Concur Invoice Professional Edition Administration Help

December 2019 Request Professional Edition Admin Summary

Update #3

Release Note Summaries

The items in this section are summaries of the release notes for this month. The Professional Edition release notes are accessible from What's New - Professional Edition.

Request

Email Reminder for Requests Nearing Expiration - Updated

When pre-authorised requests have not been fully expensed and the request's number of active days remaining is nearing zero, an email reminder can now be configured to send employees an email reminder to submit expense entries for the remaining request amounts. The email reminder can be configured to trigger the reminder based on the request's total remaining amount and the request's expiration date.

Business Purpose / Client Benefit: This update provides additional email notification configurability to ensure employees can be reminded to finish submitting expense entries for a request before the request expires.

File Transfer Updates: New SAP Concur IP Address (EMEA) (23 November, 2019)

This release note is intended for technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange through various secure file transfer protocols, SAP Concur is making changes that provide greater security for those file transfers.

SAP Concur changed the IP address for st-eu.concursolutions.com from 84.14.175.233 to 46.243.56.11 on 23 November 2019.

Clients whose file transfers protocols use the SAP Concur DNS endpoint (st-eu.concursolutions.com) to connect are not impacted by this change.

Clients who connect via IP address need to connect to the SAP Concur DNS endpoint (st-eu.concursolutions.com) or the new IP address.

SAP Concur recommends connecting to DNS endpoint st-eu.concursolutions.com to avoid connection issues if the SAP Concur IP address changes again in the future.

This announcement pertains to the following file transfer DNS endpoint:

  • st-eu.concursolutions.com

Business Purpose / Client Benefit: This change provides greater security for file transfers.

**Ongoing** Authentication: Deprecation of HMAC Initiates Migration to SSO Self-Service

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

SAP Concur will soon begin the deprecation process of removing Hash-Based Message Authentication Code (HMAC) as an SSO option. The replacement service for HMAC is SAML SSO, a self-service method of setup whereby client admins have access within SAP Concur to complete their SAML connections.

Clients currently using HMAC are encouraged to migrate to the SSO self-service tool as soon as it is released (targeted for Q1 2020). The new SSO self-service tool allows multiple portals (Identity Providers) to be added.

The HMAC deprecation includes two phases:

PHASE I:

  • Clients need to have an Identity Provider (IdP) or a custom SAML 2.0 solution.
  • Clients begin testing the new SSO self-service tool.
  • Clients prepare for onboarding new clients using the new SSO self-service tool, which is targeted for release in Q1 2020.
  • Once the SSO tool is available, customers will be notified via release notes about the official deprecation date of HMAC. As of the official deprecation date, no new clients can be onboarded using HMAC; new clients must be onboarded using the new SSO self-service tool.
  • Existing clients using HMAC need to be migrated using the new SSO self-service tool.

PHASE II:

  • Clients continue migrating existing HMAC clients to the new SSO self-service tool.
  • Shut down the HMAC service after everyone has migrated from HMAC to the new SSO self-service tool. Phase II is targeted to end mid-year 2020.

Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.

Security Communication Protocols for Callouts

Clients that use or plan to use SAP Concur callouts (for example, Send Notification, Launch External URL, Fetch List and Fetch Attendee) need to ensure they meet the SAP Concur security standards. To reduce security risk for our clients and SAP Concur, we are giving companies until the end of 2019 to make the required update for callouts. If clients have security protocols below our standard after 31 December, 2019, their callouts will stop working in January 2020.

To use callouts, clients need to ensure that the TLS version 1.1 or greater is used for the encryption protocols of the client’s endpoint. Also, clients using callouts need to ensure their callout host endpoint uses and prioritises one or more ECDHE cipher suites with an equivalent key length greater than or equal to 2,048 bits, such as one of the ciphers listed below.

EXAMPLES OF CIPHERS TO USE

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

Business Purpose / Client Benefit: Reduce security risk for the clients that use callouts and SAP Concur.

Budget Insight

Budget Insight (Legacy) Retires 31 December

Budget Insight is a budget management tool that is being retired on 31 December 2019. Clients who want to use budget functionality are recommended to implement the new Budget product that SAP Concur released last year. The new Budget feature offers greater functionality, an improved UI and additional integrations with SAP Concur products. Most notably is the inclusion of additional spend data from Concur Invoice and Purchase Request, in addition to Concur Expense and Concur Request (previously only data from Concur Expense and Concur Request was available).

Business Purpose / Client Benefit: The retirement of Budget Insight will provide clients with the opportunity to implement the new Budget product, which gives greater value to clients by making budgets visible, actionable and near real-time.

Miscellaneous

Changes to Concur Open and Personalised Concur Open

Targeted for 19 December, several changes will be made to Concur Open and Personalised Concur Open.

