Concur Invoice Professional Edition Administration Help

May 2021 Concur Expense Professional Edition Admin Summary

Initial Post

Release Note Summaries

The items in this section are summaries of the release notes for this month. The Professional Edition release notes are accessible from What's New - Professional Edition.

Audit Rules

Digital Compliance Validation Date (e-Bunsho) – STATUS UPDATE

SAP Concur continues to work on this change. With the next release, this information will be removed. When this change gets closer to a release date, this information will again appear in the release notes document.

Authentication

**Ongoing** Deprecation of HMAC and Migration to SAML v2 and the SSO Self-Service Tool

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

SAP Concur support for Hash-Based Message Authentication Code (HMAC) is being deprecated. Travel Management Companies (TMCs) and SAP Concur personnel are currently assisting customers who use HMAC to migrate to SAP Concur SAML v2 SSO (SAML v2).

SAP Concur provides a Single Sign-On self-service option that enables client admins to setup their SAML v2 connections without involving an SAP Concur support representative.

For more information about the Single Sign-On self-service option, refer to the Shared: Single Sign-On Overview (English Only) and the Shared: Single Sign-On Setup Guide (English Only).

The HMAC deprecation includes two phases:

PHASE I:

  • Clients must have an identity provider (IdP) or a custom SAML 2.0 compliant solution.

  • Clients begin testing authentication using SAML v2.

  • TMCs prepare to onboard new SAP Concur clients to SAML v2.

  • Customers will be notified via release notes about the official deprecation date of HMAC. As of the official deprecation date, no new clients can be onboarded using HMAC; new clients must be onboarded to SAML v2.

  • Existing clients using HMAC must migrate to SAML v2.

PHASE II:

  • TMCs have migrated all existing SAP Concur clients from the HMAC service to SAML v2.

  • The HMAC service is deprecated. Phase II is targeted to end mid-year in 2021.

Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.

File Transfer Updates

**Ongoing** Mandatory SFTP with SSH Key Authentication

This release note is intended for technical staff responsible for file transmissions with SAP Concur products. For SAP Concur customers and suppliers participating in data exchange through various secure file transfer protocols, SAP is making changes that provide greater security for those file transfers.

As of 10 April, 2021, non-SFTP (Secure File Transfer Protocol) protocols and SFTP password authentication are not allowed to connect to SAP Concur for file transfers:

  • Non-SFTP file transfer accounts must switch to SFTP with SSH Key Authentication.

  • SFTP file transfer accounts that use password authentication must switch to SSH key authentication.

  • SFTP password reset requests require the client to provide an SSH key for authentication.

On 12 April, 2021, SAP started disabling non-compliant file transfer connections. The process of disabling non-compliant accounts will continue throughout 2021. If you have multiple file transfer connections configured, this change applies to all of your file transfer connections.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com

  • st-eu.concursolutions.com

  • vs.concursolutions.com

  • vs.concurcdc.cn

Business Purpose / Client Benefit: These changes provide greater security for file transfers.

**Ongoing** SAP Concur Legacy File Move Migration

This Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.

SAP Concur is in the process of migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.

Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and 31 July 2021. After they are migrated to the more efficient process, clients will see the following improvement:

  • With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com

Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.

Rotating PGP Key Available for File Transfers

Files transferred to SAP Concur products must be encrypted with the SAP Concur public PGP key, concursolutionsrotate.asc.

concursolutionsrotate.asc

  • Key file is available in client’s root folder

  • Key ID 40AC5D35

  • RSA 4096-bit signing and encryption subkey

  • Key expires every 2 years

  • Client is responsible for replacing the key before it expires

    • Next expiry date: 4 September 2022

    • SAP Concur plans to replace the current rotating public PGP key in the client’s root folder 90 days before the expiration date

The SAP Concur legacy PGP key (key ID D4D727C0) remains supported for existing clients but will be deprecated in the future.

SAP Concur strongly recommends that clients use the more secure rotating public PGP key for file transfers. To facilitate the use of the more secure rotating public PGP key for file transfers, SAP Concur added the key to existing client’s home folders on Friday 15 January 2021.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com

  • mft-us.concursolutions.com

  • vs.concursolutions.com

  • st-eu.concursolutions.com

  • mft-eu.concursolutions.com

Business Purpose / Client Benefit: The rotating public PGP key provides greater security for file transfers.

Miscellaneous

User Profile Picture and Picture Upload Feature Removed

The ability for users to upload a profile picture on the My Profile – Personal Information page was removed on 3 May and, with the May release, profile pictures that were previous uploaded will no longer appear in the SAP Concur page header or on the user’s profile page when viewed by the user or by a Company Admin.

