Concur Invoice Professional Edition Administration Help

February 2020 Request Professional Edition Admin Summary

Initial Post

Release Note Summaries

The items in this section are summaries of the release notes for this month. The Professional Edition release notes are accessible from What's New - Professional Edition.

Request

Connected List Data Type Now Available for Expense Attendee Form - Retracted

In the November 2019 release notes, the Connected List Data Type Now Available for Expense Attendee Form release note was accidentally published before the official release of this new functionality, which is currently targeted for a future release.

The Connected List data type functionality is part of the planned future direction of the product that is currently on our longer-range roadmap. More information will be published about this functionality when the entire feature is ready to be officially released.

This connected list functionality will not be universally supported for attendee records, and will only be available for very specific use cases for employee attendees (SYSEMP).

**Ongoing** Authentication: Deprecation of HMAC Initiates Migration to SSO Self-Service

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

SAP Concur will soon begin the deprecation process of removing Hash-Based Message Authentication Code (HMAC) as an SSO option. The replacement service for HMAC is SAML SSO, a self-service method of setup whereby client admins have access within SAP Concur to complete their SAML connections.

Clients currently using HMAC are encouraged to migrate to the SSO self-service tool as soon as it is released (targeted for Q1 2020). The new SSO self-service tool allows multiple portals (Identity Providers) to be added.

The HMAC deprecation includes two phases:

PHASE I:

  • Clients need to have an Identity Provider (IdP) or a custom SAML 2.0 solution.
  • Clients begin testing the new SSO self-service tool.
  • Clients prepare for onboarding new clients using the new SSO self-service tool, which is targeted for release in Q1 2020.
  • Once the SSO tool is available, customers will be notified via release notes about the official deprecation date of HMAC. As of the official deprecation date, no new clients can be onboarded using HMAC; new clients must be onboarded using the new SSO self-service tool.
  • Existing clients using HMAC need to be migrated using the new SSO self-service tool.

PHASE II:

  • Clients continue migrating existing HMAC clients to the new SSO self-service tool.
  • Shut down the HMAC service after everyone has migrated from HMAC to the new SSO self-service tool. Phase II is targeted to end mid-year 2020.

Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.

File Transfer Updates

HTTPS Protocol No Longer Allowed for File Transfer (24 February, 2020)

This Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange through various secure file transfer protocols, SAP Concur is making changes that provide greater security for those file transfers.

Beginning 24 February, 2020 at 2 PM PST, connections via the HTTPS protocol will no longer be allowed when connecting to the SAP Concur file transfer system.

  • Existing HTTPS file transfer accounts must switch to SFTP with SSH Key Authentication before 24 February, 2020.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com
  • st-eu.concursolutions.com
  • st-cge.concursolutions.com
  • st-cge-dr.concursolutions.com
  • vs.concursolutions.com
  • vs.concurcdc.cn

Business Purpose / Client Benefit: These changes provide greater security for file transfers.

TLS v1.1 SSL Protocol Not Allowed for File Transfers

This release note is intended for technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange through various secure file transfer protocols, SAP Concur has made changes that provide greater security for those file transfers.

The TLS 1.1 (Transport Layer Security) SSL protocol has been removed from our SAP Concur file transfer system allowed list.

  • This relates to the FTPS and HTTPS file transfer protocols.
  • The HTTPS file transfer protocol will not be allowed, starting 24 February, 2020. If you are currently using HTTPS, we suggest migrating to SFTP with key authentication.

    For more information, refer to the HTTPS Protocol No Longer Allowed for File Transfer (24 February, 2020) release note in this document.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com
  • st-eu.concursolutions.com
  • st-cge.concursolutions.com
  • st-cge-dr.concursolutions.com
  • vs.concursolutions.com
  • vs.concurcdc.cn

Business Purpose / Client Benefit: These changes provide greater security for file transfers.

SAP Concur Platform

Concur Request APIs v4 Now Available

Concur Request v4 APIs are now available for clients and partners.