  • Subscription Services: Email and RSS subscriptions for service status notifications will be available only through Personalised Concur Open, which displays the service issues specific to a customer's organisation. Current Concur Open subscriptions for SAP Concur customers will be migrated to Personalised Concur Open.
  • Notification Email "From" Address: The notification email address will be updated from openupdates@concur.com to ConcurOpenUpdates@sap.com. Customers should ensure that they have added the @sap.com domain to their Safe Sender List and that users have updated any personal email inbox rules.
  • Root Cause Analysis (RCA) Reports: After each incident, a preliminary RCA report will be published, followed by a final RCA report that contains a more complete analysis with corrective actions. Both reports will be published only in Personalised Concur Open.
  • Service Availability Status: To better reflect customer impact, the Performance Issue icon and Partial Performance Issue icon will be removed from Concur Open and Personalised Concur Open.

Business Purpose / Client Benefit: These changes provide better information for customers while also removing some of the information that is currently available to non-customers.

Language Selection Page Deprecation

After a user selects a different language from the Change language list and then signs in with their credentials to SAP Concur, a page appears prompting them to confirm which language to use as it applies to the current session (for example, their latest selection or what is specified as default in their profile), or whether they want to use the latest selected language for the current session and also update the default language in their profile to that selection.

Targeted for this December release, this page will no longer appear. Instead, any language that the user selects from the Change language list will be used for the current session. To update their default language, the user can make the change under their Profile settings.

Business Purpose / Client Benefit: Removal of this page removes the recurrence of preferred language issues and simplifies the user experience.

Retire the Pause Delegation Feature

Currently, delegates/proxies/assistants/arrangers who act on behalf of others and who also have any of several administrative roles/permissions can pause their act-as session while they complete admin tasks. This feature is a benefit for the admin who might be testing configuration changes or simply has to multi-task.

Due to internal security changes, we are deprecating this feature.

Business Purpose / Client Benefit: Retiring this feature closes a potential security gap.

Planned Change Summaries

The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.

Next Generation (NextGen) Request

**Planned Changes** New User Interface for Concur Request End Users

SAP Concur is dedicated to the consistent improvement of our products, not only the features they provide, but also the experience of using those features. How users interact with technology changes over time, along with needs and expectations. We are constantly listening to our customers and soliciting feedback on how we can improve the user experience.

NextGen Request is the continued evolution of the SAP Concur user experience. It was built from extensive user research and data analytics that include 680 1:1 conversations, 58 usability studies, 3,000+ survey responses and 1.3B monthly user actions.

Customers will have the ability to preview and then opt in to NextGen Request before the mandatory cutover.

Business Purpose / Client Benefit: The result is the next generation of the Concur Request user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced UI, but also allows SAP Concur to react more quickly to customer requests to meet changing needs as they happen.

SAP Concur Platform

**Planned Changes** Concur Request APIs v4

SAP Concur will soon be releasing Concur Request v4 APIs for clients and partners. We are targeting to release v4 in January 2020.

With v4, SAP Concur has made great enhancements to the existing Request endpoints, and is now offering the ability for a client and/or a partner to interact with Concur Request to do the following:

  • Get the list of existing requests
  • Get detailed information of an existing request
  • Create, read, update or delete an existing request
  • Move an existing request through the approval flow with one of the following available actions: Submit, Approve, Recall, Cancel, Close or Reopen
  • Get the list of expected expenses (including trip segments) attached to a request
  • Create, Read, Update or Delete an expected expense for a request
  • Get information of a travel agency office
  • Get the list of active Request policies for a given user

BACKGROUND

SAP is continuing to invest heavily in APIs and tools to simplify end-to-end integration.

At SAP Concur, we strongly believe that an open ecosystem expands your view. An open ecosystem dynamically connects your internal systems, spend and partner data to reveal powerful insights that empower you to run your business better.

Explore the capabilities listed above and consider how the APIs could help you simplify some of your existing processes, such as:

  • Automatically creating a Concur Travel Request for any off-site training approved through your Human Resources system
  • Exposing authorisation requests pending approvals onto your internal corporate portal “Manager” widget

PERMISSIONS

In addition to the existing user-level permissions, the Concur Request v4 APIs are based on the most recent secured Authentication service and SAP Concur’s new Oauth2 framework, which manages the authorisation for company-level permissions. Clients and/or partners can now use a single token/permission to interact with Request on behalf of all company users.

Business Purpose / Client Benefit: These enhancements will provide more options and abilities for developers using SAP Concur's platform with Request.

**Planned Changes** Deprecation of Existing Concur Request APIs (v1.0, v3.0, v3.1)

SAP Concur will be deprecating the existing Concur Request APIs (v1.0, v3.0 and v3.1) in a future release. Those APIs will be replaced by the Concur Request v4 APIs.

Business Purpose / Client Benefit: The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not ISO-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.

Client Notifications

The items in this section provide reference material for all clients.

SAP Concur Non-Affiliated Subprocessors

The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)

Monthly Browser Certifications

Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Professional Edition