Tell us what you think

We want to create the best possible experience for our learners. Your feedback helps us to improve the experience for everyone.

Exploring the Basics of the Single Sign-On Service

Objective

After completing this lesson, you will be able to explore Single Sign-On basics.

Unit Overview

This unit is designed for administrators looking to streamline their company's authentication process using Single Sign-On (SSO) in Concur Expense. The unit presents the knowledge and skills required to use SAP Concur's self-service Single Sign-On (SSO) option to set up the IdP-initiated (Identity Provider) and SP-initiated (Service Provider) SSO service.

Caution

To use this feature, you must have an IdP (Identity Provider) that supports the SAML 2.0 standard and can generate IdP metadata. SAP Concur is compatible with all identity providers that support the SAML 2.0 standard.

After completion of this unit, you will:

Explain the purpose of a self-activated SSO and how it works.
Configure SSO settings for your organization.
Access references for detailed documentation provided by SAP Concur to help manage and support the self-activated SSO service.

Basics of Single Sign-On

Single Sign-On (SSO) is a user authentication process that allows individuals to access multiple applications with one set of login credentials. This method simplifies the user experience by reducing the need to remember multiple usernames and passwords.

A sign-in screen for SAP Concur. At the top, there is a Sign In heading. Below it, there is a field labeled Username, verified email address, or SSO code where a user entered expenseadmin@cvi.training.com. Below the input field, there is a blue Next button. Additionally, there is an option to toggle Remember me on or off, which is currently in the on position (indicated by a blue switch). Below these options are links for Forgot username and Need help signing in. At the bottom of the image, there is a link labeled Learn about SAP Concur for your business.

SSO works by establishing trust between an identity provider (IdP) and a service provider (SP). When a user logs in through the IdP, the SP accepts the authentication token, granting access to its services. This process enhances security and streamlines access management across various platforms.

Note

The SAP Concur SSO service supports various IdPs such as: SAP IAS, Microsoft Azure AD, Okta, Ping Identity, OneLogin, JumpCloud, Idaptive, Google G Suite, ADFS, Shibboleth, VMWare Workspace One, Siteminder, and more. For a list of the supported IdPs, refer to the SSO Sign-On Management guide.

Benefits of SSO

Single Sign-On (SSO) simplifies the user experience by allowing employees to access multiple applications with a single set of credentials.

Simplifies the user experience by allowing employees to access multiple applications with a single set of credentials.
Reduces the need for to remember multiple passwords, thereby decreasing the likelihood of password fatigue and related security risks.
Enhances security by centralizing authentication, making it easier to enforce strong password policies and multi-factor authentication.
Increases productivity as users spend less time logging into different systems.
Reduces support calls related to password resets, freeing up IT resources for other critical tasks.
Provides seamless integration with identity providers that support the SAML 2.0 standard, ensuring compatibility and ease-of-use across various platforms.

SSO Options

SSO in Concur Expense simplifies the login process by allowing users to access multiple applications with one set of credentials. Concur supports identity providers that adhere to the SAML 2.0 standard, ensuring compatibility with a wide range of systems. This integration enhances security and user convenience.

You can choose between two SSO settings:

SSO Optional
SSO Required

A screenshot of the SAP Concur user interface focused on SSO (Single Sign-On) settings. At the top, there is a label that reads SSO Setting: followed by a dropdown menu currently set to SSO Optional and highlighted in blue. Below the dropdown menu, there is a highlighted area with two options: SSO Optional and SSO Required.

SSO Optional

The default setting, SSO Optional, allows users to log in using either their standard credentials or SSO.

This setting provides flexibility during the initial implementation phase.

SSO Required

Once SSO is thoroughly tested, the setting can be changed to SSO Required.

This mandates all users to sign in through an identity provider.

This change should be communicated to all users to avoid service disruptions.

Next lesson