Concur Invoice Professional Edition Administration Help

May 2019 Request Professional Edition Admin Summary

Initial Post

Release Note Summaries

The items in this section are summaries of the release notes for this month. The Professional Edition release notes are accessible from What's New - Professional Edition.

Request

Authentication: Deprecation of Composite Logins

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

Composite login functionality allows users to use a login ID that does not include a domain to log in to SAP Concur products.

All users who use only their username (ex: johndoe) to log in will need to use their CTE Login Name rather than their login ID to log in to SAP Concur products.

With this release, SAP Concur will no longer support composite login sign-in page URLs. The typical URL for a composite login page includes the name of the entity (ex: entity=pxxxxxxxxx) and looks like this: https://www.concursolutions.com/signin.asp?entity=pxxxxxxxxx.

All clients will be using the standard Sign In page to access SAP Concur products. The standard sign in page is https://www.concursolutions.com/nui/signin.

IMPORTANT!

Only the user-facing portion of composite logins is being deprecated at this time. The employee import (scheduled, overnight) and the user import (on-demand, spreadsheet) are not affected. The import will succeed, and the full username will be formed just as it is currently. When composite login information is no longer accepted in the imports, information and instructions will be provided in the release notes.

EFFECTS ON USERS

Users who log in to a composite login page (https://www.concursolutions.com/signin.asp?entity=pxxxxxxxxx) and do not use the at (@) symbol in their user name will need to click the Forgot your user name? link on the Sign In page to retrieve their user name without assistance (preferred) or contact their company administrator to get their CTE Login Name. User passwords remain the same.

Single Sign-On functionality is not impacted by this change. The following users will not be impacted because they do not log in using https://www.concursolutions.com:

  • SAP Concur web SSO
  • Concur mobile username/password
  • Concur mobile SSO

Business Purpose / Client Benefit: Deprecating this feature improves login stability and login success rates, while reducing login dependency.

Authentication: Forgot Password Feature, Security Questions and Password Custom Text

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

With this release, SAP Concur will add a new Forgot Password feature to the SAP Concur Sign In page, providing an updated experience for users who log in with user name and password credentials.

Currently, depending on a company's configuration, there may be several other options available for the forgotten password process. With this release, those additional options will be removed. They are:

  • Security Questions: Users will no longer receive security question prompts for login authentication.
  • On-page text: Company custom text will no longer display.
  • Password hints: The Send me an email with my password hint option will no longer be available.

Business Purpose / Client Benefit: This feature provides greater security for user passwords and streamlines the user experience.

Authentication: No Future Bulk Password Resets or Updates via Import File

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

The password field in the 100, 300, 305 and 310 record sets is no longer used to update or bulk reset user passwords. SAP Concur has changed the functionality in imports such that the password field is only used when a user account is created. The field is no longer used to update or bulk reset user passwords. The update and replace password features on the 100 record are no longer used.

This change impacts the employee import and the user import features.

EMPLOYEE IMPORT

The password field remains available in the 100, 300, 305 and 310 records sets, but is only read during an initial import of the file, or when creating a new user in the system. Subsequent uses of the field are ignored by the system. The update and replace password features on the 100 record are no longer used.

For general information about this functionality, refer to the Shared: Employee Import Specification.

USER IMPORT

The password field remains available in the downloadable Excel template, but is only read during an initial import of the file, or when creating a new user in the system. Subsequent uses of the field are ignored by the system.

For general information about this functionality, refer to the Shared: User Import User Guide.

Business Purpose / Client Benefit: These changes provide greater security for user passwords.

Employee and User Import Column (Amadeus User Permission) Deprecated

The Amadeus user permission column has been deprecated from the Travel Addendum Import (Record Type 350) Format for user imports and for employee imports.

This column remains in the flat file and Excel import file, however it is no longer active and any values it contains will be ignored by the system.

Business Purpose / Client Benefit: This change supports work done by the Concur Travel development teams.

