Reviewing the Other SSO Components

Objective

After completing this lesson, you will be able to explaIn the components of Self-Activated SSO.

Other Components of SSO

Support of Multiple IdPs

You can upload an unlimited number of IdP metadata to SAP Concur through the SSO self-service tool. That means your company can connect an unlimited number of IdP apps or connectors to a single SAP Concur entity, as illustrated in the following graphic.

An example of why you might do this is if your company is made up of multiple business units, each using a different IdP. Each user can continue using the IdP they are already familiar with for accessing SAP Concur as well.

Screenshot showing the SAP Concur sign-in screen for a site with multiple IdPs.

Encrypted SAML

SAP Concur supports encrypted SAML assertion. The encryption key is available in the SAP Concur SP metadata.

Note

For more detailed information, refer to the SSO Management Setup guide.

IdP-Initiated SSO and SP-Initiated SSO are Supported

Example of the IdP login page

In this case, the user signs in directly to the IdP and then selects a link or tile to access SAP Concur.

You can also optionally initiate the sign-in using the SSO HTTP-Redirect URL (provided by the IdP).

Screenshot showing the SAP Concur tile within an IdP site.Example of the SP login page

The user navigates to concursolutions.com, enters their username, verified email address, or company SSO code, and then selects the appropriate SSO option.

The SP-Initiated SSO flow is used by the SAP Concur mobile app to sign in to that platform by using SSO.

The SAP Concur Sign In page is displayed.

Summary

  • SAP Concur allows organizations to upload unlimited IdP metadata, enabling users from different business units to access SAP Concur via their preferred IdP.
  • Encrypted SAML assertions are supported, with the necessary encryption key available in SAP Concur’s SP metadata.
  • Both IdP-initiated and SP-initiated SSO flows are supported, accommodating various sign-in methods—either starting from the IdP site or directly from SAP Concur (including the mobile app).
  • Users access SAP Concur through familiar paths, either by selecting the Concur tile in their IdP or by entering credentials directly on the SAP Concur site.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn