cancel
Showing results for 
Search instead for 
Did you mean: 
bredman
Occasional Member - Level 1

SSO Concur Mobile requests e-mail address and password

Hi,

 

We are trying to implement SSO for Concur on mobile using MS Azure through SAP IAS to Concur, but on first access from the mobile app, users are asked for their email address by Concur, then their email address by SAP IAS and then their password from Microsoft 365.

 

On subsequent logins, user is prompted for e-mail address and password from O365.

 

Access to Concur URL from desktops does not have this issue.

 

We had been led to believe that Concur mobile app access with SSO was a "one-click" deal?

 

Anyone have any ideas? 

3 REPLIES 3
TSmalley
Occasional Member - Level 3

We do have SSO for Mobile enabled with Azure.  We have a unique SSO code for the Mobile login.  It is a bit clunky but I am happy to discuss if you need more information.

 

Thank you,
Tracy Smalley

Tracy Smalley
bredman
Occasional Member - Level 1

Hi Tracy,

 

Yes, I am very interested in looking at how you have overcome this.

 

Regards,

 

Bryan

MSTEEN
Super User
Super User

Hi, 

I have some troubleshooting steps that might help.  

  1. Confirm that users are typing your company's SSO link, or that their bookmarks point to that URL. Users normally type it the first time & then they bookmark the page they end up at, which is a concursolutions.com URL. But that page bypasses your SSO sign-in – if they try to go directly there, they’ll end up at the Concur login screen. Users need to edit their bookmark and set it to your company's SSO link in order for the bookmark to work properly.
  2. Confirm that the user’s sign-in address (UPN) matches their Concur CTE login id.  A user should have only one sign-in address, and the address must match in all places (Concur and your company's tenant). If it doesn’t match all the way through, they will not be able to sign in to Concur.
  3. If a user is reaching a Concur sign-in page, the address probably doesn’t match all the way through, OR they aren’t using the correct URL, your company's SSO link.  
  4. Indicate where the user is having an issue – browser, mobile app, or both. When troubleshooting, always start with the browser, don’t move on to the mobile app unless browser access is working.
  5. Confirm that they’ve tried an incognito/private browser session. (Note: not all users know what this is. In Chrome, they would click the 3-dot icon in the upper right corner of Chrome to display the menu, and then choose “New Incognito window”. All browsers have a similar option – sometimes called Private or inPrivate).
  6. Confirm that they switched to your company's tenant. 
  7. For the mobile app… If they get the “oops” page, they should click “Go to Applications”. This will open a page where they can switch your company's tenant and see/click the Concur link. They should end up back in the Concur app, signed in. They should then choose the 3-line icon in the upper left to bring up the menu, choose Settings, choose Sign-in in the Security section, and be sure it is set to the FaceID/AutoSignIn option (i.e. not Manual).
  8. Check with the SSO administrator that the mobile app is listed as safe.
  9. Request from the user to provide screenshots (if possible) with a summary of what’s been tried and the results.
  10. I think it would be helpful for your IT team to have this troubleshooting.
  11. If everything else fails, open a support case in Concur. 🙂

I hope this helps.

Regards,

Maria Steen