Concur Invoice Professional Edition Administration Help

March 2020 Request Professional Edition Admin Summary

Initial Post

Release Note Summaries

The items in this section are summaries of the release notes for this month. The Professional Edition release notes are accessible from What's New - Professional Edition.

Request

Riskline/DFAT Referential Deprecated as of 31 January, 2020

As of 31 January, 2020 – in order to meet security requirements – SAP Concur no longer supports the Riskline/DFAT option for the Risk Referential setting in Risk Management. The Riskline/DFAT option has been deprecated.

DFAT stands for the Australian government's Department of Foreign Affairs and Trade.

Customers who have been using the Riskline/DFAT option may continue to use the data, but that data might be outdated. It is strongly recommended that customers switch to using the Riskline option.

To update your company's Risk Referential setting from Riskline/DFAT to Riskline, contact SAP Concur support.

Business Purpose / Client Benefit: This change provides greater security for SAP Concur customers.

Authentication

**Ongoing** Deprecation of HMAC Initiates Migration to SSO Self-Service

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

SAP Concur will soon begin the deprecation process of removing Hash-Based Message Authentication Code (HMAC) as an SSO option. The replacement service for HMAC is SAML SSO, a self-service method of setup whereby client admins have access within SAP Concur to complete their SAML connections.

Clients currently using HMAC are encouraged to migrate to the SSO self-service tool as soon as it is released (targeted for Q2 2020). The new SSO self-service tool allows multiple portals (Identity Providers) to be added.

The HMAC deprecation includes two phases:

PHASE I:

  • Clients must have an Identity Provider (IdP) or a custom SAML 2.0 solution.
  • Clients begin testing the new SSO self-service tool.
  • Travel Management Companies (TMCs) prepare for onboarding new SAP Concur clients using the new SSO self-service tool, which is targeted for release in Q2 2020.
  • Once the SSO tool is available, customers will be notified via release notes about the official deprecation date of HMAC. As of the official deprecation date, no new clients can be onboarded using HMAC; new clients must be onboarded using the new SSO self-service tool.
  • Existing clients using HMAC need to be migrated using the new SSO self-service tool.

PHASE II:

  • Travel Management Companies (TMCs) continue migrating existing SAP Concur clients from the HMAC service to the new SSO self-service tool.
  • Shut down the HMAC service after everyone has migrated from HMAC to the new SSO self-service tool. Phase II is targeted to end mid-year 2020.

Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.

Data Retention

Manage Holds & Purge Users Description Updated (3 April)

The description of the Manage Holds & Purge Users data retention feature that appears on the Administration > Company > Data Retention page has been updated.

BEFORE UPDATE

You can manage User Holds and Deletes in the Company Admin – User Administration Tools.

AFTER UPDATE

The Hold User (or Remove Hold) and Purge User buttons display on the page where you manage your users.

Business Purpose / Client Benefit: This update provides more accurate information about where a user with the Data Retention Administrator role can find the Hold User, Remove Hold and Purge User buttons.

File Transfer Updates

HTTPS Protocol No Longer Allowed for File Transfer

This Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange through various secure file transfer protocols, SAP Concur has made changes that provide greater security for those file transfers.

As of 2 PM PST on 24 February, 2020, connections via the HTTPS protocol are no longer allowed when connecting to the SAP Concur file transfer system.

  • Existing HTTPS file transfer accounts must now switch to SFTP with SSH Key.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com
  • st-eu.concursolutions.com
  • st-cge.concursolutions.com
  • st-cge-dr.concursolutions.com
  • vs.concursolutions.com
  • vs.concurcdc.cn

Business Purpose / Client Benefit: These changes provide greater security for file transfers.

**Ongoing** SAP Concur Legacy File Move Migration

This Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.

SAP Concur will begin migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.

Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and the end of 2020. After they are migrated to the more efficient process, clients will see the following improvement:

  • With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com

Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.

Miscellaneous

Modified Home Page Appears When Some Products and Services Are Unavailable (20 March)

Targeted for late March, when a user signs into SAP Concur, if some products or services are unavailable while other products and services are up and running, a modified version of the user’s Home page appears, providing access to the products and services that are up and running.

Prior to implementing this improvement, if a user attempted to sign in to SAP Concur when one or more products or services was not available, a 503 (service unavailable) message appeared, the user’s Home page could not be accessed, and the user had to wait until all services and products were available before signing in to SAP Concur.

Business Purpose / Client Benefit: This enhancement enables users to complete tasks that rely on the products and services that are up and running even when other products and services might be unavailable.

Security Enhancements

New SSL Certificate for concursolutions.com

In an effort to ensure the ongoing security of our products and services, SAP Concur has issued a new concursolutions.com SSL certificate. The current certificate will expire on 14 April 2020.

Any customer who has pinned this expiring certificate will need to update to the new certificate prior to 14 April 2020. If the pinned certificate is not updated prior to 14 April 2020, your organisation and users will experience disruption to SAP Concur products and services.

Customers who have not pinned the certificate do not need to take any action as the new certificate is updated automatically. Most customers do not pin the certificate.

Please be aware: As an enhancement to our Security and Compliance programme, this certificate will be updated on an annual basis.

Business Purpose / Client Benefit: This update provides ongoing security for our products and services.

Support Now Ended for TLS v 1.1 Encryption Protocol

SAP Concur is announcing an end-of-support cycle for version 1.1 of the Transport Layer Security (TLS) encryption protocol, while continuing support for the more secure version 1.2 of TLS. As background, the TLS protocol allows secure back and forth communications between a phone or computer and a cloud-based service.

Refusal of TLS v.1.1 connections has commenced as of 20 February, 2020.

Business Purpose / Client Benefit: SAP Concur is taking this step after careful consideration of our customers’ security and ease of upgrade to the newer, more secure version 1.2 of TLS. This end-of-support plan for TLS v 1.1 ensures our clients are communicating with SAP Concur solutions in a safer and more secure manner using TLS v 1.2.

Planned Change Summaries

The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.

Next Generation (NextGen) Request

**Planned Changes** New User Interface for Concur Request End Users

SAP Concur is dedicated to the consistent improvement of our products, not only the features they provide, but also the experience of using those features. How users interact with technology changes over time, along with needs and expectations. We are constantly listening to our customers and soliciting feedback on how we can improve the user experience.

NextGen Request is the continued evolution of the SAP Concur user experience. It was built and will continue to be informed by what we learn from both user research and behavioural data.

Customers will have the ability to preview and then opt in to NextGen Request before the mandatory cutover.

Business Purpose / Client Benefit: The result is the next generation of the Concur Request user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced UI, but also allows SAP Concur to react more quickly to customer requests to meet changing needs as they happen.

SAP Concur Platform

**Planned Changes** Deprecation of Existing Concur Request APIs (v1.0, v3.0, v3.1)

SAP Concur will be deprecating the existing Concur Request APIs (v1.0, v3.0 and v3.1) in a future release (targeted for 1 December, 2020). Those APIs will be replaced by the Concur Request v4 APIs.

Business Purpose / Client Benefit: The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not ISO-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.

Client Notifications

The items in this section provide reference material for all clients.

SAP Concur Non-Affiliated Subprocessors

The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)

Monthly Browser Certifications

Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Professional Edition