Solved: Concur rule supercedes customer's policy?

yazkuro · ‎Oct 14, 2021

Hi, I am a end user of Concur.

Whenever I need to use, I need to login to Concur system with Concur independent "user name structure" and "password rules" TOTALLY DIFFERENT from our company's other systems including AD name/password and core ERP system.

Our IT team says this is Concur's policy (?) which supercedes our internal standard.

Is it true? Managing many usernames and passwords without recording (this is our corporate rule) by each employee is very difficult resulting in many helpdesk calls for "reset" inquiry. This is very very premitive problem which most of related party ignore as they only care about their respective interst (no "customer point of view").

To make inquiry simple, can Concur soften its password rules to align with customer's other system?

(our password rule reques the combination of alpha/newmeric/symbol, but not the upper/lower case)

Appreciate if anyone facing the same issue give me advice.

BEst Regards,

yazkuro

JessicaL · ‎Oct 15, 2021

Concur offers single sign-on, so that could solve your company's issue on a larger scale.

However, Concur passwords at the companies I have worked for did not require upper/lower case as you have mentioned. We recommend it for stronger password protection, but Concur does not require it. Interested in what others have to say about this as well.

Best,

Jessica
Travel and Expense System Administrator

View solution in original post

JessicaL · ‎Oct 15, 2021

Concur offers single sign-on, so that could solve your company's issue on a larger scale.

However, Concur passwords at the companies I have worked for did not require upper/lower case as you have mentioned. We recommend it for stronger password protection, but Concur does not require it. Interested in what others have to say about this as well.

Best,

Jessica
Travel and Expense System Administrator

yazkuro · ‎Oct 17, 2021

Hi, Jessica

Thank you so much for reply.

I understood that Concur does not require upper/lower policy for password.

In general password protection, apply severe rule/policy is more safer this is easy for narrow implementation stand point. But from users standpoint, facing multiple rules is a disaster, but implementation team does not care.

Unfortunately in the company I work for does not have ears to digest this situation saying this is "Concur's requirement" ....

Anyway thanks so much again for your reply, appreciated.

BR

Yaz (User representative)

KevinD · ‎Oct 18, 2021

@yazkuro I'd like to point out that our customer's choose what naming convention they are going to use for their SAP Concur login, we do not choose this for our customers. So, if your company login to access your network or log into your computer differs from your SAP Concur username and password, that was a decision made by your company.

As for password requirements, because every company is different, we have to allow any type of password with a minimum amount of rules or requirements.

Thank you,
Kevin
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.

yazkuro · ‎Oct 18, 2021

Thanks Kevin for clarification.

Unfortunatelly, intenally when I raise these points our IT and Finance team who are responsible for implementation respond this is vendor's (Concur's) requirement.

Also the "login" name we use for Concur is totally different naming convention from other systems including AD login name.

When user login, we go to concur login page only tells "Username, verified email address, or SSO code" so user never remember what was the login ID for Concur.

"This message shown in login page is FIXED so we cannot change" this is the answer from our IT department, is it true??

BEst REgards,

Yaz

KevinD · ‎Oct 19, 2021

@yazkuro I conferred with someone on our Implementation team and she confirmed that the username/Login ID used to access SAP Concur is selected by each of our customers. The only requirement is that you follow the format of XXXX@domain. That is the only requirement. What goes before the @ and after is up to your company. Your company could have decided to use the same naming convention that you use for AD Login if they wanted to, assuming your AD Login is in the XXXX@domain format. What is the format of your AD Login?

As for the message on the login screen, I don't believe that can be modified.

Thank you,
Kevin
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.

yazkuro · ‎Oct 19, 2021

Hi, Kevin

Thanks so much! Now I have good understanding.

[Login name]

I understood the requirement is to use "@domain"
Login window instruction sentence cannot be changed/customized.

[password rule]

Customer can select according to its company rule

Now only small concern I have is since Concur use unique login format (with @domain), we employees do not remember exactly what is the login format ie could be "AD+domain" or "e-mail + domain" or "employee ID+domain".

moreover we tend to forget the requirement of @domain.

It looks small issue but in the reality we have many systems with similar (not same) ID and passwords and as environment goes to cloud this tendency actually increases,

Also general employee do not use Concur daily, only when petty cash reimbursement happen.

So the customization on login page could be the solution, we have many internal helpdesk for individual system majority of the inquiry is regarding login/pw reset (our DX capability is very primitive.... sigh).

Anyway thanks again for comprehensive explanation!

BR

Yaz