Hi, in our situation the Concur SSO was part of a global effort to implement SSO for more than 360 applications. The general message was : "Your life Made Easier : IT launches SSO capabilities !"
"You asked- so we are delivering!
A few months back, we asked you to complete surveys, telling us about your IT experience here at work. Among other things, feedback from the surveys outlined some of the cumbersome IT processes currently impacting your work productivity. Most frequently, employees requested easier access to the applications and tools that they use on a daily basis. In response to this request, we've made many changes, ones that aim to resolve the problems you addressed.
As part of this improvement process, we are launching a series of Single Sign-On (SSO) applications over the next few months. This means you won't be required to remember multiple passwords, fill out password reset tickets or accidently be locked out of your accounts while trying to work in the office or on the go......."
A few highlights :
- do not forget to update the links in the email notifications (create a Case with Concur Support)
- be careful with "SSO-only" approach (we have many generic Concur accounts for BTA cards, external auditors, third parties, login from personal computers, etc.... , then SSO-only did not allow them to sign in anymore)
- communicate, communicate, communicate
Bottom line, SSO is very well accepted and appreciated by users, and that only after a short period of time. The watchout is on SSO-only approach, check carefully the impacts, limitations and how to implement.
We are SSO, but every now and then people forget.
We have also seen people who come from another company that uses Concur that wasn't SSO and they ask for a password.
Bottom line: keep the communication near as you will need to send it out again and from time to time.
We've always had SSO for Concur but we will be enforcing it next month (randomizing all passwords and removing the 'reset my password' link from user profiles).
I wrote a blog to inform users of this on our internal communication site and will have Concur kick out an email to all active users a couple weeks before the go live date. Main points being that they will have to use SSO to log in and that they will need a Mobile PIN to use the mobile app since passwords will no longer be available.
I also updated our internal Concur Help Page with instructions on how to create or reset a Mobile PIN since I anticipate that that will be a common question from users.
communication is important, but even more important is to build proper tools for it.
In my previous project we integrated Concur icon with SSO hyperlink in corporate portal. Many people were using that portal just to access Concur. Besides we also built Concur dekstop app and deployed it in all countries live with Concur. As a result people had an "app" that was calling default browser and correct SSO link in "programs" (windows platform). We also had very similar solution for Apple computers. That way we solved many problems around SSO URL.
I have a question regarding your comment: "- do not forget to update the links in the email notifications (create a Case with Concur Support)"
Are you able to have the e-mail notification of a report awaiting manager approval send the manager directly to the report via clicking on the link in the e-mail? I ask because we are trying to work with Concur support and our managers are still being directed to the log-in page and our support analyst said that's the way it works with SSO. We are using Okta for our SSO. Thanks.