User has stated that his provided credentials will work, and then after several weeks they will no longer work on his attempt to log in. Is there an application log that can be investigated for what might have occured to ensure the password was not changed by someone else?
Is your company using SSO? If no, passwords can be changed by the Concur Admin in your company with access to the User Administration.
Sometimes users would bookmark the Concur page after login. This bookmark will cause a log in failure. It is possible the user had too many log-in failures to cause the login lock.
You can view the login history on the user administration page to access if it is a login lock.
I hope this helps.