Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
kolasolution
Occasional Member - Level 2
Friday
Friday

Support Request – SSO Authentication Expiry Notification

Dear Concur Support,

I recently logged into SAP Concur and saw the following message:

“SSO authentication to SAP Concur solutions will expire on April 22, 2025.”

Learn more

Could you confirm whether this relates to a certificate expiring on our side, or if it is an issue on Concur’s end? If any action is required from our side, please provide guidance on the next steps.

Looking forward to your response.

Best regards,
Kola Oguntade

0 Kudos
4 REPLIES 4
KevinD
Community Manager
Community Manager
Friday
Friday

@kolasolution hello there. I feel I must let you know that this Community is not SAP Concur Support. Can you find answers to questions here? Yes, but myself and the team I'm on are not part of our Support Organization. 🙂 I just want to make sure anyone reading this thread knows the Community does not fall under SAP Concur Support. 

 

Now, having said that...I found an internal article about this topic. 

"

Before the current certificate expires on Apr 22, 2025, we would recommend the Authentication Admin to update the SAP Concur IDP configuration to reference the updated certificate. If users attempt to sign in to SAP Concur Solutions via SSO with an expired SAMLv2 security certificate, your Identity Provider (IdP) might reject the authentication, and those users might be denied access to SAP Concur Solutions.

You can retrieve the SAP Concur Metadata on the following links:

US2: https://us2.api.concursolutions.com/sso/saml2/V1/sp/metadata/dd71301e-dd79-4db5-bd29-55093a75755d

 

You can also download the metadata from within SAP Concur this way:

The other option is to download it from SAP Concur. You would need to have either the Company Administrator or the SSO Manager role to download the new certificate from SAP Concur. If you do not have the SSO Manager role but have the Role Administrator, you may follow the steps in the article What Is SSO Manager Role (Expense)? to add this to your profile. Once added, you may follow the below steps to download the new certificate.

  1. Go to Administration> Authentication Admin 
  2. Click Manage Single Sign-on
  3. In Get SAP Concur Metadata, click Download under Download SAP Concur Metadata
 

The other option is to download it from SAP Concur. You would need to have either the Company Administrator or the SSO Manager role to download the new certificate from SAP Concur. If you do not have the SSO Manager role but have the Role Administrator, you may follow the steps in the article What Is SSO Manager Role (Expense)? to add this to your profile. Once added, you may follow the below steps to download the new certificate.

  1. Go to Administration> Authentication Admin 
  2. Click Manage Single Sign-on
  3. In Get SAP Concur Metadata, click Download under Download SAP Concur Metadata
 

The other option is to download it from SAP Concur. You would need to have either the Company Administrator or the SSO Manager role to download the new certificate from SAP Concur. If you do not have the SSO Manager role but have the Role Administrator, you may follow the steps in the article What Is SSO Manager Role (Expense)? to add this to your profile. Once added, you may follow the below steps to download the new certificate.

  1. Go to Administration> Authentication Admin 
  2. Click Manage Single Sign-on
  3. In Get SAP Concur Metadata, click Download under Download SAP Concur Metadata
 

KevinD_3-1743188744829.png

 

 

 


Thank you,
Kevin
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.
0 Kudos
onorio-neto
Occasional Member - Level 2
In response to KevinD
7 hours ago
7 hours ago

Hi Kevin, thanks for the valuable information, but I have a question. In the above article where you've said: "Before the current certificate expires on 22 April 2025, we recommend that the Authentication Admin updates the SAP Concur IDP configuration..." Was this a public communication to customers? Because I have not received anything about it, but another client has sent us an "email" informing them of this?

If so, if it is a public notification, could you share the original article and next question is: Are all clients affected by this SSO certificate update?

I'll be wating for your inputs,

Sincerely
Neto

0 Kudos
KevinD
Community Manager
Community Manager
In response to onorio-neto
6 hours ago
6 hours ago

@onorio-neto the communication is sent to Authorized Support Contacts (ASC). Since you are a certified partner, you wouldn't receive the notice unless one of your customers has a profile for you in their site and marks you as an ASC. 


Thank you,
Kevin
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.
0 Kudos
onorio-neto
Occasional Member - Level 2
In response to KevinD
6 hours ago
6 hours ago

Ok, gotcha! but in relation to the shared communication - will this metadata update afect all customers or is this for some sort of specific SSO communication because it is weird that despite having several customers that have SSO enabled - we only received it from one customer!

I'll be waiting for your further comments,

 

sincerely

Neto

0 Kudos
SAP Concur Community
SAP Concur
SAP
Additional Resources
© Copyright 2025 Concur Technologies, Inc. All rights reserved.
Privacy Policy|Terms of Use|Do Not Share/Sell My Personal Information|