We're in the processes of deploying SSO for SAP Concur Travel and Expense. We've created the sync between our IdP and Concur, added test users with "SSO Optional" set in Authentication settings, and confirmed it works as expected. Our goal after continued testing would be to enforce SSO for all users. Given that we're using Microsoft as our IdP, we're not 100% confident in the idea of not having a "break glass" type account if we have issues with SSO down the line. I did not see the option to configure an administrator account to not require SSO, in the event we needed it or if there was an issue with the integration with Microsoft.

Is it possible to set an account to be exempt from SSO? Does this require a call with Concur support? I can't imagine we're the only ones with this question, so I'm hoping this has been answered already. I searched the forums but did not see a similar post. I appreciate the help!