November 2021 Request Professional Edition Admin Summary
Initial Post
Release Note Summaries
Authentication
CES SSO DecommissionedThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
The Concur Expense Service (CES) SSO was decommissioned on 29 October, 2021.
SAP Concur now provides a Single Sign-On self-service option that enables client admins to set up their SAML v2 connections without involving an SAP Concur admin.
Business Purpose/Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.
Authentication Administration
New Company Request Token Self-Service ToolA new Company Request Token self-service tool is now available to SAP Concur admins who have been assigned the Company Admin or Web Services Admin role.
The Company Request Token self-service tool enables clients to generate the Company Request Token that is required to request a JSON web token (JWT) when connecting to APIs on the SAP Concur platform.
Business Purpose/Client Benefit: The Company Request Token self-service tool enables clients to generate Company Request Tokens without contacting SAP Concur support. This tool also enables clients to generate a replacement Company Request Token without assistance from SAP Concur support if their Company Request Token expires or is lost.
Client Web Services
Self-Service Tool for Application ManagementBeginning with the October release, clients who have SAP Concur Client Web Services can request access to a new application management self-service tool, OAuth 2.0 Application Management. This self-service tool is enabled by the Client Web Services team for SAP Concur Web Services clients who request it.
When enabled, the tool is available from the Authentication Administration page to admin users who have been assigned the Web Services Admin role.
Business Purpose/Client Benefit: The OAuth 2.0 Application Management tool enables clients to generate Client IDs (App IDs) and Client Secrets without contacting SAP Concur support.
File Transfer Updates
**Ongoing** Mandatory SFTP with SSH Key AuthenticationThis release note is intended for technical staff responsible for file transmissions with SAP Concur products. For SAP Concur customers and suppliers participating in data exchange through various secure file transfer protocols, SAP is making changes that provide greater security for those file transfers.
As of 10 April, 2021, non-SFTP (Secure File Transfer Protocol) protocols and SFTP password authentication are not allowed to connect to SAP Concur for file transfers:
Non-SFTP file transfer accounts must switch to SFTP with SSH Key Authentication.
SFTP file transfer accounts that use password authentication must switch to SSH key authentication.
SFTP password reset requests require the client to provide an SSH key for authentication.
On 12 April 2021, SAP started disabling non-compliant file transfer connections. The process of disabling non-compliant accounts will continue throughout 2021. If you have multiple file transfer connections configured, this change applies to all of your file transfer connections.
This announcement pertains to the following file transfer DNS endpoints:
st.concursolutions.com
st-eu.concursolutions.com
vs.concursolutions.com
vs.concurcdc.cn
Business Purpose / Client Benefit: These changes provide greater security for file transfers.
**Ongoing** SAP Concur Legacy File Move MigrationThis Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.
SAP Concur is in the process of migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.
Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and 24 January 2022. After they are migrated to the more efficient process, clients will see the following improvement:
With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.
This announcement pertains to the following file transfer DNS endpoints:
st.concursolutions.com
Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.
Rotating PGP Key Available for File TransfersFiles transferred to SAP Concur products must be encrypted with the SAP Concur public PGP key, concursolutionsrotate.asc.
concursolutionsrotate.asc
Key file is available in client’s root folder
Key ID 40AC5D35
RSA 4096-bit signing and encryption subkey
Key expires every 2 years
Client is responsible for replacing the key before it expires
Next expiry date: 4 September 2022
SAP Concur plans to replace the current rotating public PGP key in the client’s root folder 90 days before the expiration date
The SAP Concur legacy PGP key (key ID D4D727C0) remains supported for existing clients but will be deprecated in the future.
SAP Concur strongly recommends that clients use the more secure rotating public PGP key for file transfers. To facilitate the use of the more secure rotating public PGP key for file transfers, SAP Concur added the key to existing client’s home folders on Friday 15 January 2021.
