cancel
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Who Me Too'd this topic

Simplygross
Occasional Member - Level 1

2FA and "Break Out"

Configuring SSO with a "break glass" account

We're in the processes of deploying SSO for SAP Concur Travel and Expense. We've created the sync between our IdP and Concur, added test users with "SSO Optional" set in Authentication settings, and confirmed it works as expected. Our goal after continued testing would be to enforce SSO for all users. Given that we're using Microsoft as our IdP, we're not 100% confident in the idea of not having a "break glass" type account if we have issues with SSO down the line. I did not see the option to configure an administrator account to not require SSO, in the event we needed it or if there was an issue with the integration with Microsoft.

Is it possible to set an account to be exempt from SSO? Does this require a call with Concur support? I can't imagine we're the only ones with this question, so I'm hoping this has been answered already. I searched the forums but did not see a similar post. I appreciate the help!

Who Me Too'd this topic