With v4, SAP Concur has made great enhancements to the existing Request endpoints, and is now offering the ability for a client and/or a partner to interact with Concur Request to do the following:

  • Get the list of existing requests
  • Get detailed information of an existing request
  • Create, read, update or delete an existing request
  • Move an existing request through the approval flow with one of the following available actions: Submit, Approve, Recall, Cancel, Close or Reopen
  • Get the list of expected expenses (including trip segments) attached to a request
  • Create, Read, Update or Delete an expected expense for a request
  • Get information of a travel agency office
  • Get the list of active Request policies for a given user

BACKGROUND

SAP is continuing to invest heavily in APIs and tools to simplify end-to-end integration.

At SAP Concur, we strongly believe that an open ecosystem expands your view. An open ecosystem dynamically connects your internal systems, spend and partner data to reveal powerful insights that empower you to run your business better.

Explore the capabilities listed above and consider how the APIs could help you simplify some of your existing processes, such as:

  • Automatically creating a Concur Travel Request for any off-site training approved through your Human Resources system
  • Exposing authorisation requests pending approvals onto your internal corporate portal “Manager” widget

PERMISSIONS

In addition to the existing user-level permissions, the Concur Request v4 APIs are based on the most recent secured Authentication service and SAP Concur’s new Oauth2 framework, which manages the authorisation for company-level permissions. Clients and/or partners can now use a single token/permission to interact with Request on behalf of all company users.

Business Purpose / Client Benefit: These enhancements will provide more options and abilities for developers using SAP Concur's platform with Request.

Security Enhancements

Graphics No Longer Supported for Printed Reports/Invoices (31 January 2020)

Customers could use the Printed Claim (or Printed Invoice) feature to configure and customise their own expense claims, invoices and requests that were emailed, displayed online or printed. Customers could also add graphics (generally logos).

As of 31 January, 2020 – in order to meet security requirements – SAP Concur no longer supports graphics of any sort in expense claims, invoices and requests that are configured using the Printed Claim (or Printed Invoice) feature.

Business Purpose / Client Benefit: This change provides greater security for SAP Concur customers.

Support Ending for TLS v 1.1 Encryption Protocol (20 February 2020)

SAP Concur is announcing an end-of-support cycle for version 1.1 of the Transport Layer Security (TLS) encryption protocol, while continuing support for the more secure version 1.2 of TLS. As background, the TLS protocol allows secure back and forth communications between a phone or computer and a cloud-based service.

Refusal of TLS v.1.1 connections will commence on 20 February, 2020.

Business Purpose / Client Benefit: SAP Concur is taking this step after careful consideration of our customers’ security and ease of upgrade to the newer, more secure version 1.2 of TLS. This end-of-support plan for TLS v 1.1 ensures our clients are communicating with SAP Concur solutions in a safer and more secure manner using TLS v 1.2.

Planned Change Summaries

The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.

Next Generation (NextGen) Request

**Planned Changes** New User Interface for Concur Request End Users

SAP Concur is dedicated to the consistent improvement of our products, not only the features they provide, but also the experience of using those features. How users interact with technology changes over time, along with needs and expectations. We are constantly listening to our customers and soliciting feedback on how we can improve the user experience.

NextGen Request is the continued evolution of the SAP Concur user experience. It was built from extensive user research and data analytics that include 680 1:1 conversations, 58 usability studies, 3,000+ survey responses and 1.3B monthly user actions.

Customers will have the ability to preview and then opt in to NextGen Request before the mandatory cutover.

Business Purpose / Client Benefit: The result is the next generation of the Concur Request user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced UI, but also allows SAP Concur to react more quickly to customer requests to meet changing needs as they happen.

SAP Concur Platform

**Planned Changes** Deprecation of Existing Concur Request APIs (v1.0, v3.0, v3.1)

SAP Concur will be deprecating the existing Concur Request APIs (v1.0, v3.0 and v3.1) in a future release. Those APIs will be replaced by the Concur Request v4 APIs.

Business Purpose / Client Benefit: The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not ISO-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.

Client Notifications

The items in this section provide reference material for all clients.

SAP Concur Non-Affiliated Subprocessors

The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)

Monthly Browser Certifications

Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Professional Edition