**Ongoing** Email Infrastructure Change - Add IP Addresses to Safe Sender List

SAP Concur is transitioning to a new email infrastructure for outbound email from our services to SAP Concur users. Because of this, companies who filter inbound email based on the sending IP address must add new IP addresses to their Safe Sender list to ensure that their users receive email from SAP Concur.

Initially, the issue described here affected only companies that use Concur Expense. Starting in January, email from other SAP Concur services (such as Travel and Concur Pay) will move to the new email infrastructure.

We will continue to add other services. Please monitor the release notes for more information about the timing of the additional changes.

Reminder: No Personal or Sensitive Data in Custom Fields

All companies must take all reasonable steps to protect the personal and sensitive information of their employees. As per recommended security-related best practices, remember that custom fields should not contain personal and sensitive data.

NEXT STEPS

If your company is currently using custom fields to store personal or sensitive data (for example, Social Security numbers, family member names or any other personally identifying information), you should plan to remove this information from your existing fields within the service and modify your current configuration.

Refer to the FAQ (English Only) for additional information.

Planned Change Summaries

The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.

Request

**Planned Changes** Authentication: New SAP Concur Sign In Page

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

SAP Concur is planning to add a new Sign In page, providing an updated login experience for users who log in with a user name and password credentials. Current Single Sign-On (SSO) users will be able to start the SSO login process at www.concursolutions.com. This feature is planned for 2019.

The new Sign In page feature includes the following:

  • Two-step login: provides enhanced security, meets current industry standards and provides a better login success rate
  • Multi-account login: allows administrators to log in with multiple accounts (planned for a future release)
  • User avatar: enhances the user experience (planned for a future release)

Business Purpose / Client Benefit: This feature provides better security and a faster, convenient experience for users logging in to SAP Concur products and services.

**Planned Changes** Authentication: Single Sign-On (SSO) Self-Service Option Coming to SAP Concur

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

Single Sign-On allows users to access multiple applications using one set of login credentials. Currently, SAP Concur has two methods for signing in: with a user name and password or using SSO with identity provider (IdP) credentials, such as a user's login credentials for their organisation.

SAP Concur is planning to add a Manage Single Sign-On (SSO) feature to SAP Concur products that provides clients with a self-service option for setting up SSO for their organisation. SSO is currently supported for Concur Expense, Invoice, Request and Travel.

The new Manage Single Sign-On (SSO) feature is a replacement tool for clients using existing SSO configuration on the Security Keys page and a new tool for clients that now want to implement SSO at their organisation. Existing SSO configuration on the Security Keys page and the new SSO Self-Service tool will both be available until everyone has migrated to the new SSO Self-Service tool.

Other SAP Concur products and services are outside the scope of this initial release.

Business Purpose / Client Benefit: This feature provides SAP Concur clients with a self-service option for setting up SSO.

**Planned Changes** SAP Concur Product Access Changes

Customers will need to access SAP Concur products and services via the following domains:

  • *.concursolutions.com

  • *.concurcdc.cn

This change is targeted for 8 June 2019.

SAP Concur recommends clients migrate to one of the domains at their earliest convenience, if they are not already using one of them.

Please contact appsec@sap.com for any questions regarding this change.

Business Purpose / Client Benefit: This change will allow customers to access SAP Concur services in a consistent, secure manner.

Budget Insight

**Planned Changes** Budget Insight (Legacy) to Retire in 2019

Budget Insight is a budget management tool that is being retired on 31 December 2019. It is recommended that clients who want to use budget functionality purchase the new Budget product that SAP Concur released last year. The new Budget feature offers greater functionality, an improved UI and additional integrations with SAP Concur products. Most notably is the inclusion of additional expense data from Concur Expense, Concur Invoice, Concur Travel and Concur Request (previously only data from Concur Expense and Concur Request were available).

Business Purpose / Client Benefit: The retirement of Budget Insight will provide clients with the opportunity to purchase the new Budget product, which gives greater value to clients by making budgets visible, actionable and near real-time.

Client Notifications

The items in this section provide reference material for all clients.

SAP Concur Non-Affiliated Subprocessors

The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)

Monthly Browser Certifications

Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Professional Edition