Re: Remove Authentication App from Sign In

HateThisWebsite · ‎Feb 22, 2024

Forgiving being forced to reset my password every time I try to login, which is typical of nearly all tech service websites nowadays with overreaching security, Concur needs to provide a separate method for login besides "2-Step-Verification". Don't make me install a garbage Microsoft Authentication App on my personal phone every time I have to submit an expense report.

And Concur also needs to provide and express these alternative solutions clearly themselves, and not refer website users to their own company's HR/finance person, who is most likely not going to comprehend the customer service request or give it the time of day.

KevinD · ‎Feb 22, 2024

@HateThisWebsite Why are you resetting your password every time you sign in to SAP Concur? That should not be happening. Also, did I understand that you are installing an authenticator app each time you need a report? I wasn't sure based on the wording of that statement. Also, there is a Google Authenticator app that works and any other authenticator app should work as well if you don't like Microsoft's app.

Lastly, technically we do offer companies to use Single Sign on as a means of accessing SAP Concur, but that is up to your company to make that decision. Have you expressed your concerns internally as well? I'm asking because ultimately the way you access SAP Concur is a decision your company makes. We would not make that decision for you.

Thank you,
Kevin Dorsey
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.

HateThisWebsite · ‎Feb 22, 2024

I am an infrequent user of Concur and though I have my passwords saved and remembered, Concur is forcing me to reset it every other month I need to submit a report. If that isn't supposed to happen I'd appreciate assistance in understanding why.

My problem is not with Microsoft's app but installing a separate Authenticator app altogether, which I find trying to access this website deliberately elusive, besides the mere annoyance of the "type code in 20 seconds" activation game. If you say my company made this decision of unnecessarily increasing security I will bring it up with them, though I believe this is still on Concur to design a simpler solution for enhanced security options than making users install security apps on their personal phones.

KevinD · ‎Feb 23, 2024

@HateThisWebsite Hello again. The password reset time period, is determined by your company. So, if they have set an every 30 or 60 day time frame, you may want to ask them to increase this to 90 or any other longer period. In fact, they can set it to never require a password reset.

The two-factor decision was implemented by SAP Concur as an extra security means. As of now, unfortunately the authenticator app is the only option, but I'm asking internally about this as I know there was some discussion about providing an email option.

Lastly, I might recommend using the mobile app. If you have an iPhone, you can set up the Biometrics which would bypass the new for two-factor authentication. There are some limitations of the mobile app, but if your expense reports are pretty straightforward, then this would be a great option.

Thank you,
Kevin Dorsey
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.

HateThisWebsite · ‎Feb 23, 2024

Your iPhone suggestion is missing the point of my concern, as again I am an infrequent user of Concur who wishes to keep all work matters on company equipment (laptop). I wish to avoid capitulating all my work resources to the latest tech advents and bloating my personal devices for company convenience. I'd imagine that would be very straightforward for my fortunate higher-ups with expense reports to file every week to use, though I'd hope SAP Concur would allow their desktop portals to be designed to same ease-of-access and intuitive use, and not add to my pile of corporate logins to stress over every time they are needed.

cjmarimo · ‎Feb 23, 2024

Hi

In our company we use two methods to loggin.

SSO
Concur Password +2FA

Both ways are good.
In both options we have the same password policy to improve the user experience.

The first time I had to use Authenticator application I almost had a heart attack and I was a little angry. But now I agree since it is necessary to avoid unpleasantness.

HateThisWebsite · ‎Feb 23, 2024

Because you were told the company would instantly be hacked, have all capital stolen, fall into bankruptcy and you'd be on the street begging? Could you elaborate on your sense the 2FA, and all similar secure login obscurification in our tech landscape, is necessary to avoid unpleasantness?

I understand I'm screaming into a hole with all this but I hope I'm expressing my belief tech developers are losing sight of technology's purpose of making things more intuitive with their current area of focus.

acmorgan12 · ‎Feb 23, 2024

I am in 10000% agreement that this added sign on is a waste of users and administrators time. As the admin for my company I have now become Concur Customer Service. I would like to know when my check is coming!

It has taken at least 20 users with issues for me to finally find an 11 step process to get a user's information reset just to get them logged in. This has taken hours and days of time away from regular work. Its frustrating Concur's instructions on reset and how to set up are misleading and not accurate enough. They took this opportunity to put another task on their customers. They should have hired people to be ready to aide all the users that have issues to not bog down administrators who are 1. not paid by concur to fix their issue and 2. not trained or supported properly on all the ramifications of having 2FA.