This announcement pertains to the following file transfer DNS endpoints:
st.concursolutions.com
mft-us.concursolutions.com
vs.concursolutions.com
st-eu.concursolutions.com
mft-eu.concursolutions.com
Business Purpose / Client Benefit: The rotating public PGP key provides greater security for file transfers.
Localisation
Translations for Distribute Term (Traditional Chinese)With the November release, SAP Concur is changing the following terms in the Traditional Chinese version of the SAP Concur user interface to bring consistency in translation of the term “Distribute”:
English Term | Current Translation | Updated Translation |
---|---|---|
Distribution/Distributions | 發放 | 分攤 |
Distributed/Distribute | 發放 | 分攤 |
Business Purpose / Client Benefit: These revisions provide a more accurate translation and improved user experience.
Miscellaneous
Concur Experience Optimiser (US)On 27 October, SAP released Concur Experience Optimiser.
Concur Experience Optimiser collects and analyses employee sentiment and buying behaviour data from SAP Concur solutions, enabling clients to assess and make changes to improve the user experience, increase efficiency, better manage spending, help ensure compliance and better align with their sustainability goals.
Concur Experience Optimiser is available to clients who meet the following criteria:
The client has Concur Expense or Concur Travel & Expense.
The client has Concur Intelligence or Consultative Intelligence.
The client has licences for Qualtrics Employee XM for IT.
Concur Experience Optimiser includes the following features:
Diagnostic feedback templates to gather employee sentiment
Dashboards to analyse and understand data
Expert services to help interpret data and develop an effective response to findings
Qualtrics platform to ensure availability, scalability, confidentiality, data privacy and security
Business Purpose/Client Benefit: Concur Experience Optimiser helps clients to optimise their SAP Concur solutions to improve employee sentiment and efficiency, to help ensure compliance and to support client sustainability goals.
New Permission to Enable Preview of Fiori Light ThemeOn 20 September 2021, a new permission, SAP Fiori Theme Preview, was added to the list of permissions in Concur Travel Professional edition. When the SAP Fiori Theme Preview permission is assigned to a user, the user sees a new switch in the header of their SAP Concur site. They will also see a New Theme info bubble.
The switch enables the user to switch from the SAP Concur standard theme to the SAP Fiori Theme. The info bubble displays a brief message about the switch.
The new theme includes changes to visual elements such as fonts, colours and icons. In addition, some top-level tabs and menu items are relocated to the SAP Concur Home menu. These changes are site-wide and apply to all of the user’s SAP Concur products.
Business Purpose/Client Benefit: The SAP Fiori theme harmonises the look and feel of the SAP Concur UI with the look and feel of other SAP products, providing a more consistent user experience. The permission enables a client admin to allow designated users to preview and test the SAP Fiori theme.
**Ongoing ** SAP Concur Homepage ChangesIn Q4, 2021, SAP Concur began redirecting clients to a new homepage. The appearance of the new homepage is identical to the previous SAP Concur homepage. The new homepage has enhanced functionality when services become temporarily unavailable.
The roll out of the new homepage is phased:
Phase 1: At the beginning of Q4, SAP Concur began redirecting Concur Expense, Concur Invoice and Concur Request clients in the US Datacentre to the new homepage.
Phase 2: In November 2021, SAP Concur will begin redirecting Concur Expense, Concur Invoice and Concur Request clients in the EU Datacentre to the new homepage.
Phase 3: In Q2 of 2022, SAP Concur will begin redirecting the remaining clients in the US and EU datacentres to the new homepage. The remaining clients include those with Concur Travel standalone or Concur Travel with Expense, Invoice and/or Request.
Business Purpose/Client Benefit: This change ensures that the SAP Concur homepage is available even when some services are unavailable and improves the consistency of the sign-in experience.
NextGen UI for Concur Request
**Ongoing** Updated User Interface (UI) for Concur Request End UsersThe continued evolution of the Concur Request solution user interface experience is the result of thoughtful design and research that provides a modern, intuitive and streamlined experience for the request process.