Business Purpose / Client Benefit: This feature was underutilised and the cost of maintaining it was not offset by its value to our clients.

NextGen UI

**Ongoing** Updated User Interface (UI) for Concur Expense End Users

The continued evolution of the Concur Expense solution user interface experience is the result of thoughtful design and research that provides a modern, intuitive and streamlined experience for creating and submitting expense claims.

Concur Expense customers have the ability to preview and then opt in to the NextGen UI before the mandatory move.

Business Purpose / Client Benefit: The result is the next generation of the Concur Expense user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced user interface, but also allows us to react more quickly to customer requests to meet changing needs as they happen.

Security

Concursolutions.com SSL Certificate Renewal (26 May)

To ensure the ongoing security of our products and services, the concursolutions.com SSL certificate is updated on an annual basis. The current certificate was issued on 14 April, 2020 and will expire when SAP Concur issues a new certificate on 26 May, 2021.

Clients who have not pinned the expiring certificate do not need to take any action as their expiring certificate will be renewed automatically. Most clients do not pin the certificate.

SAP Integration with Concur Solutions (SAP ICS) clients and all other clients who have pinned the expiring certificate must update to the new certificate before the new certificate is issued on 26 May, 2021.

Clients who have pinned the certificate and do not update it with the new certificate by 26 May, 2021 will experience disruption to SAP Concur products and services.

Business Purpose / Client Benefit: Annual certificate renewal provides ongoing security for our products and services.

Planned Change Summaries

The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.

IMPORTANT: These Planned Changes may not be all of the upcoming enhancements and modifications that affect this SAP Concur product or service. The Planned Changes that apply to multiple SAP Concur products and/or services are in a consolidated document. Please review the additional Planned Changes admin summaries available in the May 2021 Shared Planned Changes Professional Edition Admin Summary.

Central Reconciliation

**Planned Changes** Can Configure New Matching Service for Cards
A new matching service is available for Central Reconciliation that utilises key data points in the card feed and custom fields to improve match rates. The service allows each card to use one of four matching strategies:
  • Reconcile on Employee – This is the default method of matching prior to the instruction of this new service for clients who use Concur Expense without Concur Request. This employee-based strategy searches for the Employee ID in configured field. This is the default strategy (not new) for clients who use Concur Expense without Concur Request

  • Reconcile on Employee (Enhanced) – This strategy goes beyond the Reconcile on Employee method by continuing to loop all custom fields and financial data to match a valid unique target ID.
  • Reconcile on Request – This is the default method of matching prior to the instruction of this new service for clients who use Concur Request with Concur Expense. This request-based strategy searches for the Request ID in configured field. This is the default strategy (not new) for clients who use Concur Expense with Concur Request.
  • Reconcile on Request (Enhanced) – This strategy goes beyond the Reconcile on Request method by continuing to loop all custom fields and financial data to match a valid unique target ID.

Business Purpose / Client Benefit: This service reduces unmatched invoices and provides flexible (per-card) strategies for clients who use Central Reconciliation.

Mileage

**Planned Changes** New Mileage Features

SAP Concur will soon offer functionality and UI updates to Mileage.

These changes will enhance the mileage functionality by providing the following:
  • Improved vehicle configuration options

  • Ability to register a vehicle for mileage expenses based on a region of country

  • Improved rate management options

    • View automatic mileage rates
    • View, edit and delete custom mileage rates
    • View historical rates for automatic and custom mileage rates
    • Turn on/off custom mileage rates
  • New options for mileage expenses on expense claims

Business Purpose / Client Benefit: These updates will enhance the Mileage functionality by providing:

  • Automatic rate updates
  • Improved vehicle registration user experience
  • New functionality to close regulatory gaps
  • Mileage pre-approval through Request

Standard Accounting Extract

**Planned Changes** Change to the PAID_DATE Field

In the Standard Accounting Extract (SAE), currently the value of the PAID_DATE field may be either the date when the claim is extracted, or the date when the payment is confirmed. We plan to change the SAE (versions 2 and 3) so that this date is always the date that the claim is extracted and not overwrite the value with the date that the payment confirmation is received.

More information will be provided in future versions of these release notes.

Business Purpose / Client Benefit: This change targets improving analytics and other use cases for anyone relying on the value in this field.

Client Notifications

The items in this section provide reference material for all clients.

Accessibility Updates

SAP implements changes to better meet current Web Content Accessibility Guidelines (WCAG). Information about accessibility-related changes made to SAP Concur solutions is published on a quarterly basis. You can review the quarterly updates on the Accessibility Updates page.

SAP Concur Non-Affiliated Subprocessors

The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)

Monthly Browser Certifications

Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Professional Edition