Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ggraf
Occasional Member - Level 1
2 weeks ago
2 weeks ago

Concur User Migration and SSO Setup Questio

Hello,

We are a small company (Company A) in the process of merging with a larger organization (Company B). Both companies currently use separate Concur instances, and we are working to migrate Company A employees into Company B’s system using a spreadsheet import.

I understand that users can share the same email address but must have unique login IDs. Currently, Company A uses password-based login, while Company B uses SSO. We have not yet been successful in enabling SSO access for Company A employees after migration.

Could you provide guidance on how to properly configure SSO for these migrated users? Additionally, are there any key considerations or common issues we should be aware of before rolling this out more broadly?

 

1 person had this issue.
0 Kudos
2 REPLIES 2
KevinD
Community Manager
Community Manager
a week ago
a week ago

@ggraf what does it mean when you say, "We have not yet been successful in enabling SSO access for Company A employees"? What have you tried so far? 

 

I take it you already used the import to set up Company A employees into Company B's site, correct? After that, then what did you do to get the Company A users on SSO in Company B's site? 

 

No step or details is too small. This will help us better assist. 


Thank you,
Kevin
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.
0 Kudos
cjmarimo
Super User
Super User
Saturday
Saturday

Hello @ggraf,

 

In my company, we use Microsoft Azure as our Identity Provider (IdP).

In our Azure environment, each employee profile includes an extensionAttribute field that stores the Concur Login ID (CTE Login Name).

When user accesses Concur via SSO, the system sends this Login ID to the IdP to perform authentication.

If this extensionAttribute field is not populated for a given employee, Concur cannot correctly associate the identity with the IdP. As a result, the SSO login option is not displayed when the user attempts to sign in.

 

High-level overview of how SSO works in this context:

When using SSO, the process is as follows:

  1. The user goes to Concur
  2. Concur redirects the user to the IdP
  3. The IdP (for example, Azure AD) validates the user
  4. The IdP informs Concur: “This user is authenticated”
  5. The user gains access without entering a password in Concur

 

I understand that Company B uses SSO and has an Identity Provider (IdP) configured.

Are the migrated users from Company A present in that IdP, and do their identity attributes match the data in Concur?

 

If they are not properly aligned, SSO will fail.

 

BR,

cj

 

SAP Concur Community
SAP Concur
SAP
Additional Resources
© Copyright 2026 Concur Technologies, Inc. All rights reserved.
Privacy Policy|Terms of Use|Do Not Share/Sell My Personal Information|