Concur Request customers are now strongly encouraged to preview and then move to the NextGen UI well before the automatic transition date of 1 October, 2022.
Business Purpose/Client Benefit: The result is the next generation of the Concur Request user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced user interface, but also allows us to react more quickly to customer requests to meet changing needs as they happen.
SAP Concur Platform
**Ongoing** Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1) (1 June, 2021)As of 31 May 2021, the existing Concur Request APIs (v1.0, v3.0 and v3.1) are deprecated. On 1 June 2021, SAP began retiring these APIs in accordance with the SAP Concur API Lifecycle & Deprecation Policy. These APIs are replaced by the Concur Request v4 APIs. SAP will no longer support these APIs after retirement.
Decommissioning of the v1.0, v3.0 and v3.1 APIs will start three months after retiring the APIs. The specific dates for decommissioning are dependent on the individual client's API migration.
API Timeline for v1.0, v3.0, v3.1:
Deprecation – 1 March, 2020 – 31 May, 2021
Retirement – 1 June, 2021 – 30 November, 2021
Decommission – starts after 3 months of inactivity at the retired state
Business Purpose / Client Benefit: The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.
In addition, SAP has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not ISO-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.
SAP Concur User Assistance
Help Menu Directed to SAP Help PortalSAP has updated the Help menu in the SAP Concur solutions to point to the online help content on the SAP Help Portal (http://help.sap.com). SAP Help Portal includes a new look and feel for the help and additional functionality, while the help content remains the same.
Business Purpose/Client Benefit: This update consolidates the SAP Concur solutions documentation with other SAP products on the central SAP Help Portal.
User Assistance
New User Assistance Tool for End Users (US, EMEA)As of 4 November 2021, SAP Concur admins have the ability to enable a new user assistance tool for end users. The new tool helps end users learn and complete tasks more quickly by providing guided help.
On entities with admin user assistance enabled, user assistance for end users is enabled for all end users by default. User assistance for end users can be enabled and disabled by country/region or globally on the User Assistance Settings page.
SAP Concur clients who do not have admin user assistance enabled and who would like to have the ability to enable end user assistance can open a service ticket to enable the feature.
Business Purpose/Client Benefit: User Assistance for End Users assists users to learn new tasks more quickly and efficiently, driving user adoption, increasing efficiency and improving the end user experience and end user satisfaction with SAP Concur solutions.
Web Services Administration
**Ongoing** Application Connector Username and Password Length Requirements UpdatedThese changes are part of the SAP Concur continued commitment to maintaining secure authentication.
To meet new security requirements, the length of the username and password associated with an application connector on the Application Connectors page must be at least 10 characters long and not more than 50 characters long.
Some clients currently have usernames and passwords configured that do not meet these parameters.
In Q1 2022, the 10-character minimum and 50-character maximum will be enforced. If the usernames and passwords are not updated prior to this change, some aspects of SAP Concur solutions might stop working. For example, workflow steps will not complete if using notifications, LEU windows will not open and there will be no results in fields using fetch lists.
To avoid disruption of callouts through application connections and subsequent disruption of some end-user tasks, SAP recommends updating your application connector username(s) and password(s) as soon as possible.
Application connection usernames and passwords can be updated by an administrator with the Company Administrator or Web Services Administrator role.
Business Purpose / Client Benefit: Enforcing password and username length restrictions improves the security standards for callouts made through the application connector.
Planned Change Summaries
The items in this section are summaries of the changes targeted for future releases. SAP reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.
There are no planned changes this month.
Client Notifications
Accessibility Updates
SAP implements changes to better meet current Web Content Accessibility Guidelines (WCAG). Information about accessibility-related changes made to SAP Concur solutions is published on a quarterly basis. You can review the quarterly updates on the Accessibility Updates (English only) page.
SAP Concur Non-Affiliated Subprocessors
The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)
Supported Browsers
Supported browsers are available with the other SAP Concur monthly release notes, accessible from What's New - Professional Edition