Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BenSwaby
Occasional Member - Level 1
‎Aug 19, 2020 11:39 AM
‎Aug 19, 2020 11:39 AM

Are you seeing these security flaws with Azure SSO

When using Azure SSO, the product seems to have some "security" flaws.  Here are my top 3 flaw and 1 bonus annoyance that I would love suggestions on how to resolve.

 

1. (flaw) concur only looks suffix (@domain.com) on a login and never looks at prefix.  This means that an account happens to still be authenticated with  Azure AD, then you are going in as that person regards what you username you type in for concur

 

2. (flaw) in an SSO setup,  clicking log out of concur doesn't mean you actually logged out.  a person could easily go to the concursolutions.com website, click login, type your email, and get in without any prompt for a password

 

3. (flaw) concur never checks to see if you are still authenticated with Azure SSO.  Basically, if you log out an azure authenticated browser, you can still go back to concur and do whatever your account allows.

 

4. (annoyance) when not previously authenticated with Azure SSO, you are prompted twice for username.  Concur never caries over the username to Azure SSO  

0 Kudos
0 REPLIES 0
SAP Concur Community
SAP Concur
SAP
Additional Resources
© Copyright 2024 Concur Technologies, Inc. All rights reserved.
Privacy Policy|Terms of Use|Do Not Share/Sell My Personal Information|