into the next phase of our pay strategy via payment provider solutions, this decommission will require customers using Expense Pay classic to enable alternative solutions. Payments for Expense Pay classic for all currencies will discontinue to employees and credit card providers as of 1 January 2022. Customers using Expense Pay classic have been communicated with directly regarding this change.

Business Purpose/Client Benefit: This change is part of a transition to payment-provider-enabled solutions to support future product enhancements and richer integration.

Test Entities

Currently, some SAP Concur users use test entities to set up, test and provide training for new configurations prior to deploying them to their live production entity. The production entity is where users perform real transactions, such as submitting expense claims and booking travel.

Today, test entities are in a separate environment called the implementation environment; production entities are in a separate environment called the production environment. To improve the stability, performance, monitoring and security of test entities, SAP Concur plans to migrate both test and production entities to the same environment as part of our move to Amazon Web Services (AWS).

This change will result in the co-existence of both test and production entities in the same production environment.

TEST ENTITY LOGIN ID UPDATES

Today, a user can maintain the same login ID for their test and production entities because they are in separate environments. With the plan to migrate both test and production entities to the same AWS production environment in the future, this will no longer be possible since each login ID must be unique.

To account for this change, SAP Concur will append all test entity login IDs with a ".uat” domain during both migration and user creation to ensure they are unique and do not conflict with existing production login IDs. For example, johnsmith@123.com will become johnsmith@123.com.uat.

This change will help to safeguard against any conflicts with production login IDs.

User Creation: Additionally, clients can use the exact same employee import files as they would in production. The .uat domain will also be applied to all aspects of user creation: FTP import, Excel import, entity restore and more.

Extracts: When generating accounting extracts or financial integration documents, SAP Concur will automatically remove the .uat domain from login IDs that were appended during user creation. This will help to generate realistic extracts without requiring any action from the clients, such as removing the appended domain.

EMAIL VERIFICATION

When test entities are migrated to the AWS production environment, verified emails from the existing test entity will not carry over to the new test entity. As a result, when users test verified email functionality in a future test entity, it is recommended that the employee uses an email that is different from the email configured in their production entity. This process is required as the email in the existing test entity was most likely already verified in production and, therefore, cannot be verified in another entity.

With respect to user email addresses, the Receipt Recognition service validates user email addresses and as such, only one instance of an email address can be associated with a user account. To test in production, clients will be required to utilise alternate email addresses that are not currently associated with any production user account. If a client attempts to set up a test account in production using an email address already associated with a corresponding user profile, it will fail the validation process.

Business Purpose/Client Benefit: Once in AWS, test entities will benefit from the same security, stability, monitoring and performance as production entities.