Security is an extremely important factor for all SAP products. SAP Concur handles security at the infrastructure level, including networks, operating systems, and patch management. However, customers are responsible for managing security aspects that demand business decisions, such as user and authorization management.
SAP Concur provides a more detailed overview of security configurations with their defaults and recommended values. For information, please refer to SAP Concur Security Recommendations.
The Authentication Admin is an administrative feature you use to configure the authorization policies and perform bulk password actions. You can:
- Manage the Single Sign-On for SAP Concur products
- Manage the Sign-In Settings for SAP Concur
- Generate a request token to get a Company JSON Web Token (JWT)
Accessing the Authentication Admin
To access Authentication Admin, select Authentication Admin from the left menu panel or the center menu.
The Authentication Admin link will appear for anyone with the Company Administration, Password Manager, or SSO Manager permissions.
- With the Company Administration permission only, users will have access to the three sections (Manage Single Sign-On, Sign-In Settings, and Company Request Token).
- With the Password Manager permission only, users will have access only to the Sign-In Settings section within the Authentication Admin feature.
- With the SSO Manager permission only, users will have access only to the Manage Single Sign-On section within the Authentication Admin feature.
- With the Web Services Administrator permission only, users will have access only to the Company Request Token section within the Authentication Admin feature.
To align appropriately with the Principle of Least Privilege, SAP Concur recommends assigning the SSO Manager permission for access to the Manage Single Sign-On page or Password Manager permission for users who need access to the Sign-In Settings page.